svn commit: r330666 - in head: . devel devel/bugzilla devel/bugzilla40 devel/bugzilla42 devel/bugzilla44 german german/bugzilla german/bugzilla40 german/bugzilla42 german/bugzilla44 japanese japane...
Olli Hauer
ohauer at FreeBSD.org
Thu Oct 17 19:35:29 UTC 2013
Author: ohauer
Date: Thu Oct 17 19:35:22 2013
New Revision: 330666
URL: http://svnweb.freebsd.org/changeset/ports/330666
Log:
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
Added:
head/devel/bugzilla40/
- copied from r330662, head/devel/bugzilla/
head/german/bugzilla40/
- copied from r330663, head/german/bugzilla/
head/japanese/bugzilla40/
- copied from r330664, head/japanese/bugzilla/
head/russian/bugzilla40/
- copied from r330663, head/russian/bugzilla/
Deleted:
head/devel/bugzilla/
head/german/bugzilla/
head/japanese/bugzilla/
head/russian/bugzilla/
Modified:
head/MOVED
head/devel/Makefile
head/devel/bugzilla40/Makefile
head/devel/bugzilla40/Makefile.common
head/devel/bugzilla40/Makefile.options
head/devel/bugzilla40/distinfo
head/devel/bugzilla40/pkg-plist
head/devel/bugzilla42/Makefile
head/devel/bugzilla42/Makefile.common
head/devel/bugzilla42/Makefile.options
head/devel/bugzilla42/distinfo
head/devel/bugzilla42/pkg-plist
head/devel/bugzilla44/Makefile
head/devel/bugzilla44/Makefile.common
head/devel/bugzilla44/distinfo
head/devel/bugzilla44/pkg-plist
head/german/Makefile
head/german/bugzilla40/Makefile
head/german/bugzilla42/Makefile
head/german/bugzilla44/Makefile
head/japanese/Makefile
head/japanese/bugzilla40/Makefile
head/japanese/bugzilla42/Makefile
head/japanese/bugzilla44/Makefile
head/russian/Makefile
head/russian/bugzilla40/Makefile
head/russian/bugzilla42/Makefile
head/security/vuxml/vuln.xml
Modified: head/MOVED
==============================================================================
--- head/MOVED Thu Oct 17 19:22:58 2013 (r330665)
+++ head/MOVED Thu Oct 17 19:35:22 2013 (r330666)
@@ -5116,3 +5116,6 @@ audio/akode-plugins-oss||2013-10-17|Remo
audio/akode-plugins-pulseaudio||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-resampler||2013-10-17|Removed: Dependency of KDE 3.x
audio/akode-plugins-xiph||2013-10-17|Removed: Dependency of KDE 3.x
+german/bugzilla|german/bugzilla40|2013-10-17|Reflect PORTNAME
+japanese/bugzilla|japanese/bugzilla40|2013-10-17|Reflect PORTNAME
+russian/bugzilla|russian/bugzilla40|2013-10-17|Reflect PORTNAME
Modified: head/devel/Makefile
==============================================================================
--- head/devel/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -147,7 +147,7 @@
SUBDIR += bsdlibdwarf
SUBDIR += bufferpool
SUBDIR += bug-buddy
- SUBDIR += bugzilla
+ SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += build
Modified: head/devel/bugzilla40/Makefile
==============================================================================
--- head/devel/bugzilla/Makefile Thu Oct 17 18:21:55 2013 (r330662)
+++ head/devel/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
-PORTVERSION= 4.0.10
+PORTVERSION= 4.0.11
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
@@ -44,8 +44,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib
USE_APACHE_RUN= 22+
.endif
-.include <bsd.port.pre.mk>
-
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=2.9003:${PORTSDIR}/databases/p5-DBD-mysql
@@ -175,4 +173,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Modified: head/devel/bugzilla40/Makefile.common
==============================================================================
--- head/devel/bugzilla/Makefile.common Thu Oct 17 18:21:55 2013 (r330662)
+++ head/devel/bugzilla40/Makefile.common Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,8 +1,10 @@
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
+PKGNAMESUFFIX= 40
CONFLICTS_INSTALL= \
+ bugzilla4[^0].* \
bugzilla-4.[^0].*
PORTSCOUT= limit:^4\.0\.
