From 9b56c0e1042b4076c251e9b702beafd735c46abc Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Thu, 17 Oct 2013 23:42:35 +0200 Subject: [PATCH 1/9] Update to 4.2.7 (security updates) Patch bugzilla to write compiled templates under /var (#949130) --- .gitignore | 1 + bugzilla-rw-paths.patch | 12 ++++++++---- bugzilla.spec | 8 ++++++-- sources | 2 +- 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index cc6785d..ecdb3a0 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.4.tar.gz /bugzilla-4.2.5.tar.gz /bugzilla-4.2.6.tar.gz +/bugzilla-4.2.7.tar.gz diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch index 66b0d87..f2f342b 100644 --- a/bugzilla-rw-paths.patch +++ b/bugzilla-rw-paths.patch @@ -1,8 +1,12 @@ ---- bugzilla-4.2/Bugzilla/Constants.pm 2012-02-26 22:39:30.161462858 +0100 -+++ bugzilla-4.2-rw/Bugzilla/Constants.pm 2012-02-26 22:41:55.185107179 +0100 -@@ -629,18 +629,18 @@ +diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm +--- ./Bugzilla/Constants.pm.orig 2013-09-02 22:51:11.831245853 +0200 ++++ ./Bugzilla/Constants.pm 2013-09-02 22:53:27.733416972 +0200 +@@ -627,20 +627,20 @@ sub bz_locations { + # make sure this still points to the CGIs. + 'cgi_path' => $libpath, 'templatedir' => "$libpath/template", - 'template_cache' => "$datadir/template", +- 'template_cache' => "$datadir/template", ++ 'template_cache' => "/var/lib/bugzilla/$datadir/template", 'project' => $project, - 'localconfig' => "$libpath/$localconfig", - 'datadir' => $datadir, diff --git a/bugzilla.spec b/bugzilla.spec index 5eda576..c6c78d9 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,9 +4,9 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.6 +Version: 4.2.7 Group: Applications/Publishing -Release: 5%{?dist} +Release: 1%{?dist} License: MPLv1.1 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz Source1: bugzilla-httpd-conf @@ -215,6 +215,10 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Thu Oct 17 2013 Emmanuel Seyman - 4.2.7-1 +- Update to 4.2.7 (security updates) +- Patch bugzilla to write compiled templates under /var (#949130) + * Thu Aug 15 2013 Emmanuel Seyman - 4.2.6-5 - Stop creating /usr/share/doc/bugzilla- (#993688) - Fix incorrect date in changelog diff --git a/sources b/sources index 0e07eb9..ff6e8d0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -65d0c7f1f281c37aa17a3ec5724251d6 bugzilla-4.2.6.tar.gz +ebf0a75d1037f09994660d3958fc66fb bugzilla-4.2.7.tar.gz From f3966866d38121d5b025498e1fada746a4c5d0a7 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Fri, 15 Nov 2013 00:24:17 +0100 Subject: [PATCH 2/9] Patch bugzilla so that it will cache bz_locations() and not memorize it. Clean up our own patch to Bugzilla/Constants.pm so that the PROJECT environment variable can be used. --- bugzilla-project-mod_perl.patch | 41 +++++++++++++++++++++++++++++++++ bugzilla.spec | 8 ++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 bugzilla-project-mod_perl.patch diff --git a/bugzilla-project-mod_perl.patch b/bugzilla-project-mod_perl.patch new file mode 100644 index 0000000..a29632a --- /dev/null +++ b/bugzilla-project-mod_perl.patch @@ -0,0 +1,41 @@ +diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm +--- ./Bugzilla/Constants.pm.orig 2013-11-14 23:21:44.947050044 +0100 ++++ ./Bugzilla/Constants.pm 2013-11-14 23:23:55.873245730 +0100 +@@ -591,6 +591,13 @@ use constant AUDIT_CREATE => '__create__ + use constant AUDIT_REMOVE => '__remove__'; + + sub bz_locations { ++ # Force memoize() to re-compute data per project, to avoid ++ # sharing the same data across different installations. ++ return _bz_locations($ENV{'PROJECT'}); ++} ++ ++sub _bz_locations { ++ my $project = shift; + # We know that Bugzilla/Constants.pm must be in %INC at this point. + # So the only question is, what's the name of the directory + # above it? This is the most reliable way to get our current working +@@ -607,12 +614,13 @@ sub bz_locations { + $libpath =~ /(.