kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
270765 commits 42 branches 80 tags 2.7 GiB
Commit graph

47 commits

Author SHA1 Message Date
Olli Hauer
03efecffe1 - update to version 3.6.7 
- CVE-2011-3657
- CVE-2011-3667

Summary
=======

The following security issues have been discovered in Bugzilla:

* When viewing tabular or graphical reports as well as new charts,
  an XSS vulnerability is possible in debug mode.

* The User.offer_account_by_email WebService method lets you create
  a new user account even if the active authentication method forbids
  users to create an account.

* A CSRF vulnerability in post_bug.cgi and in attachment.cgi could
  lead to the creation of unwanted bug reports and attachments.

All affected installations are encouraged to upgrade as soon as possible.

Full Release Notes:
http://www.bugzilla.org/security/3.4.12/

Approved by:	skv@ (explicit)
 2012-01-05 17:25:28 +00:00
Sergey Skvortsov
a95da70810 Update to 4.0.2 
Changes:	http://www.bugzilla.org/releases/4.0.2/release-notes.html
Security:	http://www.vuxml.org/freebsd/dc8741b9-c5d5-11e0-8a8e-00151735203a.html
PR:		ports/159576
Submitted by:	Peter Vereshagin <peter@vereshagin.org>
 2011-08-13 18:24:21 +00:00
Olli Hauer
d399de5688 - create missing (empty) directory (bugzilla) so checksetup does not fail 
- use DIST_SUBDIR for bugzilla and all translations
- sort pkg-plist (genplist)

OK from bugzilla maintainers per PM.

PR:		ports/158766
Submitted by:	ohauer
 2011-07-18 21:56:02 +00:00
Sergey Skvortsov
7bd02d2b01 - Copy devel/bugzilla to devel/bugzilla3; russian/bugzilla-ru to russian/bugzilla3-ru 
- Update devel/bugzilla, russian/bugzilla-ru to 4.0.1
- Update devel/bugzilla3, russian/bugzilla3-ru to 3.6.5

Changes:	http://www.bugzilla.org/releases/4.0.1/release-notes.html
		http://www.bugzilla.org/releases/3.6.5/release-notes.html
 2011-06-07 13:30:01 +00:00
Sergey Skvortsov
bad74004c0 Update to 3.6.4 
Changes:        http://www.bugzilla.org/releases/3.6.4/release-notes.html
Security:       http://www.vuxml.org/freebsd/c8c927e5-2891-11e0-8f26-00151735203a.html
Feature safe:	yes
 2011-01-25 15:49:49 +00:00
TAKATSU Tomonari
b2957a0a74 - Update to 3.6.3 [1] 
- Use WWWDIR instead of some other custom locations [2]
- Add Makefile.common which Makefiles in devel/bugzilla, russian/bugzilla-ru
  and japanese/bugzilla include to use WWWDIR in common [2]

Changes:	http://www.bugzilla.org/releases/3.6.3/release-notes.html [1]
Security:	http://www.bugzilla.org/security/3.2.8/ [1]
PR:	ports/151912 [1], [2]
Submitted by:	ohauer [1], tota (myself) [2]
Approved by:	skv
 2010-12-12 05:56:19 +00:00
Sergey Skvortsov
d2c1dc5fb7 Update to 3.6.2 
Changes:        http://www.bugzilla.org/releases/3.6.2/release-notes.html
Security:       http://www.vuxml.org/freebsd/8cbf4d65-af9a-11df-89b8-00151735203a.html
PR:             ports/149721
Submitted by:   ohauer
 2010-09-06 07:58:29 +00:00
Sergey Skvortsov
d9a265927e Update to 3.6.1 
Changes:	http://www.bugzilla.org/releases/3.6.1/release-notes.html
Security:	http://www.vuxml.org/freebsd/f1331504-8849-11df-89b8-00151735203a.html
PR:		ports/148149
Submitted by:	olli hauer <ohauer@gmx.de>
Feature safe:   yes
 2010-07-05 16:42:22 +00:00
Sergey Skvortsov
d0aa9f59cf Update to 3.6 
Changes:	http://www.bugzilla.org/releases/3.6/release-notes.html
 2010-04-16 07:15:08 +00:00
Sergey Skvortsov
300622f6fe Update to 3.4.6 
Changes:	http://www.bugzilla.org/releases/3.4.6/release-notes.html
 2010-03-08 12:26:34 +00:00
Sergey Skvortsov
a145386963 - Update to 3.4.5 [1] 
- Use $SUB_FILES & $SUB_LIST to dynamically adjust pkg-message [2]

