notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: devel/bugzilla42/Makefile

Number of commits found: 19

Sunday, 20 Apr 2014
17:26 ohauer search for other commits by this committer
- update bugzilla to 4.4.4, 4.2.9, 4.0.13
- minor Makefile cleanup

This release fixes one regression introduced in Bugzilla by
security bug 968576: URLs in bug comments are displayed
correctly again. (Bug 998323)

Release Notes & Changes
=======================
Before installing or upgrading, you should read the Release Notes for
the new version of Bugzilla:

  4.4.4:  http://www.bugzilla.org/releases/4.4.4/release-notes.html
  4.2.9:  http://www.bugzilla.org/releases/4.2.9/release-notes.html
  4.0.13: http://www.bugzilla.org/releases/4.0.13/release-notes.html

MFH:		2014Q2
Original commitRevision:351626 
Friday, 18 Apr 2014
18:52 ohauer search for other commits by this committer
- distfiles where regenerated (wrong dependency list in the documentation)
- because there will no upstream fixes for CVE-2014-1517 mark bugzilla40 /
  bugzilla42 forbidden and set expiration date to 2014-06-21
- fix the GRAPHVIZ OPTION
- bump PORTREVISION

MFH:		2014Q2
Original commitRevision:351557 
15:03 ohauer search for other commits by this committer
- update to 4.0.12, 4.2.8, 4.4.3
- move BINMODE to Makefile.common so it is also used in the language packs

Security:	CVE-2014-1517
Security:	608ed765-c700-11e3-848c-20cf30e32f6d
Security:	60bfa396-c702-11e3-848c-20cf30e32f6d
Original commitRevision:351542 
Wednesday, 15 Jan 2014
05:31 ohauer search for other commits by this committer
- add new MASTER_SITE_BUGZILLA
- remove one dead MASTER_SITE_MOZILLA server

Approved by:	portmgr@ (tabthorpe)
Original commitRevision:339753 
Thursday, 17 Oct 2013
19:35 ohauer search for other commits by this committer
- update to latest release [1]
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry

4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
  can lead to a bug being edited without the user consent.

* A CSRF vulnerability in attachment.cgi can lead to an attachment
  being edited without the user consent.

* Several unfiltered parameters when editing flagtypes can lead to XSS.

* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
  field values in tabular reports can lead to XSS.

All affected installations are encouraged to upgrade as soon as
possible.

[1]  even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is
recommend

Security:	vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
		CVE-2013-1733
		CVE-2013-1734
		CVE-2013-1742
		CVE-2013-1743
Original commitRevision:330666 
Thursday, 26 Sep 2013
19:00 ohauer search for other commits by this committer
- add STAGE support to bugzilla ports
- remove bugzilla3 CONFLICTS
Original commitRevision:328405 
Friday, 20 Sep 2013
17:03 bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
devel part 1)
Original commitRevision:327722 
Wednesday, 31 Jul 2013
06:54 az search for other commits by this committer
- Convert to new Uses/perl5.mk framework
- Resolve issues with implicit lang/perl in extract and patch dependencies
- Trim Makefile header

Reviewed by:	bapt@ (exp-run)
Approved by:	bapt@ (portmrg@)
Original commitRevision:324007 
Thursday, 20 Jun 2013
21:54 ohauer search for other commits by this committer
- use OPTION_GROUP in all devel/bugzilla ports
- s/CONFLICTS/CONFLICTS_INSTALL/
- use easier CONFLICT notation (future proof)
- trim Makefile.common header
- update russian/bugzilla42 language template to version 4.2.6
Original commitRevision:321428 
Thursday, 23 May 2013
21:49 ohauer search for other commits by this committer
- update bugzilla42 to version 4.2.6 (bugfix release)
- remove RUN_DEPENDS for (already expired) perl 5.10
- update german/bugzilla42
- set expiration date for bugzilla3

The following important fixes/changes have been made in this release:
 o MySQL 5.6 is now supported. (Bug 852560)
 o A regression introduced in Bugzilla 4.2.4 made Oracle crash when
   installing Bugzilla for the first time. (Bug 858911)
 o If a custom field depends on a product, component or classification,
   the "mandatory" bit was ignored on bug creation. (Bug 782210)
 o Queries involving flags were broken in several ways.
   These queries have been fixed. (Bug 828344)
 o Tabular reports involving the empty resolution did not link bug
   counts correctly. (Bug 212471)
 o The Bug.search WebService method was returning all visible bugs
   when called with no arguments, ignoring the max_search_results
   and search_allow_no_criteria parameters. (Bug 859118)

Release Notes:
http://www.bugzilla.org/releases/4.2.6/release-notes.html
Original commitRevision:318912 
Wednesday, 22 May 2013
14:30 miwi search for other commits by this committer
- Remove mysql 4X reference
Original commitRevision:318768 
Wednesday, 20 Feb 2013
06:16 ohauer search for other commits by this committer
- update bugzilla ports to latest version

  Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
  branch and the 3.6 branch, respectively. 4.0.10 contains several
  useful bug fixes and 3.6.13 contains only security fixes.

Security:	CVE-2013-0785
		CVE-2013-0786
Original commitRevision:312611 
Wednesday, 14 Nov 2012
21:31 ohauer search for other commits by this committer
- adjust required PgSQL module for bugzilla42

From Release Notes:
 PostgreSQL 9.2 requires DBD::Pg 2.19.3. (Bug 799721)

 No revision bump, p5-DBD-Pg-2.19.3
 a) not on per default
 b) in the tree since a view months

- add deprecation message to bugzilla3

From the announcement:
 Note that when Bugzilla 4.4 is released, the Bugzilla 3.6.x series
 will reach end of life. If you are using that series, we encourage
 you to upgrade to 4.2.4 now.

http://groups.google.com/group/mozilla.support.bugzilla/browse_thread/thread/d8dcc99be0f89421

Feature safe: yes
Original commitRevision:307429 
19:29 ohauer search for other commits by this committer
- bugzilla security updates to version(s)
  3.6.11, 4.0.8, 4.2.4

Summary
=======

The following security issues have been discovered in Bugzilla:

* Confidential product and component names can be disclosed to
  unauthorized users if they are used to control the visibility of
  a custom field.