*)/; + $libpath = $1; + +- my ($project, $localconfig, $datadir); +- if ($ENV{'PROJECT'} && $ENV{'PROJECT'} =~ /^(\w+)$/) { ++ my ($localconfig, $datadir); ++ if ($project && $project =~ /^(\w+)$/) { + $project = $1; + $localconfig = "localconfig.$project"; + $datadir = "data/$project"; + } else { ++ $project = undef; + $localconfig = "localconfig"; + $datadir = "data"; + } +@@ -647,6 +655,6 @@ sub bz_locations { + + # This makes us not re-compute all the bz_locations data every time it's + # called. +-BEGIN { memoize('bz_locations') }; ++BEGIN { memoize('_bz_locations') }; + + 1; diff --git a/bugzilla.spec b/bugzilla.spec index c6c78d9..2d075ce 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -6,7 +6,7 @@ URL: http://www.bugzilla.org/ Name: bugzilla Version: 4.2.7 Group: Applications/Publishing -Release: 1%{?dist} +Release: 2%{?dist} License: MPLv1.1 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz Source1: bugzilla-httpd-conf @@ -14,6 +14,7 @@ Source2: README.fedora.bugzilla Source3: bugzilla.cron-daily Patch0: bugzilla-rw-paths.patch Patch1: bugzilla-yum.patch +Patch2: bugzilla-project-mod_perl.patch BuildArch: noarch Requires: webserver, patchutils, perl(SOAP::Lite), which @@ -104,6 +105,7 @@ Contributed scripts and functions for Bugzilla %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs @@ -215,6 +217,10 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Fri Nov 15 2013 Emmanuel Seyman - 4.2.7-2 +- Add patch to cache bz_locations() (bmo #843457) +- Fix constants patch to honor the PROJECT environment variable (#911943) + * Thu Oct 17 2013 Emmanuel Seyman - 4.2.7-1 - Update to 4.2.7 (security updates) - Patch bugzilla to write compiled templates under /var (#949130) From e94d704a53b6bce21e758c0a4d066e754e71a39e Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sun, 19 Jan 2014 16:13:01 +0100 Subject: [PATCH 3/9] - Fix the comparison of module versions (#1044854) - Really honor the PROJECT environment variable (#911943) --- bugzilla-invalid-version.patch | 22 ++++++++++++ bugzilla-rw-paths.patch | 2 +- bugzilla-vers-cmp.patch | 64 ++++++++++++++++++++++++++++++++++ bugzilla.spec | 10 ++++++ 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 bugzilla-invalid-version.patch create mode 100644 bugzilla-vers-cmp.patch diff --git a/bugzilla-invalid-version.patch b/bugzilla-invalid-version.patch new file mode 100644 index 0000000..21360a8 --- /dev/null +++ b/bugzilla-invalid-version.patch @@ -0,0 +1,22 @@ +=== modified file 'Bugzilla/Install/Requirements.pm' +--- ./Bugzilla/Install/Requirements.pm 2013-03-26 11:07:25 +0000 ++++ ./Bugzilla/Install/Requirements.pm 2013-12-02 16:00:20 +0000 +@@ -659,8 +659,15 @@ + Bugzilla::Install::Util::set_output_encoding(); + + # VERSION is provided by UNIVERSAL::, and can be called even if +- # the module isn't loaded. +- my $vnum = $module->VERSION || -1; ++ # the module isn't loaded. We eval'uate ->VERSION because it can die ++ # when the version is not valid (yes, this happens from