diff --git a/.gitignore b/.gitignore
index e40fcb6..2a71eba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,8 @@ bugzilla-3.6.1.tar.gz
/bugzilla-3.6.2.tar.gz
/bugzilla-3.6.3.tar.gz
/bugzilla-3.6.4.tar.gz
+/bugzilla-3.6.5.tar.gz
+/bugzilla-3.6.6.tar.gz
+/bugzilla-3.6.7.tar.gz
+/bugzilla-3.6.8.tar.gz
+/bugzilla-3.6.9.tar.gz
diff --git a/README.fedora.bugzilla b/README.fedora.bugzilla
index 2611a75..0a09224 100644
--- a/README.fedora.bugzilla
+++ b/README.fedora.bugzilla
@@ -9,7 +9,7 @@ the values in this file are accurate for your environment.
Once this is done, you may need to modify default settings for your database
to ensure it accepts Bugzilla data properly. Please see
-http://www.bugzilla.org/docs/2.22/html/configuration.html for specifics of
+http://www.bugzilla.org/docs/3.6/en/html/configuration.html for specifics of
database setting modifications.
Lastly, simply re-run checksetup.pl to populate the database tables, set up
@@ -20,6 +20,6 @@ put in place after configuration is done. The first is a daily cron job for
statistics collection. This is in the file "cron.daily" and can be enabled by
simply copying this file to /etc/cron.daily/bugzilla (or any other file name
in the /etc/cron.daily/ directory). The second is the "whine" cron job,
-designed to run every 15 minutes. To enable this job, simply coopy the
+designed to run every 15 minutes. To enable this job, simply copy the
cron.whine file to /etc/cron.d/bugzilla (or any othe filename within the
/etc/cron.d/ directory).
diff --git a/bugzilla-graphs-dir.patch b/bugzilla-graphs-dir.patch
deleted file mode 100644
index fc433c5..0000000
--- a/bugzilla-graphs-dir.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-Index: collectstats.pl
-===================================================================
-RCS file: /cvsroot/mozilla/webtools/bugzilla/collectstats.pl,v
-retrieving revision 1.71
-diff -u -r1.71 collectstats.pl
---- collectstats.pl 6 Sep 2009 22:45:51 -0000 1.71
-+++ collectstats.pl 16 May 2010 09:22:28 -0000
-@@ -51,7 +51,7 @@
-
- # Tidy up after graphing module
- my $cwd = Cwd::getcwd();
--if (chdir("graphs")) {
-+if (chdir(bz_locations()->{'graphdir'})) {
- unlink <./*.gif>;
- unlink <./*.png>;
- # chdir("..") doesn't work if graphs is a symlink, see bug 429378
-Index: reports.cgi
-===================================================================
-RCS file: /cvsroot/mozilla/webtools/bugzilla/reports.cgi,v
-retrieving revision 1.95
-diff -u -r1.95 reports.cgi
---- reports.cgi 24 Oct 2009 05:21:06 -0000 1.95
-+++ reports.cgi 16 May 2010 09:22:28 -0000
-@@ -45,6 +45,8 @@
- use Bugzilla::Error;
- use Bugzilla::Status;
-
-+use File::Basename;
-+
- # If we're using bug groups for products, we should apply those restrictions
- # to viewing reports, as well. Time to check the login in that case.
- my $user = Bugzilla->login();
-@@ -54,8 +56,8 @@
- }
-
- my $dir = bz_locations()->{'datadir'} . "/mining";
--my $graph_url = 'graphs';
--my $graph_dir = bz_locations()->{'libpath'} . '/' .$graph_url;
-+my $graph_dir = bz_locations()->{'graphdir'};
-+my $graph_url = basename($graph_dir);
-
- Bugzilla->switch_to_shadow_db();
-
-Index: Bugzilla/Constants.pm
-===================================================================
-RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Constants.pm,v
-retrieving revision 1.126.2.5
-diff -u -r1.126.2.5 Constants.pm
---- Bugzilla/Constants.pm 13 Apr 2010 04:56:24 -0000 1.126.2.5
-+++ Bugzilla/Constants.pm 16 May 2010 09:22:29 -0000
-@@ -551,6 +551,7 @@
- # The script should really generate these graphs directly...
