FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

Port details
bugzilla44 Bug-tracking system developed by Mozilla Project
4.4.11 devel on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port
Maintainer: bz-ports@FreeBSD.org search for ports maintained by this maintainer
Port Added: 20 Jun 2013 22:21:51
License: MPL
Bugzilla is one example of a class of programs called "Defect Tracking
Systems", or, more commonly, "Bug-Tracking Systems". Defect Tracking
Systems allow individual or groups of developers to keep track of
outstanding bugs in their product effectively.

Bugzilla has matured immensely, and now boasts many advanced features.
These include:

  * integrated, product-based granular security schema
  * inter-bug dependencies and dependency graphing
  * advanced reporting capabilities
  * a robust, stable RDBMS back-end
  * extensive configurability
  * a very well-understood and well-thought-out natural bug resolution
    protocol
  * email, XML, console, and HTTP APIs
  * available integration with automated software configuration
    management systems, including Perforce and CVS (through the
    Bugzilla email interface and checkin/checkout scripts)
  * too many more features to list

WWW: http://www.bugzilla.org/
SVNWeb : Homepage : PortsMon

To install the port: cd /usr/ports/devel/bugzilla44/ && make install clean
To add the package: pkg install bugzilla44

PKGNAME: bugzilla44


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Runtime dependencies:
  1. p5-CGI>=3.51 : www/p5-CGI
  2. p5-DBI>=1.614 : databases/p5-DBI
  3. p5-DateTime-TimeZone>=1.64 : devel/p5-DateTime-TimeZone
  4. p5-DateTime>=0.75 : devel/p5-DateTime
  5. p5-Email-MIME>=1.904 : mail/p5-Email-MIME
  6. p5-Email-Send>=2.04 : mail/p5-Email-Send
  7. p5-Encode-Detect>=0 : converters/p5-Encode-Detect
  8. p5-List-MoreUtils>=0.32 : lang/p5-List-MoreUtils
  9. p5-Math-Random-ISAAC>=1.001 : math/p5-Math-Random-ISAAC
  10. p5-Module-Pluggable>=5.1 : devel/p5-Module-Pluggable
  11. p5-Template-Toolkit>=2.24 : www/p5-Template-Toolkit
  12. p5-Text-Tabs+Wrap>=2013.0523 : textproc/p5-Text-Tabs+Wrap
  13. p5-TimeDate>=2.23 : devel/p5-TimeDate
  14. p5-URI>=1.55 : net/p5-URI
  15. p5-PatchReader>=0.9.6 : devel/p5-PatchReader
  16. interdiff : misc/patchutils
  17. p5-HTML-Parser>=3.67 : www/p5-HTML-Parser
  18. p5-HTML-Scrubber>=0 : www/p5-HTML-Scrubber
  19. p5-GD>=1.20 : graphics/p5-GD
  20. p5-GD-Graph>=0 : graphics/p5-GD-Graph
  21. p5-GD-TextUtil>=0 : graphics/p5-GD-TextUtil
  22. p5-Template-GD>=0 : www/p5-Template-GD
  23. p5-Chart>=2.4.10 : graphics/p5-Chart
  24. perl5>=5.20<5.21 : lang/perl5.20

This port is required by:

for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...
Configuration Options
===> The following configuration options are available for bugzilla44-4.4.11:
     DOCS=on: Build and/or install documentation
     MODPERL=off: mod_perl protocol support
====> Options available for the group UI
     PATCH_VIEWER=on: Patch Viewer
     MORE_HTML=on: More HTML in Product/Group Descriptions
====> Database Engine
     MYSQL=off: MySQL database support
     PGSQL=off: PostgreSQL database support
     SQLITE=off: SQLite database support
====> Reports and Charts
     GRAPHVIZ=off: Graphviz graph drawing support
     GRAPH_REPORTS=on: Graphical Reports
     CHARTING_MODULES=on: Bug charting support
====> Attachment handling
     BMP2PNG=off: BMP Attachments to PNGs
     MIME_SNIFF=off: Sniff MIME type of attachments
====> Email handling
     INBOUND_EMAIL=off: Inbound Email
     MAIL_QUEUEING=off: Mail Queueing
     SMTP_AUTH=off: SMTP Authentication
     SMTP_SSL=off: SSL Support for SMTP
====> Web Services
     XMLRPC=off: XML-RPC Interface
     JSONRPC=off: JSON-RPC Interface
====> Alternative Authentication
     LDAP=off: LDAP protocol support
     RADIUS=off: RADIUS protocol support
====> Administration
     MOVE_BUGZ=off: Move Bugs Between Installations
     EXPORT_IMPORT=off: Import/export bugs (via XML)
     CONTRIB=on: Install user-contributed scripts
===> Use 'make config' to modify these settings

USES:
cpe perl5

Master Sites:
  1. http://distcache.FreeBSD.org/ports-distfiles/bugzilla/
  2. http://download.cdn.mozilla.net/pub/webtools/
  3. http://download.cdn.mozilla.net/pub/webtools/archived/
  4. https://archive.mozilla.org/pub/webtools/
  5. https://archive.mozilla.org/pub/webtools/archived/
Port Moves

Number of commits found: 37

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
25 Apr 2016 16:13:39
Original commit files touched by this commit  4.4.11
Revision:414014
mat search for other commits by this committer
Remove USE_SQLITE from bsd.databases.mk, replaced by USES=sqlite.

While there replace USE_SQLITE=x by USES=sqlite:x.

PR:		208971
Submitted by:	mat
Exp-run by:	antoine
With hat:	portmgr
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D5951
23 Apr 2016 06:58:15
Original commit files touched by this commit  4.4.11
Revision:413849
sunpoet search for other commits by this committer
- Remove unnecessary PERL_LEVEL check
- Add NO_ARCH
- Convert to new options helper
- Use bsd.port.mk instead of bsd.port.pre.mk + bsd.port.post.mk

With hat:	perl
Approved by:	portmgr (blanket)
01 Apr 2016 14:00:57
Original commit files touched by this commit  4.4.11
Revision:412346
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight
23 Dec 2015 11:25:38
Original commit files touched by this commit  4.4.11
Revision:404285
ohauer search for other commits by this committer
- update to 4.4.11

This release fixes two security issues.
See the Security Advisory for details. [1]

This release also contains the following bug fix:

 o mod_perl now works correctly with mod_access_compat turned off
   on Apache 2.4. The (incorrect) fix implemented in Bugzilla 4.4.9
   has been backed out. To regenerate the .htaccess files, you must
   first delete all existing ones in subdirectories:

    find . -mindepth 2 -name .htaccess -exec rm -f {} \;

   You must then run checksetup.pl again to recreate them with the
   correct syntax. (Bug 1223790)

[1] https://www.bugzilla.org/security/4.2.15/

MFH:		2015Q4
Security:	CVE-2015-8508
		CVE-2015-8509
		vid="54075861-a95a-11e5-8b40-20cf30e32f6d"
14 Sep 2015 04:10:55
Original commit files touched by this commit  4.4.10
Revision:396878 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update bugzilla ports to 5.0.1 / 4.4.10

o Users whose login name is not an email address could not log in on
  installations which use LDAP to authenticate users.
o If a mandatory custom field was hidden, it was not possible to create a
  new bug or to edit existing ones.
o A user editing his login name to point to a non-existent email address
  could cause Bugzilla to stop working, causing a denial of service.
o Emails generated during a transaction made PostgreSQL stop working.
o Bugs containing a comment with a reference to a bug ID larger than 2^31
  could not be displayed anymore using PostgreSQL.
o Emails sent by Bugzilla are now correctly encoded as UTF-8.
o The date picker in the "Time Summary" page was broken.
o If Test::Taint or any other Perl module required to use the JSON-RPC API
  was not installed or was too old, the UI to tag comments was displayed
  anyway, you could tag comments, but tags were not persistent (they were
  lost on page reload). Now the UI to tag comments is not displayed at all
  until the missing Perl modules are installed and up-to-date.
o Custom fields of type INTEGER now accept negative integers.

