From ece3d49be6196d370899ad3803c72d2eae8d9b58 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sun, 8 Jan 2012 15:25:22 +0100 Subject: [PATCH 1/7] Update to 4.0.3 Add perl(Locale::Language) to the Requires Add index.html to the DirectoryIndex Fix typo in README.fedora.bugzilla --- .gitignore | 1 + README.fedora.bugzilla | 2 +- bugzilla-httpd-conf | 4 +++- bugzilla.spec | 9 ++++++++- sources | 2 +- 5 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 1f04fc9..de623e9 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.tar.gz /bugzilla-4.0.1.tar.gz /bugzilla-4.0.2.tar.gz +/bugzilla-4.0.3.tar.gz diff --git a/README.fedora.bugzilla b/README.fedora.bugzilla index 2611a75..9814898 100644 --- a/README.fedora.bugzilla +++ b/README.fedora.bugzilla @@ -20,6 +20,6 @@ put in place after configuration is done. The first is a daily cron job for statistics collection. This is in the file "cron.daily" and can be enabled by simply copying this file to /etc/cron.daily/bugzilla (or any other file name in the /etc/cron.daily/ directory). The second is the "whine" cron job, -designed to run every 15 minutes. To enable this job, simply coopy the +designed to run every 15 minutes. To enable this job, simply copy the cron.whine file to /etc/cron.d/bugzilla (or any othe filename within the /etc/cron.d/ directory). diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf index 0373cb4..be0987f 100644 --- a/bugzilla-httpd-conf +++ b/bugzilla-httpd-conf @@ -4,6 +4,8 @@ Alias /bugzilla /usr/share/bugzilla AddHandler cgi-script .cgi Options +Indexes +ExecCGI +FollowSymLinks - DirectoryIndex index.cgi + DirectoryIndex index.cgi index.html AllowOverride Limit Options FileInfo + AddType application/vnd.mozilla.xul+xml .xul + AddType application/rdf+xml .rdf diff --git a/bugzilla.spec b/bugzilla.spec index 3739bcc..84ec22f 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.2 +Version: 4.0.3 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -28,6 +28,7 @@ Requires: perl(Email::Send) >= 2.00 Requires: perl(Email::MIME) >= 1.904 Requires: perl(URI) Requires: perl(List::MoreUtils) >= 0.22 +Requires: perl(Locale::Language) %package doc Summary: Bugzilla documentation @@ -231,6 +232,12 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Sun Jan 08 2012 Emmanuel Seyman - 4.0.3-1 +- Update to 4.0.3 +- Add perl(Locale::Language) to the Requires +- Add index.html to the DirectoryIndex +- Fix typo in README.fedora.bugzilla + * Fri Aug 05 2011 Emmanuel Seyman - 4.0.2-1 - Update to 4.0.2 - Add RPM-4.9-style filtering diff --git a/sources b/sources index 6a4140d..8ada0fd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1244a7a477682ecc9caadf840d960d2e bugzilla-4.0.2.tar.gz +b7c33202cdb9a794e9f52a39fcb7dec4 bugzilla-4.0.3.tar.gz From 08155d2c30b51635c4257d505182acc9bf86026d Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Wed, 1 Feb 2012 23:26:15 +0100 Subject: [PATCH 2/7] Update to 4.0.4 to fix security flaws (#786550) Correct upstream URL in README.fedora.bugzilla, thanks to Ken Dreyer (#783014) --- .gitignore | 1 + README.fedora.bugzilla | 2 +- bugzilla.spec | 6 +++++- sources | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index de623e9..106dae3 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.1.tar.gz /bugzilla-4.0.2.tar.gz /bugzilla-4.0.3.tar.gz +/bugzilla-4.0.4.tar.gz diff --git a/README.fedora.bugzilla b/README.fedora.bugzilla index 9814898..4663885 100644 --- a/README.fedora.bugzilla +++ b/README.fedora.bugzilla @@ -9,7 +9,7 @@ the values in this file are accurate for your environment. Once this is done, you may need to modify default settings for your database to ensure it accepts Bugzilla data properly. Please see -http://www.bugzilla.org/docs/2.22/html/configuration.html for specifics of +http://www.bugzilla.org/docs/4.0/en/html/configuration.html for specifics of database setting modifications. Lastly, simply re-run checksetup.pl to populate the database tables, set up diff --git a/bugzilla.spec b/bugzilla.spec index 84ec22f..2183f35 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.3 +Version: 4.0.4 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -232,6 +232,10 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Wed Feb 1 2012 Emmanuel Seyman - 4.0.4-1 +- Update to 4.0.4 to fix security flaws (#786550) +- Correct upstream URL in README.fedora.bugzilla, thanks to Ken Dreyer (#783014) + * Sun Jan 08 2012 Emmanuel Seyman - 4.0.3-1 - Update to 4.0.3 - Add perl(Locale::Language) to the Requires diff --git a/sources b/sources index 8ada0fd..afed430 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b7c33202cdb9a794e9f52a39fcb7dec4 bugzilla-4.0.3.tar.gz +2feaf81535eb3058017517532f8bac3a bugzilla-4.0.4.tar.gz From 1c7b5392ff324d18175724966aa2b2a45a1ad0fb Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Fri, 24 Feb 2012 01:00:11 +0100 Subject: [PATCH 3/7] Update to 4.0.5, block mod-perl2 modules from requires and remove rpm4.8 filters --- .gitignore | 1 + bugzilla.spec | 52 ++++++++++++++++----------------------------------- sources | 2 +- 3 files changed, 18 insertions(+), 37 deletions(-) diff --git a/.gitignore b/.gitignore index 106dae3..2734649 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.2.tar.gz /bugzilla-4.0.3.tar.gz /bugzilla-4.0.4.tar.gz +/bugzilla-4.0.5.