- 'webdotdir' => "/var/lib/bugzilla/$datadir/webdot",
- 'extensionsdir' => "$libpath/extensions",
-+ 'graphdir' => "$libpath/graphs",
- };
- }
-
-Index: Bugzilla/Install/Filesystem.pm
-===================================================================
-RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Install/Filesystem.pm,v
-retrieving revision 1.47.2.1
-diff -u -r1.47.2.1 Filesystem.pm
---- Bugzilla/Install/Filesystem.pm 20 Feb 2010 20:20:55 -0000 1.47.2.1
-+++ Bugzilla/Install/Filesystem.pm 16 May 2010 09:22:29 -0000
-@@ -69,6 +69,7 @@
- my $attachdir = bz_locations()->{'attachdir'};
- my $extensionsdir = bz_locations()->{'extensionsdir'};
- my $webdotdir = bz_locations()->{'webdotdir'};
-+ my $graphdir = bz_locations()->{'graphdir'};
- my $templatedir = bz_locations()->{'templatedir'};
- my $libdir = bz_locations()->{'libpath'};
- my $extlib = bz_locations()->{'ext_libpath'};
-@@ -162,7 +163,7 @@
- dirs => $ws_dir_writeable },
- $webdotdir => { files => $ws_writeable,
- dirs => $ws_dir_writeable },
-- graphs => { files => $ws_writeable,
-+ $graphdir => { files => $ws_writeable,
- dirs => $ws_dir_writeable },
-
- # Readable directories
-@@ -212,7 +213,7 @@
- "$datadir/extensions" => $ws_dir_readable,
- $attachdir => $ws_dir_writeable,
- $extensionsdir => $ws_dir_readable,
-- graphs => $ws_dir_writeable,
-+ $graphdir => $ws_dir_writeable,
- $webdotdir => $ws_dir_writeable,
- "$skinsdir/custom" => $ws_dir_readable,
- "$skinsdir/contrib" => $ws_dir_readable,
-@@ -342,10 +343,11 @@
- my %files = %{$fs->{create_files}};
-
- my $datadir = bz_locations->{'datadir'};
-+ my $graphdir = bz_locations->{'graphdir'};
- # If the graphs/ directory doesn't exist, we're upgrading from
- # a version old enough that we need to update the $datadir/mining
- # format.
-- if (-d "$datadir/mining" && !-d 'graphs') {
-+ if (-d "$datadir/mining" && !-d $graphdir) {
- _update_old_charts($datadir);
