CVE-2012-0466

Conflicts:
	.gitignore
	bugzilla-rw-paths.patch
	bugzilla.spec
	sources

.gitignore

@@ -1,30 +1,2 @@
-bugzilla-3.6.1.tar.gz
-/bugzilla-3.6.2.tar.gz
-/bugzilla-3.6.3.tar.gz
-/bugzilla-3.6.4.tar.gz
-/bugzilla-4.0-1.fc14.src.rpm
-/bugzilla-4.0.tar.gz
-/bugzilla-4.0.1.tar.gz
-/bugzilla-4.0.2.tar.gz
-/bugzilla-4.0.3.tar.gz
-/bugzilla-4.0.4.tar.gz
-/bugzilla-4.0.5.tar.gz
-/bugzilla-4.2.tar.gz
-/bugzilla-4.2.1.tar.gz
-/bugzilla-4.2.2.tar.gz
-/bugzilla-4.2.3.tar.gz
-/bugzilla-4.2.4.tar.gz
-/bugzilla-4.2.5.tar.gz
-/bugzilla-4.2.6.tar.gz
-/bugzilla-4.2.7.tar.gz
-/bugzilla-4.2.9.tar.gz
-/bugzilla-4.4.4.tar.gz
-/bugzilla-4.4.5.tar.gz
-/bugzilla-4.4.6.tar.gz
-/bugzilla-4.4.8.tar.gz
-/bugzilla-4.4.10.tar.gz
-/bugzilla-4.4.11.tar.gz
-/bugzilla-5.0.2.tar.gz
-/bugzilla-5.0.3.tar.gz
-/bugzilla-5.0.4.tar.gz
-/release-5.0.6.tar.gz
+bugzilla-3.2.6.tar.gz
+/bugzilla-3.2.10.tar.gz

README.fedora.bugzilla

@@ -9,7 +9,7 @@ the values in this file are accurate for your environment.
 
 Once this is done, you may need to modify default settings for your database
 to ensure it accepts Bugzilla data properly.  Please see 
-https://bugzilla.readthedocs.org/en/5.0/ for specifics of
+http://www.bugzilla.org/docs/2.22/html/configuration.html for specifics of 
 database setting modifications.
 
 Lastly, simply re-run checksetup.pl to populate the database tables, set up

bugzilla-1438957-concatenate-assets.patch

@@ -1,12 +0,0 @@
-diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm
---- ./Bugzilla/Constants.pm.orig	2018-02-18 12:22:45.541837039 +0100
-+++ ./Bugzilla/Constants.pm	2018-02-18 12:22:53.538784733 +0100
-@@ -213,7 +213,7 @@ use constant LOCAL_FILE  => 'bugzilla-up
- # When true CSS and JavaScript assets will be concatanted and minified at
- # run-time, to reduce the number of requests required to render a page.
- # Setting this to a false value can help debugging.
--use constant CONCATENATE_ASSETS => 1;
-+use constant CONCATENATE_ASSETS => 0;
- 
- # These are unique values that are unlikely to match a string or a number,
- # to be used in criteria for match() functions and other things. They start

bugzilla-1855962-non-html-mail.patch

@@ -1,19 +0,0 @@
-diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm
-index 18795d735..2075a71e1 100644
---- a/Bugzilla/BugMail.pm
-+++ b/Bugzilla/BugMail.pm
-@@ -495,10 +495,10 @@ sub _generate_bugmail {
-   }
- 
-   my $email = Bugzilla::MIME->new($msg_header);
--  if (scalar(@parts) == 1) {
--    $email->content_type_set($parts[0]->content_type);
--  }
--  else {
-+
-+  # If there's only one part, we don't need to set the overall content type
-+  # because Email::MIME will automatically take it from that part (bug 1657496)
-+  if (scalar(@parts) > 1) {
-     $email->content_type_set('multipart/alternative');
- 
-     # Some mail clients need same encoding for each part, even empty ones.

bugzilla-2180465-sphinx-build.patch

@@ -1,11 +0,0 @@
-diff -up ./docs/en/rst/conf.py.orig ./docs/en/rst/conf.py
---- ./docs/en/rst/conf.py.orig	2023-04-17 12:51:46.689758866 +0200
-+++ ./docs/en/rst/conf.py	2023-04-17 22:43:10.003583492 +0200
-@@ -391,5 +391,5 @@ if on_rtd:
- else:
-     base_api_url = '../integrating/api/'
- 
--extlinks = {'bug': ('https://bugzilla.mozilla.org/show_bug.cgi?id=%s', 'bug  '),
--            'api': (base_api_url + '%s', '')}
-+extlinks = {'bug': ('https://bugzilla.mozilla.org/show_bug.cgi?id=%s', 'bug  %s'),
-+            'api': (base_api_url + '%s', '%s')}

bugzilla-3.2.10-CVE-2011-2379.patch

@@ -0,0 +1,240 @@
+=== modified file 'Bugzilla/Attachment/PatchReader.pm'
+--- Bugzilla/Attachment/PatchReader.pm	2008-06-29 22:35:28 +0000
++++ Bugzilla/Attachment/PatchReader.pm	2011-07-07 06:04:15 +0000
+@@ -37,6 +37,7 @@
+         $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
+         # Actually print out the patch.
+         print $cgi->header(-type => 'text/plain',
++                           -x_content_type_options => "nosniff",
+                            -expires => '+3M');
+         disable_utf8();
+         $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
+@@ -118,6 +119,7 @@
+         $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
+         # Actually print out the patch.
+         print $cgi->header(-type => 'text/plain',
++                           -x_content_type_options => "nosniff",
+                            -expires => '+3M');
+         disable_utf8();
+     }
+
+=== modified file 'attachment.cgi'
+--- attachment.cgi	2009-09-30 08:53:25 +0000
++++ attachment.cgi	2011-07-21 06:21:26 +0000
+@@ -71,10 +71,13 @@
+ 
+ # Determine whether to use the action specified by the user or the default.
+ my $action = $cgi->param('action') || 'view';
++my $format = $cgi->param('format') || '';
+ 
+ # You must use the appropriate urlbase/sslbase param when doing anything
+-# but viewing an attachment.
+-if ($action ne 'view') {
++# but viewing an attachment, or a raw diff.
++if ($action ne 'view'
++    && (($action !~ /^(?:interdiff|diff)$/) || $format ne 'raw'))
++{
+     my $urlbase = Bugzilla->params->{'urlbase'};
+     my $sslbase = Bugzilla->params->{'sslbase'};
+     my $path_regexp = $sslbase ? qr/^(\Q$urlbase\E|\Q$sslbase\E)/ : qr/^\Q$urlbase\E/;
+@@ -172,7 +175,8 @@
+     # non-natural, so use the original value from $cgi in our exception
+     # message here.
+     detaint_natural($attach_id)
+-     || ThrowUserError("invalid_attach_id", { attach_id => $cgi->param($param) });
++      || ThrowUserError("invalid_attach_id",
++                        { attach_id => scalar $cgi->param($param) });
+   
+     # Make sure the attachment exists in the database.
+     my $attachment = Bugzilla::Attachment->get($attach_id)
+@@ -249,53 +253,71 @@
+                         { bug_id => $bugid });
+ }
+ 
+-################################################################################
+-# Functions
+-################################################################################
++# Gets the attachment object(s) generated by validateID, while ensuring
++# attachbase and token authentication is used when required.
++sub get_attachment {
++    my @field_names = @_ ? @_ : qw(id);
+ 
+-# Display an attachment.
+-sub view {
+-    my $attachment;
++    my %attachments;
+ 
+     if (use_attachbase()) {
+-        $attachment = validateID(undef, 1);
+-        # Replace %bugid% by the ID of the bug the attachment belongs to, if present.
++        # Load each attachment, and ensure they are all from the same bug
++        my $bug_id = 0;
++        foreach my $field_name (@field_names) {
++            my $attachment = validateID($field_name, 1);
++            if (!$bug_id) {
++                $bug_id = $attachment->bug_id;
++            } elsif ($attachment->bug_id != $bug_id) {
++                ThrowUserError('attachment_bug_id_mismatch');
++            }
++            $attachments{$field_name} = $attachment;
++        }
+         my $attachbase = Bugzilla->params->{'attachment_base'};
+-        my $bug_id = $attachment->bug_id;
+         $attachbase =~ s/%bugid%/$bug_id/;
+-        my $path = 'attachment.cgi?id=' . $attachment->id;
+-        # The user is allowed to override the content type of the attachment.
+-        if (defined $cgi->param('content_type')) {
+-            $path .= '&content_type=' . url_quote($cgi->param('content_type'));
+-        }
++        my @args = map { $_ . '=' . $attachments{$_}->id } @field_names;
++        my $cgi_params = $cgi->canonicalise_query(@field_names, 't',
++            'Bugzilla_login', 'Bugzilla_password');
++        push(@args, $cgi_params) if $cgi_params;
++        my $path = 'attachment.cgi?' . join('&', @args);
+ 
+         # Make sure the attachment is served from the correct server.
+         if ($cgi->self_url !~ /^\Q$attachbase\E/) {
+             # We couldn't call Bugzilla->login earlier as we first had to make sure
+             # we were not going to request credentials on the alternate host.
+             Bugzilla->login();
+-            if (attachmentIsPublic($attachment)) {
++            if (all_attachments_are_public(\%attachments)) {
+                 # No need for a token; redirect to attachment base.
+                 print $cgi->redirect(-location => $attachbase . $path);
+                 exit;
+             } else {
+                 # Make sure the user can view the attachment.
+-                check_can_access($attachment);
++                foreach my $field_name (@field_names) {
++                    check_can_access($attachments{$field_name});
++                }
+                 # Create a token and redirect.
+-                my $token = url_quote(issue_session_token($attachment->id));
++                my $token = url_quote(issue_session_token(pack_token_data(\%attachments)));
+                 print $cgi->redirect(-location => $attachbase . "$path&t=$token");
+                 exit;
+             }
+         } else {
+             # No need to validate the token for public attachments. We cannot request
+             # credentials as we are on the alternate host.
+-            if (!attachmentIsPublic($attachment)) {
++            if (!all_attachments_are_public(\%attachments)) {
+                 my $token = $cgi->param('t');
+-                my ($userid, undef, $token_attach_id) = Bugzilla::Token::GetTokenData($token);
+-                unless ($userid
+-                        && detaint_natural($token_attach_id)
+-                        && ($token_attach_id == $attachment->id))
+-                {
++                my ($userid, undef, $token_data) = Bugzilla::Token::GetTokenData($token);
++                my %token_data = unpack_token_data($token_data);
++                my $valid_token = 1;
++                foreach my $field_name (@field_names) {
++                    my $token_id = $token_data{$field_name};
++                    if (!$token_id
++                        || !detaint_natural($token_id)
++                        || $attachments{$field_name}->id != $token_id)
++                    {
++                        $valid_token = 0;
++                        last;
++                    }
++                }
++                unless ($userid && $valid_token) {
+                     # Not a valid token.
+                     print $cgi->redirect('-location' => correct_urlbase() . $path);
+                     exit;
+@@ -309,8 +331,48 @@
+     } else {
+         # No alternate host is used. Request credentials if required.
+         Bugzilla->login();
+-        $attachment = validateID();
+-    }
++        foreach my $field_name (@field_names) {
++            $attachments{$field_name} = validateID($field_name);
++        }
++    }
++
++    return wantarray
++        ? map { $attachments{$_} } @field_names
++        : $attachments{$field_names[0]};
++}
++
++sub all_attachments_are_public {
++    my $attachments = shift;
++    foreach my $field_name (keys %$attachments) {
++        if (!attachmentIsPublic($attachments->{$field_name})) {
++            return 0;
++        }
++    }
++    return 1;
++}
++
++sub pack_token_data {
++    my $attachments = shift;
++    return join(' ', map { $_ . '=' . $attachments->{$_}->id } keys %$attachments);
++}
++
++sub unpack_token_data {
++    my @token_data = split(/ /, shift || '');
++    my %data;
++    foreach my $token (@token_data) {
++        my ($field_name, $attach_id) = split('=', $token);
++        $data{$field_name} = $attach_id;
++    }
++    return %data;
++}
++
++################################################################################
++# Functions
++################################################################################
++
++# Display an attachment.
++sub view {
++    my $attachment = get_attachment();
+ 
+     # At this point, Bugzilla->login has been called if it had to.
+     my $contenttype = $attachment->contenttype;
+@@ -345,9 +407,14 @@
+ 
+ sub interdiff {
+     # Retrieve and validate parameters
+-    my $old_attachment = validateID('oldid');
+-    my $new_attachment = validateID('newid');
+     my $format = validateFormat('html', 'raw');
++    my($old_attachment, $new_attachment);
++    if ($format eq 'raw') {
++        ($old_attachment, $new_attachment) = get_attachment('oldid', 'newid');
++    } else {
++        $old_attachment = validateID('oldid');
++        $new_attachment = validateID('newid');
++    }
+     my $context = validateContext();
+ 
+     Bugzilla::Attachment::PatchReader::process_interdiff(
+@@ -356,8 +423,8 @@
+ 
+ sub diff {
+     # Retrieve and validate parameters
+-    my $attachment = validateID();
+     my $format = validateFormat('html', 'raw');
++    my $attachment = $format eq 'raw' ? get_attachment() : validateID();
+     my $context = validateContext();
+ 
+     # If it is not a patch, view normally.
+
+=== modified file 'contrib/fixperms.pl' (properties changed: -x to +x)
+=== modified file 'template/en/default/global/user-error.html.tmpl'
+--- template/en/default/global/user-error.html.tmpl	2010-11-02 23:12:13 +0000
++++ template/en/default/global/user-error.html.tmpl	2011-07-07 06:04:15 +0000
+@@ -102,6 +102,11 @@
+     [% terms.Bug %] aliases cannot be longer than 20 characters.
+     Please choose a shorter alias.
+ 
++  [% ELSIF error == "attachment_bug_id_mismatch" %]
++    [% title = "Invalid Attachments" %]
++    You tried to perform an action on attachments from different [% terms.bugs %].
++    This operation requires all attachments to be from the same [% terms.bug %].
++
+   [% ELSIF error == "auth_cant_create_account" %]
+     [% title = "Can't create accounts" %]
+     This site is using an authentication scheme which does not permit
+