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 2183f35..c770e14 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.4 +Version: 4.0.5 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -43,40 +43,15 @@ Summary: Bugzilla contributed scripts Group: Applications/Publishing BuildRequires: python -# RPM 4.8 style: -# Filter underspecified dependencies -# Remove all optional modules from the requires stream -%filter_from_requires /perl(sanitycheck.cgi)/d -# mod_perl modules -%filter_from_requires /perl(Apache2::Const)/d; /perl(Apache2::ServerUtil)/d -%filter_from_requires /perl(Apache2::SizeLimit)/d; /perl(ModPerl::RegistryLoader)/d -# authentification modules -%filter_from_requires /perl(Authen::Radius)/d; /perl(Net::LDAP)/d -# database modules -%filter_from_requires /perl(DBD::Oracle)/d; /perl(DBD::Pg)/d -%filter_from_requires /perl(DBI::db)/d; /perl(DBI::st)/d -# inbound email modules -%filter_from_requires /perl(Email::MIME::Attachment::Stripper)/d; /perl(Email::Reply)/d -# bug moving modules -%filter_from_requires /perl(MIME::Parser)/d; /perl(XML::Twig)/d -# xml-rpc and json-rpc modules -%filter_from_requires /perl(XMLRPC::Lite)/d; /perl(XMLRPC::Transport::HTTP)/d -%filter_from_requires /perl(HTTP::Message)/d; /perl(Test::Taint)/d -# extension modules -%filter_from_requires /perl(Image::Magick)/d -# and remove the extensions from the provides stream -%filter_from_provides /perl(Bugzilla::Extension::BmpConvert)/d; /perl(Bugzilla::Extension::Example)/d -%filter_setup +%{?perl_default_filter} -# RPM 4.9 style: -# Filter underspecified dependencies -# Remove all optional modules from the requires stream +# Remove private modules from the requires stream %global __requires_exclude %__requires_exclude|^perl\\(sanitycheck.cgi\\)$ + +# Remove all optional modules from the requires stream # mod_perl modules -%global __requires_exclude %__requires_exclude|^perl\\(Apache2::Const\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(Apache2::ServerUtil\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(Apache2::SizeLimit\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(ModPerl::RegistryLoader\\)$ +%global __requires_exclude %__requires_exclude|^perl\\(Apache2:: +%global __requires_exclude %__requires_exclude|^perl\\(ModPerl:: # authentification modules %global __requires_exclude %__requires_exclude|^perl\\(Authen::Radius\\)$ %global __requires_exclude %__requires_exclude|^perl\\(Net::LDAP\\)$ @@ -92,15 +67,14 @@ BuildRequires: python %global __requires_exclude %__requires_exclude|^perl\\(MIME::Parser\\)$ %global __requires_exclude %__requires_exclude|^perl\\(XML::Twig\\)$ # xml-rpc and json-rpc modules -%global __requires_exclude %__requires_exclude|^perl\\(XMLRPC::Lite\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(XMLRPC::Transport::HTTP\\)$ +%global __requires_exclude %__requires_exclude|^perl\\(XMLRPC:: %global __requires_exclude %__requires_exclude|^perl\\(HTTP::Message\\)$ %global __requires_exclude %__requires_exclude|^perl\\(Test::Taint\\)$ # extension modules %global __requires_exclude %__requires_exclude|^perl\\(Image::Magick\\)$ + # and remove the extensions from the provides stream -%global __requires_exclude %__requires_exclude|^perl\\(Bugzilla::Extension::BmpConvert\\)$ -%global __requires_exclude %__requires_exclude|^perl\\(Bugzilla::Extension::Example\\)$ +%global __requires_exclude %__requires_exclude|^perl\\(Bugzilla::Extension:: %description Bugzilla is a popular bug tracking system used by multiple open source projects @@ -122,6 +96,7 @@ Contributed scripts and functions for Bugzilla %patch0 -p1 %patch1 -p1 rm -f Bugzilla/Constants.pm.orig +rm -f Bugzilla/Install/Requirements.pm.orig # Remove bundled libs rm -rf lib/CGI* @@ -232,6 +207,11 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Fri Feb 24 2012 Emmanuel Seyman - 4.0.5-1 +- Update to 4.0.5 to fix security issues (CVE-2012-0453) +- Block all ModPerl::* and Apache2::* from requires +- Remove rpm4.8 filters + * Wed Feb 1 2012 