diff --git a/.gitignore b/.gitignore index 0bdf1af..149269c 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,8 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.3.tar.gz /bugzilla-4.2.4.tar.gz /bugzilla-4.2.5.tar.gz +/bugzilla-4.2.6.tar.gz +/bugzilla-4.2.7.tar.gz +/bugzilla-4.2.9.tar.gz +/bugzilla-4.2.10.tar.gz +/bugzilla-4.2.11.tar.gz diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf index 08f284a..45ec051 100644 --- a/bugzilla-httpd-conf +++ b/bugzilla-httpd-conf @@ -4,7 +4,10 @@ Alias /bugzilla /usr/share/bugzilla - Require local + # Bugzilla will be accessible to all machines in your network + # Replace with "Require local" if you want access to be restricted + # to this machine. + Require all granted AddHandler cgi-script .cgi diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch index 66b0d87..1bad35c 100644 --- a/bugzilla-rw-paths.patch +++ b/bugzilla-rw-paths.patch @@ -1,13 +1,17 @@ ---- bugzilla-4.2/Bugzilla/Constants.pm 2012-02-26 22:39:30.161462858 +0100 -+++ bugzilla-4.2-rw/Bugzilla/Constants.pm 2012-02-26 22:41:55.185107179 +0100 -@@ -629,18 +629,18 @@ +diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm +--- ./Bugzilla/Constants.pm.orig 2013-09-02 22:51:11.831245853 +0200 ++++ ./Bugzilla/Constants.pm 2013-09-02 22:53:27.733416972 +0200 +@@ -627,20 +627,20 @@ sub bz_locations { + # make sure this still points to the CGIs. + 'cgi_path' => $libpath, 'templatedir' => "$libpath/template", - 'template_cache' => "$datadir/template", +- 'template_cache' => "$datadir/template", ++ 'template_cache' => "/var/lib/bugzilla/$datadir/template", 'project' => $project, - 'localconfig' => "$libpath/$localconfig", - 'datadir' => $datadir, - 'attachdir' => "$datadir/attachments", -+ 'localconfig' => "/etc/bugzilla/localconfig", ++ 'localconfig' => "/etc/bugzilla/$localconfig", + 'datadir' => "/var/lib/bugzilla/$datadir", + 'attachdir' => "/var/lib/bugzilla/$datadir/attachments", 'skinsdir' => "$libpath/skins", diff --git a/bugzilla.spec b/bugzilla.spec index 94b3189..60c4c1e 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.5 +Version: 4.2.11 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -108,6 +108,9 @@ rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs rm -rf lib/CGI* +# these files are only used for testing Bugzilla code +# see https://bugzilla.mozilla.org/show_bug.cgi?id=995209 +rm Build.PL MANIFEST.SKIP # Deal with changing /usr/local paths here instead of via patches %{__perl} -pi -e 's|/usr/local/bin/python\b|%{__python}|' contrib/*.py @@ -216,6 +219,34 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Wed Oct 08 2014 Emmanuel Seyman - 4.2.11-1 +- Update to 4.2.11 (CVE-2014-157, CVE-2014-1573 and CVE-2014-1571) + +* Fri Jul 25 2014 Emmanuel Seyman - 4.2.10-1 +- Update to 4.2.10 which fixes a security bug (CVE-2014-1546) + +* Sat Apr 19 2014 Emmanuel Seyman - 4.2.9-1 +- Update to 4.2.9 (regression fix for 4.2.8 which was a security update) +- Drop backported patches + +* Sun Jan 19 2014 Emmanuel Seyman - 4.2.7-3 +- Fix the comparison of module versions (#1044854) +- Really honor the PROJECT environment variable (#911943) + +* Fri Nov 15 2013 Emmanuel Seyman - 4.2.7-2 +- Add patch to cache bz_locations() (bmo #843457) +- Fix constants patch to honor the PROJECT environment variable (#911943) + +* Thu Oct 17 2013 Emmanuel Seyman - 4.2.7-1 +- Update to 4.2.7 (security updates) +- Patch bugzilla to write compiled templates under /var (#949130) + +* Sun Aug 04 2013 Emmanuel Seyman - 4.2.6-2 +- Change apache conf to enable access to all machines + +* Sun May 26 2013 Emmanuel Seyman - 4.2.6-1 +- Update to 4.2.6 + * Wed Feb 20 2013 Emmanuel Seyman - 4.2.5-1 - Update to 4.2.5 (fixes CVE-2013-0785) diff --git a/sources b/sources index 9afe565..293fd92 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -070c2d9eee81b2ba621c45d1d3849f66 bugzilla-4.2.5.tar.gz +6d25ea79951984d60639f23ffe20b4ec bugzilla-4.2.11.tar.gz