bugzilla-3.2.10-CVE-2011-2380.patch

@@ -0,0 +1,28 @@
+=== modified file 'Bugzilla/Bug.pm'
+--- Bugzilla/Bug.pm	2010-10-28 15:27:58 +0000
++++ Bugzilla/Bug.pm	2011-08-01 21:28:07 +0000
+@@ -1403,7 +1403,7 @@
+             || ThrowUserError("invalid_group_ID");
+ 
+         # This can only happen if somebody hacked the enter_bug form.
+-        ThrowCodeError("inactive_group", { name => $group->name })
++        ThrowCodeError("inactive_group", { group_id => $id })
+             unless $group->is_active;
+ 
+         my $membercontrol = $controls->{$id}
+
+=== modified file 'template/en/default/global/code-error.html.tmpl'
+--- template/en/default/global/code-error.html.tmpl	2010-12-30 16:50:29 +0000
++++ template/en/default/global/code-error.html.tmpl	2011-08-01 21:29:11 +0000
+@@ -217,8 +217,8 @@
+     A legal [% field FILTER html %] was not set.
+ 
+   [% ELSIF error == "inactive_group" %]
+-    Attempted to add [% terms.bug %] to the '[% name FILTER html %]'
+-    group, which is not used for [% terms.bugs %].
++    Attempted to add [% terms.abug %] to group ID [% group_id FILTER html %],
++    which is not used for [% terms.bugs %].
+ 
+   [% ELSIF error == "invalid_attach_id_to_obsolete" %]
+      The attachment number of one of the attachments you wanted to obsolete,
+

bugzilla-3.2.10-CVE-2011-2381.patch

@@ -0,0 +1,27 @@
+=== modified file 'Bugzilla/Template.pm'
+--- Bugzilla/Template.pm	2011-02-14 21:56:52 +0000
++++ Bugzilla/Template.pm	2011-07-06 14:44:21 +0000
+@@ -549,6 +549,9 @@
+             # as prefix. In addition it replaces a ' ' by a '_'.
+             css_class_quote => \&Bugzilla::Util::css_class_quote ,
+ 
++            # Removes control characters and trims extra whitespace.
++            clean_text => \&Bugzilla::Util::clean_text ,
++
+             quoteUrls => [ sub {
+                                my ($context, $bug) = @_;
+                                return sub {
+
+=== modified file 'template/en/default/request/email.txt.tmpl'
+--- template/en/default/request/email.txt.tmpl	2009-09-03 19:05:33 +0000
++++ template/en/default/request/email.txt.tmpl	2011-07-06 14:43:11 +0000
+@@ -50,7 +50,7 @@
+ To: [% to %]
+ Subject: [% flag.type.name %] [%+ subject_status %]: [[% terms.Bug %] [%+ bug.bug_id %]] [% bug.short_desc %]
+ [%- IF attachment %] :
+-  [Attachment [% attachment.id %]] [% attachment.description %][% END %]
++  [Attachment [% attachment.id %]] [% attachment.description FILTER clean_text %][% END %]
+ X-Bugzilla-Type: request
+ [%+ threadingmarker %]
+ 
+