- }
-
diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf
index 0373cb4..be0987f 100644
--- a/bugzilla-httpd-conf
+++ b/bugzilla-httpd-conf
@@ -4,6 +4,8 @@ Alias /bugzilla /usr/share/bugzilla
AddHandler cgi-script .cgi
Options +Indexes +ExecCGI +FollowSymLinks
- DirectoryIndex index.cgi
+ DirectoryIndex index.cgi index.html
AllowOverride Limit Options FileInfo
+ AddType application/vnd.mozilla.xul+xml .xul
+ AddType application/rdf+xml .rdf
diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch
index 44d157a..8c9bfe1 100644
--- a/bugzilla-rw-paths.patch
+++ b/bugzilla-rw-paths.patch
@@ -1,6 +1,6 @@
---- bugzilla-3.4/Bugzilla/Constants.pm 2009-02-03 10:02:53.000000000 +0000
-+++ bugzilla-3.4-rw/Bugzilla/Constants.pm 2009-02-18 17:59:52.000000000 +0000
-@@ -539,9 +539,9 @@
+--- bugzilla-3.6.6/Bugzilla/Constants.pm 2011-08-05 15:42:01.768441860 +0200
++++ bugzilla-3.6.6-rw/Bugzilla/Constants.pm 2011-08-05 15:44:50.342628808 +0200
+@@ -539,18 +539,18 @@ sub bz_locations {
'cgi_path' => $libpath,
'templatedir' => "$libpath/template",
'project' => $project,
@@ -11,9 +11,11 @@
+ 'datadir' => "/var/lib/bugzilla/$datadir",
+ 'attachdir' => "/var/lib/bugzilla/$datadir/attachments",
'skinsdir' => "$libpath/skins",
- 'graphsdir' => "$libpath/graphs",
+- 'graphsdir' => "$libpath/graphs",
++ 'graphsdir' => "/var/lib/bugzilla/graphs",
# $webdotdir must be in the web server's tree somewhere. Even if you use a
-@@ -550,7 +550,7 @@
+ # local dot, we output images to there. Also, if $webdotdir is
+ # not relative to the bugzilla root directory, you'll need to
# change showdependencygraph.cgi to set image_url to the correct
# location.
# The script should really generate these graphs directly...
diff --git a/bugzilla-yum.patch b/bugzilla-yum.patch
new file mode 100644
index 0000000..df3d527
--- /dev/null
+++ b/bugzilla-yum.patch
@@ -0,0 +1,20 @@
+--- bugzilla-3.6.5/Bugzilla/Install/Requirements.pm.orig 2011-01-24 23:05:19.000000000 +0100
++++ bugzilla-3.6.5/Bugzilla/Install/Requirements.pm 2011-05-01 18:06:34.000000000 +0200
+@@ -483,7 +483,7 @@
+ if ($output && $check_results->{any_missing} && !ON_WINDOWS
+ && !$check_results->{hide_all})
+ {
+- print install_string('install_all', { perl => $^X });
++ # print install_string('install_all', { perl => $^X });
+ }
+ if (!$check_results->{pass}) {
+ print colored(install_string('installation_failed'), 'red') . "\n\n";
+@@ -599,7 +599,7 @@
+ $package = $module->{package};
+ }
+ else {
+- $command = "$^X install-module.pl \%s";
++ $command = "yum install \"perl(\%s)\"";
+ # Non-Windows installations need to use module names, because
+ # CPAN doesn't understand package names.
+ $package = $module->{module};
diff --git a/bugzilla.spec b/bugzilla.spec
index 12ac564..b2f4f44 100644
--- a/bugzilla.spec
+++ b/bugzilla.spec
@@ -4,15 +4,15 @@
Summary: Bug tracking system
URL: http://www.bugzilla.org/
Name: bugzilla
-Version: 3.6.4
+Version: 3.6.9
Group: Applications/Publishing
-Release: 4%{?dist}
+Release: 1%{?dist}
License: MPLv1.1
Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz
Source1: bugzilla-httpd-conf
Source2: README.fedora.bugzilla
Patch0: bugzilla-rw-paths.patch
-Patch1: bugzilla-graphs-dir.patch
+Patch1: bugzilla-yum.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -29,7 +29,7 @@ Requires: perl(Email::MIME::Encodings) >= 1.313
Requires: perl(Email::MIME::Modifier) >= 1.442
Requires: perl(Template) >= 2.22
Requires: perl(URI)
-Requires: bugzilla-contrib
+Requires: perl(Locale::Language)
%package doc
Summary: Bugzilla documentation
@@ -45,7 +45,8 @@ Group: Applications/Publishing
BuildRequires: python
# Remove all optional modules from the requires stream
-%filter_from_requires /perl(Authen::Radius)/d; /perl(DBD::Pg)/d; /perl(DBD::Oracle)/d;
+%filter_from_requires /perl(Authen::Radius)/d; /perl(DBD::Pg)/d; /perl(DBI::db)/d;
