Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
17 Oct 2013 19:35:22
|
ohauer |
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla: (Only the first 15 lines of the commit message are shown above ) |
4.0.10 26 Sep 2013 19:00:41 |
ohauer |
- add STAGE support to bugzilla ports
- remove bugzilla3 CONFLICTS |
20 Sep 2013 17:03:27
|
bapt |
Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 1) |
4.0.10 31 Jul 2013 06:54:10 |
az |
- Convert to new Uses/perl5.mk framework
- Resolve issues with implicit lang/perl in extract and patch dependencies
- Trim Makefile header
Reviewed by: bapt@ (exp-run)
Approved by: bapt@ (portmrg@) |
4.0.10 06 Jul 2013 10:38:14 |
ohauer |
- fix typo in OPTION group |
4.0.10 20 Jun 2013 21:54:03 |
ohauer |
- use OPTION_GROUP in all devel/bugzilla ports
- s/CONFLICTS/CONFLICTS_INSTALL/
- use easier CONFLICT notation (future proof)
- trim Makefile.common header
- update russian/bugzilla42 language template to version 4.2.6 |
4.0.10 23 May 2013 21:49:39 |
ohauer |
- update bugzilla42 to version 4.2.6 (bugfix release)
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3
The following important fixes/changes have been made in this release:
o MySQL 5.6 is now supported. (Bug 852560)
o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
installing Bugzilla for the first time. (Bug 858911)
o If a custom field depends on a product, component or classification,
the "mandatory" bit was ignored on bug creation. (Bug 782210)
o Queries involving flags were broken in several ways.
These queries have been fixed. (Bug 828344)
o Tabular reports involving the empty resolution did not link bug
counts correctly. (Bug 212471)
o The Bug.search WebService method was returning all visible bugs
when called with no arguments, ignoring the max_search_results
and search_allow_no_criteria parameters. (Bug 859118)
Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html |
4.0.10 20 Feb 2013 06:16:01 |
ohauer |
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786 |
4.0.9 14 Nov 2012 19:29:42 |
ohauer |
- bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4
Summary
=======
The following security issues have been discovered in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility of
a custom field.
* When calling the 'User.get' WebService method with a 'groups'
argument, it is possible to check if the given group names exist
or not. (Only the first 15 lines of the commit message are shown above ) |
4.0.8 01 Sep 2012 20:16:06 |
ohauer |
- update bugzilla bugzilla3 and bugzilla42
- use new bugzilla@ address (members skv@, tota@, ohauer@)
- patch russian/japanese/german bugzilla and bugzilla templates
so the reflect the security updates in the original templates
- patch german/bugzilla42 templates
- adopt new Makefile header
vuxml: 6ad18fe5-f469-11e1-920d-20cf30e32f6d
CVE: CVE-2012-3981
https://bugzilla.mozilla.org/show_bug.cgi?id=785470
https://bugzilla.mozilla.org/show_bug.cgi?id=785522
https://bugzilla.mozilla.org/show_bug.cgi?id=785511 |
4.0.7 25 Aug 2012 10:31:20 |
tota |
- Fix PORTSCOUT
PR: ports/170530
Submitted by: tota (myself)
Approved by: maintainer timeout (> 2 weeks) |
4.0.7 18 Aug 2012 14:29:11 |
ohauer |
- remove www/apache20 and devel/apr0
- s/USE_APACHE= 20+/USE_APACHE= 22+/
- unify s/YES/yes/
- cleanup APACHE_VERSION <= 22 usage
- add entry to MOVED
with hat apache@ |
4.0.7 28 Jul 2012 16:25:12 |
ohauer |
- pkgng: cosmetic fix against lstat messages |
4.0.7 27 Jul 2012 21:34:05 |
ohauer |
- security update bugzilla
new Versions: 3.6.10, 4.0.7, 4.2.2
4.2.2
This release fixes two security issues. See the Security Advisory for details.