bugzilla-3.2.10-CVE-2011-2976.patch

@@ -0,0 +1,96 @@
+=== modified file 'template/en/default/bug/navigate.html.tmpl'
+--- template/en/default/bug/navigate.html.tmpl	2008-01-28 01:21:11 +0000
++++ template/en/default/bug/navigate.html.tmpl	2011-05-26 19:06:35 +0000
+@@ -44,22 +44,24 @@
+   [% END %]
+ 
+ [% IF this_bug_idx != -1 %]
+-  <a href="show_bug.cgi?id=[% bug_list.first %]">First</a>
+-  <a href="show_bug.cgi?id=[% bug_list.last %]">Last</a>
++  <a href="show_bug.cgi?id=[% bug_list.first FILTER url_quote %]">First</a>
++  <a href="show_bug.cgi?id=[% bug_list.last FILTER url_quote %]">Last</a>
+ [% END %]
+ 
+   [% IF bug.bug_id %]
+     [% IF this_bug_idx != -1 %]
+       [% IF this_bug_idx > 0 %]
+         [% prev_bug = this_bug_idx - 1 %]
+-        <a href="show_bug.cgi?id=[% bug_list.$prev_bug %]">Prev</a>
++        <a href="show_bug.cgi?id=
++                 [%- bug_list.$prev_bug FILTER url_quote %]">Prev</a>
+       [% ELSE %]
+         <i><font color="#777777">Prev</font></i>
+       [% END %]
+ 
+       [% IF this_bug_idx + 1 < bug_list.size %]
+         [% next_bug = this_bug_idx + 1 %]
+-        <a href="show_bug.cgi?id=[% bug_list.$next_bug %]">Next</a>
++        <a href="show_bug.cgi?id=
++                 [%- bug_list.$next_bug FILTER url_quote %]">Next</a>
+       [% ELSE %]
+         <i><font color="#777777">Next</font></i>
+       [% END %]
+
+=== modified file 'template/en/default/filterexceptions.pl'
+--- template/en/default/filterexceptions.pl	2009-10-26 11:31:52 +0000
++++ template/en/default/filterexceptions.pl	2011-05-26 19:15:14 +0000
+@@ -250,10 +250,6 @@
+ ],
+ 
+ 'global/site-navigation.html.tmpl' => [
+-  'bug_list.first', 
+-  'bug_list.$prev_bug', 
+-  'bug_list.$next_bug', 
+-  'bug_list.last', 
+   'bug.bug_id', 
+   'bug.votes', 
+ ],
+@@ -300,13 +296,6 @@
+   '" spellcheck=\"$spellcheck\"" IF spellcheck',
+ ],
+ 
+-'bug/navigate.html.tmpl' => [
+-  'bug_list.first', 
+-  'bug_list.last', 
+-  'bug_list.$prev_bug', 
+-  'bug_list.$next_bug', 
+-],
+-
+ 'bug/show-multiple.html.tmpl' => [
+   'attachment.id', 
+   'flag.status',
+
+=== modified file 'template/en/default/global/site-navigation.html.tmpl'
+--- template/en/default/global/site-navigation.html.tmpl	2008-08-08 06:26:33 +0000
++++ template/en/default/global/site-navigation.html.tmpl	2011-05-26 19:16:12 +0000
+@@ -36,8 +36,10 @@
+   [% IF bug_list && bug_list.size > 0 %]
+     <link rel="Up" href="buglist.cgi?regetlastlist=1">
+ 
+-    <link rel="First" href="show_bug.cgi?id=[% bug_list.first %]">
+-    <link rel="Last" href="show_bug.cgi?id=[% bug_list.last %]">
++    <link rel="First" href="show_bug.cgi?id=
++                            [%- bug_list.first FILTER url_quote %]">
++    <link rel="Last" href="show_bug.cgi?id=
++                           [%- bug_list.last FILTER url_quote %]">
+ 
+     [% IF bug && bug.bug_id %]
+       [% current_bug_idx = lsearch(bug_list, bug.bug_id) %]
+@@ -45,12 +47,14 @@
+ 
+         [% IF current_bug_idx > 0 %]
+           [% prev_bug = current_bug_idx - 1 %]
+-          <link rel="Prev" href="show_bug.cgi?id=[% bug_list.$prev_bug %]">
++          <link rel="Prev" href="show_bug.cgi?id=
++                                 [%- bug_list.$prev_bug FILTER url_quote %]">
+         [% END %]
+ 
+         [% IF current_bug_idx + 1 < bug_list.size %]
+           [% next_bug = current_bug_idx + 1 %]
+-          <link rel="Next" href="show_bug.cgi?id=[% bug_list.$next_bug %]">
++          <link rel="Next" href="show_bug.cgi?id=
++                                 [%- bug_list.$next_bug FILTER url_quote %]">
+         [% END %]
+ 
+       [% END %]
+

bugzilla-3.2.10-CVE-2011-2978.patch

@@ -0,0 +1,13 @@
+=== modified file 'userprefs.cgi'
+--- userprefs.cgi	2009-02-02 19:21:09 +0000
++++ userprefs.cgi	2011-07-22 08:00:33 +0000
+@@ -120,7 +120,7 @@
+         && Bugzilla->params->{"allowemailchange"}
+         && $cgi->param('new_login_name'))
+     {
+-        my $old_login_name = $cgi->param('Bugzilla_login');
++        my $old_login_name = $user->login;
+         my $new_login_name = trim($cgi->param('new_login_name'));
+ 
+         if($old_login_name ne $new_login_name) {
+

bugzilla-3.2.10-CVE-2011-3657.patch

@@ -0,0 +1,29 @@
+=== modified file 'Bugzilla/Chart.pm'
+--- Bugzilla/Chart.pm	2010-07-06 00:42:57 +0000
++++ Bugzilla/Chart.pm	2011-10-27 13:19:40 +0000
+@@ -438,7 +438,7 @@
+     
+     require Data::Dumper;
+     print "<pre>Bugzilla::Chart object:\n";
+-    print Data::Dumper::Dumper($self);
++    print html_quote(Data::Dumper::Dumper($self));
+     print "</pre>";
+ }
+ 
+
+=== modified file 'report.cgi'
+--- report.cgi	2010-12-08 20:14:32 +0000
++++ report.cgi	2011-10-27 14:18:52 +0000
+@@ -293,9 +293,9 @@
+ if ($cgi->param('debug')) {
+     require Data::Dumper;
+     print "<pre>data hash:\n";
+-    print Data::Dumper::Dumper(%data) . "\n\n";
++    print html_quote(Data::Dumper::Dumper(%data)) . "\n\n";
+     print "data array:\n";
+-    print Data::Dumper::Dumper(@image_data) . "\n\n</pre>";
++    print html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>";
+ }
+ 
+ # All formats point to the same section of the documentation.
+

bugzilla-3.2.10-CVE-2011-3667.patch

@@ -0,0 +1,197 @@
+=== modified file 'Bugzilla/User.pm'
+--- Bugzilla/User.pm	2011-12-08 23:20:02 +0000
++++ Bugzilla/User.pm	2011-12-27 14:59:07 +0000
+@@ -1852,6 +1852,32 @@
+     return 1;
+ }
+ 
++sub check_account_creation_enabled {
++    my $self = shift;
++
++    # If we're using e.g. LDAP for login, then we can't create a new account.
++    $self->authorizer->user_can_create_account
++      || ThrowUserError('auth_cant_create_account');
++
++    Bugzilla->params->{'createemailregexp'}
++      || ThrowUserError('account_creation_disabled');
++}
++
++sub check_and_send_account_creation_confirmation {
++    my ($self, $login) = @_;
++
++    $login = $self->check_login_name_for_creation($login);
++    my $creation_regexp = Bugzilla->params->{'createemailregexp'};
++
++    if ($login !~ /$creation_regexp/i) {
++        ThrowUserError('account_creation_restricted');
++    }
++
++    # Create and send a token for this new account.
++    require Bugzilla::Token;
++    Bugzilla::Token::issue_new_user_account_token($login);
++}
++
+ sub login_to_id {
+     my ($login, $throw_error) = @_;
+     my $dbh = Bugzilla->dbh;
+@@ -2355,6 +2381,17 @@
+ Takes a username as its only argument. Throws an error if there is no
+ user with that username. Returns a C<Bugzilla::User> object.
+ 
++=item C<check_account_creation_enabled>
++
++Checks that users can create new user accounts, and throws an error
++if user creation is disabled.
++
++=item C<check_and_send_account_creation_confirmation($login)>
++
++If the user request for a new account passes validation checks, an email
++is sent to this user for confirmation. Otherwise an error is thrown
++indicating why the request has been rejected.
++
+ =item C<is_available_username>
+ 
+ Returns a boolean indicating whether or not the supplied username is
+
+=== modified file 'Bugzilla/WebService/Constants.pm'
+--- Bugzilla/WebService/Constants.pm	2011-08-04 20:10:54 +0000
++++ Bugzilla/WebService/Constants.pm	2011-12-27 15:00:16 +0000
+@@ -130,6 +130,7 @@
+     # User errors are 500-600.
+     account_exists        => 500,
+     illegal_email_address => 501,
++    auth_cant_create_account    => 501,
+     account_creation_disabled   => 501,
+     account_creation_restricted => 501,
+     password_too_short    => 502,
+
+=== modified file 'Bugzilla/WebService/User.pm'
+--- Bugzilla/WebService/User.pm	2011-02-14 07:42:09 +0000
++++ Bugzilla/WebService/User.pm	2011-12-27 15:04:12 +0000
+@@ -28,7 +28,6 @@
+ use Bugzilla::Error;
+ use Bugzilla::User;
+ use Bugzilla::Util qw(trim);
+-use Bugzilla::Token;
+ 
+ # Don't need auth to login
+ use constant LOGIN_EXEMPT => {
+@@ -91,18 +90,8 @@
+     my $email = trim($params->{email})
+         || ThrowCodeError('param_required', { param => 'email' });
+ 
+-    my $createexp = Bugzilla->params->{'createemailregexp'};
+-    if (!$createexp) {
+-        ThrowUserError("account_creation_disabled");
+-    }
+-    elsif ($email !~ /$createexp/) {
+-        ThrowUserError("account_creation_restricted");
+-    }
+-
+-    $email = Bugzilla::User->check_login_name_for_creation($email);
+-
+-    # Create and send a token for this new account.
+-    Bugzilla::Token::issue_new_user_account_token($email);
++    Bugzilla->user->check_account_creation_enabled;
++    Bugzilla->user->check_and_send_account_creation_confirmation($email);
+ 
+     return undef;
+ }
+@@ -396,15 +385,15 @@
+ 
+ =over
+ 
+-=item 500 (Illegal Email Address)
++=item 500 (Account Already Exists)
++
++An account with that email address already exists in Bugzilla.
++
++=item 501 (Illegal Email Address)
+ 
+ This Bugzilla does not allow you to create accounts with the format of
+ email address you specified. Account creation may be entirely disabled.
+ 
+-=item 501 (Account Already Exists)
+-
+-An account with that email address already exists in Bugzilla.
+-
+ =back
+ 
+ =back
+
+=== modified file 'createaccount.cgi'
+--- createaccount.cgi	2007-11-12 04:03:16 +0000
++++ createaccount.cgi	2011-12-27 14:53:38 +0000
+@@ -31,47 +31,24 @@
+ use Bugzilla;
+ use Bugzilla::Constants;
+ use Bugzilla::Error;
+-use Bugzilla::User;
+-use Bugzilla::BugMail;
+-use Bugzilla::Util;
+ 
+ # Just in case someone already has an account, let them get the correct footer
+ # on an error message. The user is logged out just after the account is
+ # actually created.
+-Bugzilla->login(LOGIN_OPTIONAL);
+-
+-my $dbh = Bugzilla->dbh;
++my $user = Bugzilla->login(LOGIN_OPTIONAL);
+ my $cgi = Bugzilla->cgi;
+ my $template = Bugzilla->template;
+-my $vars = {};
+-
+-$vars->{'doc_section'} = 'myaccount.html';
++my $vars = { doc_section => 'myaccount.html' };
+ 
+ print $cgi->header();
+ 
+-# If we're using LDAP for login, then we can't create a new account here.
+-unless (Bugzilla->user->authorizer->user_can_create_account) {
+-    ThrowUserError("auth_cant_create_account");
+-}
+-
+-my $createexp = Bugzilla->params->{'createemailregexp'};
+-unless ($createexp) {
+-    ThrowUserError("account_creation_disabled");
+-}
+-
++$user->check_account_creation_enabled;
+ my $login = $cgi->param('login');
+ 
+ if (defined($login)) {
+-    $login = Bugzilla::User->check_login_name_for_creation($login);
++    $user->check_and_send_account_creation_confirmation($login);
+     $vars->{'login'} = $login;
+ 
+-    if ($login !~ /$createexp/) {
+-        ThrowUserError("account_creation_restricted");
+-    }
+-
+-    # Create and send a token for this new account.
+-    Bugzilla::Token::issue_new_user_account_token($login);
+-
+     $template->process("account/created.html.tmpl", $vars)
+       || ThrowTemplateError($template->error());
+     exit;
+
+=== modified file 'token.cgi'
+--- token.cgi	2010-05-20 15:38:16 +0000
++++ token.cgi	2011-12-27 14:55:57 +0000
+@@ -341,6 +341,7 @@
+ }
+
+ sub request_create_account {
++    Bugzilla->user->check_account_creation_enabled;
+     my (undef, $date, $login_name) = Bugzilla::Token::GetTokenData($::token);
+     $vars->{'token'} = $::token;
+     $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
+@@ -360,6 +361,7 @@
+ }
+
+ sub confirm_create_account {
++    Bugzilla->user->check_account_creation_enabled;
+     my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($::token);
+ 
+     my $password = $cgi->param('passwd1') || '';
+