time to time). ++ # In that case, we use an uglier method to get the version. ++ my $vnum = eval { $module->VERSION }; ++ if ($@) { ++ no strict 'refs'; ++ $vnum = ${"${module}::VERSION"}; ++ } ++ $vnum ||= -1; + + # CGI's versioning scheme went 2.75, 2.751, 2.752, 2.753, 2.76 + # That breaks the standard version tests, so we need to manually correct + diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch index f2f342b..1bad35c 100644 --- a/bugzilla-rw-paths.patch +++ b/bugzilla-rw-paths.patch @@ -11,7 +11,7 @@ diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm - 'localconfig' => "$libpath/$localconfig", - 'datadir' => $datadir, - 'attachdir' => "$datadir/attachments", -+ 'localconfig' => "/etc/bugzilla/localconfig", ++ 'localconfig' => "/etc/bugzilla/$localconfig", + 'datadir' => "/var/lib/bugzilla/$datadir", + 'attachdir' => "/var/lib/bugzilla/$datadir/attachments", 'skinsdir' => "$libpath/skins", diff --git a/bugzilla-vers-cmp.patch b/bugzilla-vers-cmp.patch new file mode 100644 index 0000000..33f4d5e --- /dev/null +++ b/bugzilla-vers-cmp.patch @@ -0,0 +1,64 @@ +=== modified file 'Bugzilla/Install/Requirements.pm' +--- ./Bugzilla/Install/Requirements.pm 2013-12-02 16:00:20 +0000 ++++ ./Bugzilla/Install/Requirements.pm 2013-12-02 16:07:30 +0000 +@@ -24,6 +24,7 @@ + # MUST NOT "use." + + use strict; ++use version; + + use Bugzilla::Constants; + use Bugzilla::Install::Util qw(vers_cmp install_string bin_loc +@@ -206,7 +207,9 @@ + package => 'Chart', + module => 'Chart::Lines', + # Versions below 2.1 cannot be detected accurately. +- version => '2.1', ++ # There is no 2.1.0 release (it was 2.1), but .0 is required to fix ++ # https://rt.cpan.org/Public/Bug/Display.html?id=28218. ++ version => '2.1.0', + feature => [qw(new_charts old_charts)], + }, + { +@@ -640,8 +643,8 @@ + return $return; + } + +-# This was originally clipped from the libnet Makefile.PL, adapted here to +-# use the below vers_cmp routine for accurate version checking. ++# This was originally clipped from the libnet Makefile.PL, adapted here for ++# accurate version checking. + sub have_vers { + my ($params, $output) = @_; + my $module = $params->{module}; +@@ -666,21 +669,17 @@ + if ($@) { + no strict 'refs'; + $vnum = ${"${module}::VERSION"}; ++ ++ # If we come here, then the version is not a valid one. ++ # We try to sanitize it. ++ if ($vnum =~ /^((\d+)(\.\d+)*)/) { ++ $vnum = $1; ++ } + } + $vnum ||= -1; + +- # CGI's versioning scheme went 2.75, 2.751, 2.752, 2.753, 2.76 +- # That breaks the standard version tests, so we need to manually correct +- # the version +- if ($module eq 'CGI' && $vnum =~ /(2\.7\d)(\d+)/) { +- $vnum = $1 . "." . $2; +- } +- # CPAN did a similar thing, where it has versions like 1.9304. +- if ($module eq 'CPAN' and $vnum =~ /^(\d\.\d{2})\d{2}$/) { +- $vnum = $1; +- } +- +- my $vok = (vers_cmp($vnum,$wanted) > -1); ++ # Must do a string comparison as $vnum may be of the form 5.10.1. ++ my $vok = ($vnum ne '-1' && version->new($vnum) >= version->new($wanted)) ? 