FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

Please give me your LTO-4 or better tape library and I'll put it to good use.
Port details
bugzilla44 Bug-tracking system developed by Mozilla Project
4.4.8_1 devel on this many watch lists=0 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port
Maintainer: bz-ports@FreeBSD.org search for ports maintained by this maintainer
Port Added: 20 Jun 2013 22:21:51
License: MPL
Bugzilla is one example of a class of programs called "Defect Tracking
Systems", or, more commonly, "Bug-Tracking Systems". Defect Tracking
Systems allow individual or groups of developers to keep track of
outstanding bugs in their product effectively.

Bugzilla has matured immensely, and now boasts many advanced features.
These include:

  * integrated, product-based granular security schema
  * inter-bug dependencies and dependency graphing
  * advanced reporting capabilities
  * a robust, stable RDBMS back-end
  * extensive configurability
  * a very well-understood and well-thought-out natural bug resolution
    protocol
  * email, XML, console, and HTTP APIs
  * available integration with automated software configuration
    management systems, including Perforce and CVS (through the
    Bugzilla email interface and checkin/checkout scripts)
  * too many more features to list

WWW: http://www.bugzilla.org/
SVNWeb : Homepage : Distfiles Availability : PortsMon

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. p5-Module-Pluggable>=5.1 : devel/p5-Module-Pluggable
  2. perl5.20.2 : lang/perl5.20
Runtime dependencies:
  1. p5-CGI>=3.51 : www/p5-CGI
  2. p5-DBI>=1.614 : databases/p5-DBI
  3. p5-DateTime-TimeZone>=1.64 : devel/p5-DateTime-TimeZone
  4. p5-DateTime>=0.75 : devel/p5-DateTime
  5. p5-Email-MIME>=1.904 : mail/p5-Email-MIME
  6. p5-Email-Send>=2.04 : mail/p5-Email-Send
  7. p5-Encode-Detect>=0 : converters/p5-Encode-Detect
  8. p5-List-MoreUtils>=0.32 : lang/p5-List-MoreUtils
  9. p5-Math-Random-ISAAC>=1.001 : math/p5-Math-Random-ISAAC
  10. p5-Template-Toolkit>=2.22 : www/p5-Template-Toolkit
  11. p5-TimeDate>=2.23 : devel/p5-TimeDate
  12. p5-URI>=1.55 : net/p5-URI
  13. p5-Module-Pluggable>=5.1 : devel/p5-Module-Pluggable
  14. p5-Text-Tabs+Wrap>=2013.0523 : textproc/p5-Text-Tabs+Wrap
  15. p5-GD>=1.20 : graphics/p5-GD
  16. p5-GD-Graph>=0 : graphics/p5-GD-Graph
  17. p5-GD-TextUtil>=0 : graphics/p5-GD-TextUtil
  18. p5-Template-GD>=0 : www/p5-Template-GD
  19. p5-Chart>=2.4.1 : graphics/p5-Chart
  20. p5-PatchReader>=0.9.6 : devel/p5-PatchReader
  21. interdiff : misc/patchutils
  22. p5-HTML-Parser>=3.67 : www/p5-HTML-Parser
  23. p5-HTML-Scrubber>=0 : www/p5-HTML-Scrubber
  24. perl5.20.2 : lang/perl5.20
Extract dependencies:
  1. perl5.20.2 : lang/perl5.20

This port is required by:

for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

To install the port: cd /usr/ports/devel/bugzilla44/ && make install clean
To add the package: pkg install devel/bugzilla44