bugzilla-3.2.10-CVE-2012-0448.patch

@@ -0,0 +1,52 @@
+diff -Naur Bugzilla/Util.pm Bugzilla/Util.pm
+--- Bugzilla/Util.pm	2011-01-24 23:07:59.000000000 +0100
++++ Bugzilla/Util.pm	2012-02-01 09:17:53.414276564 +0100
+@@ -559,7 +559,7 @@
+ sub validate_email_syntax {
+     my ($addr) = @_;
+     my $match = Bugzilla->params->{'emailregexp'};
+-    my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
++    my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/);
+     if ($ret) {
+         # We assume these checks to suffice to consider the address untainted.
+         trick_taint($_[0]);
+diff -Naur editflagtypes.cgi editflagtypes.cgi
+--- editflagtypes.cgi	2009-02-02 20:01:12.000000000 +0100
++++ editflagtypes.cgi	2012-02-01 09:17:53.415276556 +0100
+@@ -578,7 +578,7 @@
+     # - do not contain any illegal character.
+     foreach my $address (@addresses) {
+         ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/
+-           && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/)
++           && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/)
+           || ThrowUserError('illegal_email_address',
+                             {addr => $address, default => 1});
+     }
+diff -Naur template/en/default/global/code-error.html.tmpl template/en/default/global/code-error.html.tmpl
+--- template/en/default/global/code-error.html.tmpl	2012-02-01 09:17:00.561730124 +0100
++++ template/en/default/global/code-error.html.tmpl	2012-02-01 09:17:53.415276556 +0100
+@@ -58,8 +58,7 @@
+     [% ELSE %]
+       [%+ Param('emailregexpdesc') %]
+     [% END %]
+-    It must also not contain any of these special characters:
+-    <tt>\ ( ) &amp; &lt; &gt; , ; : &quot; [ ]</tt>, or any whitespace.
++    It also must not contain any illegal characters.
+ 
+   [% ELSIF error == "authres_unhandled" %]
+     The result value of [% value FILTER html %] was not handled by
+diff -Naur template/en/default/global/user-error.html.tmpl template/en/default/global/user-error.html.tmpl
+--- template/en/default/global/user-error.html.tmpl	2012-02-01 09:17:00.557730158 +0100
++++ template/en/default/global/user-error.html.tmpl	2012-02-01 09:17:53.417276540 +0100
+@@ -748,9 +748,8 @@
+     [% ELSE %]
+       [%+ Param('emailregexpdesc') %]
+     [% END %]
+-    It must also not contain any of these special characters:
+-    <tt>\ ( ) &amp; &lt; &gt; , ; : &quot; [ ]</tt>, or any whitespace.
+-    
++    It also must not contain any illegal characters.
++
+   [% ELSIF error == "illegal_frequency" %]
+     [% title = "Too Frequent" %]
+     Unless you are an administrator, you may not create series which are 

bugzilla-3.2.10-CVE-2012-0466.patch

@@ -0,0 +1,84 @@
+=== modified file 'buglist.cgi'
+--- buglist.cgi	2012-04-17 18:41:05 +0000
++++ buglist.cgi	2012-04-18 12:06:08 +0000
+@@ -112,16 +112,6 @@
+     $cgi->param('ctype', "atom");
+ }
+ 
+-# The js ctype presents a security risk; a malicious site could use it  
+-# to gather information about secure bugs. So, we only allow public bugs to be
+-# retrieved with this format.
+-#
+-# Note that if and when this call clears cookies or has other persistent 
+-# effects, we'll need to do this another way instead.
+-if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
+-    Bugzilla->logout_request();
+-}
+-
+ # An agent is a program that automatically downloads and extracts data
+ # on its user's behalf.  If this request comes from an agent, we turn off
+ # various aspects of bug list functionality so agent requests succeed
+
+=== modified file 'docs/en/xml/using.xml'
+--- docs/en/xml/using.xml	2011-01-28 16:30:29 +0000
++++ docs/en/xml/using.xml	2012-04-18 12:06:08 +0000
+@@ -659,16 +659,6 @@
+         </member>
+       </simplelist>
+       </para>
+-
+-      <para>
+-        If you would like to access the bug list from another program
+-        it is often useful to have the list returned in something other
+-        than HTML. By adding the ctype=type parameter into the bug list URL
+-        you can specify several alternate formats. Besides the types described
+-        above, the following formats are also supported: ECMAScript, also known
+-        as JavaScript (ctype=js), and Resource Description Framework RDF/XML
+-        (ctype=rdf).
+-      </para>
+     </section>
+ 
+     <section id="individual-buglists">
+
+=== removed file 'template/en/default/list/list.js.tmpl'
+--- template/en/default/list/list.js.tmpl	2007-08-20 23:24:38 +0000
++++ template/en/default/list/list.js.tmpl	1970-01-01 00:00:00 +0000
+@@ -1,37 +0,0 @@
+-[%# The contents of this file are subject to the Mozilla Public
+-  # License Version 1.1 (the "License"); you may not use this file
+-  # except in compliance with the License. You may obtain a copy of
+-  # the License at http://www.mozilla.org/MPL/
+-  #
+-  # Software distributed under the License is distributed on an "AS
+-  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+-  # implied. See the License for the specific language governing
+-  # rights and limitations under the License.
+-  #
+-  # The Original Code is the Bugzilla Bug Tracking System.
+-  #
+-  # The Initial Developer of the Original Code is Netscape Communications
+-  # Corporation. Portions created by Netscape are
+-  # Copyright (C) 1998 Netscape Communications Corporation. All
+-  # Rights Reserved.
+-  #
+-  # Contributor(s): Gervase Markham <gerv@gerv.net>
+-  #%]
+-
+-// Note: only publicly-accessible bugs (those not in any group) will be
+-// listed when using this JavaScript format. This is to prevent malicious
+-// sites stealing information about secure bugs.
+-  
+-bugs = new Array; 
+-
+-[% FOREACH bug = bugs %]
+-  bugs[[% bug.bug_id %]] = [ 
+-    [% FOREACH column = displaycolumns %]
+-      "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %]
+-    [% END %]
+-  ];
+-[% END %]
+-
+-if (window.buglistCallback) {
+-  buglistCallback(bugs);
+-}
+

bugzilla-EL5-perl-versions.patch

@@ -0,0 +1,24 @@
+diff -ruNp a/bugzilla-3.2.4/Bugzilla/Constants.pm b/bugzilla-3.2.4/Bugzilla/Constants.pm
+--- a/bugzilla-3.2.4/Bugzilla/Constants.pm	2009-07-08 10:58:27.000000000 -0300
++++ b/bugzilla-3.2.4/Bugzilla/Constants.pm	2009-08-04 00:37:30.852896189 -0300
+@@ -387,7 +387,7 @@ use constant DB_MODULE => {
+                     # Disallow development versions
+                     blacklist => ['_'],
+                     # For UTF-8 support
+-                    version => '4.00',
++                    version => '3.00',
+                 },
+                 name => 'MySQL'},
+     'pg'    => {db => 'Bugzilla::DB::Pg', db_version => '8.00.0000',
+diff -ruNp a/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm b/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm
+--- a/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm	2009-04-17 18:53:49.000000000 -0300
++++ b/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm	2009-08-04 00:38:23.376893996 -0300
+@@ -62,7 +62,7 @@ sub REQUIRED_MODULES {
+         # Perl 5.10 requires CGI 3.33 due to a taint issue when
+         # uploading attachments, see bug 416382.
+         # Require CGI 3.21 for -httponly support, see bug 368502.
+-        version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.33' : '3.21',
++        version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.15' : '3.15',
+         # CGI::Carp in 3.46 and 3.47 breaks Template Toolkit
+         blacklist => ['^3\.46$', '^3\.47$'],
+     },