Changes:	http://www.bugzilla.org/security/3.0.10/ [1]
Security:	http://www.vuxml.org/freebsd/696053c6-0f50-11df-a628-001517351c22.html
PR:		ports/142446 [2]
Submitted by:	Sevan Janiyan <venture37 xx geeklan.co.uk> [2]
 2010-02-01 16:53:26 +00:00
Sergey Skvortsov
e7c5fa06dc Update to 3.4.4. 
Changes:	http://www.bugzilla.org/security/3.4.3/
Security:	http://www.vuxml.org/freebsd/92ca92c1-d859-11de-89f9-001517351c22.html
 2009-11-23 18:11:10 +00:00
Sergey Skvortsov
02bb066bb1 Update to 3.4.3 
Changes:	http://www.bugzilla.org/releases/3.4.3/release-notes.html
PR:		ports/140327
Submitted by:	Sahil Tandon <sahil xx tandon.net>
 2009-11-12 21:03:46 +00:00
Sergey Skvortsov
24e3d4005e Update to 3.4.2. 
Changes:	http://www.bugzilla.org/security/3.0.8/
Security:	http://www.vuxml.org/freebsd/b9ec7fe3-a38a-11de-9c6b-003048818f40.html
Feature safe:	yes
 2009-09-17 13:30:01 +00:00
Sergey Skvortsov
ab77e68ca1 Update to 3.4.1. 
Changes:	http://www.bugzilla.org/security/3.4/
Security:	http://www.vuxml.org/freebsd/d67b517d-8214-11de-88ea-001a4d49522b.html
 2009-08-17 11:05:10 +00:00
Sergey Skvortsov
7715840c07 Update to 3.4 
Changes:	http://www.bugzilla.org/releases/3.4/release-notes.html
 2009-07-30 15:41:50 +00:00
Sergey Skvortsov
dabb64b651 Update to 3.2.3 
Changes:	http://www.bugzilla.org/releases/3.2.3/release-notes.html#v32_point
 2009-04-12 20:39:05 +00:00
Sergey Skvortsov
425d5f8283 Update to 3.2.2 
Changes:	http://www.bugzilla.org/releases/3.2.2/release-notes.html
PR:		ports/131404
Submitted by:	pgollucci
 2009-02-14 21:54:27 +00:00
Sergey Skvortsov
f54171b7fc Update to 3.2 
Changes:	http://www.bugzilla.org/releases/3.2/release-notes.html
PR:		ports/129333
Submitted by:	Eygene Ryabinkin <rea-fbsd xx codelabs.ru>
 2008-12-01 15:38:51 +00:00
Sergey Skvortsov
3d0307bb60 Update to 3.0.6 
Changes:	http://www.bugzilla.org/releases/3.0.6/release-notes.html
 2008-11-07 14:45:07 +00:00
Sergey Skvortsov
e718a272b7 Update to 3.0.5 
Changes:	http://www.bugzilla.org/releases/3.0.5/release-notes.html
Security:	http://www.vuxml.org/freebsd/1d96305d-6ae6-11dd-91d5-000c29d47fd7.html
 2008-08-15 16:32:27 +00:00
Sergey Skvortsov
f6053e0929 Update to 3.0.4 
Changes:		http://www.bugzilla.org/releases/3.0.4/release-notes.html#v30_point
 2008-07-28 12:47:43 +00:00
Sergey Skvortsov
5380dec383 Update to 3.0.3 
Changes:	http://www.bugzilla.org/releases/3.0.3/release-notes.html#v30_point
 2008-02-07 09:35:11 +00:00
Sergey Skvortsov
8f4647233b Update to 3.0.2 
PR:		ports/116517
Submitted by:	Nick Barkas <snb xxx threerings.net>
Changes:	http://www.bugzilla.org/releases/3.0.2/release-notes.html
Security:	http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html
 2007-09-22 10:27:15 +00:00
Sergey Skvortsov
5a430102a9 Update to 3.0.1 
Changes:	http://www.bugzilla.org/releases/3.0.1/release-notes.html
 2007-08-30 12:37:12 +00:00
Sergey Skvortsov
95113314ed Upgrade Bugzilla to 3.0; repocopy 2.x branch to devel/bugzilla2 2007-05-27 13:16:35 +00:00
Sergey Skvortsov
de7623e9c5 * update to 2.22.2 
* remove EMAIL_GATEWAY option (it's by default now)
* add dependency on p5-Mail-Tools [1]

Changes:	http://www.bugzilla.org/releases/2.22.2/release-notes.html
PR:		ports/103453 [1]
Submitted by:	Cezary Morga <cezarym@data.pl> [1]
 2007-02-12 14:23:26 +00:00
Sergey Skvortsov
9b080ebcd6 Update to 2.22.1 
Changes:	http://www.bugzilla.org/releases/2.22.1/release-notes.html
PR:		ports/105554
Sumbitted by:	Ulrich Spoerlein <uspoerlein xxx gmail.com>
 2006-11-15 14:47:20 +00:00
Sergey Skvortsov
3120faa9ae Update to 2.22 
Changes:	http://www.bugzilla.org/releases/2.22/release-notes.html
 2006-05-02 13:27:51 +00:00
Sergey Skvortsov
5fc8c2df47 Update Bugzilla to 2.20.1 
Approved by:	portmgr (clement)
Pointed by:	mnag
Security:	http://vuxml.FreeBSD.org/46f7b598-a781-11da-906a-fde5cdde365e
 2006-02-27 14:40:23 +00:00
Edwin Groothuis
acd87b4ad8 SHA256ify 
Approved by:    krion@
 2006-01-22 08:34:46 +00:00
Sergey Skvortsov
9073956620 Update to 2.20 2005-10-06 12:41:17 +00:00
Sergey Skvortsov
7bbc3422ca Update to 2.18.3, bug-fixes: 
* https://bugzilla.mozilla.org/show_bug.cgi?id=293159
* https://bugzilla.mozilla.org/show_bug.cgi?id=292544