MFH:		2015Q3
Security:	CVE-2015-4499
Security:	ea893f06-5a92-11e5-98c0-20cf30e32f6d
12 Jul 2015 07:38:53
Original commit files touched by this commit  4.4.9_1
Revision:391768 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- sort USES (noted by portlint)
- remove redundant -f from $RM
- adjust comment about interface deprecation
09 Jun 2015 14:24:42
Original commit files touched by this commit  4.4.9_1
Revision:388939 This port version is marked as vulnerable.
jbeich search for other commits by this committer
bsd.sites.mk: cleanup MOZILLA mirrors

- Switch to CDN by default as mirrors are no longer kept up to date
- Drop obsolete pointer to http://www.mozilla.org/mirrors.html
- Drop redundant BUGZILLA and MOZILLA_EXTEND
- Shorten MASTER_SITES in gecko@ ports
- Move MOZILLA_ADDONS to bsd.sites.mk
- Move one of MOZILLA mirrors with old addons under MOZILLA_ADDONS
- Addons CDN redirects to https://, so don't mislead with http://

https://blog.mozilla.org/it/2012/08/03/dear-mozilla-mirrors-thank-you/

Differential Revision:	https://reviews.freebsd.org/D2550
Tested by:	distilator
Reviewed by:	mat (partial)
Approved by:	bz-ports (ohauer), portmgr blanket (office@ et al.)
Approved by:	portmgr (bapt, earlier version)
MFH:		2015Q2
31 May 2015 17:40:25
Original commit files touched by this commit  4.4.9_1
Revision:388123 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- catch all sendmail paths
- be more specific in replacing /mysql/Pg/
- bump PORTREVISION
31 May 2015 16:07:59
Original commit files touched by this commit  4.4.9
Revision:388117 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to 4.4.9
14 May 2015 10:15:09
Original commit files touched by this commit  4.4.8_1
Revision:386312 This port version is marked as vulnerable.
mat search for other commits by this committer
MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight
25 Apr 2015 16:12:20
Original commit files touched by this commit  4.4.8_1
Revision:384736 This port version is marked as vulnerable.
adamw search for other commits by this committer
Convert remaining p5-CGI.pm consumers to p5-CGI, and bump PORTREVISION.

All these changes are tested but the following are worth noting:

The following ports fail "make test", but did so before this change, and
fail in the same places:
- textproc/p5-xmltv
- www/p5-Business-Paypal
- www/p5-CGI-Enurl

www/p5-Apache-Gallery is missing all sorts of dependencies, fails all tests,
and should probably be marked BROKEN

For graphics/imc, move the OPTIONS_DEFINE block out of the LICENSE block area.

As long as we're here, sort plist on perl@-owned ports.
27 Jan 2015 21:33:43
Original commit files touched by this commit  4.4.8
Revision:378023 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to 4.4.8

Release Notes:
https://www.bugzilla.org/releases/4.4.8/release-notes.html

This releases contains the following bug fix:
 - Fixing a regression caused by bug 10902750 [1], JSON-RPC API calls could
   crash in certain cases instead of displaying the proper error message.
   (Bug 1124716) [2]

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124716

MFH:		2015Q1
26 Jan 2015 20:28:46
Original commit files touched by this commit  4.4.7
Revision:377952 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to 4.4.7
- adjust dependency

MFH:		2015Q1
Security:	dc2d76df-a595-11e4-9363-20cf30e32f6d
		CVE-2014-8630
21 Dec 2014 10:29:28
Original commit files touched by this commit  4.4.6_3
Revision:375155 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- Since SOAP::Lite 1.0, XMLRPC::Lite is no longer included
  and so it must be installed separately.
- Update min. dependency for some other modules [1]
- bump PORTREVISION

[1] Update min. dependency (ripped from upstream Requirements.pm)

- p5-DateTime-TimeZone>=1.64:
  fixes a taint issue preventing the local timezone from being determined on
some systems.

