From 811061cf6586d900984a8a9de0d857edbc4329c8 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Fri, 24 Feb 2012 00:40:08 +0100 Subject: [PATCH 1/6] Update to 4.0.5, block mod-perl2 modules from requires and remove rpm4.8 filters --- .gitignore | 1 + bugzilla.spec | 52 ++++++++++++++++----------------------------------- sources | 2 +- 3 files changed, 18 insertions(+), 37 deletions(-) diff --git a/.gitignore b/.gitignore index 106dae3..2734649 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.2.tar.gz /bugzilla-4.0.3.tar.gz /bugzilla-4.0.4.tar.gz +/bugzilla-4.0.5.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index fa2843e..00ae2a7 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.4 +Version: 4.0.5 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -43,40 +43,15 @@ Summary: Bugzilla contributed scripts Group: Applications/Publishing BuildRequires: python -# RPM 4.8 style: -# Filter underspecified dependencies -# Remove all optional modules from the requires stream -%filter_from_requires /perl(sanitycheck.cgi)/d -# mod_perl modules -%filter_from_requires /perl(Apache2::Const)/d; /perl(Apache2::ServerUtil)/d -%filter_from_requires /perl(Apache2::SizeLimit)/d; /perl(ModPerl::RegistryLoader)/d -# authentification modules -%filter_from_requires /perl(Authen::Radius)/d; /perl(Net::LDAP)/d -# database modules -%filter_from_requires /perl(DBD::Oracle)/d; /perl(DBD::Pg)/d -%filter_from_requires /perl(DBI::db)/d; /perl(DBI::st)/d -# inbound email modules -%filter_from_requires /perl(Email::MIME::Attachment::Stripper)/d; /perl(Email::Reply)/d -# bug moving modules -%filter_from_requires /perl(MIME::Parser)/d; /perl(XML::Twig)/d -# xml-rpc and json-rpc modules -%filter_from_requires /perl(XMLRPC::Lite)/d; /perl(XMLRPC::Transport::HTTP)/d -%filter_from_requires /perl(HTTP::Message)/d; /perl(Test::Taint)/d -# extension modules -%filter_from_requires /perl(Image::Magick)/d -# and remove the extensions from the provides stream -%filter_from_provides /perl(Bugzilla::Extension::BmpConvert)/d; /perl(Bugzilla::Extension::Example)/d -%filter_setup +%{?perl_default_filter} -# RPM 4.9 style: -# Filter underspecified dependencies -# Remove all optional modules from the requires stream +# Remove private modules from the requires stream %global __requires_exclude %__requires_exclude|^perl\\(sanitycheck.cgi\\)$ + +# Remove all optional modules from the requires stream # mod_perl modules -%global __requires_exclude %__requires_exclude|^perl\\(Apache2::Const\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(Apache2::ServerUtil\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(Apache2::SizeLimit\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(ModPerl::RegistryLoader\\)$ +%global __requires_exclude %__requires_exclude|^perl\\(Apache2:: +%global __requires_exclude %__requires_exclude|^perl\\(ModPerl:: # authentification modules %global __requires_exclude %__requires_exclude|^perl\\(Authen::Radius\\)$ %global __requires_exclude %__requires_exclude|^perl\\(Net::LDAP\\)$ @@ -92,15 +67,14 @@ BuildRequires: python %global __requires_exclude %__requires_exclude|^perl\\(MIME::Parser\\)$ %global __requires_exclude %__requires_exclude|^perl\\(XML::Twig\\)$ # xml-rpc and json-rpc modules -%global __requires_exclude %__requires_exclude|^perl\\(XMLRPC::Lite\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(XMLRPC::Transport::HTTP\\)$ +%global __requires_exclude %__requires_exclude|^perl\\(XMLRPC:: %global __requires_exclude %__requires_exclude|^perl\\(HTTP::Message\\)$ %global __requires_exclude %__requires_exclude|^perl\\(Test::Taint\\)$ # extension modules %global __requires_exclude %__requires_exclude|^perl\\(Image::Magick\\)$ + # and remove the extensions from the provides stream -%global __requires_exclude %__requires_exclude|^perl\\(Bugzilla::Extension::BmpConvert\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(Bugzilla::Extension::Example\\)$ +%global __requires_exclude %__requires_exclude|^perl\\(Bugzilla::Extension:: %description Bugzilla is a popular bug tracking system used by multiple open source projects @@ -122,6 +96,7 @@ Contributed scripts and functions for Bugzilla %patch0 -p1 %patch1 -p1 rm -f Bugzilla/Constants.pm.orig +rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs rm -rf lib/CGI* @@ -238,6 +213,11 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Fri Feb 24 2012 Emmanuel Seyman - 4.0.5-1 +- Update to 4.0.5 to fix security issues (CVE-2012-0453) +- Block all ModPerl::* and Apache2::* from requires +- Remove rpm4.8 filters + * Wed Feb 1 2012 Emmanuel Seyman - 4.0.4-1 - Update to 4.0.4 to fix security flaws (#786550) - Remove JSON:RPC patch, upstreamed (bmo #706753) diff --git a/sources b/sources index afed430..f28ab97 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2feaf81535eb3058017517532f8bac3a bugzilla-4.0.4.tar.gz +c5b73f5ddfecbf4772852e73ddfd94e4 bugzilla-4.0.5.tar.gz From 9602725e8b1e6c6c6fce24e47c1a0883ce71f059 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Fri, 20 Apr 2012 00:59:28 +0200 Subject: [PATCH 2/6] Update to 4.0.6 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2734649..693ec9f 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.3.tar.gz /bugzilla-4.0.4.tar.gz /bugzilla-4.0.5.tar.gz +/bugzilla-4.0.6.