bugzilla-dnf.patch

@@ -1,30 +0,0 @@
-diff -up ./Bugzilla/Install/Requirements.pm.dnf ./Bugzilla/Install/Requirements.pm
---- ./Bugzilla/Install/Requirements.pm.dnf	2019-02-14 20:47:13.396609293 +0100
-+++ ./Bugzilla/Install/Requirements.pm	2019-02-14 20:49:04.733906799 +0100
-@@ -298,7 +298,7 @@ sub OPTIONAL_MODULES {
-     },
-     {
-       package => 'JSON-RPC',
--      module  => 'JSON::RPC',
-+      module  => 'JSON::RPC::Legacy::Server::CGI',
-       version => 0,
-       feature => ['jsonrpc', 'rest'],
-     },
-@@ -657,7 +657,7 @@ sub print_module_instructions {
-     && !ON_ACTIVESTATE
-     && !$check_results->{hide_all})
-   {
--    print install_string('install_all', {perl => $^X});
-+    # print install_string('install_all', {perl => $^X});
-   }
-   if (!$check_results->{pass}) {
-     print colored(install_string('installation_failed'), COLOR_ERROR), "\n\n";
-@@ -811,7 +811,7 @@ sub install_command {
-     $package = $module->{package};
-   }
-   else {
--    $command = "$^X install-module.pl \%s";
-+    $command = "dnf install \"perl(\%s)\"";
- 
-     # Non-Windows installations need to use module names, because
-     # CPAN doesn't understand package names.

bugzilla-httpd-conf

@@ -1,23 +1,11 @@
-Alias /var/lib/bugzilla/data/webdot /var/lib/bugzilla/data/webdot
+Alias /bugzilla/var/lib/bugzilla/data/webdot /var/lib/bugzilla/data/webdot
 Alias /bugzilla /usr/share/bugzilla
 
 <Directory /usr/share/bugzilla>
-
-  <IfModule mod_authz_core.c>
-    # Bugzilla will be accessible to all machines in your network
-    # Replace with "Require local" if you want access to be restricted
-    # to this machine.
-    Require all granted
-  </IfModule>
-
   AddHandler cgi-script .cgi
   Options +Indexes +ExecCGI +FollowSymLinks
   DirectoryIndex index.cgi index.html
-  AllowOverride Limit Options FileInfo Indexes AuthConfig
+  AllowOverride Limit Options FileInfo
   AddType application/vnd.mozilla.xul+xml .xul
   AddType application/rdf+xml .rdf
 </Directory>
-
-<Directory /var/lib/bugzilla/data/webdot>
-  Require all granted
-</Directory>

bugzilla-rw-paths.patch

@@ -1,35 +1,26 @@
-diff -up ./Bugzilla/Constants.pm.rw-paths ./Bugzilla/Constants.pm
---- ./Bugzilla/Constants.pm.rw-paths	2019-02-14 20:42:11.280492600 +0100
-+++ ./Bugzilla/Constants.pm	2019-02-14 20:44:39.281581534 +0100
-@@ -700,7 +700,7 @@ sub _bz_locations {
-     $datadir     = "data";
-   }
- 
--  $datadir = "$libpath/$datadir";
-+  $datadir = "/var/lib/bugzilla/$datadir";
- 
-   # We have to return absolute paths for mod_perl.
-   # That means that if you modify these paths, they must be absolute paths.
-@@ -714,11 +714,11 @@ sub _bz_locations {
-     'templatedir'    => "$libpath/template",
-     'template_cache' => "$datadir/template",
-     'project'        => $project,
--    'localconfig'    => "$libpath/$localconfig",
-+    'localconfig'    => "/etc/bugzilla/$localconfig",
-     'datadir'        => $datadir,
-     'attachdir'      => "$datadir/attachments",
-     'skinsdir'       => "$libpath/skins",
--    'graphsdir'      => "$libpath/graphs",
-+    'graphsdir'      => "/var/lib/bugzilla/graphs",
- 
-     # $webdotdir must be in the web server's tree somewhere. Even if you use a
-     # local dot, we output images to there. Also, if $webdotdir is
-@@ -728,7 +728,7 @@ sub _bz_locations {
-     # The script should really generate these graphs directly...
-     'webdotdir'     => "$datadir/webdot",
-     'extensionsdir' => "$libpath/extensions",
--    'assetsdir'     => "$datadir/assets",
-+    'assetsdir'     => "$libpath/assets",
-   };
+--- bugzilla-3.2.2/Bugzilla/Constants.pm	2009-02-03 10:02:53.000000000 +0000
++++ bugzilla-3.2.2-rw/Bugzilla/Constants.pm	2009-02-18 17:59:52.000000000 +0000
+@@ -465,9 +465,9 @@
+         'cgi_path'    => $libpath,
+         'templatedir' => "$libpath/template",
+         'project'     => $project,
+-        'localconfig' => "$libpath/$localconfig",
+-        'datadir'     => "$libpath/$datadir",
+-        'attachdir'   => "$libpath/$datadir/attachments",
++        'localconfig' => "/etc/bugzilla/$localconfig",
++        'datadir'     => "/var/lib/bugzilla/$datadir",
++        'attachdir'   => "/var/lib/bugzilla/$datadir/attachments",
+         'skinsdir'    => "$libpath/skins",
+         'graphsdir'   => "$libpath/graphs",
+         # $webdotdir must be in the web server's tree somewhere. Even if you use a 
+@@ -475,8 +475,8 @@
+         # change showdependencygraph.cgi to set image_url to the correct 
+         # location.
+         # The script should really generate these graphs directly...
+-        'webdotdir'   => "$libpath/$datadir/webdot",
+-        'extensionsdir' => "$libpath/extensions",
++        'webdotdir'   => "/var/lib/bugzilla/$datadir/webdot",
++        'extensionsdir' => "/var/lib/bugzilla/extensions",
+     };
  }
- 
+

bugzilla.cron-daily

@@ -1,6 +0,0 @@
-#!/bin/bash
-# Daily Bugzilla collectstats cron job run
-
-cd /usr/share/bugzilla
-./collectstats.pl
-

bugzilla.spec

@@ -1,158 +1,49 @@
 %define bzinstallprefix %{_datadir}
-%define bzdatadir %{_sharedstatedir}/bugzilla
+%define bzdatadir %{_localstatedir}/lib/bugzilla
 
 Summary: Bug tracking system
-URL: https://www.bugzilla.org/
+URL: http://www.bugzilla.org/
 Name: bugzilla
-Version: 5.0.6
-Release: 25%{?dist}
-# Automatically converted from old format: MPLv1.1 - review is highly recommended.
-License: LicenseRef-Callaway-MPLv1.1
-Source0: https://github.com/bugzilla/bugzilla/archive/release-%{version}.tar.gz
+Version: 3.2.10
+Group: Applications/Publishing
+Release: 5%{?dist}
+License: MPLv1.1
+Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz
 Source1: bugzilla-httpd-conf
 Source2: README.fedora.bugzilla
-Source3: bugzilla.cron-daily
 Patch0: bugzilla-rw-paths.patch
-Patch1: bugzilla-dnf.patch
-Patch2: bugzilla-1438957-concatenate-assets.patch
-# https://bug1657496.bmoattachments.org/attachment.cgi?id=9169528
-Patch3: bugzilla-1855962-non-html-mail.patch
-Patch4: bugzilla-2180465-sphinx-build.patch
+Patch1: bugzilla-EL5-perl-versions.patch
+Patch2: bugzilla-3.2.10-CVE-2011-2379.patch
+Patch3: bugzilla-3.2.10-CVE-2011-2380.patch
+Patch4: bugzilla-3.2.10-CVE-2011-2381.patch
+Patch5: bugzilla-3.2.10-CVE-2011-2976.patch
+Patch6: bugzilla-3.2.10-CVE-2011-2978.patch
+Patch7: bugzilla-3.2.10-CVE-2011-3657.patch
+Patch8: bugzilla-3.2.10-CVE-2011-3667.patch
+Patch9: bugzilla-3.2.10-CVE-2012-0448.patch
+Patch10: bugzilla-3.2.10-CVE-2012-0466.patch
 