In addition, the following important fixes/changes have been made in this
release:
o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
when entered in the CC list of bugs. (Bug 756314)
o Some queries could trigger an invalid SQL query if strings entered by the
user
contained leading or trailing whitespaces. (Bug 760075)
o The auto-completion form for keywords no longer automatically selects the
first keyword in the list when the field is empty. (Bug 764517) (Only the first 15 lines of the commit message are shown above ) |
4.0.6 24 Jul 2012 21:37:07 |
ohauer |
- new port bugzilla42
New Features and Improvements:
- Experimental SQLite Support
- Creating an Attachment by Pasting Text Into a Text Field
- HTML Bugmail (default: on can be disabled in user preference)
- Improved Searching System
- Disabling Old Components, Versions and Milestones
- Displaying a Custom Field Value Based on Multiple Values of Another Field
- Auditing of All Changes Within Bugzilla
- Accessibility Improvements
And many other Improvements, for complete list see:
http://www.bugzilla.org/releases/4.2.1/release-notes.html |
4.0.6 24 Jul 2012 20:41:56 |
ohauer |
- convert to options NG
Approved by: skv@ (implicit) |
4.0.6 24 Jul 2012 19:24:22 |
ohauer |
- fix broken mod_perl include
apache version detect was not enabled,
the time SITE_PERL was removed from *_DEPENDS |
4.0.6 03 Jul 2012 17:38:41 |
az |
graphics/ImageMagick can change package name via PKGNAMESUFFIX.
We should not rely on this.
Reported by: Jarrod Sayers <jarrod at downtools.com.au>
Pointy hat: az@ |
4.0.6 01 Jul 2012 14:42:25 |
crees |
Update devel/p5-chart --> devel/p5-Chart to fix INDEX build
Pointyhat: sunpoet |
4.0.6 29 Jun 2012 10:15:24 |
az |
- Remove SITE_PERL from *_DEPENDS
Approved by: portmgr@ (bapt@) |
4.0.6 21 Apr 2012 17:37:42 |
ohauer |
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry
Approved by: skv (implicit)
Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
CVE-2012-0465
CVE-2012-0466 |
4.0.5 10 Apr 2012 05:15:48 |
ohauer |
- update to 4.0.5
Vulnerability Details
=====================
Class: Cross-Site Request Forgery
Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2
Fixed In: 4.0.5, 4.2
Description: Due to a lack of validation of the enctype form
attribute when making POST requests to xmlrpc.cgi,
a possible CSRF vulnerability was discovered. If a user
visits an HTML page with some malicious HTML code in it,
an attacker could make changes to a remote Bugzilla installation
on behalf of the victim's account by using the XML-RPC API
on a site running mod_perl. Sites running under mod_cgi
are not affected. Also the user would have had to be
already logged in to the target site for the vulnerability
to work.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
CVE Number: CVE-2012-0453
Approved by: skv (implicit) |
4.0.4 06 Feb 2012 12:03:29 |
skv |
Update to 4.0.4
Changes:
http://www.bugzilla.org/releases/4.0.4/release-notes.html#v40_point
Security:
http://www.vuxml.org/freebsd/309542b5-50b9-11e1-b0d8-00151735203a.html |
4.0.3 05 Jan 2012 17:25:28 |
ohauer |
- update to version 3.6.7
- CVE-2011-3657
- CVE-2011-3667
Summary
=======
The following security issues have been discovered in Bugzilla:
* When viewing tabular or graphical reports as well as new charts,
an XSS vulnerability is possible in debug mode.
* The User.offer_account_by_email WebService method lets you create
a new user account even if the active authentication method forbids
users to create an account.
* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
lead to the creation of unwanted bug reports and attachments.
All affected installations are encouraged to upgrade as soon as possible.
Full Release Notes:
http://www.bugzilla.org/security/3.4.12/
Approved by: skv@ (explicit) |
4.0.2_1 17 Oct 2011 04:35:02 |
dougb |
Remove references to mysql 323 and 40, most commonly of the form:
IGNORE_WITH_MYSQL= 323 40 |
4.0.2_1 27 Aug 2011 10:18:44 |
ohauer |
- Fix checksetup issue if p5-version>=0.92 is installed (which is in current
ports tree)
See https://bugzilla.mozilla.org/show_bug.cgi?id=678772
PR: ports/159823
Submitted by: ohauer
Approved by: skv (per mail)
Obtained from:
https://bugzilla.mozilla.org/attachment.cgi?id=552915&action=diff |
4.0.2 13 Aug 2011 18:24:21 |
skv |
Update to 4.0.2
Changes: http://www.bugzilla.org/releases/4.0.2/release-notes.html
Security:
http://www.vuxml.org/freebsd/dc8741b9-c5d5-11e0-8a8e-00151735203a.html
PR: ports/159576
Submitted by: Peter Vereshagin <peter@vereshagin.org> |
4.0.1_1 18 Jul 2011 21:56:02 |
ohauer |
- create missing (empty) directory (bugzilla) so checksetup does not fail
- use DIST_SUBDIR for bugzilla and all translations
- sort pkg-plist (genplist)
OK from bugzilla maintainers per PM.
PR: ports/158766
Submitted by: ohauer |
4.0.1 11 Jun 2011 04:25:06 |
tota |
- Update to 4.0.1 [1]
- Cleanup CONFLICTS/PORTSCOUT among Makefiles and Makefile.common
Submitted by: ohauer (via private e-mail) [1] |
4.0.1 07 Jun 2011 16:00:26 |
skv |
- Remove obsolete devel/bugzilla2
- Tune devel/bugzilla* : add PORTSCOUT, LATEST_LINK, CONFLICTS, LICENSE |
4.0.1 07 Jun 2011 13:30:01 |
skv |
- Copy devel/bugzilla to devel/bugzilla3; russian/bugzilla-ru to
russian/bugzilla3-ru
- Update devel/bugzilla, russian/bugzilla-ru to 4.0.1
- Update devel/bugzilla3, russian/bugzilla3-ru to 3.6.5
Changes: http://www.bugzilla.org/releases/4.0.1/release-notes.html
http://www.bugzilla.org/releases/3.6.5/release-notes.html |
3.6.4_1 22 May 2011 22:16:27 |
ohauer |
- bump because of mod_perl2 update
- order pkg-plist so it match autmated tools like genplist
- add missing empty directories (used by checksetup.pl) [1]
commit with hat apache@
PR: [1] ports/154295
Submitted by: me |
3.6.4 25 Jan 2011 15:49:49 |
skv |
Update to 3.6.4
Changes: http://www.bugzilla.org/releases/3.6.4/release-notes.html
Security:
http://www.vuxml.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html
Feature safe: yes |
3.6.3 12 Dec 2010 05:56:19 |
tota |
- Update to 3.6.3 [1]
- Use WWWDIR instead of some other custom locations [2]
- Add Makefile.common which Makefiles in devel/bugzilla, russian/bugzilla-ru
and japanese/bugzilla include to use WWWDIR in common [2]
Changes: http://www.bugzilla.org/releases/3.6.3/release-notes.html [1]
Security: http://www.bugzilla.org/security/3.2.8/ [1]
PR: ports/151912 [1], [2]
Submitted by: ohauer [1], tota (myself) [2]
Approved by: skv |
3.6.2_1 21 Sep 2010 16:08:11 |
mm |
Explicitly depend on p5-Digest-MD5 only if PERL_LEVEL < 500703
Explicitly depend on p5-Digest-SHA only if PERL_LEVEL < 501000 |
3.6.2 06 Sep 2010 07:58:29 |
skv |
Update to 3.6.2
Changes: http://www.bugzilla.org/releases/3.6.2/release-notes.html
Security:
http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html
PR: ports/149721
Submitted by: ohauer |
3.6.1 05 Jul 2010 16:42:22 |
skv |
Update to 3.6.1
Changes: http://www.bugzilla.org/releases/3.6.1/release-notes.html
Security:
http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html
PR: ports/148149
Submitted by: olli hauer <ohauer@gmx.de>
Feature safe: yes |
3.6 16 Apr 2010 07:15:08 |
skv |
Update to 3.6
Changes: http://www.bugzilla.org/releases/3.6/release-notes.html |
3.4.6_1 28 Mar 2010 06:47:48 |
dinoex |
- update to 1.4.1
Reviewed by: exp8 run on pointyhat
Supported by: miwi |
3.4.6 25 Mar 2010 13:25:48 |
tota |
- Update to 3.4.6 [1]
- Remove ja-bugzilla-2.* from CONFLICT entries of devel/bugzilla,
devel/bugzilla2 and russian/bugzilla-ru [2]
- Change MAINTAINER address from tota@rtfm.jp to tota@FreeBSD.org
[1] This port has been updated from the bugzilla Japanized patch to
bugzilla Japanese language pack installation, both of which are
maintained differently.
