diff --git a/.cvsignore b/.cvsignore
deleted file mode 100644
index 6399c1b..0000000
--- a/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-bugzilla-3.2.3.tar.gz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e6ff977
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+bugzilla-3.2.6.tar.gz
+/bugzilla-3.2.10.tar.gz
diff --git a/Makefile b/Makefile
deleted file mode 100644
index c2b3080..0000000
--- a/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
-# Makefile for source rpm: bugzilla
-# $Id$
-NAME := bugzilla
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)
diff --git a/README.fedora.bugzilla b/README.fedora.bugzilla
index 2611a75..9814898 100644
--- a/README.fedora.bugzilla
+++ b/README.fedora.bugzilla
@@ -20,6 +20,6 @@ put in place after configuration is done. The first is a daily cron job for
statistics collection. This is in the file "cron.daily" and can be enabled by
simply copying this file to /etc/cron.daily/bugzilla (or any other file name
in the /etc/cron.daily/ directory). The second is the "whine" cron job,
-designed to run every 15 minutes. To enable this job, simply coopy the
+designed to run every 15 minutes. To enable this job, simply copy the
cron.whine file to /etc/cron.d/bugzilla (or any othe filename within the
/etc/cron.d/ directory).
diff --git a/bugzilla-3.2.10-CVE-2011-2379.patch b/bugzilla-3.2.10-CVE-2011-2379.patch
new file mode 100644
index 0000000..047ddba
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-2379.patch
@@ -0,0 +1,240 @@
+=== modified file 'Bugzilla/Attachment/PatchReader.pm'
+--- Bugzilla/Attachment/PatchReader.pm 2008-06-29 22:35:28 +0000
++++ Bugzilla/Attachment/PatchReader.pm 2011-07-07 06:04:15 +0000
+@@ -37,6 +37,7 @@
+ $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
+ # Actually print out the patch.
+ print $cgi->header(-type => 'text/plain',
++ -x_content_type_options => "nosniff",
+ -expires => '+3M');
+ disable_utf8();
+ $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
+@@ -118,6 +119,7 @@
+ $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
+ # Actually print out the patch.
+ print $cgi->header(-type => 'text/plain',
++ -x_content_type_options => "nosniff",
+ -expires => '+3M');
+ disable_utf8();
+ }
+
+=== modified file 'attachment.cgi'
+--- attachment.cgi 2009-09-30 08:53:25 +0000
++++ attachment.cgi 2011-07-21 06:21:26 +0000
+@@ -71,10 +71,13 @@
+
+ # Determine whether to use the action specified by the user or the default.
+ my $action = $cgi->param('action') || 'view';
++my $format = $cgi->param('format') || '';
+
+ # You must use the appropriate urlbase/sslbase param when doing anything
+-# but viewing an attachment.
+-if ($action ne 'view') {
++# but viewing an attachment, or a raw diff.
++if ($action ne 'view'
++ && (($action !~ /^(?:interdiff|diff)$/) || $format ne 'raw'))
++{
+ my $urlbase = Bugzilla->params->{'urlbase'};
+ my $sslbase = Bugzilla->params->{'sslbase'};
+ my $path_regexp = $sslbase ? qr/^(\Q$urlbase\E|\Q$sslbase\E)/ : qr/^\Q$urlbase\E/;
+@@ -172,7 +175,8 @@
+ # non-natural, so use the original value from $cgi in our exception
+ # message here.
+ detaint_natural($attach_id)
+- || ThrowUserError("invalid_attach_id", { attach_id => $cgi->param($param) });
++ || ThrowUserError("invalid_attach_id",
++ { attach_id => scalar $cgi->param($param) });
+
+ # Make sure the attachment exists in the database.
+ my $attachment = Bugzilla::Attachment->get($attach_id)
+@@ -249,53 +253,71 @@
+ { bug_id => $bugid });
+ }
+
+-################################################################################
+-# Functions
+-################################################################################
++# Gets the attachment object(s) generated by validateID, while ensuring
++# attachbase and token authentication is used when required.
++sub get_attachment {
++ my @field_names = @_ ? @_ : qw(id);
+
+-# Display an attachment.
+-sub view {
+- my $attachment;
++ my %attachments;
+
+ if (use_attachbase()) {
+- $attachment = validateID(undef, 1);
+- # Replace %bugid% by the ID of the bug the attachment belongs to, if present.
++ # Load each attachment, and ensure they are all from the same bug
++ my $bug_id = 0;
++ foreach my $field_name (@field_names) {
++ my $attachment = validateID($field_name, 1);
++ if (!$bug_id) {
++ $bug_id = $attachment->bug_id;
++ } elsif ($attachment->bug_id != $bug_id) {
++ ThrowUserError('attachment_bug_id_mismatch');
++ }
++ $attachments{$field_name} = $attachment;
++ }
+ my $attachbase = Bugzilla->params->{'attachment_base'};
+- my $bug_id = $attachment->bug_id;
+ $attachbase =~ s/%bugid%/$bug_id/;
+- my $path = 'attachment.cgi?id=' . $attachment->id;
+- # The user is allowed to override the content type of the attachment.
+- if (defined $cgi->param('content_type')) {
+- $path .= '&content_type=' . url_quote($cgi->param('content_type'));
+- }
++ my @args = map { $_ . '=' . $attachments{$_}->id } @field_names;
++ my $cgi_params = $cgi->canonicalise_query(@field_names, 't',
++ 'Bugzilla_login', 'Bugzilla_password');
++ push(@args, $cgi_params) if $cgi_params;
++ my $path = 'attachment.cgi?' . join('&', @args);
+
+ # Make sure the attachment is served from the correct server.