+%filter_from_requires /perl(DBD::Oracle)/d; /perl(DBI::st)/d;
%filter_from_requires /perl(sanitycheck.cgi)/d; /perl(Apache2::Const)/d;
%filter_from_requires /perl(Apache2::ServerUtil)/d; /perl(ModPerl::RegistryLoader)/d;
%filter_from_requires /perl(CPAN)/d; /perl(Net::LDAP)/d; /perl(Email::Reply)/d;
@@ -56,7 +57,7 @@ BuildRequires: python
# Remove extensions from the provides stream
%filter_from_provides /perl(Bugzilla::Extension::BmpConvert)/d; /perl(Bugzilla::Extension::Example)/d;
-%{?perl_default_filter}
+%filter_setup
%description
Bugzilla is a popular bug tracking system used by multiple open source projects
@@ -76,10 +77,10 @@ Contributed scripts and functions for Bugzilla
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
-# patch1 -p0
+%patch1 -p1
rm -f Bugzilla/Constants.pm.orig
# Remove bundled libs
-rm -rf lib/*
+rm -rf lib/CGI*
# Deal with changing /usr/local paths here instead of via patches
%{__perl} -pi -e 's|/usr/local/bin/python\b|%{__python}|' contrib/*.py
@@ -141,11 +142,13 @@ popd > /dev/null)
%{bzinstallprefix}/bugzilla/extensions
%{bzinstallprefix}/bugzilla/images
%{bzinstallprefix}/bugzilla/js
+%{bzinstallprefix}/bugzilla/lib
%{bzinstallprefix}/bugzilla/skins
%{bzinstallprefix}/bugzilla/t
%{bzinstallprefix}/bugzilla/template
%{bzinstallprefix}/bugzilla/cron.daily
%{bzinstallprefix}/bugzilla/cron.whine
+%{bzinstallprefix}/bugzilla/contrib/recode.pl
%config(noreplace) %{_sysconfdir}/httpd/conf.d/bugzilla.conf
%defattr(-,root,root,-)
%doc README
@@ -167,9 +170,55 @@ popd > /dev/null)
%files contrib
%defattr(-,root,root,-)
-%{bzinstallprefix}/bugzilla/contrib
+%{bzinstallprefix}/bugzilla/contrib/bugzilla_ldapsync.rb
+%{bzinstallprefix}/bugzilla/contrib/bugzilla-queue
+%{bzinstallprefix}/bugzilla/contrib/bugzilla-submit
+%{bzinstallprefix}/bugzilla/contrib/bzdbcopy.pl
+%{bzinstallprefix}/bugzilla/contrib/bz_webservice_demo.pl
+%{bzinstallprefix}/bugzilla/contrib/cmdline
+%{bzinstallprefix}/bugzilla/contrib/console.pl
+%{bzinstallprefix}/bugzilla/contrib/cvs-update.pl
+%{bzinstallprefix}/bugzilla/contrib/extension-convert.pl
+%{bzinstallprefix}/bugzilla/contrib/fixperms.pl
+%{bzinstallprefix}/bugzilla/contrib/jb2bz.py*
+%{bzinstallprefix}/bugzilla/contrib/merge-users.pl
+%{bzinstallprefix}/bugzilla/contrib/mysqld-watcher.pl
+%{bzinstallprefix}/bugzilla/contrib/README
+%{bzinstallprefix}/bugzilla/contrib/sendbugmail.pl
+%{bzinstallprefix}/bugzilla/contrib/sendunsentbugmail.pl
+%{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl
+%{bzinstallprefix}/bugzilla/contrib/yp_nomail.sh
%changelog
+* Fri Apr 20 2012 Emmanuel Seyman - 3.6.9-1
+- Update to 3.6.9 (CVE-2012-0465, CVE-2012-0466)
+
+* Wed Feb 1 2012 Emmanuel Seyman - 3.6.8-1
+- Update to 3.6.8 to fix security flaws (#786550)
+- Correct upstream URL in README.fedora.bugzilla, thanks to Ken Dreyer (#783014)
+
+* Sun Jan 08 2012 Emmanuel Seyman - 3.6.7-1
+- Update to 3.6.7
+- Add perl(Locale::Language) to the Requires
+- Add index.html to the DirectoryIndex
+- Fix typo in README.fedora.bugzilla
+
+* Fri Aug 05 2011 Emmanuel Seyman - 3.6.6-1
+- Update to 3.6.6
+- Move graphs to /var/lib/bugzilla/graphs.
+
+* Sun May 01 2011 Emmanuel Seyman - 3.6.5-1
+- Update to 3.6.5
+- Patch the installation procedure to recommend yum
+
+* Mon Mar 07 2011 Emmanuel Seyman - 3.6.4-5
+- Remove no-longer-needed files
+- Fix broken dependencies
+- Remove unused patch
+- Put contrib/recode.pl in the main package so that it no longer depends on
+ python and ruby
+- Remove the contents of the lib/ directory, not the directory itself.
+
* Mon Feb 07 2011 Fedora Release Engineering - 3.6.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
diff --git a/sources b/sources
index ae3a903..49a9321 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1bb7980c50c51590d7c2341bc03d5151 bugzilla-3.6.4.tar.gz
+837792667d449abaeef1692d99354215 bugzilla-3.6.9.tar.gz