diff --git a/.gitignore b/.gitignore index e3204fc..ecdb3a0 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,7 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.1.tar.gz /bugzilla-4.2.2.tar.gz /bugzilla-4.2.3.tar.gz +/bugzilla-4.2.4.tar.gz +/bugzilla-4.2.5.tar.gz +/bugzilla-4.2.6.tar.gz +/bugzilla-4.2.7.tar.gz diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf index be0987f..9d0d97b 100644 --- a/bugzilla-httpd-conf +++ b/bugzilla-httpd-conf @@ -2,6 +2,14 @@ Alias /var/lib/bugzilla/data/webdot /var/lib/bugzilla/data/webdot Alias /bugzilla /usr/share/bugzilla + + + # Bugzilla will be accessible to all machines in your network + # Replace with "Require local" if you want access to be restricted + # to this machine. + Require all granted + + AddHandler cgi-script .cgi Options +Indexes +ExecCGI +FollowSymLinks DirectoryIndex index.cgi index.html diff --git a/bugzilla-project-mod_perl.patch b/bugzilla-project-mod_perl.patch new file mode 100644 index 0000000..a29632a --- /dev/null +++ b/bugzilla-project-mod_perl.patch @@ -0,0 +1,41 @@ +diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm +--- ./Bugzilla/Constants.pm.orig 2013-11-14 23:21:44.947050044 +0100 ++++ ./Bugzilla/Constants.pm 2013-11-14 23:23:55.873245730 +0100 +@@ -591,6 +591,13 @@ use constant AUDIT_CREATE => '__create__ + use constant AUDIT_REMOVE => '__remove__'; + + sub bz_locations { ++ # Force memoize() to re-compute data per project, to avoid ++ # sharing the same data across different installations. ++ return _bz_locations($ENV{'PROJECT'}); ++} ++ ++sub _bz_locations { ++ my $project = shift; + # We know that Bugzilla/Constants.pm must be in %INC at this point. + # So the only question is, what's the name of the directory + # above it? This is the most reliable way to get our current working +@@ -607,12 +614,13 @@ sub bz_locations { + $libpath =~ /(.*)/; + $libpath = $1; + +- my ($project, $localconfig, $datadir); +- if ($ENV{'PROJECT'} && $ENV{'PROJECT'} =~ /^(\w+)$/) { ++ my ($localconfig, $datadir); ++ if ($project && $project =~ /^(\w+)$/) { + $project = $1; + $localconfig = "localconfig.$project"; + $datadir = "data/$project"; + } else { ++ $project = undef; + $localconfig = "localconfig"; + $datadir = "data"; + } +@@ -647,6 +655,6 @@ sub bz_locations { + + # This makes us not re-compute all the bz_locations data every time it's + # called. +-BEGIN { memoize('bz_locations') }; ++BEGIN { memoize('_bz_locations') }; + + 1; diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch index 66b0d87..f2f342b 100644 --- a/bugzilla-rw-paths.patch +++ b/bugzilla-rw-paths.patch @@ -1,8 +1,12 @@ ---- bugzilla-4.2/Bugzilla/Constants.pm 2012-02-26 22:39:30.161462858 +0100 -+++ bugzilla-4.2-rw/Bugzilla/Constants.pm 2012-02-26 22:41:55.185107179 +0100 -@@ -629,18 +629,18 @@ +diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm +--- ./Bugzilla/Constants.pm.orig 2013-09-02 22:51:11.831245853 +0200 ++++ ./Bugzilla/Constants.pm 2013-09-02 22:53:27.733416972 +0200 +@@ -627,20 +627,20 @@ sub bz_locations { + # make sure this still points to the CGIs. + 'cgi_path' => $libpath, 'templatedir' => "$libpath/template", - 'template_cache' => "$datadir/template", +- 'template_cache' => "$datadir/template", ++ 'template_cache' => "/var/lib/bugzilla/$datadir/template", 'project' => $project, - 'localconfig' => "$libpath/$localconfig", - 'datadir' => $datadir, diff --git a/bugzilla.spec b/bugzilla.spec index e86739e..a0e7e40 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,9 +4,9 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.3 +Version: 4.2.7 Group: Applications/Publishing -Release: 1%{?dist} +Release: 2%{?dist} License: MPLv1.1 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz Source1: bugzilla-httpd-conf @@ -14,6 +14,7 @@ Source2: README.fedora.bugzilla Source3: bugzilla.cron-daily Patch0: bugzilla-rw-paths.patch Patch1: bugzilla-yum.patch +Patch2: bugzilla-project-mod_perl.patch BuildArch: noarch Requires: webserver, patchutils, perl(SOAP::Lite), which @@ -104,6 +105,7 @@ Contributed scripts and functions for Bugzilla %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs @@ -220,6 +222,29 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Fri Nov 15 2013 Emmanuel Seyman - 4.2.7-2 +- Add patch to cache bz_locations() (bmo #843457) +- Fix constants patch to honor the PROJECT environment variable (#911943) + +* Fri Oct 18 2013 Emmanuel Seyman - 4.2.7-1 +- Update to 4.2.7 (security updates) +- Patch bugzilla to write compiled templates under /var (#949130) + +* Sun Aug 04 2013 Emmanuel Seyman - 4.2.6-2 +- Change apache conf to enable access to all machines + +* Sun May 26 2013 Emmanuel Seyman - 4.2.6-1 +- Update to 4.2.6 + +* Wed Feb 20 2013 Emmanuel Seyman - 4.2.5-1 +- Update to 4.2.5 (fixes CVE-2013-0785) + +* Wed Feb 06 2013 Emmanuel Seyman - 4.2.4-2 +- Update httpd configuration file for Apache 2.4 + +* Wed Nov 14 2012 Emmanuel Seyman - 4.2.4-1 +- Update to 4.2.4 + * Sun Sep 02 2012 Emmanuel Seyman - 4.2.3-1 - Update to 4.2.3 diff --git a/sources b/sources index 9df9753..ff6e8d0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d3f9690ebd41cd084c4b6be9c7d63523 bugzilla-4.2.3.tar.gz +ebf0a75d1037f09994660d3958fc66fb bugzilla-4.2.7.tar.gz