- p5-DateTime>=0.75
  fixes a warning thrown with Perl 5.17 and newer

- p5-List-MoreUtils>=0.32
  fixes several memory leaks in the XS version of some functions
(Only the first 15 lines of the commit message are shown above View all of this commit message)
18 Dec 2014 18:35:35
Original commit files touched by this commit  4.4.6_2
Revision:374914 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- explicitly depend on textproc/p5-Text-Tabv (if ${PERL_LEVEL} >= 501800)
- bump PORTREVISION

This patch was also suggested by upstream:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1067285

PR:		196060
PR:		196100
Submitted by:	mva@
01 Dec 2014 23:19:07
Original commit files touched by this commit  4.4.6_1
Revision:373727 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- list empty dirs (make qa-script happy)
- if PERL_LEVEL >= 501800, then also depend on devel/p5-Module-Pluggable
   Module::Pluggable from perl5.18 complains about deprection and this way
   cron job notice is no longer readable
- bump PORTREVISION
27 Oct 2014 10:10:59
Original commit files touched by this commit  4.4.6
Revision:371544 This port version is marked as vulnerable.
bapt search for other commits by this committer
Cleanup plist
07 Oct 2014 04:38:08
Original commit files touched by this commit  4.4.6
Revision:370268 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- add CPE information

[1] additional MFH revisions: r370209, 370211

MFH:		2014Q4 [1]
06 Oct 2014 19:16:43
Original commit files touched by this commit  4.4.6
Revision:370211 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to bugzilla 4.4.6

Summary
=======
The following security issues have been discovered in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
  creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
  scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
  the insider group
* Specially formatted values in a CSV search results export could be
  used in spreadsheet software to attack a user's computer.

Security:	CVE-2014-1572
		CVE-2014-1571
		CVE-2014-1571
04 Oct 2014 10:29:55
Original commit files touched by this commit  4.4.5_1
Revision:369951 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- remove FreeBSD-specific bits
- bump PORTREVISION

PR:		194123
Submitted by:	mva
Reviewed by:	eadler
05 Sep 2014 23:09:28
Original commit files touched by this commit  4.4.5
Revision:367398 This port version is marked as vulnerable.
flo search for other commits by this committer
Change MAINTAINER to bz-ports@ as discussed with bugzilla@ (now bz-ports@)
and bugmeister@. bugzilla@ will be used by bugmeister@ from now on.

Submitted by:	bugzilla (ohauer)
Approved by:	bugzilla (ohauer)
Hat:		postmaster
29 Jul 2014 00:39:33
Original commit files touched by this commit  4.4.5
Revision:363280 This port version is marked as vulnerable.
peter search for other commits by this committer
Update FreeBSD.org cluster-specific patch to match what is running on
bugs.freebsd.org/bugzilla/.
25 Jul 2014 14:15:56
Original commit files touched by this commit  4.4.5
Revision:362911 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to bugzilla44-4.4.5

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.

http://www.bugzilla.org/security/4.0.13/

MFH:		2014Q3
Security:	9defb2d6-1404-11e4-8cae-20cf30e32f6d
		CVE-2014-1546
27 Jun 2014 17:21:07
Original commit files touched by this commit  4.4.4_1
Revision:359586 This port version is marked as vulnerable.
miwi search for other commits by this committer
- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)
18 May 2014 19:33:06
Original commit files touched by this commit  4.4.4
Revision:354456 This port version is marked as vulnerable.
eadler search for other commits by this committer
devel/bugzilla44: Better the description

Submitted by:	gavin
Approved by:	ohauer (maintainer, implicit)
13 May 2014 06:24:52
Original commit files touched by this commit  4.4.4
Revision:353915 This port version is marked as vulnerable.
eadler search for other commits by this committer
devel/bugzilla44: add FreeBSD specific patch.