Configuration Options
===> The following configuration options are available for bugzilla44-4.4.8_1:
     DOCS=on: Build and/or install documentation
     MODPERL=off: mod_perl protocol support
====> Options available for the group UI
     PATCH_VIEWER=on: Patch Viewer
     MORE_HTML=on: More HTML in Product/Group Descriptions
====> Database Engine
     MYSQL=off: MySQL database support
     PGSQL=off: PostgreSQL database support
     SQLITE=off: SQLite database support
====> Reports and Charts
     GRAPHVIZ=off: Graphviz graph drawing support
     GRAPH_REPORTS=on: Graphical Reports
     CHARTING_MODULES=on: Bug charting support
====> Attachment handling
     BMP2PNG=off: BMP Attachments to PNGs
     MIME_SNIFF=off: Sniff MIME type of attachments
====> Email handling
     INBOUND_EMAIL=off: Inbound Email
     MAIL_QUEUEING=off: Mail Queueing
     SMTP_AUTH=off: SMTP Authentication
     SMTP_SSL=off: SSL Support for SMTP
====> Web Services
     XMLRPC=off: XML-RPC Interface
     JSONRPC=off: JSON-RPC Interface
====> Alternative Authentication
     LDAP=off: LDAP protocol support
     RADIUS=off: RADIUS protocol support
====> Administration
     MOVE_BUGZ=off: Move Bugs Between Installations
     EXPORT_IMPORT=off: Import/export bugs (via XML)
     CONTRIB=on: Install user-contributed scripts
===> Use 'make config' to modify these settings

USES:
perl5 cpe

Master Sites:
  1. ftp://ftp.mozilla.org/pub/mozilla.org/webtools/
  2. ftp://ftp.mozilla.org/pub/mozilla.org/webtools/archived/
  3. http://distcache.FreeBSD.org/ports-distfiles/bugzilla/
  4. http://ftp.mozilla.org/pub/mozilla.org/webtools/
  5. http://ftp.mozilla.org/pub/mozilla.org/webtools/archived/
  6. http://mirror.internode.on.net/pub/mozilla/webtools/
  7. http://mirror.internode.on.net/pub/mozilla/webtools/archived/
  8. https://ftp.mozilla.org/pub/mozilla.org/webtools/
  9. https://ftp.mozilla.org/pub/mozilla.org/webtools/archived/

Number of commits found: 28

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
14 May 2015 10:15:09
Original commit files touched by this commit  4.4.8_1
Revision:386312
mat search for other commits by this committer
MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight
25 Apr 2015 16:12:20
Original commit files touched by this commit  4.4.8_1
Revision:384736
adamw search for other commits by this committer
Convert remaining p5-CGI.pm consumers to p5-CGI, and bump PORTREVISION.

All these changes are tested but the following are worth noting:

The following ports fail "make test", but did so before this change, and
fail in the same places:
- textproc/p5-xmltv
- www/p5-Business-Paypal
- www/p5-CGI-Enurl

www/p5-Apache-Gallery is missing all sorts of dependencies, fails all tests,
and should probably be marked BROKEN

For graphics/imc, move the OPTIONS_DEFINE block out of the LICENSE block area.

As long as we're here, sort plist on perl@-owned ports.
27 Jan 2015 21:33:43
Original commit files touched by this commit  4.4.8
Revision:378023
ohauer search for other commits by this committer
- update to 4.4.8

Release Notes:
https://www.bugzilla.org/releases/4.4.8/release-notes.html

This releases contains the following bug fix:
 - Fixing a regression caused by bug 10902750 [1], JSON-RPC API calls could
   crash in certain cases instead of displaying the proper error message.
   (Bug 1124716) [2]

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124716

MFH:		2015Q1
26 Jan 2015 20:28:46
Original commit files touched by this commit  4.4.7
Revision:377952
ohauer search for other commits by this committer
- update to 4.4.7
- adjust dependency

MFH:		2015Q1
Security:	dc2d76df-a595-11e4-9363-20cf30e32f6d
		CVE-2014-8630
21 Dec 2014 10:29:28
Original commit files touched by this commit  4.4.6_3
Revision:375155 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- Since SOAP::Lite 1.0, XMLRPC::Lite is no longer included
  and so it must be installed separately.
- Update min. dependency for some other modules [1]
- bump PORTREVISION

[1] Update min. dependency (ripped from upstream Requirements.pm)

- p5-DateTime-TimeZone>=1.64:
  fixes a taint issue preventing the local timezone from being determined on
some systems.