* Japanized patch is not actively maintained anymore.
* More sophisticated language pack framework has been introduced since
Bugzilla 3.0.
[2] This port no longer conflicts with those ports due to the new language
pack framework.
Approved by: maho (mentor) |
3.4.6 08 Mar 2010 12:51:42 |
skv |
Fix dependency name.
Pointed by: QAT |
3.4.6 08 Mar 2010 12:26:34 |
skv |
Update to 3.4.6
Changes: http://www.bugzilla.org/releases/3.4.6/release-notes.html |
3.4.5_1 05 Feb 2010 11:46:55 |
dinoex |
- update to jpeg-8 |
3.4.5 01 Feb 2010 16:53:26 |
skv |
- Update to 3.4.5 [1]
- Use $SUB_FILES & $SUB_LIST to dynamically adjust pkg-message [2]
Changes: http://www.bugzilla.org/security/3.0.10/ [1]
Security:
http://www.vuxml.org/freebsd/696053c6-0f50-11df-a628-001517351c22.html
PR: ports/142446 [2]
Submitted by: Sevan Janiyan <venture37 xx geeklan.co.uk> [2] |
3.4.4_2 29 Jan 2010 04:56:59 |
kuriyama |
- Remove unneeded dependencies which is in perl-5.8.9 dist
(part 17).
Approved by: portmgr (itetcu) |
3.4.4_1 24 Nov 2009 21:44:45 |
pav |
- Remove mail/p5-Email-MIME-Creator, it has been folded into mail/p5-Email-MIME
- Remove mail/p5-Email-MIME-Modifier, it has been folded into mail/p5-Email-MIME
- Remove mail/p5-Email-Simple-Creator, it has been folded into
mail/p5-Email-Simple
- Adjust dependencies
Reported by: pointyhat
With hat: portmgr |
3.4.4 23 Nov 2009 18:11:10 |
skv |
Update to 3.4.4.
Changes: http://www.bugzilla.org/security/3.4.3/
Security:
http://www.vuxml.org/freebsd/92ca92c1-d859-11de-89f9-001517351c22.html |
3.4.3 12 Nov 2009 21:03:46 |
skv |
Update to 3.4.3
Changes: http://www.bugzilla.org/releases/3.4.3/release-notes.html
PR: ports/140327
Submitted by: Sahil Tandon <sahil xx tandon.net> |
3.4.2 17 Sep 2009 13:30:01 |
skv |
Update to 3.4.2.
Changes: http://www.bugzilla.org/security/3.0.8/
Security:
http://www.vuxml.org/freebsd/b9ec7fe3-a38a-11de-9c6b-003048818f40.html
Feature safe: yes |
3.4.1 17 Aug 2009 11:05:11 |
skv |
Update to 3.4.1.