1 : 0; + my $blacklisted; + if ($vok && $params->{blacklist}) { + $blacklisted = grep($vnum =~ /$_/, @{$params->{blacklist}}); + diff --git a/bugzilla.spec b/bugzilla.spec index 2d075ce..e59d186 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -15,6 +15,10 @@ Source3: bugzilla.cron-daily Patch0: bugzilla-rw-paths.patch Patch1: bugzilla-yum.patch Patch2: bugzilla-project-mod_perl.patch +# Backport of https://bugzilla.mozilla.org/show_bug.cgi?id=938300 +Patch3: bugzilla-invalid-version.patch +# Backport of https://bugzilla.mozilla.org/show_bug.cgi?id=781672 +Patch4: bugzilla-vers-cmp.patch BuildArch: noarch Requires: webserver, patchutils, perl(SOAP::Lite), which @@ -106,6 +110,8 @@ Contributed scripts and functions for Bugzilla %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs @@ -217,6 +223,10 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Sun Jan 19 2014 Emmanuel Seyman - 4.2.7-3 +- Fix the comparison of module versions (#1044854) +- Really honor the PROJECT environment variable (#911943) + * Fri Nov 15 2013 Emmanuel Seyman - 4.2.7-2 - Add patch to cache bz_locations() (bmo #843457) - Fix constants patch to honor the PROJECT environment variable (#911943) From 092321bd87faf6ef9d591c959dbd62f5d54fdacb Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sun, 19 Jan 2014 16:15:51 +0100 Subject: [PATCH 4/9] Increment release number --- bugzilla.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bugzilla.spec b/bugzilla.spec index e59d186..d7b4b1c 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -6,7 +6,7 @@ URL: http://www.bugzilla.org/ Name: bugzilla Version: 4.2.7 Group: Applications/Publishing -Release: 2%{?dist} +Release: 3%{?dist} License: MPLv1.1 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz Source1: bugzilla-httpd-conf From 4701c1058557ff50fed9eec7d811a3f324048ba7 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sat, 19 Apr 2014 23:04:48 +0200 Subject: [PATCH 5/9] Update to 4.2.9 --- .gitignore | 1 + bugzilla-invalid-version.patch | 22 ------------ bugzilla-project-mod_perl.patch | 41 --------------------- bugzilla-vers-cmp.patch | 64 --------------------------------- bugzilla.spec | 16 ++++----- sources | 2 +- 6 files changed, 8 insertions(+), 138 deletions(-) delete mode 100644 bugzilla-invalid-version.patch delete mode 100644 bugzilla-project-mod_perl.patch delete mode 100644 bugzilla-vers-cmp.patch diff --git a/.gitignore b/.gitignore index ecdb3a0..21ab68c 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.5.tar.gz /bugzilla-4.2.6.tar.gz /bugzilla-4.2.7.tar.gz +/bugzilla-4.2.9.tar.gz diff --git a/bugzilla-invalid-version.patch b/bugzilla-invalid-version.patch deleted file mode 100644 index 21360a8..0000000 --- a/bugzilla-invalid-version.patch +++ /dev/null @@ -1,22 +0,0 @@ -=== modified file 'Bugzilla/Install/Requirements.pm' ---- ./Bugzilla/Install/Requirements.pm 2013-03-26 11:07:25 +0000 -+++ ./Bugzilla/Install/Requirements.pm 2013-12-02 16:00:20 +0000 -@@ -659,8 +659,15 @@ - Bugzilla::Install::Util::set_output_encoding(); - - # VERSION is provided by UNIVERSAL::, and can be called even if -- # the module isn't loaded. -- my $vnum = $module->VERSION || -1; -+ # the module isn't loaded. We eval'uate ->VERSION because it can die -+ # when the version is not valid (yes, this happens from time to time). -+ # In that case, we use an uglier method to get the version. -+ my $vnum = eval { $module->VERSION }; -+ if ($@) { -+ no strict 'refs'; -+ $vnum = ${"${module}::VERSION"}; -+ } -+ $vnum ||= -1; - - # CGI's versioning scheme went 2.75, 2.751, 2.752, 2.753, 2.76 - # That breaks the standard version tests, so we need to manually correct - diff --git a/bugzilla-project-mod_perl.patch b/bugzilla-project-mod_perl.patch deleted file mode 100644 index a29632a..0000000 --- a/bugzilla-project-mod_perl.