+ if ($cgi->self_url !~ /^\Q$attachbase\E/) {
+ # We couldn't call Bugzilla->login earlier as we first had to make sure
+ # we were not going to request credentials on the alternate host.
+ Bugzilla->login();
+- if (attachmentIsPublic($attachment)) {
++ if (all_attachments_are_public(\%attachments)) {
+ # No need for a token; redirect to attachment base.
+ print $cgi->redirect(-location => $attachbase . $path);
+ exit;
+ } else {
+ # Make sure the user can view the attachment.
+- check_can_access($attachment);
++ foreach my $field_name (@field_names) {
++ check_can_access($attachments{$field_name});
++ }
+ # Create a token and redirect.
+- my $token = url_quote(issue_session_token($attachment->id));
++ my $token = url_quote(issue_session_token(pack_token_data(\%attachments)));
+ print $cgi->redirect(-location => $attachbase . "$path&t=$token");
+ exit;
+ }
+ } else {
+ # No need to validate the token for public attachments. We cannot request
+ # credentials as we are on the alternate host.
+- if (!attachmentIsPublic($attachment)) {
++ if (!all_attachments_are_public(\%attachments)) {
+ my $token = $cgi->param('t');
+- my ($userid, undef, $token_attach_id) = Bugzilla::Token::GetTokenData($token);
+- unless ($userid
+- && detaint_natural($token_attach_id)
+- && ($token_attach_id == $attachment->id))
+- {
++ my ($userid, undef, $token_data) = Bugzilla::Token::GetTokenData($token);
++ my %token_data = unpack_token_data($token_data);
++ my $valid_token = 1;
++ foreach my $field_name (@field_names) {
++ my $token_id = $token_data{$field_name};
++ if (!$token_id
++ || !detaint_natural($token_id)
++ || $attachments{$field_name}->id != $token_id)
++ {
++ $valid_token = 0;
++ last;
++ }
++ }
++ unless ($userid && $valid_token) {
+ # Not a valid token.
+ print $cgi->redirect('-location' => correct_urlbase() . $path);
+ exit;
+@@ -309,8 +331,48 @@
+ } else {
+ # No alternate host is used. Request credentials if required.
+ Bugzilla->login();
+- $attachment = validateID();
+- }
++ foreach my $field_name (@field_names) {
++ $attachments{$field_name} = validateID($field_name);
++ }
++ }
++
++ return wantarray
++ ? map { $attachments{$_} } @field_names
++ : $attachments{$field_names[0]};
++}
++
++sub all_attachments_are_public {
++ my $attachments = shift;
++ foreach my $field_name (keys %$attachments) {
++ if (!attachmentIsPublic($attachments->{$field_name})) {
++ return 0;
++ }
++ }
++ return 1;
++}
++
++sub pack_token_data {
++ my $attachments = shift;
++ return join(' ', map { $_ . '=' . $attachments->{$_}->id } keys %$attachments);
++}
++
++sub unpack_token_data {
++ my @token_data = split(/ /, shift || '');
++ my %data;
++ foreach my $token (@token_data) {
++ my ($field_name, $attach_id) = split('=', $token);
++ $data{$field_name} = $attach_id;
++ }
++ return %data;
++}
++
++################################################################################
++# Functions
++################################################################################
++
++# Display an attachment.
++sub view {
++ my $attachment = get_attachment();
+
+ # At this point, Bugzilla->login has been called if it had to.
+ my $contenttype = $attachment->contenttype;
+@@ -345,9 +407,14 @@
+
+ sub interdiff {
+ # Retrieve and validate parameters
+- my $old_attachment = validateID('oldid');
+- my $new_attachment = validateID('newid');
+ my $format = validateFormat('html', 'raw');
++ my($old_attachment, $new_attachment);
++ if ($format eq 'raw') {
++ ($old_attachment, $new_attachment) = get_attachment('oldid', 'newid');
++ } else {
++ $old_attachment = validateID('oldid');
++ $new_attachment = validateID('newid');
++ }
+ my $context = validateContext();
+
+ Bugzilla::Attachment::PatchReader::process_interdiff(
+@@ -356,8 +423,8 @@
+
+ sub diff {
+ # Retrieve and validate parameters
+- my $attachment = validateID();
+ my $format = validateFormat('html', 'raw');
++ my $attachment = $format eq 'raw' ? get_attachment() : validateID();
+ my $context = validateContext();
+
+ # If it is not a patch, view normally.
+
+=== modified file 'contrib/fixperms.pl' (properties changed: -x to +x)
+=== modified file 'template/en/default/global/user-error.html.tmpl'
+--- template/en/default/global/user-error.html.tmpl 2010-11-02 23:12:13 +0000
++++ template/en/default/global/user-error.html.tmpl 2011-07-07 06:04:15 +0000
+@@ -102,6 +102,11 @@
+ [% terms.Bug %] aliases cannot be longer than 20 characters.
+ Please choose a shorter alias.
+
++ [% ELSIF error == "attachment_bug_id_mismatch" %]
++ [% title = "Invalid Attachments" %]
++ You tried to perform an action on attachments from different [% terms.bugs %].
++ This operation requires all attachments to be from the same [% terms.bug %].