Changes: http://www.bugzilla.org/security/3.4/
Security:
http://www.vuxml.org/freebsd/d67b517d-8214-11de-88ea-001a4d49522b.html |
3.4 30 Jul 2009 15:41:51 |
skv |
Update to 3.4
Changes: http://www.bugzilla.org/releases/3.4/release-notes.html |
3.2.3 12 Apr 2009 20:39:05 |
skv |
Update to 3.2.3
Changes:
http://www.bugzilla.org/releases/3.2.3/release-notes.html#v32_point |
3.2.2 14 Feb 2009 21:54:27 |
skv |
Update to 3.2.2
Changes: http://www.bugzilla.org/releases/3.2.2/release-notes.html
PR: ports/131404
Submitted by: pgollucci |
3.2_1 01 Dec 2008 19:07:45 |
skv |
Install killer feature - 'Dusk' skin. |
3.2 01 Dec 2008 15:38:51 |
skv |
Update to 3.2
Changes: http://www.bugzilla.org/releases/3.2/release-notes.html
PR: ports/129333
Submitted by: Eygene Ryabinkin <rea-fbsd xx codelabs.ru> |
3.0.6 07 Nov 2008 14:45:07 |
skv |
Update to 3.0.6
Changes: http://www.bugzilla.org/releases/3.0.6/release-notes.html |
3.0.5 15 Aug 2008 16:32:28 |
skv |
Update to 3.0.5
Changes: http://www.bugzilla.org/releases/3.0.5/release-notes.html
Security:
http://www.vuxml.org/freebsd/1d96305d-6ae6-11dd-91d5-000c29d47fd7.html |
3.0.4 11 Aug 2008 12:01:35 |
skv |
Set PORTSCOUT. |
3.0.4 28 Jul 2008 12:47:43 |
skv |
Update to 3.0.4
Changes:
http://www.bugzilla.org/releases/3.0.4/release-notes.html#v30_point |
3.0.3 07 Feb 2008 09:35:11 |
skv |
Update to 3.0.3
Changes:
http://www.bugzilla.org/releases/3.0.3/release-notes.html#v30_point |
3.0.2 22 Sep 2007 10:27:15 |
skv |
Update to 3.0.2
PR: ports/116517
Submitted by: Nick Barkas <snb xxx threerings.net>
Changes: http://www.bugzilla.org/releases/3.0.2/release-notes.html
Security:
http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html |
3.0.1 30 Aug 2007 12:37:12 |
skv |
Update to 3.0.1
Changes: http://www.bugzilla.org/releases/3.0.1/release-notes.html |
3.0 28 May 2007 12:03:47 |
skv |
* fix dependencies
* fix perl path [1]
PR: ports/112257 [1]
Submitted by: Christopher McCrory<chrismcc+freebsd xx pricegrabber.com> [1] |
3.0 27 May 2007 13:16:35 |
skv |
Upgrade Bugzilla to 3.0; repocopy 2.x branch to devel/bugzilla2 |
2.22.2_1 19 May 2007 20:32:57 |
flz |
- Welcome X.org 7.2 \o/.
- Set X11BASE to ${LOCALBASE} for recent ${OSVERSION}.
- Bump PORTREVISION for ports intalling files in ${X11BASE}. |
2.22.2 12 Feb 2007 14:23:26 |
skv |
* update to 2.22.2
* remove EMAIL_GATEWAY option (it's by default now)
* add dependency on p5-Mail-Tools [1]
Changes: http://www.bugzilla.org/releases/2.22.2/release-notes.html
PR: ports/103453 [1]
Submitted by: Cezary Morga <cezarym@data.pl> [1] |
2.22.1 15 Nov 2006 14:47:21 |
skv |
Update to 2.22.1
Changes: http://www.bugzilla.org/releases/2.22.1/release-notes.html
PR: ports/105554
Sumbitted by: Ulrich Spoerlein <uspoerlein xxx gmail.com> |
2.22 05 Jul 2006 02:30:58 |
linimon |
Change all bogus uses of BROKEN to IGNORE. See CHANGES 20060705.