* When calling the 'User.get' WebService method with a 'groups'
  argument, it is possible to check if the given group names exist
  or not.

* Due to incorrectly filtered field values in tabular reports, it is
  possible to inject code which can lead to XSS.

* When trying to mark an attachment in a bug you cannot see as
  obsolete, the description of the attachment is disclosed in the
  error message.

* A vulnerability in swfstore.swf from YUI2 can lead to XSS.

Feature safe: yes

Security:	CVE-2012-4199
		https://bugzilla.mozilla.org/show_bug.cgi?id=731178

		CVE-2012-4198
		https://bugzilla.mozilla.org/show_bug.cgi?id=781850

		CVE-2012-4189
		https://bugzilla.mozilla.org/show_bug.cgi?id=790296

		CVE-2012-4197
		https://bugzilla.mozilla.org/show_bug.cgi?id=802204

		CVE-2012-5475
		https://bugzilla.mozilla.org/show_bug.cgi?id=808845
		http://yuilibrary.com/support/20121030-vulnerability/
Original commitRevision:307425 
Saturday, 1 Sep 2012
20:16 ohauer search for other commits by this committer
- update bugzilla bugzilla3 and bugzilla42
- use new bugzilla@ address (members skv@, tota@, ohauer@)
- patch russian/japanese/german bugzilla and bugzilla templates
  so the reflect the security updates in the original templates
- patch german/bugzilla42 templates
- adopt new Makefile header

	vuxml: 6ad18fe5-f469-11e1-920d-20cf30e32f6d
	CVE: CVE-2012-3981
	https://bugzilla.mozilla.org/show_bug.cgi?id=785470
	https://bugzilla.mozilla.org/show_bug.cgi?id=785522
	https://bugzilla.mozilla.org/show_bug.cgi?id=785511
Original commitRevision:303519 
Saturday, 18 Aug 2012
14:29 ohauer search for other commits by this committer
- remove www/apache20 and devel/apr0
- s/USE_APACHE= 20+/USE_APACHE= 22+/
- unify s/YES/yes/
- cleanup APACHE_VERSION <= 22 usage
- add entry to MOVED

with hat apache@
Original commit
Saturday, 28 Jul 2012
16:25 ohauer search for other commits by this committer
- pkgng: cosmetic fix against lstat messages
Original commit
Friday, 27 Jul 2012
21:34 ohauer search for other commits by this committer
- security update bugzilla
  new Versions: 3.6.10, 4.0.7, 4.2.2

  4.2.2

  This release fixes two security issues. See the Security Advisory for details.

  In addition, the following important fixes/changes have been made in this
release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Some queries could trigger an invalid SQL query if strings entered by the
user
    contained leading or trailing whitespaces. (Bug 760075)
  o The auto-completion form for keywords no longer automatically selects the
    first keyword in the list when the field is empty. (Bug 764517)
  o A regression in Bugzilla 4.2 prevented classifications from being used in
    graphical and tabular reports in the "Multiple Tables" field. (Bug 753688)
  o Attachments created by the email_in.pl script were associated to the wrong
    comment. (Bug 762785)
  o Very long dependency lists can now be viewed correctly. (Bug 762783)
  o Keywords are now correctly escaped in the auto-completion form to prevent
any
    XSS abuse. (Bug 754561)
  o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
    the "Un-forget the search" link to not work correctly anymore when restoring
a
    deleted saved search, because this link was lacking a valid token. (Bug
768870)
  o Two minor CSRF vulnerabilities have been fixed which could let an attacker
    alter your default search criteria in the Advanced Search page. (Bugs 754672
    and 754673)

  4.0.7

  This release fixes one security issue. See the Security Advisory for details.

  In addition, the following bugs have been fixed in this release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Keywords are now correctly escaped in the auto-complete form to prevent any
    XSS abuse. (Bug 754561)
  o A regression introduced in Bugzilla 4.0rc2 when fixing CVE-2011-0046 caused
    the "Un-forget the search" link to not work correctly anymore when restoring
a
    deleted saved search, because this link was lacking a valid token. (Bug
768870)

  3.6.10

  This release fixes one security issue. See the Security Advisory for details.
  http://www.bugzilla.org/security/3.6.9/

Approved by:	implicit skv@ (bugzilla / bugzilla3)
Security:	CVE-2012-1968
		CVE-2012-1969
		https://bugzilla.mozilla.org/show_bug.cgi?id=777398
		https://bugzilla.mozilla.org/show_bug.cgi?id=777586
		vid=58253655-d82c-11e1-907c-20cf30e32f6d
Original commit
Tuesday, 24 Jul 2012
21:37 ohauer search for other commits by this committer
- new port bugzilla42

New Features and Improvements:
- Experimental SQLite Support
- Creating an Attachment by Pasting Text Into a Text Field
- HTML Bugmail (default: on  can be disabled in user preference)
- Improved Searching System
- Disabling Old Components, Versions and Milestones
- Displaying a Custom Field Value Based on Multiple Values of Another Field
- Auditing of All Changes Within Bugzilla
- Accessibility Improvements

And many other Improvements, for complete list see:
 http://www.bugzilla.org/releases/4.2.1/release-notes.html
Original commit

Number of commits found: 19