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm ---- ./Bugzilla/Constants.pm.orig 2013-11-14 23:21:44.947050044 +0100 -+++ ./Bugzilla/Constants.pm 2013-11-14 23:23:55.873245730 +0100 -@@ -591,6 +591,13 @@ use constant AUDIT_CREATE => '__create__ - use constant AUDIT_REMOVE => '__remove__'; - - sub bz_locations { -+ # Force memoize() to re-compute data per project, to avoid -+ # sharing the same data across different installations. -+ return _bz_locations($ENV{'PROJECT'}); -+} -+ -+sub _bz_locations { -+ my $project = shift; - # We know that Bugzilla/Constants.pm must be in %INC at this point. - # So the only question is, what's the name of the directory - # above it? This is the most reliable way to get our current working -@@ -607,12 +614,13 @@ sub bz_locations { - $libpath =~ /(.*)/; - $libpath = $1; - -- my ($project, $localconfig, $datadir); -- if ($ENV{'PROJECT'} && $ENV{'PROJECT'} =~ /^(\w+)$/) { -+ my ($localconfig, $datadir); -+ if ($project && $project =~ /^(\w+)$/) { - $project = $1; - $localconfig = "localconfig.$project"; - $datadir = "data/$project"; - } else { -+ $project = undef; - $localconfig = "localconfig"; - $datadir = "data"; - } -@@ -647,6 +655,6 @@ sub bz_locations { - - # This makes us not re-compute all the bz_locations data every time it's - # called. --BEGIN { memoize('bz_locations') }; -+BEGIN { memoize('_bz_locations') }; - - 1; diff --git a/bugzilla-vers-cmp.patch b/bugzilla-vers-cmp.patch deleted file mode 100644 index 33f4d5e..0000000 --- a/bugzilla-vers-cmp.patch +++ /dev/null @@ -1,64 +0,0 @@ -=== modified file 'Bugzilla/Install/Requirements.pm' ---- ./Bugzilla/Install/Requirements.pm 2013-12-02 16:00:20 +0000 -+++ ./Bugzilla/Install/Requirements.pm 2013-12-02 16:07:30 +0000 -@@ -24,6 +24,7 @@ - # MUST NOT "use." - - use strict; -+use version; - - use Bugzilla::Constants; - use Bugzilla::Install::Util qw(vers_cmp install_string bin_loc -@@ -206,7 +207,9 @@ - package => 'Chart', - module => 'Chart::Lines', - # Versions below 2.1 cannot be detected accurately. -- version => '2.1', -+ # There is no 2.1.0 release (it was 2.1), but .0 is required to fix -+ # https://rt.cpan.org/Public/Bug/Display.html?id=28218. -+ version => '2.1.0', - feature => [qw(new_charts old_charts)], - }, - { -@@ -640,8 +643,8 @@ - return $return; - } - --# This was originally clipped from the libnet Makefile.PL, adapted here to --# use the below vers_cmp routine for accurate version checking. -+# This was originally clipped from the libnet Makefile.PL, adapted here for -+# accurate version checking. - sub have_vers { - my ($params, $output) = @_; - my $module = $params->{module}; -@@ -666,21 +669,17 @@ - if ($@) { - no strict 'refs'; - $vnum = ${"${module}::VERSION"}; -+ -+ # If we come here, then the version is not a valid one. -+ # We try to sanitize it. -+ if ($vnum =~ /^((\d+)(\.\d+)*)/) { -+ $vnum = $1; -+ } - } - $vnum ||= -1; - -- # CGI's versioning scheme went 2.75, 2.751, 2.752, 2.753, 2.76 -- # That breaks the standard version tests, so we need to manually correct -- # the version -- if ($module eq 'CGI' && $vnum =~ /(2\.7\d)(\d+)/) { -- $vnum = $1 . "." . $2; -- } -- # CPAN did a similar thing, where it has versions like 1.9304. -- if ($module eq 'CPAN' and $vnum =~ /^(\d\.\d{2})\d{2}$/) { -- $vnum = $1; -- } -- -- my $vok = (vers_cmp($vnum,$wanted) > -1); -+ # Must do a string comparison as $vnum may be of the form 5.10.1. -+ my $vok = ($vnum ne '-1' && version->new($vnum) >= version->new($wanted)) ? 