Emmanuel Seyman - 4.0.4-1 - Update to 4.0.4 to fix security flaws (#786550) - Correct upstream URL in README.fedora.bugzilla, thanks to Ken Dreyer (#783014) diff --git a/sources b/sources index afed430..f28ab97 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2feaf81535eb3058017517532f8bac3a bugzilla-4.0.4.tar.gz +c5b73f5ddfecbf4772852e73ddfd94e4 bugzilla-4.0.5.tar.gz From 034a542d67c1d30ed29b5c385d1783fcaf886332 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Fri, 20 Apr 2012 01:16:13 +0200 Subject: [PATCH 4/7] Update to 4.0.6 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2734649..693ec9f 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.3.tar.gz /bugzilla-4.0.4.tar.gz /bugzilla-4.0.5.tar.gz +/bugzilla-4.0.6.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index c770e14..53d5a22 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.5 +Version: 4.0.6 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -207,6 +207,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Fri Apr 20 2012 Emmanuel Seyman - 4.0.6-1 +- Update to 4.0.6 + * Fri Feb 24 2012 Emmanuel Seyman - 4.0.5-1 - Update to 4.0.5 to fix security issues (CVE-2012-0453) - Block all ModPerl::* and Apache2::* from requires diff --git a/sources b/sources index f28ab97..acdfc20 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c5b73f5ddfecbf4772852e73ddfd94e4 bugzilla-4.0.5.tar.gz +ad8f25fec6050c714c82f2455c3b3349 bugzilla-4.0.6.tar.gz From 436f1bd199709a575cebdcd37bc73dccae0f07eb Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Mon, 30 Jul 2012 22:30:26 +0200 Subject: [PATCH 5/7] Update to 4.0.7 (CVE-2012-1969) --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 693ec9f..eecdbfa 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.4.tar.gz /bugzilla-4.0.5.tar.gz /bugzilla-4.0.6.tar.gz +/bugzilla-4.0.7.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 53d5a22..8ae3793 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.6 +Version: 4.0.7 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -207,6 +207,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Mon Jul 30 2012 Emmanuel Seyman - 4.0.7-1 +- Update to 4.0.7 (CVE-2012-1969) + * Fri Apr 20 2012 Emmanuel Seyman - 4.0.6-1 - Update to 4.0.6 diff --git a/sources b/sources index acdfc20..7ab9ebe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ad8f25fec6050c714c82f2455c3b3349 bugzilla-4.0.6.tar.gz +d133e6b120986159e60980b93b418f54 bugzilla-4.0.7.tar.gz From 7d649c87c45610ff8d8bc9191db051b6d1b65ace Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Sun, 2 Sep 2012 18:34:39 +0200 Subject: [PATCH 6/7] Update to 4.0.8 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index eecdbfa..23183ae 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.5.tar.gz /bugzilla-4.0.6.tar.gz /bugzilla-4.0.7.tar.gz +/bugzilla-4.0.8.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index 8ae3793..e897987 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.7 +Version: 4.0.8 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -207,6 +207,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Sun Sep 02 2012 Emmanuel Seyman - 4.0.8-1 +- Update to 4.0.8 (CVE-2012-3981) + * Mon Jul 30 2012 Emmanuel Seyman - 4.0.7-1 - Update to 4.0.7 (CVE-2012-1969) diff --git a/sources b/sources index 7ab9ebe..aad2394 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d133e6b120986159e60980b93b418f54 bugzilla-4.0.7.tar.gz +180d9bb9b2f0fa1f1a7c9606325aae8b bugzilla-4.0.8.tar.gz From 8f1ddb1407eee5470e173c4b54f1638c56e86502 Mon Sep 17 00:00:00 2001 From: Emmanuel Seyman Date: Wed, 14 Nov 2012 17:57:12 +0100 Subject: [PATCH 7/7] Update to 4.0.9 --- .gitignore | 1 + bugzilla.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 23183ae..99a58b7 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ bugzilla-3.6.1.tar.gz /bugzilla-4.0.6.tar.gz /bugzilla-4.0.7.tar.gz /bugzilla-4.0.8.tar.gz +/bugzilla-4.0.9.tar.gz diff --git a/bugzilla.spec b/bugzilla.spec index e897987..f5de14f 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -4,7 +4,7 @@ Summary: Bug tracking system URL: http://www.bugzilla.org/ Name: bugzilla -Version: 4.0.8 +Version: 4.0.9 Group: Applications/Publishing Release: 1%{?dist} License: MPLv1.1 @@ -207,6 +207,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh %changelog +* Wed Nov 14 2012 Emmanuel Seyman - 4.0.9-1 +- Update to 4.0.9 + * Sun Sep 02 2012 Emmanuel Seyman - 4.0.8-1 - Update to 4.0.8 (CVE-2012-3981) diff --git a/sources b/sources index aad2394..bb09a56 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -180d9bb9b2f0fa1f1a7c9606325aae8b bugzilla-4.0.8.tar.gz +629bde008a0f82ecfa875a44f238397c bugzilla-4.0.9.tar.gz