Abuse our position as the owner of the ports tree to commit a project specific
option and patch to the bugzilla port.

Approved by:	ohauer (maintainer)
20 Apr 2014 17:26:52
Original commit files touched by this commit  4.4.4
Revision:351626 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update bugzilla to 4.4.4, 4.2.9, 4.0.13
- minor Makefile cleanup

This release fixes one regression introduced in Bugzilla by
security bug 968576: URLs in bug comments are displayed
correctly again. (Bug 998323)

Release Notes & Changes
=======================
Before installing or upgrading, you should read the Release Notes for
the new version of Bugzilla:

  4.4.4:  http://www.bugzilla.org/releases/4.4.4/release-notes.html
  4.2.9:  http://www.bugzilla.org/releases/4.2.9/release-notes.html
  4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html

MFH:		2014Q2
18 Apr 2014 18:54:32
Original commit files touched by this commit  4.4.3_1
Revision:351558 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- commit forgotten distinfo
18 Apr 2014 18:52:42
Original commit files touched by this commit  4.4.3_1
Revision:351557 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- distfiles where regenerated (wrong dependency list in the documentation)
- because there will no upstream fixes for CVE-2014-1517 mark bugzilla40 /
  bugzilla42 forbidden and set expiration date to 2014-06-21
- fix the GRAPHVIZ OPTION
- bump PORTREVISION

MFH:		2014Q2
18 Apr 2014 15:03:41
Original commit files touched by this commit  4.4.3
Revision:351542 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs

Security:	CVE-2014-1517
Security:	608ed765-c700-11e3-848c-20cf30e32f6d
Security:	60bfa396-c702-11e3-848c-20cf30e32f6d
15 Jan 2014 05:31:36
Original commit files touched by this commit  4.4.1
Revision:339753 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- add new MASTER_SITE_BUGZILLA
- remove one dead MASTER_SITE_MOZILLA server

Approved by:	portmgr@ (tabthorpe)
17 Oct 2013 19:35:22
Refresh Original commit files touched by this commit
Revision:330666  Sanity Test Failure
ohauer search for other commits by this committer
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
(Only the first 15 lines of the commit message are shown above View all of this commit message)
26 Sep 2013 19:00:41
Original commit files touched by this commit  4.4
Revision:328405 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- add STAGE support to bugzilla ports
- remove bugzilla3 CONFLICTS
20 Sep 2013 17:03:27
Refresh Original commit files touched by this commit
Revision:327722  Sanity Test Failure
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 1)
31 Jul 2013 06:54:10
Original commit files touched by this commit  4.4
Revision:324007 This port version is marked as vulnerable.
az search for other commits by this committer
- Convert to new Uses/perl5.mk framework
- Resolve issues with implicit lang/perl in extract and patch dependencies
- Trim Makefile header

Reviewed by:	bapt@ (exp-run)
Approved by:	bapt@ (portmrg@)
06 Jul 2013 10:38:14
Original commit files touched by this commit  4.4
Revision:322383 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- fix typo in OPTION group
20 Jun 2013 22:21:37
Original commit files touched by this commit  4.4
Revision:321429 This port version is marked as vulnerable.
ohauer search for other commits by this committer
New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44

Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html

Number of commits found: 37

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
logstashApr 28
subversionApr 28
subversion18Apr 28
ntpApr 27
ntp-develApr 27
firefoxApr 26
firefox-esrApr 26
libxulApr 26
linux-firefoxApr 26
linux-seamonkeyApr 26
linux-thunderbirdApr 26
seamonkeyApr 26
thunderbirdApr 26
phpmyfaqApr 23
libtasn1Apr 21

16 vulnerabilities affecting 44 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 25989
Broken 286
Deprecated 60
Ignore 552
Forbidden 0
Restricted 203
No CDROM 86
Vulnerable 54
Expired 26
Set to expire 47
Interactive 0
new 24 hours 6
new 48 hours10
new 7 days28
new fortnight52
new month143

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.