Modified: head/devel/bugzilla40/Makefile.options
==============================================================================
--- head/devel/bugzilla/Makefile.options Thu Oct 17 18:21:55 2013 (r330662)
+++ head/devel/bugzilla40/Makefile.options Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \
EXPORT_IMPORT \
CONTRIB
-OPTIONS_GROUP_ATTACHMENT= \
+OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
-OPTIONS_GROUP_AUTH= \
+OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS
Modified: head/devel/bugzilla40/distinfo
==============================================================================
--- head/devel/bugzilla/distinfo Thu Oct 17 18:21:55 2013 (r330662)
+++ head/devel/bugzilla40/distinfo Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2
-SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655
+SHA256 (bugzilla/bugzilla-4.0.11.tar.gz) = d2e454a5a705f3728a6645c27793f7c8d3058dda675704eac4a9a856f16b0c0f
+SIZE (bugzilla/bugzilla-4.0.11.tar.gz) = 2785420
Modified: head/devel/bugzilla40/pkg-plist
==============================================================================
--- head/devel/bugzilla/pkg-plist Thu Oct 17 18:21:55 2013 (r330662)
+++ head/devel/bugzilla40/pkg-plist Thu Oct 17 19:35:22 2013 (r330666)
@@ -971,6 +971,8 @@
@dirrmtry %%WWWDIR%%/js/yui
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
+ at dirrmtry %%WWWDIR%%/graphs
+ at dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
@@ -996,8 +998,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
- at dirrmtry %%WWWDIR%%/data
- at dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML
@@ -1030,9 +1030,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
- at exec mkdir -p %D/%%WWWDIR%%/xt
- at exec mkdir -p %D/%%WWWDIR%%/t
- at exec mkdir -p %D/%%WWWDIR%%/lib
- at exec mkdir -p %D/%%WWWDIR%%/graphs
- at exec mkdir -p %D/%%WWWDIR%%/data
- at exec mkdir -p %D/%%WWWDIR%%/contrib
Modified: head/devel/bugzilla42/Makefile
==============================================================================
--- head/devel/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
-PORTVERSION= 4.2.6
+PORTVERSION= 4.2.7
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
@@ -25,8 +25,6 @@ RUN_DEPENDS= \
p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \
p5-URI>=1.37:${PORTSDIR}/net/p5-URI
-LATEST_LINK= bugzilla42
-
USES= perl5
USE_PERL5= patch run build
@@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib
USE_APACHE_RUN= 22+
.endif
-.include <bsd.port.pre.mk>
-
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql
@@ -184,4 +180,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Modified: head/devel/bugzilla42/Makefile.common
==============================================================================
--- head/devel/bugzilla42/Makefile.common Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla42/Makefile.common Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,8 +1,10 @@
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
+PKGNAMESUFFIX= 42
CONFLICTS_INSTALL= \
+ bugzilla4[^2].* \
bugzilla-4.[^2].*
PORTSCOUT= limitw:1,even
Modified: head/devel/bugzilla42/Makefile.options
==============================================================================
--- head/devel/bugzilla42/Makefile.options Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla42/Makefile.options Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \
EXPORT_IMPORT \
CONTRIB
-OPTIONS_GROUP_ATTACHMENT= \
+OPTIONS_GROUP_ATTACHMENT=\
BMP2PNG
-OPTIONS_GROUP_AUTH= \
+OPTIONS_GROUP_AUTH= \
LDAP \
RADIUS
Modified: head/devel/bugzilla42/distinfo
==============================================================================
--- head/devel/bugzilla42/distinfo Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla42/distinfo Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.2.6.tar.gz) = 16ede21f92e672ed19aadeddd24136a8ec76ec14e6bf9627fe33207f2531807d
-SIZE (bugzilla/bugzilla-4.2.6.tar.gz) = 2425903
+SHA256 (bugzilla/bugzilla-4.2.7.tar.gz) = c2350e02e287f10dc21d7a1813d5311d84804fb1f3418d4ef5c7e335458fc189
+SIZE (bugzilla/bugzilla-4.2.7.tar.gz) = 2964784
Modified: head/devel/bugzilla42/pkg-plist
==============================================================================
--- head/devel/bugzilla42/pkg-plist Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla42/pkg-plist Thu Oct 17 19:35:22 2013 (r330666)
@@ -179,7 +179,7 @@
%%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif
- at comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