1 : 0; - my $blacklisted; - if ($vok && $params->{blacklist}) { - $blacklisted = grep($vnum =~ /$_/, @{$params->{blacklist}}); - diff --git a/bugzilla.spec b/bugzilla.spec index d7b4b1c..5edb000 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,9 +4,9 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.7 +Version: 4.2.9 Group: Applications/Publishing -Release: 3%{?dist} +Release: 1%{?dist} License: MPLv1.1 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz Source1: bugzilla-httpd-conf @@ -14,11 +14,6 @@ Source2: README.fedora.bugzilla Source3: bugzilla.cron-daily Patch0: bugzilla-rw-paths.patch Patch1: bugzilla-yum.patch -Patch2: bugzilla-project-mod_perl.patch -# Backport of https://bugzilla.mozilla.org/show_bug.cgi?id=938300 -Patch3: bugzilla-invalid-version.patch -# Backport of https://bugzilla.mozilla.org/show_bug.cgi?id=781672 -Patch4: bugzilla-vers-cmp.patch BuildArch: noarch Requires: webserver, patchutils, perl(SOAP::Lite), which @@ -109,9 +104,6 @@ Contributed scripts and functions for Bugzilla %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs @@ -223,6 +215,10 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Sat Apr 19 2014 Emmanuel Seyman - 4.2.9-1 +- Update to 4.2.9 (regression fix for 4.2.8 which was a security update) +- Drop backported patches + * Sun Jan 19 2014 Emmanuel Seyman - 4.2.7-3 - Fix the comparison of module versions (#1044854) - Really honor the PROJECT environment variable (#911943) diff --git a/sources b/sources index ff6e8d0..6a06105 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ebf0a75d1037f09994660d3958fc66fb bugzilla-4.2.7.tar.gz +68ab079ce3c980ed0af632f24bb1a58b bugzilla-4.2.9.tar.gz From 03d7eafe7b7d5904f931d564a4eccef9bea084a4 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Fri, 25 Jul 2014 11:45:43 +0200 Subject: [PATCH 6/9] Update to 4.2.10 --- .gitignore | 1 + bugzilla.spec | 8 +++++++- sources | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 21ab68c..f90af14 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.6.tar.gz /bugzilla-4.2.7.tar.gz /bugzilla-4.2.9.tar.gz +/bugzilla-4.2.10.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 5edb000..862a0d1 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.9 +Version: 4.2.10 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -108,6 +108,9 @@ rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs rm -rf lib/CGI* +# these files are only used for testing Bugzilla code +# see https://bugzilla.mozilla.org/show_bug.cgi?id=995209 +rm Build.PL MANIFEST.SKIP # Deal with changing /usr/local paths here instead of via patches %{__perl} -pi -e 's|/usr/local/bin/python\b|%{__python}|' contrib/*.py @@ -215,6 +218,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Fri Jul 25 2014 Emmanuel Seyman - 4.2.10-1 +- Update to 4.2.10 which fixes a security bug (CVE-2014-1546) + * Sat Apr 19 2014 Emmanuel Seyman - 4.2.9-1 - Update to 4.2.9 (regression fix for 4.2.8 which was a security update) - Drop backported patches diff --git a/sources b/sources index 6a06105..8b57b68 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -68ab079ce3c980ed0af632f24bb1a58b bugzilla-4.2.9.tar.gz +7454a55d0d3b2b5eb07b4ae52971cbe1 bugzilla-4.2.10.tar.gz From 4174a7ba98eefa941dbf6e2018da55e8daba99db Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Wed, 8 Oct 2014 08:50:46 +0200 Subject: [PATCH 7/9] Update to 4.2.11 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index f90af14..149269c 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.7.tar.gz /bugzilla-4.2.9.tar.gz /bugzilla-4.2.10.tar.gz +/bugzilla-4.2.11.