Reported by:	simon
Security:	http://vuxml.freebsd.org/6e33f4ab-efed-11d9-8310-0001020eed82.html
 2005-07-11 14:13:23 +00:00
Sergey Skvortsov
80aa157ec0 Update to 2.18.1 
PR:		ports/81583
Submitted by:	Choe, Cheng-Dae <whitekid at gmail.com>
 2005-06-08 14:56:01 +00:00
Pav Lucistnik
342bff0997 - Update to 2.18 
PR:		ports/76531
Submitted by:	"Choe, Cheng-Dae" <whitekid@gmail.com>
 2005-01-24 16:44:20 +00:00
Pav Lucistnik
a6b9ddac1d - Update to 2.16.7, a security release: 
Class:       Unauthorized Bug Change
Versions:    2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
	     message to process_bug.cgi which will remove keywords from
	     a bug even if you don't have permissions to edit all bug
	     fields (the "editbugs" permission).  Such changes are
	     reported in "bug changed" email notifications, so they are
	     easily detected and reversed if someone abuses it.
Reference:   https://bugzilla.mozilla.org/show_bug.cgi?id=252638

- Correct SQL command in pkg-message

PR:		ports/71161, ports/73166
Submitted by:	Dmitry A Grigorovich <odip@bionet.nsc.ru>
 2004-10-27 19:23:53 +00:00
Edwin Groothuis
a69b025bfe [PATCH] devel/bugzilla: update to 2.16.6 
- Update to 2.16.6

PR:		ports/69105
Submitted by:	TAKATSU Tomonari <tota@rtfm.jp>
 2004-07-17 05:22:20 +00:00
Oliver Eikemeier
8be7372f0d - update devel/bugzilla to 2.16.5 
- new slave port japanese/bugzilla

PR:		68318, 68319
Submitted by:	TAKATSU Tomonari <tota@rtfm.jp>
 2004-06-30 08:27:10 +00:00
Trevor Johnson
0c881ba59c SIZEify. 2004-01-29 07:24:56 +00:00
James E. Housley
1b1d295810 There are several security related problem in bugzilla 2.16.3 and earlier, 
The bugzilla developer released a security advisory.
see: http://www.bugzilla.org/security/2.16.3/

PR:		58905
Submitted by:	Kang Liu
 2003-11-21 11:36:02 +00:00
Max Khon
389d9a9348 Security update to 2.16.3. 
See http://www.bugzilla.org/security/2.16.2/.

PR:		52096
 2003-05-12 13:54:49 +00:00
Max Khon
c3a03942b9 Update to 2.16.2 
PR:		47883
 2003-03-24 14:45:34 +00:00
Alexey Zelkin
4d15848cd8 Update to 2.14.4 (one more security update) 
PR:		ports/43883
Submitted by:	Jason Li <delphij@frontfree.net>
 2002-10-11 14:28:29 +00:00
Alexey Zelkin
3c8d362837 Update to 2.14.3. 
Fixes broken in 2.14.2 ability to sort bug lists on more then one field
and possible security hole with contrib/bug_email.pl and
contrib/bugzilla_email_append.pl scripts.

This is bugfix release and latest release from 2.14 branch. This update
provided for 2.14 users who would like to stay with 2.14. All new users
should wait until port is updated to 2.16.
 2002-08-18 15:33:46 +00:00
Alexey Zelkin
324d367a6b Update to 2.14.2. This is security update! Upgrade recomended! 
PR:		ports/39041
Submitted by:	Paul Marquis <pmarquis@pobox.com>
 2002-07-08 15:03:44 +00:00
Alexey Zelkin
9c5942db4b Update to 2.14.1 (security update). Upgrade to all users highly 
recomended!

From Security Advisory for Bugzilla:

: *** SECURITY ISSUES RESOLVED ***
:
: - Multiple instances of user-account hijacking capability were fixed (Bugs
: 54901, 108385, 185516)
:
: - Two occurrences of allowing data protected by Bugzilla's groupset
: restrictions to be visible to users outside of those groups were fixes
: (Bugs 102141, 108821)
:
: - One instance of an untrusted variable being echoed back to a user via
: HTML was fixed (Bug 98146)
:
: - Multiple instances of untrusted variables being passed to SQL queries
: were fixed (Bugs 108812, 108822, 109679, 109690)
 2002-01-08 11:03:19 +00:00
Alexey Zelkin
8fb5fbc340 Add bugzilla 2.14, bug-tracking system developed by Mozilla Project 2001-10-01 13:18:55 +00:00