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
-Requires: patchutils
-Requires: perl(CGI) >= 3.51
-Requires: perl(Digest::SHA)
-Requires: perl(Date::Format) >= 2.23
-Requires: perl(DateTime) >= 0.75
-Requires: perl(DateTime::TimeZone) >= 1.64
-Requires: perl(DBI) >= 1.614
-Requires: perl(ExtUtils::MM)
-Requires: perl(Template) >= 2.24
-Requires: perl(Email::Sender) >= 1.300011
-Requires: perl(Email::MIME) >= 1.904
-Requires: perl(URI) >= 1.55
-Requires: perl(List::MoreUtils) >= 0.32
-Requires: perl(Math::Random::ISAAC) >= 1.0.1
-Requires: perl(File::Slurp) >= 9999.13
-Requires: perl(JSON::XS) >= 2.01
-Requires: perl(Locale::Language)
-Requires: webserver
-Requires: which
-
-# for building docs
-BuildRequires: latexmk
-BuildRequires: make
-BuildRequires: perl-generators
-BuildRequires: perl(constant)
-BuildRequires: perl(Cwd)
-BuildRequires: perl(Exporter)
-BuildRequires: perl(File::Basename)
-BuildRequires: perl(File::Copy::Recursive)
-BuildRequires: perl(File::Find)
-BuildRequires: perl(File::Path)
-BuildRequires: perl(File::Which)
-BuildRequires: perl(lib)
-BuildRequires: perl(Memoize)
-BuildRequires: perl(parent)
-BuildRequires: perl(Pod::Simple)
-BuildRequires: perl(strict)
-BuildRequires: perl(warnings)
-BuildRequires: python3-sphinx
-BuildRequires: texlive-collection-latexrecommended
-BuildRequires: texlive-collection-basic
-BuildRequires: tex(fncychap.sty)
-BuildRequires: tex(framed.sty)
-BuildRequires: tex(multirow.sty)
-BuildRequires: tex(tgtermes.sty)
-BuildRequires: tex(threeparttable.sty)
-BuildRequires: tex(titlesec.sty)
-BuildRequires: tex(wrapfig.sty)
-BuildRequires: tex(capt-of.sty)
-BuildRequires: tex(eqparbox.sty)
-BuildRequires: tex(needspace.sty)
-BuildRequires: tex(tabulary.sty)
-BuildRequires: tex(upquote.sty)
+Requires: webserver, patchutils, mod_perl, perl(SOAP::Lite), which
+Requires: perl(CGI) >= 3.33
+Requires: perl(Date::Format) >= 2.21
+Requires: perl(File::Spec) >= 0.84
+Requires: perl(DBI) >= 1.41
+Requires: perl(Template) >= 2.15
+Requires: perl(Email::Send) >= 2.00
+Requires: perl(Email::MIME) >= 1.859
+Requires: perl(Email::MIME::Encodings) >= 1.313
+Requires: perl(Email::MIME::Modifier) >= 1.441
 
 %package doc
 Summary: Bugzilla documentation
-
-%package doc-build
-Summary: Tools to generate the Bugzilla documentation
+Group: Documentation
 
 %package contrib
 Summary: Bugzilla contributed scripts
-BuildRequires: python3-devel
-
-%{?perl_default_filter}
-
-# Remove private modules from the requires stream
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(sanitycheck.cgi\\)$
-
-# Remove all optional modules from the requires stream
-# mod_perl modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Apache2::
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(ModPerl::
-# installation of optional modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Config\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(CPAN\\)$
-# authentification modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Authen::Radius\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Net::LDAP
-# database modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(DBD::Oracle\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(DBD::Pg\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(DBI::db\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(DBI::st\\)$
-# graphical reports and charts
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Chart::Lines\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(GD::Graph\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Template::Plugin::GD::Image\\)$
-# inbound email modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Email::MIME::Attachment::Stripper\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Email::Reply\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(HTML::FormatText::WithLinks\\)$
-# automatic charset detection for text attachments
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Encode
-# sniff MIME type of attachments
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(File::MimeInfo::Magic\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(IO::Scalar\\)$
-# mail queueing
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(TheSchwartz\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Daemon::Generic\\)$
-# smtp security
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Authen::SASL\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Net::SMTP::SSL\\)$
-# bug moving modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(MIME::Parser\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(XML::Twig\\)$
-# update notifications
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(LWP::UserAgent\\)$
-# use html in product and group descriptions
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(HTML::Parser\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(HTML::Scrubber\\)$
-# memcached support
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Cache::Memcached\\)$
-# documentation
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(File::Copy::Recursive\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(File::Which\\)$
-# xml-rpc and json-rpc modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(XMLRPC::
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(HTTP::Message\\)$
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Test::Taint\\)$
-# extension modules
-%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(Image::Magick\\)$
-
-# and remove the extensions from the provides stream
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::BmpConvert\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::Example\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::Example::Auth::Login\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::Example::Auth::Verify\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::Example::Config\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::Example::WebService\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::OldBugMove\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::OldBugMove::Params\\)$
-%global __provides_exclude %{?__provides_exclude:%{__provides_exclude}|}^perl\\(Bugzilla::Extension::Voting\\)$
+Group: Applications/Publishing
+BuildRequires: python
 
 %description
 Bugzilla is a popular bug tracking system used by multiple open source projects
@@ -163,491 +54,160 @@ Without one of these database engines (local or remote), Bugzilla will not work
 %description doc
 Documentation distributed with the Bugzilla bug tracking system
 
-%description doc-build
-Tools to generate the documentation distributed with Bugzilla
-
 %description contrib
 Contributed scripts and functions for Bugzilla
 
 %prep
-%setup -q -n %{name}-release-%{version}
-%patch -P 0 -p1
-%patch -P 1 -p1
-%patch -P 2 -p1
-%patch -P 3 -p1
-%patch -P 4 -p1
+set -x
+%setup -q -n %{name}-%{version}
+%patch0 -p1
+%patch1 -p2
+%patch2 -p0
+%patch3 -p0
+%patch4 -p0
+%patch5 -p0
+%patch6 -p0
+%patch7 -p0
+%patch8 -p0
+%patch9 -p0
+%patch10 -p0
+
+# Filter unwanted Requires found by /usr/lib/rpm/perldeps.pl:
+# create a wrapper script which runs the original perl_requires
+# command and strips some of the output
+cat << \EOF > %{name}-req
+#!/bin/sh
+%{__perl_requires} $* |\
+sed -e '/perl(Authen::Radius)/d;/perl(DBD::Pg)/d;/perl(DBD::Oracle)/d;/perl(sanitycheck.cgi)/d'
+EOF
+
+# use that wrapper script instead of the original perl_requires script
+%define __perl_requires %{_builddir}/%{name}-%{version}/%{name}-req
+chmod +x %{__perl_requires}
 
 # Deal with changing /usr/local paths here instead of via patches
-/usr/bin/perl -pi -e 's|/usr/local/bin/python\b|%{__python3}|' contrib/*.py
-/usr/bin/rm -rf contrib/bugzilla-submit
-
+%{__perl} -pi -e 's|/usr/local/bin/python\b|%{__python}|' contrib/*.py
+%{__perl} -pi -e 's|/usr/local/bin/ruby\b|%{_bindir}/ruby|' contrib/*.rb
 grep -rl '/usr/lib/sendmail\b' contrib docs \
-| xargs /usr/bin/perl -pi -e 's|/usr/lib/sendmail\b|%{_sbindir}/sendmail|'
+| xargs %{__perl} -pi -e 's|/usr/lib/sendmail\b|%{_sbindir}/sendmail|'
 
 %build
-# Build docs
-docs/makedocs.pl --with-pdf
+find . -depth -name CVS -type d -exec rm -rf {} \;
+find . -depth -name .cvsignore -type f -exec rm -rf {} \;
 # Remove the execute bit from files that don't start with #!
 for file in `find -type f -perm /111`; do
-  if head -1 $file | grep -E -v '^\#!' &>/dev/null; then
+  if head -1 $file | egrep -v '^\#!' &>/dev/null; then
     chmod a-x $file
   fi
 done
 # Ensure shebang shell scripts have executable bit set
 for file in `find -type f -perm /664`; do
-  if head -1 $file | grep -E '^\#!' &>/dev/null; then
+  if head -1 $file | egrep '^\#!' &>/dev/null; then
     chmod a+x $file
   fi
 done
 
+# Remove un-needed files
+find . -name "*.orig" -delete
+
 %install
-mkdir -p %{buildroot}%{bzinstallprefix}/bugzilla
-# these files are only used for testing Bugzilla code
-# see https://bugzilla.mozilla.org/show_bug.cgi?id=995209
-rm Build.PL MANIFEST.SKIP
-cp -pr * %{buildroot}%{bzinstallprefix}/bugzilla
-echo "0-59/15 * * * * apache cd %{bzinstallprefix}/bugzilla && env LANG=C %{bzinstallprefix}/bugzilla/whine.pl" > %{buildroot}%{bzinstallprefix}/bugzilla/cron.whine
-rm -f %{buildroot}%{bzinstallprefix}/bugzilla/README \
-    %{buildroot}%{bzinstallprefix}/bugzilla/docs/TODO \
-    %{buildroot}%{bzinstallprefix}/bugzilla/docs/en/Makefile \
-    %{buildroot}%{bzinstallprefix}/bugzilla/docs/en/make.bat
+mkdir -p ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla
+cp -pr * ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla
+cat << EOM > ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla/cron.daily
+#!/bin/bash
+# Daily Bugzilla collectstats cron job run
+cd %{bzinstallprefix}/bugzilla
+./collectstats.pl
+EOM
+echo "0-59/15 * * * * apache cd %{bzinstallprefix}/bugzilla && env LANG=C %{bzinstallprefix}/bugzilla/whine.pl" > ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla/cron.whine
+rm -f ${RPM_BUILD_ROOT}/%{bzinstallprefix}/bugzilla/README
+mkdir -p ${RPM_BUILD_ROOT}/%{_datadir}/doc/%{name}-%{version}
 cp %{SOURCE2} ./README.fedora
-mkdir -p %{buildroot}%{bzdatadir}/assets
-mkdir -p %{buildroot}%{_sysconfdir}/bugzilla
-install -m 0644 -D -p %{SOURCE1}  %{buildroot}%{_sysconfdir}/httpd/conf.d/bugzilla.conf
-install -m 0755 -D -p %{SOURCE3}  %{buildroot}%{bzinstallprefix}/bugzilla/cron.daily
-ln -s ../../..%{bzdatadir}/assets %{buildroot}%{bzinstallprefix}/bugzilla/assets
+mkdir -p ${RPM_BUILD_ROOT}/%{bzdatadir}
+mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/bugzilla
+install -m 0644 -D -p %{SOURCE1}  ${RPM_BUILD_ROOT}%{_sysconfdir}/httpd/conf.d/bugzilla.conf
+
+%clean
+rm -rf ${RPM_BUILD_ROOT}
 