++
+ [% ELSIF error == "auth_cant_create_account" %]
+ [% title = "Can't create accounts" %]
+ This site is using an authentication scheme which does not permit
+
diff --git a/bugzilla-3.2.10-CVE-2011-2380.patch b/bugzilla-3.2.10-CVE-2011-2380.patch
new file mode 100644
index 0000000..af94665
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-2380.patch
@@ -0,0 +1,28 @@
+=== modified file 'Bugzilla/Bug.pm'
+--- Bugzilla/Bug.pm 2010-10-28 15:27:58 +0000
++++ Bugzilla/Bug.pm 2011-08-01 21:28:07 +0000
+@@ -1403,7 +1403,7 @@
+ || ThrowUserError("invalid_group_ID");
+
+ # This can only happen if somebody hacked the enter_bug form.
+- ThrowCodeError("inactive_group", { name => $group->name })
++ ThrowCodeError("inactive_group", { group_id => $id })
+ unless $group->is_active;
+
+ my $membercontrol = $controls->{$id}
+
+=== modified file 'template/en/default/global/code-error.html.tmpl'
+--- template/en/default/global/code-error.html.tmpl 2010-12-30 16:50:29 +0000
++++ template/en/default/global/code-error.html.tmpl 2011-08-01 21:29:11 +0000
+@@ -217,8 +217,8 @@
+ A legal [% field FILTER html %] was not set.
+
+ [% ELSIF error == "inactive_group" %]
+- Attempted to add [% terms.bug %] to the '[% name FILTER html %]'
+- group, which is not used for [% terms.bugs %].
++ Attempted to add [% terms.abug %] to group ID [% group_id FILTER html %],
++ which is not used for [% terms.bugs %].
+
+ [% ELSIF error == "invalid_attach_id_to_obsolete" %]
+ The attachment number of one of the attachments you wanted to obsolete,
+
diff --git a/bugzilla-3.2.10-CVE-2011-2381.patch b/bugzilla-3.2.10-CVE-2011-2381.patch
new file mode 100644
index 0000000..0d64a00
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-2381.patch
@@ -0,0 +1,27 @@
+=== modified file 'Bugzilla/Template.pm'
+--- Bugzilla/Template.pm 2011-02-14 21:56:52 +0000
++++ Bugzilla/Template.pm 2011-07-06 14:44:21 +0000
+@@ -549,6 +549,9 @@
+ # as prefix. In addition it replaces a ' ' by a '_'.
+ css_class_quote => \&Bugzilla::Util::css_class_quote ,
+
++ # Removes control characters and trims extra whitespace.
++ clean_text => \&Bugzilla::Util::clean_text ,
++
+ quoteUrls => [ sub {
+ my ($context, $bug) = @_;
+ return sub {
+
+=== modified file 'template/en/default/request/email.txt.tmpl'
+--- template/en/default/request/email.txt.tmpl 2009-09-03 19:05:33 +0000
++++ template/en/default/request/email.txt.tmpl 2011-07-06 14:43:11 +0000
+@@ -50,7 +50,7 @@
+ To: [% to %]
+ Subject: [% flag.type.name %] [%+ subject_status %]: [[% terms.Bug %] [%+ bug.bug_id %]] [% bug.short_desc %]
+ [%- IF attachment %] :
+- [Attachment [% attachment.id %]] [% attachment.description %][% END %]
++ [Attachment [% attachment.id %]] [% attachment.description FILTER clean_text %][% END %]
+ X-Bugzilla-Type: request
+ [%+ threadingmarker %]
+
+
diff --git a/bugzilla-3.2.10-CVE-2011-2976.patch b/bugzilla-3.2.10-CVE-2011-2976.patch
new file mode 100644
index 0000000..c8d8e93
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-2976.patch
@@ -0,0 +1,96 @@
+=== modified file 'template/en/default/bug/navigate.html.tmpl'
+--- template/en/default/bug/navigate.html.tmpl 2008-01-28 01:21:11 +0000
++++ template/en/default/bug/navigate.html.tmpl 2011-05-26 19:06:35 +0000
+@@ -44,22 +44,24 @@
+ [% END %]
+
+ [% IF this_bug_idx != -1 %]
+- First
+- Last
++ First
++ Last
+ [% END %]
+
+ [% IF bug.bug_id %]
+ [% IF this_bug_idx != -1 %]
+ [% IF this_bug_idx > 0 %]
+ [% prev_bug = this_bug_idx - 1 %]
+- Prev
++ Prev
+ [% ELSE %]
+ Prev
+ [% END %]
+
+ [% IF this_bug_idx + 1 < bug_list.size %]
+ [% next_bug = this_bug_idx + 1 %]
+- Next
++ Next
+ [% ELSE %]
+ Next
+ [% END %]
+
+=== modified file 'template/en/default/filterexceptions.pl'
+--- template/en/default/filterexceptions.pl 2009-10-26 11:31:52 +0000
++++ template/en/default/filterexceptions.pl 2011-05-26 19:15:14 +0000
+@@ -250,10 +250,6 @@
+ ],
+
+ 'global/site-navigation.html.tmpl' => [
+- 'bug_list.first',
+- 'bug_list.$prev_bug',
+- 'bug_list.$next_bug',
+- 'bug_list.last',
+ 'bug.bug_id',
+ 'bug.votes',
+ ],
+@@ -300,13 +296,6 @@
+ '" spellcheck=\"$spellcheck\"" IF spellcheck',
+ ],
+
+-'bug/navigate.html.tmpl' => [
+- 'bug_list.first',
+- 'bug_list.last',
+- 'bug_list.$prev_bug',
