diff --git a/.gitignore b/.gitignore
index 526d8f0..ac57aeb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@ mantisbt-1.1.8.tar.gz
/mantisbt-1.2.14.tar.gz
/mantisbt-1.2.15.tar.gz
/mantisbt-1.2.17.tar.gz
+/mantisbt-1.2.18.tar.gz
+/mantisbt-1.2.19.tar.gz
diff --git a/mantis-1.2.12-install_no_write_config.patch b/mantis-1.2.12-install_no_write_config.patch
deleted file mode 100644
index db2e000..0000000
--- a/mantis-1.2.12-install_no_write_config.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-diff -u -aur mantisbt-1.2.12.orig/admin/install.php mantisbt-1.2.12/admin/install.php
---- mantisbt-1.2.12.orig/admin/install.php 2012-11-12 00:10:40.000000000 +0100
-+++ mantisbt-1.2.12/admin/install.php 2012-11-15 00:24:29.567983203 +0100
-@@ -412,10 +412,18 @@
-
-
-
-+
-+ To change any of the disabled options below, edit /etc/mantis/config_inc.php and reload this page!
-+
-+ |
-+
-+
-+
-+
- Type of Database
- |
-
-- |
-
-
--
-+
- |
-
-
-
-- ">
-+ ">
- |
-
-
-
--
-+
- |
-
-
--
--
--
-- Write Configuration File(s)
-- |
--
--
--
--
-- ';
-- echo '(if this file is not created, create it manually with the contents below)';
-- } else {
-- echo 'Updating Configuration File (config_inc.php) ';
-- }
-- ?>
-- |
-- ' . "\r\n";
-- $t_write_failed = true;
--
-- if( !$t_config_exists ) {
-- if( $fd = @fopen( $t_config_filename, 'w' ) ) {
-- fwrite( $fd, $t_config );
-- fclose( $fd );
-- }
--
-- if( file_exists( $t_config_filename ) ) {
-- print_test_result( GOOD );
-- $t_write_failed = false;
-- } else {
-- print_test_result( BAD, false, 'cannot write ' . $t_config_filename );
-- }
-- } else {
-- # already exists, see if the information is the same
-- if ( ( $f_hostname != config_get( 'hostname', '' ) ) ||
-- ( $f_db_type != config_get( 'db_type', '' ) ) ||
-- ( $f_database_name != config_get( 'database_name', '') ) ||
-- ( $f_db_schema != config_get( 'db_schema', '') ) ||
-- ( $f_db_username != config_get( 'db_username', '' ) ) ||
-- ( $f_db_password != config_get( 'db_password', '' ) ) ) {
-- print_test_result( BAD, false, 'file ' . $g_absolute_path . 'config_inc.php' . ' already exists and has different settings' );
-- } else {
-- print_test_result( GOOD, false );
-- $t_write_failed = false;
-- }
-- }
-- ?>
--
--';
-- echo 'Please add the following lines to ' . $g_absolute_path . 'config_inc.php before continuing to the database upgrade check: |
';
-- echo '' . htmlentities( $t_config ) . ' |
';
-- }
-- ?>
-+ // FEDORA PATCH: Removed config_inc.php manipulation code
-
--
--
--
-Date: Sat Oct 12 22:58:43 2013 +0100
-
- Strip null bytes out of GPC input strings
-
- Backporting commit fc02c46eea9d9e7cc472a7fc1801ea65d467db76 from master
- branch to fix issue #17640
-
- Signed-off-by: Damien Regad
-
-diff --git a/core/gpc_api.php b/core/gpc_api.php
-index 2daad98..58e0827 100644
---- a/core/gpc_api.php
-+++ b/core/gpc_api.php
-@@ -110,7 +110,7 @@ function gpc_get_string( $p_var_name, $p_default = null ) {
- trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR );
- }
-
-- return $t_result;
-+ return str_replace( "\0","",$t_result );
- }
-
- /**
-@@ -255,7 +255,11 @@ function gpc_get_string_array( $p_var_name, $p_default = null ) {
- trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR );
- }
-
-- return $t_result;
-+ $t_array = array();
-+ foreach( $t_result as $key => $val ) {
-+ $t_array[$key] = str_replace( "\0", "", $val );
-+ }
-+ return $t_array;
- }
-
- /**
diff --git a/mantis-1.2.19-install_no_write_config.patch b/mantis-1.2.19-install_no_write_config.patch
new file mode 100644
index 0000000..027c784
--- /dev/null
+++ b/mantis-1.2.19-install_no_write_config.patch
@@ -0,0 +1,144 @@
+diff --git a/admin/install.php b/admin/install.php
+index 6a57a88..9c619c0 100644
+--- a/admin/install.php
++++ b/admin/install.php
+@@ -411,10 +411,18 @@ if( 1 == $t_install_state ) {
+
+
+
++
++ To change any of the disabled options below, edit /etc/mantis/config_inc.php and reload this page!
++
++ |
++
++
++
++
+ Type of Database
+ |
+
+-
++
+
+ Hostname (for Database Server)
+ |
+
+-
++
+ |
+
+
+ Username (for Database)
+
+
+-
++
+ |
+
+
+ Database name (for Database)
+
+
+-
++
+ |
+
+
+-
+-
+-
+- Write Configuration File(s)
+- |
+-
+
+-
+-
+-
+- |
+-
+-
+-
+-
+-
+-
+-
+-
+- Please add the following lines to
+- 'config_inc.php'
+- before continuing:
+- |
+-
+-
+-
+-
+- |
+-
+-
+- |
+-
+-
+-
+-
+-
+- - 1.2.19-1
+- new upstream release
+- rebase patch
+- fix CVE-2014-9571, CVE-2014-9572, CVE-2014-9573 (#1183595)
+
+* Tue Dec 9 2014 Gianluca Sforna - 1.2.18-1
+- new upstream release
+- drop upstreamed patches
+- fix several security issues, full list in upstream changelog:
+ http://www.mantisbt.org/bugs/changelog_page.php?version_id=191
+
+* Fri Nov 14 2014 Gianluca Sforna - 1.2.17-4
+- fix CVE-2014-7146, CVE-2014-8598 (#1162046)
+- fix CVE-2014-8554 (#1159295)
+
* Fri Oct 03 2014 Gianluca Sforna - 1.2.17-3
- fix CVE-2014-6387 (#1141310)
diff --git a/sources b/sources
index 442a48a..576bf0e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b3080a3a9351524c547823d33a76106f mantisbt-1.2.17.tar.gz
+8377a0219ec344b9ab9c186012b5114f mantisbt-1.2.19.tar.gz