 %post
 (pushd %{bzinstallprefix}/bugzilla > /dev/null
-[ -f /etc/bugzilla/localconfig ] || ./checksetup.pl > /dev/null
+./checksetup.pl > /dev/null
 popd > /dev/null)
 
 %files
 %defattr(-,root,apache,-)
 %dir %{bzinstallprefix}/bugzilla
-%{bzinstallprefix}/bugzilla/LICENSE
 %{bzinstallprefix}/bugzilla/*.cgi
-%{bzinstallprefix}/bugzilla/*.json
 %{bzinstallprefix}/bugzilla/*.pl
 %{bzinstallprefix}/bugzilla/Bugzilla.pm
+%{bzinstallprefix}/bugzilla/bugzilla.dtd
+%{bzinstallprefix}/bugzilla/duplicates.xul
 %{bzinstallprefix}/bugzilla/robots.txt
 %{bzinstallprefix}/bugzilla/Bugzilla
-%{bzinstallprefix}/bugzilla/extensions
 %{bzinstallprefix}/bugzilla/images
 %{bzinstallprefix}/bugzilla/js
-%{bzinstallprefix}/bugzilla/lib
 %{bzinstallprefix}/bugzilla/skins
 %{bzinstallprefix}/bugzilla/t
-%{bzinstallprefix}/bugzilla/xt
 %{bzinstallprefix}/bugzilla/template
+%{bzinstallprefix}/bugzilla/extensions/example
+%{bzinstallprefix}/bugzilla/lib/README
 %{bzinstallprefix}/bugzilla/cron.daily
 %{bzinstallprefix}/bugzilla/cron.whine
-%{bzinstallprefix}/bugzilla/contrib/README
-%{bzinstallprefix}/bugzilla/assets
+%ghost %{bzinstallprefix}/bugzilla/bugzilla-req
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/bugzilla.conf
-%attr(770,root,apache) %dir %{bzdatadir}
-%attr(770,root,apache) %dir %{bzdatadir}/assets
-%attr(750,root,apache) %dir %{_sysconfdir}/bugzilla
 %defattr(-,root,root,-)
 %doc README
 %doc README.fedora
+%dir %{bzdatadir}
+%defattr(0750,root,apache,-)
+%dir %{_sysconfdir}/bugzilla
 
 %files doc
-%defattr(-,root,apache,-)
-%{bzinstallprefix}/bugzilla/docs/en/html
-%{bzinstallprefix}/bugzilla/docs/en/images
-%{bzinstallprefix}/bugzilla/docs/en/pdf
-%{bzinstallprefix}/bugzilla/docs/en/txt
-%{bzinstallprefix}/bugzilla/docs/en/rst
-%{bzinstallprefix}/bugzilla/docs/style.css
-
-
-%files doc-build
-%defattr(-,root,apache,-)
-%{bzinstallprefix}/bugzilla/docs/makedocs.pl
-%{bzinstallprefix}/bugzilla/docs/lib
+%defattr(-,root,root,-)
+%{bzinstallprefix}/bugzilla/docs
 
 %files contrib
-%defattr(-,root,apache,-)
-%{bzinstallprefix}/bugzilla/contrib/bugzilla-queue.rhel
-%{bzinstallprefix}/bugzilla/contrib/bugzilla-queue.suse
-%{bzinstallprefix}/bugzilla/contrib/bzdbcopy.pl
-%{bzinstallprefix}/bugzilla/contrib/bz_webservice_demo.pl
-%{bzinstallprefix}/bugzilla/contrib/cmdline
-%{bzinstallprefix}/bugzilla/contrib/console.pl
-%{bzinstallprefix}/bugzilla/contrib/convert-workflow.pl
-%{bzinstallprefix}/bugzilla/contrib/extension-convert.pl
-%{bzinstallprefix}/bugzilla/contrib/fixperms.pl
-%{bzinstallprefix}/bugzilla/contrib/jb2bz.py*
-%{bzinstallprefix}/bugzilla/contrib/merge-users.pl
-%{bzinstallprefix}/bugzilla/contrib/mysqld-watcher.pl
-%{bzinstallprefix}/bugzilla/contrib/new-yui.sh
-%{bzinstallprefix}/bugzilla/contrib/perl-fmt
-%{bzinstallprefix}/bugzilla/contrib/recode.pl
-%{bzinstallprefix}/bugzilla/contrib/sendbugmail.pl
-%{bzinstallprefix}/bugzilla/contrib/sendunsentbugmail.pl
-%{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl
-%{bzinstallprefix}/bugzilla/contrib/Bugzilla.pm
+%defattr(-,root,root,-)
+%{bzinstallprefix}/bugzilla/contrib
 
 %changelog
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-25
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+* Fri Apr 20 2012 Xavier Bachelot <xavier@bachelot.org> - 3.2.10-5
+- Add patch for CVE-2012-0466.
+- Drop version requirement downgrade for perl(Email::MIME) and
+  perl(Email::MIME::Modifier).
 
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-24
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+* Wed Feb 01 2012 Xavier Bachelot <xavier@bachelot.org> - 3.2.10-4
+- Add patch for CVE-2012-0448.
 
-* Wed Aug 28 2024 Miroslav Suchý <msuchy@redhat.com> - 5.0.6-23
-- convert license to SPDX
+* Thu Dec 29 2011 Xavier Bachelot <xavier@bachelot.org> - 3.2.10-3
+- Add patches for CVE-2011-3657 and CVE-2011-3667.
 
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-22
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+* Thu Sep 15 2011 Xavier Bachelot <xavier@bachelot.org> - 3.2.10-2
+- Add patches for CVE-2011-2379, CVE-2011-2380, CVE-2011-2381, CVE-2011-2978
+  and CVE-2011-2976.
+- Fix httpd conf (RHBZ#736579, RHBZ #736584).
+- Fix typo in doc (RHBZ#736581).
+- Fix files ownership (RHBZ#736583).
 
-* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-21
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+* Tue May 03 2011 Xavier Bachelot <xavier@bachelot.org> - 3.2.10-1
+- Update to 3.2.10 for CVE-2010-4411, CVE-2010-4567, CVE-2010-4568,
+  CVE-2010-4569, CVE-2010-4570, CVE-2010-4572, CVE-2011-0046, CVE-2011-0048)
 
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-20
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+* Tue Feb 02 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.2.6-2
+- Use Linux requirements, not Windows'
 