+- 'bug_list.$next_bug',
+-],
+-
+ 'bug/show-multiple.html.tmpl' => [
+ 'attachment.id',
+ 'flag.status',
+
+=== modified file 'template/en/default/global/site-navigation.html.tmpl'
+--- template/en/default/global/site-navigation.html.tmpl 2008-08-08 06:26:33 +0000
++++ template/en/default/global/site-navigation.html.tmpl 2011-05-26 19:16:12 +0000
+@@ -36,8 +36,10 @@
+ [% IF bug_list && bug_list.size > 0 %]
+
+
+-
+-
++
++
+
+ [% IF bug && bug.bug_id %]
+ [% current_bug_idx = lsearch(bug_list, bug.bug_id) %]
+@@ -45,12 +47,14 @@
+
+ [% IF current_bug_idx > 0 %]
+ [% prev_bug = current_bug_idx - 1 %]
+-
++
+ [% END %]
+
+ [% IF current_bug_idx + 1 < bug_list.size %]
+ [% next_bug = current_bug_idx + 1 %]
+-
++
+ [% END %]
+
+ [% END %]
+
diff --git a/bugzilla-3.2.10-CVE-2011-2978.patch b/bugzilla-3.2.10-CVE-2011-2978.patch
new file mode 100644
index 0000000..36508b9
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-2978.patch
@@ -0,0 +1,13 @@
+=== modified file 'userprefs.cgi'
+--- userprefs.cgi 2009-02-02 19:21:09 +0000
++++ userprefs.cgi 2011-07-22 08:00:33 +0000
+@@ -120,7 +120,7 @@
+ && Bugzilla->params->{"allowemailchange"}
+ && $cgi->param('new_login_name'))
+ {
+- my $old_login_name = $cgi->param('Bugzilla_login');
++ my $old_login_name = $user->login;
+ my $new_login_name = trim($cgi->param('new_login_name'));
+
+ if($old_login_name ne $new_login_name) {
+
diff --git a/bugzilla-3.2.10-CVE-2011-3657.patch b/bugzilla-3.2.10-CVE-2011-3657.patch
new file mode 100644
index 0000000..30ad9d0
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-3657.patch
@@ -0,0 +1,29 @@
+=== modified file 'Bugzilla/Chart.pm'
+--- Bugzilla/Chart.pm 2010-07-06 00:42:57 +0000
++++ Bugzilla/Chart.pm 2011-10-27 13:19:40 +0000
+@@ -438,7 +438,7 @@
+
+ require Data::Dumper;
+ print "Bugzilla::Chart object:\n";
+- print Data::Dumper::Dumper($self);
++ print html_quote(Data::Dumper::Dumper($self));
+ print "
";
+ }
+
+
+=== modified file 'report.cgi'
+--- report.cgi 2010-12-08 20:14:32 +0000
++++ report.cgi 2011-10-27 14:18:52 +0000
+@@ -293,9 +293,9 @@
+ if ($cgi->param('debug')) {
+ require Data::Dumper;
+ print "data hash:\n";
+- print Data::Dumper::Dumper(%data) . "\n\n";
++ print html_quote(Data::Dumper::Dumper(%data)) . "\n\n";
+ print "data array:\n";
+- print Data::Dumper::Dumper(@image_data) . "\n\n
";
++ print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n";
+ }
+
+ # All formats point to the same section of the documentation.
+
diff --git a/bugzilla-3.2.10-CVE-2011-3667.patch b/bugzilla-3.2.10-CVE-2011-3667.patch
new file mode 100644
index 0000000..2647120
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2011-3667.patch
@@ -0,0 +1,197 @@
+=== modified file 'Bugzilla/User.pm'
+--- Bugzilla/User.pm 2011-12-08 23:20:02 +0000
++++ Bugzilla/User.pm 2011-12-27 14:59:07 +0000
+@@ -1852,6 +1852,32 @@
+ return 1;
+ }
+
++sub check_account_creation_enabled {
++ my $self = shift;
++
++ # If we're using e.g. LDAP for login, then we can't create a new account.
++ $self->authorizer->user_can_create_account
++ || ThrowUserError('auth_cant_create_account');
++
++ Bugzilla->params->{'createemailregexp'}
++ || ThrowUserError('account_creation_disabled');
++}
++
++sub check_and_send_account_creation_confirmation {
++ my ($self, $login) = @_;
++
++ $login = $self->check_login_name_for_creation($login);
++ my $creation_regexp = Bugzilla->params->{'createemailregexp'};
++
++ if ($login !~ /$creation_regexp/i) {
++ ThrowUserError('account_creation_restricted');
++ }
++
++ # Create and send a token for this new account.
++ require Bugzilla::Token;
++ Bugzilla::Token::issue_new_user_account_token($login);
++}
++
+ sub login_to_id {
+ my ($login, $throw_error) = @_;
+ my $dbh = Bugzilla->dbh;
+@@ -2355,6 +2381,17 @@
+ Takes a username as its only argument. Throws an error if there is no
+ user with that username. Returns a C object.
+
++=item C
++
++Checks that users can create new user accounts, and throws an error
++if user creation is disabled.
++
++=item C
++
++If the user request for a new account passes validation checks, an email
++is sent to this user for confirmation. Otherwise an error is thrown
++indicating why the request has been rejected.