- p5-DateTime>=0.75
  fixes a warning thrown with Perl 5.17 and newer

- p5-List-MoreUtils>=0.32
  fixes several memory leaks in the XS version of some functions
(Only the first 15 lines of the commit message are shown above View all of this commit message)
18 Dec 2014 18:35:35
Original commit files touched by this commit  4.4.6_2
Revision:374914 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- explicitly depend on textproc/p5-Text-Tabv (if ${PERL_LEVEL} >= 501800)
- bump PORTREVISION

This patch was also suggested by upstream:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1067285

PR:		196060
PR:		196100
Submitted by:	mva@
01 Dec 2014 23:19:07
Original commit files touched by this commit  4.4.6_1
Revision:373727 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- list empty dirs (make qa-script happy)
- if PERL_LEVEL >= 501800, then also depend on devel/p5-Module-Pluggable
   Module::Pluggable from perl5.18 complains about deprection and this way
   cron job notice is no longer readable
- bump PORTREVISION
27 Oct 2014 10:10:59
Original commit files touched by this commit  4.4.6
Revision:371544 This port version is marked as vulnerable.
bapt search for other commits by this committer
Cleanup plist
07 Oct 2014 04:38:08
Original commit files touched by this commit  4.4.6
Revision:370268 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- add CPE information

[1] additional MFH revisions: r370209, 370211

MFH:		2014Q4 [1]
06 Oct 2014 19:16:43
Original commit files touched by this commit  4.4.6
Revision:370211 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to bugzilla 4.4.6

Summary
=======
The following security issues have been discovered in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
  creation, which could lead to user data override.
* Several places were found in the Bugzilla code where cross-site
  scripting attacks could be used to access sensitive information.
* Private comments can be shown to flagmail recipients who aren't in
  the insider group
* Specially formatted values in a CSV search results export could be
  used in spreadsheet software to attack a user's computer.

Security:	CVE-2014-1572
		CVE-2014-1571
		CVE-2014-1571
04 Oct 2014 10:29:55
Original commit files touched by this commit  4.4.5_1
Revision:369951 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- remove FreeBSD-specific bits
- bump PORTREVISION

PR:		194123
Submitted by:	mva
Reviewed by:	eadler
05 Sep 2014 23:09:28
Original commit files touched by this commit  4.4.5
Revision:367398 This port version is marked as vulnerable.
flo search for other commits by this committer
Change MAINTAINER to bz-ports@ as discussed with bugzilla@ (now bz-ports@)
and bugmeister@. bugzilla@ will be used by bugmeister@ from now on.

Submitted by:	bugzilla (ohauer)
Approved by:	bugzilla (ohauer)
Hat:		postmaster
29 Jul 2014 00:39:33
Original commit files touched by this commit  4.4.5
Revision:363280 This port version is marked as vulnerable.
peter search for other commits by this committer
Update FreeBSD.org cluster-specific patch to match what is running on
bugs.freebsd.org/bugzilla/.
25 Jul 2014 14:15:56
Original commit files touched by this commit  4.4.5
Revision:362911 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to bugzilla44-4.4.5

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.

http://www.bugzilla.org/security/4.0.13/

MFH:		2014Q3
Security:	9defb2d6-1404-11e4-8cae-20cf30e32f6d
		CVE-2014-1546
27 Jun 2014 17:21:07
Original commit files touched by this commit  4.4.4_1
Revision:359586 This port version is marked as vulnerable.
miwi search for other commits by this committer
- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)
18 May 2014 19:33:06
Original commit files touched by this commit  4.4.4
Revision:354456 This port version is marked as vulnerable.
eadler search for other commits by this committer
devel/bugzilla44: Better the description

Submitted by:	gavin
Approved by:	ohauer (maintainer, implicit)
13 May 2014 06:24:52
Original commit files touched by this commit  4.4.4
Revision:353915 This port version is marked as vulnerable.
eadler search for other commits by this committer
devel/bugzilla44: add FreeBSD specific patch.

Abuse our position as the owner of the ports tree to commit a project specific
option and patch to the bugzilla port.