PR: ports/92445
Hat: portmgr |
2.22 13 May 2006 06:57:44 |
ale |
Remove redundant DEFAULT_MYSQL_VER and fix package for the future mysql
default version bump. |
2.22 02 May 2006 13:27:52 |
skv |
Update to 2.22
Changes: http://www.bugzilla.org/releases/2.22/release-notes.html |
2.20.1 27 Feb 2006 14:40:23 |
skv |
Update Bugzilla to 2.20.1
Approved by: portmgr (clement)
Pointed by: mnag
Security: http://vuxml.FreeBSD.org/46f7b598-a781-11da-906a-fde5cdde365e |
2.20 20 Feb 2006 01:21:11 |
kris |
Try to remove www/data |
2.20 22 Jan 2006 08:30:12 |
edwin |
SHA256ify
Approved by: krion@ |
2.20 22 Jan 2006 01:48:34 |
edwin |
Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry
Approved by: krion@
PR: ports/88711 (related) |
2.20 26 Oct 2005 08:26:52 |
skv |
Unbreak build. |
2.20 26 Oct 2005 06:17:02 |
kris |
BROKEN: Missing perl dependency |
2.20 06 Oct 2005 12:41:17 |
skv |
Update to 2.20 |
2.18.3 11 Jul 2005 14:13:23 |
skv |
Update to 2.18.3, bug-fixes:
* https://bugzilla.mozilla.org/show_bug.cgi?id=293159
* https://bugzilla.mozilla.org/show_bug.cgi?id=292544
Reported by: simon
Security:
http://vuxml.freebsd.org/6e33f4ab-efed-11d9-8310-0001020eed82.html |
2.18.1_1 11 Jun 2005 16:13:12 |
skv |
* reflect renaming on CPAN File-Spec to PathTools
+ add devel/p5-PathTools, remove devel/p5-File-Spec
+ update dependencies for all affected ports (make them unconditional),
bump PORTREVISION for these ports
module was renamed
* reflect renaming on CPAN PodParser to Pod-Parser
+ add textproc/p5-Pod-Parser, remove textproc/p5-PodParser
+ update dependencies for all affected ports (make them unconditional),
bump PORTREVISION for these ports
* for all changed ports make dependencies on File::Temp, Digest::MD5,
Storable unconditional
* remove 'CONFIGURE_ARGS= INSTALLDIRS=site' from Makefile's
(this variable is forced by bsd.port.mk now)
* update Class-Autouse to 1.17
* update POE-API-Hooks to 1.05
* make portlint happy (clean IGNORE, convert spaces to tabs and so on) |
2.18.1 08 Jun 2005 14:56:01 |
skv |
Update to 2.18.1
PR: ports/81583
Submitted by: Choe, Cheng-Dae <whitekid at gmail.com> |
2.18_2 21 Apr 2005 08:31:39 |
skv |
* fix Data::Dumper detection
* fix pkg-message |
2.18_2 20 Apr 2005 16:54:53 |
skv |
* add OPTIONS
* use APACHE_DATADIR if defined
* fix RUN_DEPENDS
* fix pkg-plist
* update pkg-descr
* take maintainership |
2.18_1 24 Feb 2005 21:42:41 |
sem |
- Because of bugzilla's bugs. checksetup.pl doesn't check File::Spec modules
version. So disable it's version check.
(https://bugzilla.mozilla.org/show_bug.cgi?id=257933)
- fix web server's uid/gid
- fix plist that not listed
PR: ports/76946
Submitted by: "Choe, Cheng-Dae" <whitekid (at) gmail.com> |
2.18 24 Jan 2005 16:44:21 |
pav |
- Update to 2.18
PR: ports/76531
Submitted by: "Choe, Cheng-Dae" <whitekid@gmail.com> |
2.16.7 27 Oct 2004 19:23:53 |
pav |
- Update to 2.16.7, a security release:
Class: Unauthorized Bug Change
Versions: 2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
message to process_bug.cgi which will remove keywords from
a bug even if you don't have permissions to edit all bug
fields (the "editbugs" permission). Such changes are
reported in "bug changed" email notifications, so they are
easily detected and reversed if someone abuses it.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=252638
- Correct SQL command in pkg-message
PR: ports/71161, ports/73166
Submitted by: Dmitry A Grigorovich <odip@bionet.nsc.ru> |
2.16.6 17 Jul 2004 05:22:20 |
edwin |
[PATCH] devel/bugzilla: update to 2.16.6
- Update to 2.16.6
PR: ports/69105
Submitted by: TAKATSU Tomonari <tota@rtfm.jp> |
2.16.5 14 Jul 2004 23:18:18 |
eik |
Fix DIST_SUBDIR and make the port fetchable again.