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 00ae2a7..487043a 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.5 +Version: 4.0.6 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -213,6 +213,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Fri Apr 20 2012 Emmanuel Seyman - 4.0.6-1 +- Update to 4.0.6 (CVE-2012-0465, CVE-2012-0466) + * Fri Feb 24 2012 Emmanuel Seyman - 4.0.5-1 - Update to 4.0.5 to fix security issues (CVE-2012-0453) - Block all ModPerl::* and Apache2::* from requires diff --git a/sources b/sources index f28ab97..acdfc20 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c5b73f5ddfecbf4772852e73ddfd94e4 bugzilla-4.0.5.tar.gz +ad8f25fec6050c714c82f2455c3b3349 bugzilla-4.0.6.tar.gz From c18c4746c938a67fd7e32fa7a082290b8a093b67 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Mon, 30 Jul 2012 22:09:13 +0200 Subject: [PATCH 3/6] Update to 4.0.7 (CVE-2012-1969) --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 693ec9f..eecdbfa 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.4.tar.gz /bugzilla-4.0.5.tar.gz /bugzilla-4.0.6.tar.gz +/bugzilla-4.0.7.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 487043a..02fe530 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.6 +Version: 4.0.7 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -213,6 +213,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Mon Jul 30 2012 Emmanuel Seyman - 4.0.7-1 +- Update to 4.0.7 (CVE-2012-1969) + * Fri Apr 20 2012 Emmanuel Seyman - 4.0.6-1 - Update to 4.0.6 (CVE-2012-0465, CVE-2012-0466) diff --git a/sources b/sources index acdfc20..7ab9ebe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ad8f25fec6050c714c82f2455c3b3349 bugzilla-4.0.6.tar.gz +d133e6b120986159e60980b93b418f54 bugzilla-4.0.7.tar.gz From 8a40c25bebd0ab95987b7f43083fbb7535f696ce Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sun, 2 Sep 2012 18:20:47 +0200 Subject: [PATCH 4/6] Update to 4.0.8 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index eecdbfa..23183ae 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.5.tar.gz /bugzilla-4.0.6.tar.gz /bugzilla-4.0.7.tar.gz +/bugzilla-4.0.8.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 02fe530..c910237 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.7 +Version: 4.0.8 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -213,6 +213,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Sun Sep 02 2012 Emmanuel Seyman - 4.0.8-1 +- Update to 4.0.8 (CVE-2012-3981) + * Mon Jul 30 2012 Emmanuel Seyman - 4.0.7-1 - Update to 4.0.7 (CVE-2012-1969) diff --git a/sources b/sources index 7ab9ebe..aad2394 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d133e6b120986159e60980b93b418f54 bugzilla-4.0.7.tar.gz +180d9bb9b2f0fa1f1a7c9606325aae8b bugzilla-4.0.8.tar.gz From 5dd8c6befc5a44c8a0fd2befef2b5e0a8dde1fc9 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Wed, 14 Nov 2012 17:38:17 +0100 Subject: [PATCH 5/6] Update to 4.0.9 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 23183ae..99a58b7 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.6.tar.gz /bugzilla-4.0.7.tar.gz /bugzilla-4.0.8.tar.gz +/bugzilla-4.0.9.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index c910237..574897a 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.8 +Version: 4.0.9 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -213,6 +213,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Wed Nov 14 2012 Emmanuel Seyman - 4.0.9-1 +- Update to 4.0.9 + * Sun Sep 02 2012 Emmanuel Seyman - 4.0.8-1 - Update to 4.0.8 (CVE-2012-3981) diff --git a/sources b/sources index aad2394..bb09a56 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -180d9bb9b2f0fa1f1a7c9606325aae8b bugzilla-4.0.8.tar.gz +629bde008a0f82ecfa875a44f238397c bugzilla-4.0.9.tar.gz From 42e620b0fb0f802aeeb1b203b7cf6fbaa1b87e51 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Wed, 20 Feb 2013 23:37:58 +0100 Subject: [PATCH 6/6] Update to 4.0.10 (CVE-2013-0785, CVE-2013-0786) --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 99a58b7..5431b16 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.7.tar.gz /bugzilla-4.0.8.tar.gz /bugzilla-4.0.9.tar.gz +/bugzilla-4.0.10.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 574897a..a7027eb 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.9 +Version: 4.0.10 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -213,6 +213,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Wed Feb 20 2013 Emmanuel Seyman - 4.0.10-1 +- Update to 4.0.10 (CVE-2013-0785, CVE-2013-0786) + * Wed Nov 14 2012 Emmanuel Seyman - 4.0.9-1 - Update to 4.0.9 diff --git a/sources b/sources index bb09a56..427ce30 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -629bde008a0f82ecfa875a44f238397c bugzilla-4.0.9.tar.gz +977683616925972d80fea398682a4e76 bugzilla-4.0.10.tar.gz