++
+ =item C
+
+ Returns a boolean indicating whether or not the supplied username is
+
+=== modified file 'Bugzilla/WebService/Constants.pm'
+--- Bugzilla/WebService/Constants.pm 2011-08-04 20:10:54 +0000
++++ Bugzilla/WebService/Constants.pm 2011-12-27 15:00:16 +0000
+@@ -130,6 +130,7 @@
+ # User errors are 500-600.
+ account_exists => 500,
+ illegal_email_address => 501,
++ auth_cant_create_account => 501,
+ account_creation_disabled => 501,
+ account_creation_restricted => 501,
+ password_too_short => 502,
+
+=== modified file 'Bugzilla/WebService/User.pm'
+--- Bugzilla/WebService/User.pm 2011-02-14 07:42:09 +0000
++++ Bugzilla/WebService/User.pm 2011-12-27 15:04:12 +0000
+@@ -28,7 +28,6 @@
+ use Bugzilla::Error;
+ use Bugzilla::User;
+ use Bugzilla::Util qw(trim);
+-use Bugzilla::Token;
+
+ # Don't need auth to login
+ use constant LOGIN_EXEMPT => {
+@@ -91,18 +90,8 @@
+ my $email = trim($params->{email})
+ || ThrowCodeError('param_required', { param => 'email' });
+
+- my $createexp = Bugzilla->params->{'createemailregexp'};
+- if (!$createexp) {
+- ThrowUserError("account_creation_disabled");
+- }
+- elsif ($email !~ /$createexp/) {
+- ThrowUserError("account_creation_restricted");
+- }
+-
+- $email = Bugzilla::User->check_login_name_for_creation($email);
+-
+- # Create and send a token for this new account.
+- Bugzilla::Token::issue_new_user_account_token($email);
++ Bugzilla->user->check_account_creation_enabled;
++ Bugzilla->user->check_and_send_account_creation_confirmation($email);
+
+ return undef;
+ }
+@@ -396,15 +385,15 @@
+
+ =over
+
+-=item 500 (Illegal Email Address)
++=item 500 (Account Already Exists)
++
++An account with that email address already exists in Bugzilla.
++
++=item 501 (Illegal Email Address)
+
+ This Bugzilla does not allow you to create accounts with the format of
+ email address you specified. Account creation may be entirely disabled.
+
+-=item 501 (Account Already Exists)
+-
+-An account with that email address already exists in Bugzilla.
+-
+ =back
+
+ =back
+
+=== modified file 'createaccount.cgi'
+--- createaccount.cgi 2007-11-12 04:03:16 +0000
++++ createaccount.cgi 2011-12-27 14:53:38 +0000
+@@ -31,47 +31,24 @@
+ use Bugzilla;
+ use Bugzilla::Constants;
+ use Bugzilla::Error;
+-use Bugzilla::User;
+-use Bugzilla::BugMail;
+-use Bugzilla::Util;
+
+ # Just in case someone already has an account, let them get the correct footer
+ # on an error message. The user is logged out just after the account is
+ # actually created.
+-Bugzilla->login(LOGIN_OPTIONAL);
+-
+-my $dbh = Bugzilla->dbh;
++my $user = Bugzilla->login(LOGIN_OPTIONAL);
+ my $cgi = Bugzilla->cgi;
+ my $template = Bugzilla->template;
+-my $vars = {};
+-
+-$vars->{'doc_section'} = 'myaccount.html';
++my $vars = { doc_section => 'myaccount.html' };
+
+ print $cgi->header();
+
+-# If we're using LDAP for login, then we can't create a new account here.
+-unless (Bugzilla->user->authorizer->user_can_create_account) {
+- ThrowUserError("auth_cant_create_account");
+-}
+-
+-my $createexp = Bugzilla->params->{'createemailregexp'};
+-unless ($createexp) {
+- ThrowUserError("account_creation_disabled");
+-}
+-
++$user->check_account_creation_enabled;
+ my $login = $cgi->param('login');
+
+ if (defined($login)) {
+- $login = Bugzilla::User->check_login_name_for_creation($login);
++ $user->check_and_send_account_creation_confirmation($login);
+ $vars->{'login'} = $login;
+
+- if ($login !~ /$createexp/) {
+- ThrowUserError("account_creation_restricted");
+- }
+-
+- # Create and send a token for this new account.
+- Bugzilla::Token::issue_new_user_account_token($login);
+-
+ $template->process("account/created.html.tmpl", $vars)
+ || ThrowTemplateError($template->error());
+ exit;
+
+=== modified file 'token.cgi'
+--- token.cgi 2010-05-20 15:38:16 +0000
++++ token.cgi 2011-12-27 14:55:57 +0000
+@@ -341,6 +341,7 @@
+ }
+
+ sub request_create_account {
++ Bugzilla->user->check_account_creation_enabled;
+ my (undef, $date, $login_name) = Bugzilla::Token::GetTokenData($::token);
+ $vars->{'token'} = $::token;
+ $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
+@@ -360,6 +361,7 @@
+ }
+
+ sub confirm_create_account {
++ Bugzilla->user->check_account_creation_enabled;
+ my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($::token);
+
+ my $password = $cgi->param('passwd1') || '';
+
diff --git a/bugzilla-3.2.10-CVE-2012-0448.patch b/bugzilla-3.2.10-CVE-2012-0448.patch
new file mode 100644
index 0000000..a4be42b
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2012-0448.patch
@@ -0,0 +1,52 @@
+diff -Naur Bugzilla/Util.pm Bugzilla/Util.pm
+--- Bugzilla/Util.pm 2011-01-24 23:07:59.000000000 +0100
++++ Bugzilla/Util.pm 2012-02-01 09:17:53.414276564 +0100
+@@ -559,7 +559,7 @@
+ sub validate_email_syntax {
+ my ($addr) = @_;
+ my $match = Bugzilla->params->{'emailregexp'};
+- my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
++ my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/);
+ if ($ret) {
+ # We assume these checks to suffice to consider the address untainted.
