ports/149721: [patch] port devel/bugzilla security update to 3.6.2
Olli Hauer
ohauer at FreeBSD.org
Mon Aug 16 21:00:10 UTC 2010
>Number: 149721
>Category: ports
>Synopsis: [patch] port devel/bugzilla security update to 3.6.2
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 16 21:00:10 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: olli hauer <ohauer at FreeBSD.org>
>Release:
>Organization:
>Environment:
>Description:
Security update for bugzilla to versiopn 3.6.2.
(I'm running this verion now since a view days, no issues since
now reported by the users)
Security Advisory
Source: http://www.bugzilla.org/security/3.2.7/ (5 Aug 2010)
==================================================================
* It was possible to (at least partially) determine the membership
of any group using the Search interface.
* It was possible to use the 'sudo' feature without sending
a notification to the user being impersonated.
* The 'Reports' and 'Duplicates' pages let you guess the name of
products you could not see, due to the error message that was
thrown.
* For installations using PostgreSQL, specifying "bug X" or
"attachment X" in a comment would deny access to the bug if X was
larger than the maximum 32-bit signed integer size.
All affected installations are encouraged to upgrade as soon as
possible.
Updates in this 3.6.x Release
Source: http://www.bugzilla.org/releases/3.6.2/release-notes.html
==================================================================
In addition, the following important fixes/changes have been made in
this release:
* Email notifications where missing the dates that comments were
made. (Bug 578003)
* Putting a phrase in quotes in the Quicksearch box now works properly,
again. (Bug 578494 and Bug 553884)
* Quicksearch was usually (incorrectly) being limited to 200 results.
(Bug 581622)
* Searching "keywords" for "contains none of the words" or "does not
match regular expression" now works properly. (Bug 562014)
* Doing collectstats.pl --regenerate now works on installations using
PostgreSQL. (Bug 577058)
* The "Field Values" administrative control panel was sometimes denying
admins the ability to delete field values when there was no reason to
deny the deletion. (Bug 577054)
* Eliminate the "uninitialized value" warnings that would happen when
editing a product's components. (Bug 576911)
* The updating of bugs_fulltext that happens during checksetup.pl for
upgrades to 3.6 should now be MUCH faster. (Bug 577754)
* email_in.pl was not allowing the setting of time-tracking fields via
inbound emails. (Bug 583622)
>How-To-Repeat:
>Fix:
--- patch_bugzilla.txt begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/devel/bugzilla/Makefile,v
retrieving revision 1.77
diff -u -u -r1.77 Makefile
--- Makefile 5 Jul 2010 16:42:22 -0000 1.77
+++ Makefile 16 Aug 2010 20:22:25 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= bugzilla
-PORTVERSION= 3.6.1
+PORTVERSION= 3.6.2
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/devel/bugzilla/distinfo,v
retrieving revision 1.40
diff -u -u -r1.40 distinfo
--- distinfo 5 Jul 2010 16:42:22 -0000 1.40
+++ distinfo 16 Aug 2010 20:22:25 -0000
@@ -1,3 +1,3 @@
-MD5 (bugzilla-3.6.1.tar.gz) = 74045f64fa7698f61ef24ef44b2e2074
-SHA256 (bugzilla-3.6.1.tar.gz) = a8e343558628ba020bbb92844f665650a90ade080b248e757a34aa958ca16573
-SIZE (bugzilla-3.6.1.tar.gz) = 2631968
+MD5 (bugzilla-3.6.2.tar.gz) = c8bd9b81969cce1a0199a739b48bda06
+SHA256 (bugzilla-3.6.2.tar.gz) = 52693795fd7b6d8e1195b1b8bfc6d1c430807c638b66ff5f123b571639f84403
+SIZE (bugzilla-3.6.2.tar.gz) = 2623743
--- patch_bugzilla.txt ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list