Commit ae9d631b authored by ohauer's avatar ohauer
Browse files

- update to latest release [1]

- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743
parent a7549f9d
......@@ -5116,3 +5116,6 @@ audio/akode-plugins-oss||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-pulseaudio||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-resampler||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-xiph||2013-10-17|Removed: Dependency of KDE 3.x
german/bugzilla|german/bugzilla40|2013-10-17|Reflect PORTNAME
japanese/bugzilla|japanese/bugzilla40|2013-10-17|Reflect PORTNAME
russian/bugzilla|russian/bugzilla40|2013-10-17|Reflect PORTNAME
......@@ -147,7 +147,7 @@
SUBDIR += bsdlibdwarf
SUBDIR += bufferpool
SUBDIR += bug-buddy
SUBDIR += bugzilla
SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += build
......
SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2
SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655
# $FreeBSD$
PORTNAME= bugzilla
PORTVERSION= 4.0.10
PORTVERSION= 4.0.11
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
......@@ -44,8 +44,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib t xt
USE_APACHE_RUN= 22+
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=2.9003:${PORTSDIR}/databases/p5-DBD-mysql
......@@ -175,4 +173,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
PKGNAMESUFFIX= 40
CONFLICTS_INSTALL= \
bugzilla4[^0].* \
bugzilla-4.[^0].*
PORTSCOUT= limit:^4\.0\.
......
......@@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \
EXPORT_IMPORT \
CONTRIB
OPTIONS_GROUP_ATTACHMENT= \
OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
OPTIONS_GROUP_AUTH= \
OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS
......
SHA256 (bugzilla/bugzilla-4.0.11.tar.gz) = d2e454a5a705f3728a6645c27793f7c8d3058dda675704eac4a9a856f16b0c0f
SIZE (bugzilla/bugzilla-4.0.11.tar.gz) = 2785420
......@@ -971,6 +971,8 @@
@dirrmtry %%WWWDIR%%/js/yui
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
......@@ -996,8 +998,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
@dirrmtry %%WWWDIR%%/data
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML
......@@ -1030,9 +1030,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
@exec mkdir -p %D/%%WWWDIR%%/xt
@exec mkdir -p %D/%%WWWDIR%%/t
@exec mkdir -p %D/%%WWWDIR%%/lib
@exec mkdir -p %D/%%WWWDIR%%/graphs
@exec mkdir -p %D/%%WWWDIR%%/data
@exec mkdir -p %D/%%WWWDIR%%/contrib
# $FreeBSD$
PORTNAME= bugzilla
PORTVERSION= 4.2.6
PORTVERSION= 4.2.7
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
......@@ -25,8 +25,6 @@ RUN_DEPENDS= \
p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \
p5-URI>=1.37:${PORTSDIR}/net/p5-URI
LATEST_LINK= bugzilla42
USES= perl5
USE_PERL5= patch run build
......@@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib t xt
USE_APACHE_RUN= 22+
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql
......@@ -184,4 +180,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
PKGNAMESUFFIX= 42
CONFLICTS_INSTALL= \
bugzilla4[^2].* \
bugzilla-4.[^2].*
PORTSCOUT= limitw:1,even
......
......@@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \
EXPORT_IMPORT \
CONTRIB
OPTIONS_GROUP_ATTACHMENT= \
OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
OPTIONS_GROUP_AUTH= \
OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS
......
SHA256 (bugzilla/bugzilla-4.2.6.tar.gz) = 16ede21f92e672ed19aadeddd24136a8ec76ec14e6bf9627fe33207f2531807d
SIZE (bugzilla/bugzilla-4.2.6.tar.gz) = 2425903
SHA256 (bugzilla/bugzilla-4.2.7.tar.gz) = c2350e02e287f10dc21d7a1813d5311d84804fb1f3418d4ef5c7e335458fc189
SIZE (bugzilla/bugzilla-4.2.7.tar.gz) = 2964784
......@@ -179,7 +179,7 @@
%%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif
@comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt
%%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt
%%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml
......@@ -987,6 +987,8 @@
@dirrmtry %%WWWDIR%%/js/history.js
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
......@@ -1014,8 +1016,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
@dirrmtry %%WWWDIR%%/data
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML
......@@ -1048,9 +1048,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
@exec mkdir -p %D/%%WWWDIR%%/xt
@exec mkdir -p %D/%%WWWDIR%%/t
@exec mkdir -p %D/%%WWWDIR%%/lib
@exec mkdir -p %D/%%WWWDIR%%/graphs
@exec mkdir -p %D/%%WWWDIR%%/data
@exec mkdir -p %D/%%WWWDIR%%/contrib
# $FreeBSD$
PORTNAME= bugzilla
PORTVERSION= 4.4
PORTVERSION= 4.4.1
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
......@@ -25,8 +25,6 @@ RUN_DEPENDS= \
p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \
p5-URI>=1.37:${PORTSDIR}/net/p5-URI
LATEST_LINK= bugzilla44
USES= perl5
USE_PERL5= patch build run
......@@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib t xt
USE_APACHE_RUN= 22+
.endif
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql
......@@ -175,6 +171,8 @@ post-patch:
@${FIND} ${WRKSRC} \( -name "CVS" -or -name ".cvsignore" -or -name "*.orig" \
-or -name "*.bak" -or -name ".bzr*" -or -name "README.docs" \) \
| ${XARGS} ${RM} -rf
# empty leftover
@${RM} ${WRKSRC}/docs/en/html/Bugzilla-Guide.proc
do-install: .SILENT
${MKDIR} ${STAGEDIR}${WWWDIR}
......@@ -198,4 +196,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
.include <bsd.port.post.mk>
.include <bsd.port.mk>
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
PKGNAMESUFFIX= 44
CONFLICTS_INSTALL= \
bugzilla4[^4].* \
bugzilla-4.[^4].*
PORTSCOUT= limitw:1,even
......
SHA256 (bugzilla/bugzilla-4.4.tar.gz) = 709e1b07ca23a91fbf5fb3d34645a8b574af39034b216daa1811effd02ebd72e
SIZE (bugzilla/bugzilla-4.4.tar.gz) = 2441533
SHA256 (bugzilla/bugzilla-4.4.1.tar.gz) = cc63513b98f7f0a523c58c642554ec72ee1e941f7d13c306e2e8c7e4cceeb428
SIZE (bugzilla/bugzilla-4.4.1.tar.gz) = 2966058
......@@ -183,7 +183,7 @@
%%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif
@comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt
%%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt
%%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml
......@@ -999,6 +999,8 @@
@dirrmtry %%WWWDIR%%/js/history.js
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
......@@ -1027,8 +1029,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
@dirrmtry %%WWWDIR%%/data
@dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/xsl
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
......@@ -1062,10 +1062,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
@exec mkdir -p %D/%%WWWDIR%%/xt
@exec mkdir -p %D/%%WWWDIR%%/t
@exec mkdir -p %D/%%WWWDIR%%/lib
@exec mkdir -p %D/%%WWWDIR%%/graphs
@exec mkdir -p %D/%%WWWDIR%%/data
@exec mkdir -p %D/%%WWWDIR%%/contrib
%%PORTDOCS%%@exec mkdir -p %D/%%DOCSDIR%%/en/pdf
......@@ -11,7 +11,7 @@
SUBDIR += bsdforen-firefox-searchplugin
SUBDIR += bsdgroup-firefox-searchplugin
SUBDIR += bsdpaste
SUBDIR += bugzilla
SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += calligra-l10n
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment