19:35 ohauer 

- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is
recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743

 

21:49 ohauer 

- update bugzilla42 to version 4.2.6 (bugfix release)
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3

The following important fixes/changes have been made in this release:
 o MySQL 5.6 is now supported. (Bug 852560)
 o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
   installing Bugzilla for the first time. (Bug 858911)
 o If a custom field depends on a product, component or classification,
   the "mandatory" bit was ignored on bug creation. (Bug 782210)
 o Queries involving flags were broken in several ways.
   These queries have been fixed. (Bug 828344)
 o Tabular reports involving the empty resolution did not link bug
   counts correctly. (Bug 212471)
 o The Bug.search WebService method was returning all visible bugs
   when called with no arguments, ignoring the max_search_results
   and search_allow_no_criteria parameters. (Bug 859118)

Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html

 

16:25 ohauer 

- pkgng: cosmetic fix against lstat messages

21:37 ohauer 

- new port bugzilla42

New Features and Improvements:
- Experimental SQLite Support
- Creating an Attachment by Pasting Text Into a Text Field
- HTML Bugmail (default: on  can be disabled in user preference)
- Improved Searching System
- Disabling Old Components, Versions and Milestones
- Displaying a Custom Field Value Based on Multiple Values of Another Field
- Auditing of All Changes Within Bugzilla
- Accessibility Improvements

And many other Improvements, for complete list see:
 http://www.bugzilla.org/releases/4.2.1/release-notes.html