+ trick_taint($_[0]);
+diff -Naur editflagtypes.cgi editflagtypes.cgi
+--- editflagtypes.cgi 2009-02-02 20:01:12.000000000 +0100
++++ editflagtypes.cgi 2012-02-01 09:17:53.415276556 +0100
+@@ -578,7 +578,7 @@
+ # - do not contain any illegal character.
+ foreach my $address (@addresses) {
+ ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/
+- && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/)
++ && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/)
+ || ThrowUserError('illegal_email_address',
+ {addr => $address, default => 1});
+ }
+diff -Naur template/en/default/global/code-error.html.tmpl template/en/default/global/code-error.html.tmpl
+--- template/en/default/global/code-error.html.tmpl 2012-02-01 09:17:00.561730124 +0100
++++ template/en/default/global/code-error.html.tmpl 2012-02-01 09:17:53.415276556 +0100
+@@ -58,8 +58,7 @@
+ [% ELSE %]
+ [%+ Param('emailregexpdesc') %]
+ [% END %]
+- It must also not contain any of these special characters:
+- \ ( ) & < > , ; : " [ ], or any whitespace.
++ It also must not contain any illegal characters.
+
+ [% ELSIF error == "authres_unhandled" %]
+ The result value of [% value FILTER html %] was not handled by
+diff -Naur template/en/default/global/user-error.html.tmpl template/en/default/global/user-error.html.tmpl
+--- template/en/default/global/user-error.html.tmpl 2012-02-01 09:17:00.557730158 +0100
++++ template/en/default/global/user-error.html.tmpl 2012-02-01 09:17:53.417276540 +0100
+@@ -748,9 +748,8 @@
+ [% ELSE %]
+ [%+ Param('emailregexpdesc') %]
+ [% END %]
+- It must also not contain any of these special characters:
+- \ ( ) & < > , ; : " [ ], or any whitespace.
+-
++ It also must not contain any illegal characters.
++
+ [% ELSIF error == "illegal_frequency" %]
+ [% title = "Too Frequent" %]
+ Unless you are an administrator, you may not create series which are
diff --git a/bugzilla-3.2.10-CVE-2012-0466.patch b/bugzilla-3.2.10-CVE-2012-0466.patch
new file mode 100644
index 0000000..7489b1f
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2012-0466.patch
@@ -0,0 +1,84 @@
+=== modified file 'buglist.cgi'
+--- buglist.cgi 2012-04-17 18:41:05 +0000
++++ buglist.cgi 2012-04-18 12:06:08 +0000
+@@ -112,16 +112,6 @@
+ $cgi->param('ctype', "atom");
+ }
+
+-# The js ctype presents a security risk; a malicious site could use it
+-# to gather information about secure bugs. So, we only allow public bugs to be
+-# retrieved with this format.
+-#
+-# Note that if and when this call clears cookies or has other persistent
+-# effects, we'll need to do this another way instead.
+-if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
+- Bugzilla->logout_request();
+-}
+-
+ # An agent is a program that automatically downloads and extracts data
+ # on its user's behalf. If this request comes from an agent, we turn off
+ # various aspects of bug list functionality so agent requests succeed
+
+=== modified file 'docs/en/xml/using.xml'
+--- docs/en/xml/using.xml 2011-01-28 16:30:29 +0000
++++ docs/en/xml/using.xml 2012-04-18 12:06:08 +0000
+@@ -659,16 +659,6 @@
+
+
+
+-
+-
+- If you would like to access the bug list from another program
+- it is often useful to have the list returned in something other
+- than HTML. By adding the ctype=type parameter into the bug list URL
+- you can specify several alternate formats. Besides the types described
+- above, the following formats are also supported: ECMAScript, also known
+- as JavaScript (ctype=js), and Resource Description Framework RDF/XML
+- (ctype=rdf).
+-
+
+
+
+
+=== removed file 'template/en/default/list/list.js.tmpl'
+--- template/en/default/list/list.js.tmpl 2007-08-20 23:24:38 +0000
++++ template/en/default/list/list.js.tmpl 1970-01-01 00:00:00 +0000
+@@ -1,37 +0,0 @@
+-[%# The contents of this file are subject to the Mozilla Public
+- # License Version 1.1 (the "License"); you may not use this file
+- # except in compliance with the License. You may obtain a copy of
+- # the License at http://www.mozilla.org/MPL/
+- #
+- # Software distributed under the License is distributed on an "AS
+- # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+- # implied. See the License for the specific language governing
+- # rights and limitations under the License.
+- #
+- # The Original Code is the Bugzilla Bug Tracking System.
+- #
+- # The Initial Developer of the Original Code is Netscape Communications
+- # Corporation. Portions created by Netscape are
+- # Copyright (C) 1998 Netscape Communications Corporation. All
+- # Rights Reserved.
+- #
+- # Contributor(s): Gervase Markham
+- #%]
+-
+-// Note: only publicly-accessible bugs (those not in any group) will be
+-// listed when using this JavaScript format. This is to prevent malicious
+-// sites stealing information about secure bugs.