+%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt
%%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt
%%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml
@@ -987,6 +987,8 @@
@dirrmtry %%WWWDIR%%/js/history.js
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
+ at dirrmtry %%WWWDIR%%/graphs
+ at dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
@@ -1014,8 +1016,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
- at dirrmtry %%WWWDIR%%/data
- at dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML
@@ -1048,9 +1048,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
- at exec mkdir -p %D/%%WWWDIR%%/xt
- at exec mkdir -p %D/%%WWWDIR%%/t
- at exec mkdir -p %D/%%WWWDIR%%/lib
- at exec mkdir -p %D/%%WWWDIR%%/graphs
- at exec mkdir -p %D/%%WWWDIR%%/data
- at exec mkdir -p %D/%%WWWDIR%%/contrib
Modified: head/devel/bugzilla44/Makefile
==============================================================================
--- head/devel/bugzilla44/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla44/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= bugzilla
-PORTVERSION= 4.4
+PORTVERSION= 4.4.1
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= webtools webtools/archived
@@ -25,8 +25,6 @@ RUN_DEPENDS= \
p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \
p5-URI>=1.37:${PORTSDIR}/net/p5-URI
-LATEST_LINK= bugzilla44
-
USES= perl5
USE_PERL5= patch build run
@@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib
USE_APACHE_RUN= 22+
.endif
-.include <bsd.port.pre.mk>
-
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql
@@ -175,6 +171,8 @@ post-patch:
@${FIND} ${WRKSRC} \( -name "CVS" -or -name ".cvsignore" -or -name "*.orig" \
-or -name "*.bak" -or -name ".bzr*" -or -name "README.docs" \) \
| ${XARGS} ${RM} -rf
+# empty leftover
+ @${RM} ${WRKSRC}/docs/en/html/Bugzilla-Guide.proc
do-install: .SILENT
${MKDIR} ${STAGEDIR}${WWWDIR}
@@ -198,4 +196,4 @@ do-install: .SILENT
${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \;
.endif
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Modified: head/devel/bugzilla44/Makefile.common
==============================================================================
--- head/devel/bugzilla44/Makefile.common Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla44/Makefile.common Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,8 +1,10 @@
# $FreeBSD$
DIST_SUBDIR= ${PORTNAME}
+PKGNAMESUFFIX= 44
CONFLICTS_INSTALL= \
+ bugzilla4[^4].* \
bugzilla-4.[^4].*
PORTSCOUT= limitw:1,even
Modified: head/devel/bugzilla44/distinfo
==============================================================================
--- head/devel/bugzilla44/distinfo Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla44/distinfo Thu Oct 17 19:35:22 2013 (r330666)
@@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.4.tar.gz) = 709e1b07ca23a91fbf5fb3d34645a8b574af39034b216daa1811effd02ebd72e
-SIZE (bugzilla/bugzilla-4.4.tar.gz) = 2441533
+SHA256 (bugzilla/bugzilla-4.4.1.tar.gz) = cc63513b98f7f0a523c58c642554ec72ee1e941f7d13c306e2e8c7e4cceeb428
+SIZE (bugzilla/bugzilla-4.4.1.tar.gz) = 2966058
Modified: head/devel/bugzilla44/pkg-plist
==============================================================================
--- head/devel/bugzilla44/pkg-plist Thu Oct 17 19:22:58 2013 (r330665)
+++ head/devel/bugzilla44/pkg-plist Thu Oct 17 19:35:22 2013 (r330666)
@@ -183,7 +183,7 @@
%%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif
%%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif
- at comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
+%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf
%%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt
%%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt
%%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml
@@ -999,6 +999,8 @@
@dirrmtry %%WWWDIR%%/js/history.js
@dirrmtry %%WWWDIR%%/js
@dirrm %%WWWDIR%%/images
+ at dirrmtry %%WWWDIR%%/graphs
+ at dirrmtry %%WWWDIR%%/data
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline
%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit
@dirrmtry %%WWWDIR%%/contrib
@@ -1027,8 +1029,6 @@
@dirrm %%WWWDIR%%/Bugzilla/Auth
@dirrm %%WWWDIR%%/Bugzilla/Attachment
@dirrmtry %%WWWDIR%%/Bugzilla
- at dirrmtry %%WWWDIR%%/data
- at dirrmtry %%WWWDIR%%/graphs
@dirrmtry %%WWWDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%/xsl
%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch
@@ -1062,10 +1062,3 @@