Approved by:	ohauer (maintainer)
20 Apr 2014 17:26:52
Original commit files touched by this commit  4.4.4
Revision:351626 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update bugzilla to 4.4.4, 4.2.9, 4.0.13
- minor Makefile cleanup

This release fixes one regression introduced in Bugzilla by
security bug 968576: URLs in bug comments are displayed
correctly again. (Bug 998323)

Release Notes & Changes
=======================
Before installing or upgrading, you should read the Release Notes for
the new version of Bugzilla:

  4.4.4:  http://www.bugzilla.org/releases/4.4.4/release-notes.html
  4.2.9:  http://www.bugzilla.org/releases/4.2.9/release-notes.html
  4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html

MFH:		2014Q2
18 Apr 2014 18:54:32
Original commit files touched by this commit  4.4.3_1
Revision:351558 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- commit forgotten distinfo
18 Apr 2014 18:52:42
Original commit files touched by this commit  4.4.3_1
Revision:351557 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- distfiles where regenerated (wrong dependency list in the documentation)
- because there will no upstream fixes for CVE-2014-1517 mark bugzilla40 /
  bugzilla42 forbidden and set expiration date to 2014-06-21
- fix the GRAPHVIZ OPTION
- bump PORTREVISION

MFH:		2014Q2
18 Apr 2014 15:03:41
Original commit files touched by this commit  4.4.3
Revision:351542 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs

Security:	CVE-2014-1517
Security:	608ed765-c700-11e3-848c-20cf30e32f6d
Security:	60bfa396-c702-11e3-848c-20cf30e32f6d
15 Jan 2014 05:31:36
Original commit files touched by this commit  4.4.1
Revision:339753 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- add new MASTER_SITE_BUGZILLA
- remove one dead MASTER_SITE_MOZILLA server

Approved by:	portmgr@ (tabthorpe)
17 Oct 2013 19:35:22
Refresh Original commit files touched by this commit
Revision:330666  Sanity Test Failure
ohauer search for other commits by this committer
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
(Only the first 15 lines of the commit message are shown above View all of this commit message)
26 Sep 2013 19:00:41
Original commit files touched by this commit  4.4
Revision:328405 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- add STAGE support to bugzilla ports
- remove bugzilla3 CONFLICTS
20 Sep 2013 17:03:27
Refresh Original commit files touched by this commit
Revision:327722  Sanity Test Failure
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 1)
31 Jul 2013 06:54:10
Original commit files touched by this commit  4.4
Revision:324007 This port version is marked as vulnerable.
az search for other commits by this committer
- Convert to new Uses/perl5.mk framework
- Resolve issues with implicit lang/perl in extract and patch dependencies
- Trim Makefile header

Reviewed by:	bapt@ (exp-run)
Approved by:	bapt@ (portmrg@)
06 Jul 2013 10:38:14
Original commit files touched by this commit  4.4
Revision:322383 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- fix typo in OPTION group
20 Jun 2013 22:21:37
Original commit files touched by this commit  4.4
Revision:321429 This port version is marked as vulnerable.
ohauer search for other commits by this committer
New ports for bugzilla44
- devel/bugzilla44
- japanese/bugzilla44
- german/bugzilla44

Release Notes:
http://www.bugzilla.org/releases/4.4/release-notes.html

Number of commits found: 28

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
krb5May 28
krb5-112May 28
tsharkMay 28
tshark-liteMay 28
wiresharkMay 28
wireshark-liteMay 28
curlMay 26
curlMay 26
cassandraMay 24
cassandra2May 24
py-saltMay 24
davmailMay 23
dnsmasqMay 23
dnsmasq-develMay 23
dnsmasq-develMay 23

22 vulnerabilities affecting 39 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24824
Broken 226
Deprecated 66
Ignore 494
Forbidden 1
Restricted 204
No CDROM 95
Vulnerable 21
Expired 10
Set to expire 55
Interactive 0
new 24 hours 2
new 48 hours12
new 7 days40
new fortnight79
new month157

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.