+-
+-bugs = new Array;
+-
+-[% FOREACH bug = bugs %]
+- bugs[[% bug.bug_id %]] = [
+- [% FOREACH column = displaycolumns %]
+- "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %]
+- [% END %]
+- ];
+-[% END %]
+-
+-if (window.buglistCallback) {
+- buglistCallback(bugs);
+-}
+
diff --git a/bugzilla-EL5-perl-versions.patch b/bugzilla-EL5-perl-versions.patch
new file mode 100644
index 0000000..169d4de
--- /dev/null
+++ b/bugzilla-EL5-perl-versions.patch
@@ -0,0 +1,24 @@
+diff -ruNp a/bugzilla-3.2.4/Bugzilla/Constants.pm b/bugzilla-3.2.4/Bugzilla/Constants.pm
+--- a/bugzilla-3.2.4/Bugzilla/Constants.pm 2009-07-08 10:58:27.000000000 -0300
++++ b/bugzilla-3.2.4/Bugzilla/Constants.pm 2009-08-04 00:37:30.852896189 -0300
+@@ -387,7 +387,7 @@ use constant DB_MODULE => {
+ # Disallow development versions
+ blacklist => ['_'],
+ # For UTF-8 support
+- version => '4.00',
++ version => '3.00',
+ },
+ name => 'MySQL'},
+ 'pg' => {db => 'Bugzilla::DB::Pg', db_version => '8.00.0000',
+diff -ruNp a/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm b/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm
+--- a/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm 2009-04-17 18:53:49.000000000 -0300
++++ b/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm 2009-08-04 00:38:23.376893996 -0300
+@@ -62,7 +62,7 @@ sub REQUIRED_MODULES {
+ # Perl 5.10 requires CGI 3.33 due to a taint issue when
+ # uploading attachments, see bug 416382.
+ # Require CGI 3.21 for -httponly support, see bug 368502.
+- version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.33' : '3.21',
++ version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.15' : '3.15',
+ # CGI::Carp in 3.46 and 3.47 breaks Template Toolkit
+ blacklist => ['^3\.46$', '^3\.47$'],
+ },
diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf
index e8fbb38..107c405 100644
--- a/bugzilla-httpd-conf
+++ b/bugzilla-httpd-conf
@@ -1,8 +1,11 @@
+Alias /bugzilla/var/lib/bugzilla/data/webdot /var/lib/bugzilla/data/webdot
Alias /bugzilla /usr/share/bugzilla
AddHandler cgi-script .cgi
Options +Indexes +ExecCGI +FollowSymLinks
- DirectoryIndex index.cgi
+ DirectoryIndex index.cgi index.html
AllowOverride Limit Options FileInfo
+ AddType application/vnd.mozilla.xul+xml .xul
+ AddType application/rdf+xml .rdf
diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch
index a9ae59f..99b4586 100644
--- a/bugzilla-rw-paths.patch
+++ b/bugzilla-rw-paths.patch
@@ -11,8 +11,8 @@
+ 'datadir' => "/var/lib/bugzilla/$datadir",
+ 'attachdir' => "/var/lib/bugzilla/$datadir/attachments",
'skinsdir' => "$libpath/skins",
+ 'graphsdir' => "$libpath/graphs",
# $webdotdir must be in the web server's tree somewhere. Even if you use a
- # local dot, we output images to there. Also, if $webdotdir is
@@ -475,8 +475,8 @@
# change showdependencygraph.cgi to set image_url to the correct
# location.
diff --git a/bugzilla.spec b/bugzilla.spec
index 1097a21..f5c3b15 100644
--- a/bugzilla.spec
+++ b/bugzilla.spec
@@ -4,18 +4,37 @@
Summary: Bug tracking system
URL: http://www.bugzilla.org/
Name: bugzilla
-Version: 3.2.3
+Version: 3.2.10
Group: Applications/Publishing
-Release: 1%{?dist}
+Release: 5%{?dist}
License: MPLv1.1
Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz
Source1: bugzilla-httpd-conf
Source2: README.fedora.bugzilla
Patch0: bugzilla-rw-paths.patch
+Patch1: bugzilla-EL5-perl-versions.patch
+Patch2: bugzilla-3.2.10-CVE-2011-2379.patch
+Patch3: bugzilla-3.2.10-CVE-2011-2380.patch
+Patch4: bugzilla-3.2.10-CVE-2011-2381.patch
+Patch5: bugzilla-3.2.10-CVE-2011-2976.patch
+Patch6: bugzilla-3.2.10-CVE-2011-2978.patch
+Patch7: bugzilla-3.2.10-CVE-2011-3657.patch
+Patch8: bugzilla-3.2.10-CVE-2011-3667.patch
+Patch9: bugzilla-3.2.10-CVE-2012-0448.patch
+Patch10: bugzilla-3.2.10-CVE-2012-0466.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: webserver, patchutils, mod_perl, perl(SOAP::Lite), which
+Requires: perl(CGI) >= 3.33
+Requires: perl(Date::Format) >= 2.21
+Requires: perl(File::Spec) >= 0.84
+Requires: perl(DBI) >= 1.41
+Requires: perl(Template) >= 2.15