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html
%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
%%PORTDOCS%%@dirrm %%DOCSDIR%%
- at exec mkdir -p %D/%%WWWDIR%%/xt
- at exec mkdir -p %D/%%WWWDIR%%/t
- at exec mkdir -p %D/%%WWWDIR%%/lib
- at exec mkdir -p %D/%%WWWDIR%%/graphs
- at exec mkdir -p %D/%%WWWDIR%%/data
- at exec mkdir -p %D/%%WWWDIR%%/contrib
-%%PORTDOCS%%@exec mkdir -p %D/%%DOCSDIR%%/en/pdf
Modified: head/german/Makefile
==============================================================================
--- head/german/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/german/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,7 +11,7 @@
SUBDIR += bsdforen-firefox-searchplugin
SUBDIR += bsdgroup-firefox-searchplugin
SUBDIR += bsdpaste
- SUBDIR += bugzilla
+ SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += calligra-l10n
Modified: head/german/bugzilla40/Makefile
==============================================================================
--- head/german/bugzilla/Makefile Thu Oct 17 18:49:09 2013 (r330663)
+++ head/german/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -10,9 +10,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= German localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
-
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla
+RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
NO_WRKSUBDIR= yes
Modified: head/german/bugzilla42/Makefile
==============================================================================
--- head/german/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/german/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -10,9 +10,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= German localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
-
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
+RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
NO_WRKSUBDIR= yes
Modified: head/german/bugzilla44/Makefile
==============================================================================
--- head/german/bugzilla44/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/german/bugzilla44/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,9 +11,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= German localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
-
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla44
+RUN_DEPENDS= bugzilla44>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
NO_WRKSUBDIR= yes
Modified: head/japanese/Makefile
==============================================================================
--- head/japanese/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/japanese/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -25,7 +25,7 @@
SUBDIR += awffull
SUBDIR += bible_names-fpw
SUBDIR += bookview
- SUBDIR += bugzilla
+ SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += bugzilla44
SUBDIR += calligra-l10n
Modified: head/japanese/bugzilla40/Makefile
==============================================================================
--- head/japanese/bugzilla/Makefile Thu Oct 17 18:57:57 2013 (r330664)
+++ head/japanese/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,7 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-tem
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= Japanese localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
+RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla40
NO_WRKSUBDIR= yes
Modified: head/japanese/bugzilla42/Makefile
==============================================================================
--- head/japanese/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/japanese/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,9 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-tem
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= Japanese localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
-
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
+RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
NO_WRKSUBDIR= yes
Modified: head/japanese/bugzilla44/Makefile
==============================================================================
--- head/japanese/bugzilla44/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/japanese/bugzilla44/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -11,9 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-tem
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= Japanese localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
-