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-19
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Sun May 07 2023 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-18
-- Patch to build against Sphinx 6.1.3 (#2180465)
-- Use new patch syntax
-
-* Sun Feb 12 2023 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-17
-- Add missing buildrequirement on tgtermes.sty (#2160038)
-
-* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-16
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-15
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-14
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Sun Feb 14 2021 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-12
-- Add make to BuildRequires
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Mon Oct 19 2020 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-10
-- Replace calls to %%{__perl} with /usr/bin/perl
-- Remove contrib/bugzilla-submit (no longers works) (#1835451)
-
-* Tue Sep 29 2020 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-9
-- Remove automagic Python bytecompilation macro
-- Include upstream patch for text mails (#1855962)
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-8
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-* Tue Mar 24 2020 Jitka Plesnikova <jplesnik@redhat.com> - 5.0.6-6
-- Add all perl dependencies needed for build
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Sep 04 2019 Miro Hrončok <mhroncok@redhat.com> - 5.0.6-4
-- Drop unused build dependency on Python 2
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.6-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Mar 10 2019 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-2
-- Use %%{__python3} instead of %%{__python2}
-- Depend on python3-sphinx instead of python2-sphinx
-
-* Thu Feb 14 2019 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.6-1
-- Update to 5.0.6
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Sun Feb 18 2018 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.4-1
-- Update to 5.0.4
-- Remove backported File::Slurp patch, no longer needed
-- use %%{__python2} instead of %%{__python}
-- Disable the concatenation of assets (#1438957)
-
-* Wed Feb 07 2018 Iryna Shcherbina <ishcherb@redhat.com> - 5.0.3-10
-- Update Python 2 dependency declarations to new packaging standards
-  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.3-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Sun Aug 20 2017 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.3-8
-- Tighten macro expansion (thanks to ppisar)
-- Drop Group tag
-- Use tex(..) BuildRequires where possible
-
-* Mon Aug 07 2017 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.3-7
-- Add doc-building requirement to fix FTBS
-- Add perl(ExtUtils::MM) to the list of required modules
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.3-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Tue Apr 04 2017 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.3-5
-- Include more dependencies to fix FTBFS (#1423283)
-- Allow AuthConfig directives in Bugzilla's directory (#1403588)
-- Backport patch to use internal functions rather than File::Slurp (#1425077)
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Sun Nov 27 2016 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.3-3
-- Check for perl(JSON::RPC::Legacy::Server::CGI) instead of perl(JSON::RPC)
-
-* Sun Jul 17 2016 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.3-2
-- Add build requirements for texlive sub-packages
-- Filter out more optional dependencies
-
-* Mon May 16 2016 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.3-1
-- Update to 5.0.3, dropping backported patch
-
-* Sun May 01 2016 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.2-3
-- backport patch to prevent email address encoding
-
-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Sat Jan 16 2016 Emmanuel Seyman <emmanuel@seyman.fr> - 5.0.2-1
-- Update to 5.0.2, with thanks to Tuomo Soini (#1275609)
-- Use dnf instead of yum when advising to install perl modules
-- Change documentation URL to bugzilla.readthedocs.org
-
-* Mon Sep 28 2015 Tuomo Soini <tis@foobar.fi> - 5.0.1-3
-- fix data directory permissions and config dir permissions
-
-* Mon Sep 28 2015 Tuomo Soini <tis@foobar.fi> - 5.0.1-2
-- Fix file owners to be mostly correct
-- rewrite patching of paths in Constants.pm
-
-* Fri Sep 11 2015 Tuomo Soini <tis@foobar.fi> - 5.0.1-1
-- Update to 5.0.1 new stable series
-- update dependencies for 5.0.1
-- build documentation
-- add documentation build dependencies
-
-* Thu Sep 10 2015 Tuomo Soini <tis@foobar.fi> - 4.4.10-1
-- Update to 4.4.10 to fix CVE-2015-4499
-
-* Wed Jun 17 2015 Tuomo Soini <tis@foobar.fi> - 4.4.9-1
-- Update to 4.4.9 for several important bug fixes
-
-* Tue Jun 16 2015 Tuomo Soini <tis@foobar.fi> - 4.4.8-1
-- Import from rawhide (F23)
-
-* Sat Jan 31 2015 Emmanuel Seyman <emmanuel@seyman.fr> - 4.4.8-1
-- Update to 4.4.8 (fixes regressions in 4.4.7 which itself
-  fixed security flaws) (CVE-2014-1571, CVE-2014-8630)
-
-* Sun Jan 04 2015 Emmanuel Seyman <emmanuel@seyman.fr> - 4.4.6-2
-- Remove bundled binary files (#1000245)
-- Add webdot directory perms to apache configuration
-
-* Wed Oct 08 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.4.6-1
-- Update to 4.4.6
-
-* Fri Jul 25 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.4.5-1
-- Update to 4.4.5
-
-* Mon Jul 07 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.4.4-1
-- Update to 4.4.4
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.9-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sat Apr 19 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.9-1
-- Update to 4.2.9 (regression fix for 4.2.8 which was a security update)
-- Drop backported patches
-
-* Tue Jan 14 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.7-3
-- Fix the comparison of module versions (#1044854)
-- Really honor the PROJECT environment variable (#911943)
-
-* Thu Nov 14 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.7-2
-- Add patch to cache bz_locations() (bmo #843457)
-- Fix constants patch to honor the PROJECT environment variable (#911943)
-
-* Thu Oct 17 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.7-1
-- Update to 4.2.7 (security updates)
-- Patch bugzilla to write compiled templates under /var (#949130)
-
-* Thu Aug 15 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.6-5
-- Stop creating /usr/share/doc/bugzilla-<version> (#993688)
-- Fix incorrect date in changelog
-
-* Sun Aug 04 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.6-4
-- Change apache conf to enable access to all machines
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.6-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Thu Jul 18 2013 Petr Pisar <ppisar@redhat.com> - 4.2.6-2
-- Perl 5.18 rebuild
-
-* Sun May 26 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.6-1
-- Update to 4.2.6
-
-* Wed Feb 20 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.5-1
-- Update to 4.2.5 (fixes CVE-2013-0785)
-
-* Tue Feb 05 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.4-2
-- Update httpd configuration file for Apache 2.4
-- Update httpd configuration file for the upcoming bugzilla 4.4
-
-* Wed Nov 14 2012 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.4-1
-- Update to 4.2.4
-- Remove the defattr and clean macros (no longer used)
-
-* Sun Sep 02 2012 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.3-1
-- Update to 4.2.3
-
-* Mon Jul 30 2012 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.2.2-1
-- Update to 4.2.2
-
-* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Fri Apr 20 2012 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.2.1-1
-- Update to 4.2.1 (CVE-2012-0465, CVE-2012-0466)
-
-* Sun Feb 26 2012 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.2-1
-- Update to 4.2 (#797225)
-- Include contrib/README instead of contrib/recode.pl in the main package
-
-* Sun Feb 26 2012 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0.5-2
-- Leave perl(Bugzilla::Extension::Example::Util) in the provides stream
-
-* Thu Feb 23 2012 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0.5-1
-- Update to 4.0.5 to fix security issues
-- Block all ModPerl::* and Apache2::* from requires
-- Remove rpm4.8 filters
-
-* Wed Feb  1 2012 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0.4-1
-- Update to 4.0.4 to fix security flaws (#786550)
-- Remove JSON:RPC patch, upstreamed (bmo #706753)
-- Correct upstream URL in README.fedora.bugzilla, thanks to Ken Dreyer (#783014)
-
-* Tue Jan 10 2012 Tom Callaway <spot@fedoraproject.org> - 4.0.3-2
-- patch bz to use JSON::RPC::Legacy::Server::CGI
-
-* Fri Dec 30 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0.3-1
-- Update to 4.0.3
-- Add perl(Locale::Language) to the Requires
-- Put the xml docs source in the doc-build subpackage
-- Add index.html to the DirectoryIndex
-- Fix typo in README.fedora.bugzilla
-
-* Fri Aug 05 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0.2-1
-- Update to 4.0.2
-- Add RPM-4.9-style filtering
-- Put graphs in /var/lib/bugzilla/graphs.
-
-* Sun May 01 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0.1-1
-- Update to 4.0.1
-- Patch the installation procedure to recommend yum
-
-* Sun Mar 27 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 4.0-1
-- Update to 4.0
-
-* Sun Mar 06 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.4-7
-- Put contrib/recode.pl in the main package so that it no longer depends on
-  python and ruby
-- Remove the contents of the lib/ directory, not the directory itself.
-
-* Tue Feb 15 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.4-6
-- More filtering
-
-* Mon Feb 14 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.4-5
-- Fix broken dependencies
-- Remove unused patch
-
-* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.6.4-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Sat Jan 29 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.4-3
-- Remove no-longer-needed files
-
-* Sat Jan 29 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.4-2
-- Move to the current filtering system for provides and requires
-
-* Tue Jan 25 2011 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.4-1
-- Update to 3.6.4
-- Add RPM-4.9-style filtering
-- 
-
-* Wed Nov 03 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.3-1
-- Update to 3.6.3 (#649406)
-- Fix webdot alias in /etc/httpd/conf.d/bugzilla (#630255)
-- Do not apply graphs patch (upstreamed)
-
-* Wed Aug 18 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.2-1
-- Update to 3.6.2 (#623426)
-- Only run checksetup if /etc/bugzilla/localconfig does not exist (#610210)
-- Add bugzilla-contrib to Requires (#610198)
-
-* Wed Aug 11 2010 David Malcolm <dmalcolm@redhat.com> - 3.6.1-2
-- recompiling .py files against Python 2.7 (rhbz#623281)
-
-* Fri Jun 25 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6.1-1
-- Update to 3.6.1
-
-* Sun Jun  6 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6-3
-- Remove mod_perl from the requirements (#600924)
-
-* Sun Jun  6 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6-2
-- Fix missing provides (#600922)
-
-* Tue Apr 13 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.6-1
-- Update to 3.6 (#598377)
-- Patch to put graphs in /var/lib/bugzilla/ (brc #564450, bmo #313739)
-
-* Mon Feb 01 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.4.5-1
-- Update to 3.4.5 (CVE-2009-3989, CVE-2009-3387)
-- Remove bugzilla-EL5-perl-versions.patch which is EPEL-specific
-
-* Thu Nov 19 2009 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.4.4-1
-- Update to 3.4.4 (CVE-2009-3386)
-
-* Wed Nov 11 2009 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.4.3-1
-- Update to 3.4.3 (fixes memory leak issues)
-- Add perl(Digest::SHA) in the Requires
+* Mon Feb 01 2010 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.2.6-1
+- Update to 3.2.6 (CVE-2009-3989, CVE-2009-3387)
 - Specify Perl module versions in the Requires (fixes #524309)
 - Add an alias to make $webdotdir a working path (fixes #458848)
 
-* Fri Sep 11 2009 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.4.2-1
-- Update to 3.4.2 (CVE-2009-3125, CVE-2009-3165 and CVE-2009-3166)
+* Fri Sep 11 2009 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.2.5-1
+- Update to 3.2.5 (CVE-2009-3125, CVE-2009-3165 and CVE-2009-3166)
 
-* Tue Aug 04 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 3.4.1-2
+* Tue Aug 04 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 3.2.4-2
 - fix EL-5 perl dependencies bz#515158
 
-* Sun Aug 02 2009 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.4.1-1
-- Update to 3.4.1, fixing a security leak
-
-* Wed Jul 29 2009 Emmanuel Seyman <emmanuel.seyman@club-internet.fr> - 3.4-1
-- Update to 3.4 (fixes #514315)
-- move makedocs.pl to its own package (fixes #509041)
-- move the extensions dir to /usr/share/ (fixes #450636)
-
-* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
 * Wed Jul 08 2009 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 3.2.4-1
 - fix https://bugzilla.mozilla.org/show_bug.cgi?id=495257
 
@@ -742,7 +302,7 @@ popd > /dev/null)
 * Wed Nov  8 2006 John Berninger <johnw at berningeronline dot net> - 2.22-7
 - Fixes for bz # 212355
 
-* Tue Jun 27 2006 John Berninger <johnw at berningeronline dot net> - 2.22-6
+* Tue Jun 26 2006 John Berninger <johnw at berningeronline dot net> - 2.22-6
 - Clean up BugzillaEmail requires (filter it out)
 
 * Mon Jun 26 2006 John Berninger <johnw at berningeronline dot net> - 2.22-5

sources

@@ -1 +1 @@
-SHA512 (release-5.0.6.tar.gz) = 941087510e2c742ffd4f9c82f6d93253e04c4bde0b3a992d7bbec7672e02604d5cc8b63a12c86b0af8f7a5f7dd8e2ee4e0fa136b4b343fe4d03fd884796a4d2c
+dd9d8e142f5e8d5a352fb87a9afebc48  bugzilla-3.2.10.tar.gz