+Requires: perl(Email::Send) >= 2.00
+Requires: perl(Email::MIME) >= 1.859
+Requires: perl(Email::MIME::Encodings) >= 1.313
+Requires: perl(Email::MIME::Modifier) >= 1.441
%package doc
Summary: Bugzilla documentation
@@ -39,8 +58,19 @@ Documentation distributed with the Bugzilla bug tracking system
Contributed scripts and functions for Bugzilla
%prep
+set -x
%setup -q -n %{name}-%{version}
%patch0 -p1
+%patch1 -p2
+%patch2 -p0
+%patch3 -p0
+%patch4 -p0
+%patch5 -p0
+%patch6 -p0
+%patch7 -p0
+%patch8 -p0
+%patch9 -p0
+%patch10 -p0
# Filter unwanted Requires found by /usr/lib/rpm/perldeps.pl:
# create a wrapper script which runs the original perl_requires
@@ -77,6 +107,8 @@ for file in `find -type f -perm /664`; do
fi
done
+# Remove un-needed files
+find . -name "*.orig" -delete
%install
mkdir -p ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla
@@ -88,7 +120,7 @@ cd %{bzinstallprefix}/bugzilla
./collectstats.pl
EOM
echo "0-59/15 * * * * apache cd %{bzinstallprefix}/bugzilla && env LANG=C %{bzinstallprefix}/bugzilla/whine.pl" > ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla/cron.whine
-rm -f ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla/{README,QUICKSTART,UPGRADING,UPGRADING-pre-2.8}
+rm -f ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla/README
mkdir -p ${RPM_BUILD_ROOT}/%{_datadir}/doc/%{name}-%{version}
cp %{SOURCE2} ./README.fedora
mkdir -p ${RPM_BUILD_ROOT}/%{bzdatadir}
@@ -104,7 +136,7 @@ rm -rf ${RPM_BUILD_ROOT}
popd > /dev/null)
%files
-%defattr(-,root,root,-)
+%defattr(-,root,apache,-)
%dir %{bzinstallprefix}/bugzilla
%{bzinstallprefix}/bugzilla/*.cgi
%{bzinstallprefix}/bugzilla/*.pl
@@ -126,9 +158,6 @@ popd > /dev/null)
%config(noreplace) %{_sysconfdir}/httpd/conf.d/bugzilla.conf
%defattr(-,root,root,-)
%doc README
-%doc QUICKSTART
-%doc UPGRADING
-%doc UPGRADING-pre-2.8
%doc README.fedora
%dir %{bzdatadir}
%defattr(0750,root,apache,-)
@@ -143,6 +172,45 @@ popd > /dev/null)
%{bzinstallprefix}/bugzilla/contrib
%changelog
+* Fri Apr 20 2012 Xavier Bachelot - 3.2.10-5
+- Add patch for CVE-2012-0466.
+- Drop version requirement downgrade for perl(Email::MIME) and
+ perl(Email::MIME::Modifier).
+
+* Wed Feb 01 2012 Xavier Bachelot - 3.2.10-4
+- Add patch for CVE-2012-0448.
+
+* Thu Dec 29 2011 Xavier Bachelot - 3.2.10-3
+- Add patches for CVE-2011-3657 and CVE-2011-3667.
+
+* Thu Sep 15 2011 Xavier Bachelot - 3.2.10-2
+- Add patches for CVE-2011-2379, CVE-2011-2380, CVE-2011-2381, CVE-2011-2978
+ and CVE-2011-2976.
+- Fix httpd conf (RHBZ#736579, RHBZ #736584).
+- Fix typo in doc (RHBZ#736581).
+- Fix files ownership (RHBZ#736583).
+
+* Tue May 03 2011 Xavier Bachelot - 3.2.10-1
+- Update to 3.2.10 for CVE-2010-4411, CVE-2010-4567, CVE-2010-4568,
+ CVE-2010-4569, CVE-2010-4570, CVE-2010-4572, CVE-2011-0046, CVE-2011-0048)
+
+* Tue Feb 02 2010 Emmanuel Seyman - 3.2.6-2
+- Use Linux requirements, not Windows'
+
+* Mon Feb 01 2010 Emmanuel Seyman - 3.2.6-1
+- Update to 3.2.6 (CVE-2009-3989, CVE-2009-3387)
+- Specify Perl module versions in the Requires (fixes #524309)
+- Add an alias to make $webdotdir a working path (fixes #458848)
+
+* Fri Sep 11 2009 Emmanuel Seyman - 3.2.5-1
+- Update to 3.2.5 (CVE-2009-3125, CVE-2009-3165 and CVE-2009-3166)
+
+* Tue Aug 04 2009 Itamar Reis Peixoto - 3.2.4-2
+- fix EL-5 perl dependencies bz#515158
+
+* Wed Jul 08 2009 Itamar Reis Peixoto - 3.2.4-1
+- fix https://bugzilla.mozilla.org/show_bug.cgi?id=495257
+
* Mon Apr 06 2009 Itamar Reis Peixoto 3.2.3-1
- fix CVE-2009-1213
diff --git a/import.log b/import.log
deleted file mode 100644
index dae9c27..0000000
--- a/import.log
+++ /dev/null
@@ -1,3 +0,0 @@
-bugzilla-3_0_8-1_fc11:HEAD:bugzilla-3.0.8-1.fc11.src.rpm:1235878106
-bugzilla-3_2_2-2_fc10:HEAD:bugzilla-3.2.2-2.fc10.src.rpm:1236265998
-bugzilla-3_2_3-1_fc11:HEAD:bugzilla-3.2.3-1.fc11.src.rpm:1239059931
diff --git a/sources b/sources
index afc4623..4d6a0fd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-fcc8f64fec821e76718fbda13e232b59 bugzilla-3.2.3.tar.gz
+dd9d8e142f5e8d5a352fb87a9afebc48 bugzilla-3.2.10.tar.gz