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla44
+RUN_DEPENDS= bugzilla44>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44
NO_WRKSUBDIR= yes
Modified: head/russian/Makefile
==============================================================================
--- head/russian/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/russian/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -6,7 +6,7 @@
SUBDIR += MT
SUBDIR += artwiz-ru
SUBDIR += aspell
- SUBDIR += bugzilla
+ SUBDIR += bugzilla40
SUBDIR += bugzilla42
SUBDIR += calligra-l10n
SUBDIR += d1489
Modified: head/russian/bugzilla40/Makefile
==============================================================================
--- head/russian/bugzilla/Makefile Thu Oct 17 18:49:09 2013 (r330663)
+++ head/russian/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -10,7 +10,7 @@ DISTNAME= bugzilla-${PORTVERSION}-ru-201
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= Russian localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
+RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla40
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru
Modified: head/russian/bugzilla42/Makefile
==============================================================================
--- head/russian/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665)
+++ head/russian/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666)
@@ -10,14 +10,12 @@ DISTNAME= bugzilla-${PORTVERSION}-ru-201
MAINTAINER= bugzilla at FreeBSD.org
COMMENT= Russian localization for Bugzilla
-RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
+RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru
.include "${.CURDIR}/../../devel/bugzilla42/Makefile.common"
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
-
do-install:
${MKDIR} ${STAGEDIR}${WWWDIR}
(cd ${WRKSRC}/ && ${PAX} -r -w * ${STAGEDIR}${WWWDIR})
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Oct 17 19:22:58 2013 (r330665)
+++ head/security/vuxml/vuln.xml Thu Oct 17 19:35:22 2013 (r330666)
@@ -51,6 +51,67 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e135f0c9-375f-11e3-80b7-20cf30e32f6d">
+ <topic>bugzilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>bugzilla</name>
+ <name>bugzilla40</name>
+ <name>bugzilla42</name>
+ <name>bugzilla44</name>
+ <range><ge>4.0.0</ge><lt>4.0.11</lt></range>
+ <range><ge>4.2.0</ge><lt>4.2.7</lt></range>
+ <range><ge>4.4</ge><lt>4.4.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>A Bugzilla Security Advisory reports:</h1>
+ <blockquote cite="http://www.bugzilla.org/security/4.0.10/">
+ <h1>Cross-Site Request Forgery</h1>
+ <p>When a user submits changes to a bug right after another
+ user did, a midair collision page is displayed to inform
+ the user about changes recently made. This page contains
+ a token which can be used to validate the changes if the
+ user decides to submit his changes anyway. A regression
+ in Bugzilla 4.4 caused this token to be recreated if a
+ crafted URL was given, even when no midair collision page
+ was going to be displayed, allowing an attacker to bypass
+ the token check and abuse a user to commit changes on his
+ behalf.</p>
+ <h1>Cross-Site Request Forgery</h1>
+ <p>When an attachment is edited, a token is generated to
+ validate changes made by the user. Using a crafted URL,
+ an attacker could force the token to be recreated,
+ allowing him to bypass the token check and abuse a user
+ to commit changes on his behalf.</p>
+ <h1>Cross-Site Scripting</h1>
+ <p>Some parameters passed to editflagtypes.cgi were not
+ correctly filtered in the HTML page, which could lead
+ to XSS.</p>
+ <h1>Cross-Site Scripting</h1>
+ <p>Due to an incomplete fix for CVE-2012-4189, some
+ incorrectly filtered field values in tabular reports
+ could lead to XSS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-1733</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=911593</url>
+ <cvename>CVE-2013-1734</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=913904</url>
+ <cvename>CVE-2013-1742</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=924802</url>
+ <cvename>CVE-2013-1743</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=924932</url>
+ </references>
+ <dates>
+ <discovery>2013-10-16</discovery>
+ <entry>2013-10-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="8c9b48d1-3715-11e3-a624-00262d8b701d">
<topic>dropbear -- exposure of sensitive information, DoS</topic>
<affects>
More information about the svn-ports-head
mailing list