Note that it is still vulnerable to
<http://www.freebsd.org/ports/portaudit/672975cb-d526-11d8-b479-02e0185c0b53.html> |
2.16.5 14 Jul 2004 22:18:27 |
kris |
BROKEN: Unfetchable |
2.16.5 30 Jun 2004 08:27:10 |
eik |
- update devel/bugzilla to 2.16.5
- new slave port japanese/bugzilla
PR: 68318, 68319
Submitted by: TAKATSU Tomonari <tota@rtfm.jp> |
2.16.4_1 12 Feb 2004 04:36:05 |
linimon |
Modifications to make this a master port for upcoming slave port
japanese/bugzilla. Should have no effect otherwise.
PR: ports/62545
Submitted by: TAKATSU Tomonari <tota@rtfm.jp> |
2.16.4 05 Feb 2004 19:17:40 |
trevor |
Remove redundant master site.
PR: 62372
Submitted by: Tom McLaughlin |
2.16.4 29 Jan 2004 07:24:56 |
trevor |
SIZEify. |
2.16.4 21 Nov 2003 11:36:02 |
jeh |
There are several security related problem in bugzilla 2.16.3 and earlier,
The bugzilla developer released a security advisory.
see: http://www.bugzilla.org/security/2.16.3/
PR: 58905
Submitted by: Kang Liu |
2.16.3_1 13 Nov 2003 14:45:08 |
trevor |
Use the FIND and XARGS macros introduced in bsd.port.mk 1.391. |
2.16.3_1 24 Oct 2003 12:05:09 |
ijliao |
utilize SITE_PERL
PR: 58166
Submitted by: Cheng-Lung Sung <clsung@dragon2.net> |
2.16.3_1 05 Oct 2003 16:40:42 |
leeym |
The devel/bugzilla port has an explicit LIB_DEPENDS dependency on
libmysqlclient.so.10 from the mysql323-client port. However, bugzilla
will work fine with just about any version of MySQL.
Could just insert USE_MYSQL, but the bugzilla port only really needs
access to the perl DBD::Mysql modules and can depend on MySQL
implicitly through that port..
PR: 57607
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> |
2.16.3_1 27 Sep 2003 00:23:56 |
edwin |
ECHO -> ECHO_MSG
(ECHO_CMD for deskutils/notebook)
PR: ports/56767-56770,56772-56774,56776-56784
Submitted by: KATO Tsuguru <tkato@prontomail.com> |
2.16.3_1 16 Sep 2003 05:43:52 |
erwin |
Conditionalise dependencies on databases/p5-DBI: for perl
5.005_03 use databases/p5-DBI-137 as newer versions do not
support the old perl.
Note that for some port, I merely removed the explicit
dependency as they already have implicit dependencies
via other ports.
Approved by: portmgr (marcus) |
2.16.3_1 03 Jul 2003 14:26:03 |
osa |
Fix a typo: s/NOPORTSDOCS/NOPORTDOCS/ for Makefile [1]
Use ${DOCSDIR} [2]
s/share\/doc\/.../%%DOCSDIR%%/ for pkg-plist [2]
PR: 53911
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com> [1]
osa [2]
Approved by: fjoe (mentor) (implicit) |
2.16.3_1 20 May 2003 07:26:34 |
wjv |
- Fix something which has been broken in this port for a long time:
installation to ${PREFIX}/www/data.default. "data.default" was an artifact
of a long obsolete version of the Apache port. Put installation directory
under control of a variable $BUGZILLADIR instead. Carry through to
pkg-plist via a pragma.
- Bump $PORTREVISION. |