[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q1 2008-05-15T10:33:01Z 2008-05-15T10:33:01Z rtr rtr 2008-05-15T10:33:01Z urn:sha1:180ca0046777bfa4b07ce0db4a672193a71e935b bugzilla: update for cross-site scripting vulnerability revisions pulled up: - pkgsrc/devel/bugzilla/Makefile - pkgsrc/devel/bugzilla/PLIST - pkgsrc/devel/bugzilla/distinfo Module Name: pkgsrc Committed By: adrianp Date: Tue May 6 19:36:39 UTC 2008 Modified Files: pkgsrc/devel/bugzilla: Makefile PLIST distinfo Log Message: 2.22.4 Class: Cross-Site Scripting Versions: 2.17.2 and higher Description: When using the "Format for Printing" view of a bug (or the "Long Format" of a bug list, which is the same thing), there was a cross-site scripting hole--arbitrary text from a particular URL parameter could be injected into the page without filtering. 2008-03-03T17:45:33Z jlam jlam 2008-03-03T17:45:33Z urn:sha1:7a1142123798f48c48fc2d1fe38690a6b94d1df7 their files via a custom do-install target. 2007-12-22T07:22:04Z obache obache 2007-12-22T07:22:04Z urn:sha1:9e1255a4951e13c472c93f997cba2df8d800e939 There are three types Mozilla mirrors. (http://www.mozilla.org/mirroring.html) * mozilla-current contains only the current version of Firefox and Thunderbird * mozilla-release contains Firefox, Thunderbird, and Sunbird releases * mozilla-all complete archive Define following variables for mozilla master sites: MASTER_SITE_MOZILLA_ALL = mozilla-all MASTER_SITE_MOZILLA = mozilla-release and change some packages to use appropriate variable. Update contents of MASTER_SITE_MOZILLA with master and primary mirrors taken from http://www.mozilla.org/mirrors.html and add some sample definitions. 2007-08-25T09:49:33Z adrianp adrianp 2007-08-25T09:49:33Z urn:sha1:86d4837447fe364cbdd3bcca4d00dbff4e933d50 + Bug lists in iCal format were cutting off bug summaries if they had a comma in them. (bug 274408) + If collectstats.pl encountered an invalid series when collecting data for New Charts, it would stop processing all series, silently. This means that several series may not have been collecting data. On PostgreSQL, all series were failing, thus meaning that New Charts were not working at all on PostgreSQL. (bug 257351) 2007-07-04T20:54:31Z jlam jlam 2007-07-04T20:54:31Z urn:sha1:45233ac07a4c6f9e80f4f9350cbb54ee23d8bd54 the owner of all installed files is a non-root user. This change affects most packages that require special users or groups by making them use the specified unprivileged user and group instead. (1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to unprivileged.mk. These two variables are lists of other bmake variables that define package-specific users and groups. Packages that have user-settable variables for users and groups, e.g. apache and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP}, etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER} and ${UNPRIVILEGED_GROUP}. (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS. 2007-06-15T14:18:38Z jlam jlam 2007-06-15T14:18:38Z urn:sha1:3d6084eb59674e8dc893a1b67255fd18edc32c7c 2007-02-03T17:21:02Z adrianp adrianp 2007-02-03T17:21:02Z urn:sha1:009622b764cac91548a6d9bb41c731f72ff97458 + Make Bugzilla compatible with Template Toolkit 2.15 (bug 357374) + Make Bugzilla compatible with versions of MySQL higher than 5.0.25 (bug 321645) + Sanity Check can now only be run by people with the "admin" privilege. (bug 91761) + Security [XSS] fix https://bugzilla.mozilla.org/show_bug.cgi?id=367674 2007-01-13T21:24:58Z abs abs 2007-01-13T21:24:58Z urn:sha1:db041aea0b64ef56790d6543d1a34bc34cbbdb73 the perl in pkgsrc should be enough for these packages. Bump PKGREVISIONs Cleanup for PR pkg/35402 2006-10-15T12:36:05Z adrianp adrianp 2006-10-15T12:36:05Z urn:sha1:801d64d80220e8197f6d41dbb94df5fe98cdeb97 + When sending mail, Bugzilla could throw the error "Insecure dependency in exec while running with -T switch" (bug 340538). + Using the public webdot server (for dependency graphs) should work again (bug 351243). + The "I'm added to or removed from this capacity" email preference wasn't working for new bugs (bug 349852). + The original release of 2.22 incorrectly said it required Template-Toolkit version 2.08. In actual fact, Bugzilla requires version 2.10 (bug 351478). + votes.cgi would crash if your bug was the one confirming a bug (bug 351300). + checksetup.pl now correctly reports if your Template::Plugin::GD module is missing. If missing, it could lead to charts and graphs not working (bug 345389). + The "Keyword" field on buglist.cgi was not sorted alphabetically, so it wasn't very useful for sorting (bug 342828). + Sendmail will no longer complain about there being a newline in the email address, when Bugzilla sends mail (bug 331365). + contrib/bzdbcopy.pl would try to insert an invalid value into the database, unnecessarily (bug 335572). + Deleting a bug now correctly deletes its attachments from the database (bug 339667). 2006-10-15T12:21:13Z adrianp adrianp 2006-10-15T12:21:13Z urn:sha1:b7b663493615710bb368b8fb9857f91acc9cc881 New features include: * Complete PostgreSQL Support * Parameters In Sections * One Codebase, Multiple Databases * UTF-8 for New Installations * Admins Can Impersonate Users * Bug Import and Moving Improvements * Adding Individual Bugs to Saved Searches * Attach URLs * Optional "Strict Isolation" for Groups * "editcomponents" Change * "shutdownhtml" Change * Miscellaneous Improvements For further details see: http://www.bugzilla.org/releases/2.22/new-features.html http://www.bugzilla.org/releases/2.22/release-notes.html