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 862a0d1..a80a219 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.10 +Version: 4.2.11 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -218,6 +218,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Wed Oct 08 2014 Emmanuel Seyman - 4.2.11-1 +- Update to 4.2.11 (CVE-2014-157, CVE-2014-1573 and CVE-2014-1571) + * Fri Jul 25 2014 Emmanuel Seyman - 4.2.10-1 - Update to 4.2.10 which fixes a security bug (CVE-2014-1546) diff --git a/sources b/sources index 8b57b68..293fd92 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7454a55d0d3b2b5eb07b4ae52971cbe1 bugzilla-4.2.10.tar.gz +6d25ea79951984d60639f23ffe20b4ec bugzilla-4.2.11.tar.gz From 2149a6b13a9e961f2387f226b38182fae94f6b9d Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sat, 31 Jan 2015 22:48:25 +0100 Subject: [PATCH 8/9] - Update to 4.2.13 (fixes regressions in 4.2.12 which itself fixed security flaws) (CVE-2014-1571, CVE-2014-8630) - Remove bundled binary files (#1000245) - Add webdot directory perms to apache configuration --- .gitignore | 1 + bugzilla-httpd-conf | 4 ++++ bugzilla.spec | 10 +++++++++- sources | 2 +- 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 149269c..86b8390 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.2.9.tar.gz /bugzilla-4.2.10.tar.gz /bugzilla-4.2.11.tar.gz +/bugzilla-4.2.13.tar.gz diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf index 45ec051..1ed7679 100644 --- a/bugzilla-httpd-conf +++ b/bugzilla-httpd-conf @@ -17,3 +17,7 @@ Alias /bugzilla /usr/share/bugzilla AddType application/vnd.mozilla.xul+xml .xul AddType application/rdf+xml .rdf + + + Require all granted + diff --git a/bugzilla.spec b/bugzilla.spec index a80a219..cbc4bd3 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.2.11 +Version: 4.2.13 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -108,6 +108,9 @@ rm -f Bugzilla/Constants.pm.orig rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs rm -rf lib/CGI* +# Remove bundled binary files +rm -f js/yui/*/*.swf + # these files are only used for testing Bugzilla code # see https://bugzilla.mozilla.org/show_bug.cgi?id=995209 rm Build.PL MANIFEST.SKIP @@ -218,6 +221,11 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +- Update to 4.2.13 (fixes regressions in 4.2.12 which itself + fixed security flaws) (CVE-2014-1571, CVE-2014-8630) +- Remove bundled binary files (#1000245) +- Add webdot directory perms to apache configuration + * Wed Oct 08 2014 Emmanuel Seyman - 4.2.11-1 - Update to 4.2.11 (CVE-2014-157, CVE-2014-1573 and CVE-2014-1571) diff --git a/sources b/sources index 293fd92..bc9dd67 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6d25ea79951984d60639f23ffe20b4ec bugzilla-4.2.11.tar.gz +634f12a9a899cbe2a28f9b83d214a520 bugzilla-4.2.13.tar.gz From a97749599a9b50d68c737e3b0cb21543b46b3dda Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sat, 31 Jan 2015 22:57:06 +0100 Subject: [PATCH 9/9] Add date to the changelog --- bugzilla.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/bugzilla.spec b/bugzilla.spec index cbc4bd3..9919985 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -221,6 +221,7 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl %changelog +* Sat Jan 31 2015 Emmanuel Seyman - 4.4.8-1 - Update to 4.2.13 (fixes regressions in 4.2.12 which itself fixed security flaws) (CVE-2014-1571, CVE-2014-8630) - Remove bundled binary files (#1000245)