the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
+ Make Bugzilla compatible with Template Toolkit 2.15 (bug 357374)
+ Make Bugzilla compatible with versions of MySQL higher than 5.0.25
(bug 321645)
+ Sanity Check can now only be run by people with the "admin" privilege.
(bug 91761)
+ Security [XSS] fix
https://bugzilla.mozilla.org/show_bug.cgi?id=367674
+ When sending mail, Bugzilla could throw the error "Insecure dependency in
exec while running with -T switch" (bug 340538).
+ Using the public webdot server (for dependency graphs) should work
again (bug 351243).
+ The "I'm added to or removed from this capacity" email preference
wasn't working for new bugs (bug 349852).
+ The original release of 2.22 incorrectly said it required Template-Toolkit
version 2.08. In actual fact, Bugzilla requires version 2.10 (bug 351478).
+ votes.cgi would crash if your bug was the one confirming a bug (bug 351300).
+ checksetup.pl now correctly reports if your Template::Plugin::GD module
is missing. If missing, it could lead to charts and graphs not working
(bug 345389).
+ The "Keyword" field on buglist.cgi was not sorted alphabetically, so
it wasn't very useful for sorting (bug 342828).
+ Sendmail will no longer complain about there being a newline in the
email address, when Bugzilla sends mail (bug 331365).
+ contrib/bzdbcopy.pl would try to insert an invalid value into the
database, unnecessarily (bug 335572).
+ Deleting a bug now correctly deletes its attachments from the database
(bug 339667).
New features include:
* Complete PostgreSQL Support
* Parameters In Sections
* One Codebase, Multiple Databases
* UTF-8 for New Installations
* Admins Can Impersonate Users
* Bug Import and Moving Improvements
* Adding Individual Bugs to Saved Searches
* Attach URLs
* Optional "Strict Isolation" for Groups
* "editcomponents" Change
* "shutdownhtml" Change
* Miscellaneous Improvements
For further details see:
http://www.bugzilla.org/releases/2.22/new-features.htmlhttp://www.bugzilla.org/releases/2.22/release-notes.html
Make pkglint happer
This also fixes a number of security issues:
http://www.securityfocus.com/archive/1/425584/30/0/threaded
> Version 2.20.1
> --------------
>
> + Many PostgreSQL fixes, including fixing whine.pl on Pg 8
> (bug 301062) and fixing the --regenerate option of collectstats.pl
> for all versions of Pg (bug 316971). However, users who want full
> PostgreSQL support are encouraged to use the 2.22 series, as
> certain PostgreSQL bugs were discovered that will not be fixed
> in 2.20 (their fixes were too complex).
>
> + In Bugzilla 2.20, the "administrator" user created by checksetup.pl
> would not ever be sent email, because their email preferences were
> left blank. This has been fixed for 2.20.1. However, if you created
> this administrative user with Bugzilla 2.20, make sure to go back
> and enable their Email Preferences. (bug 317489)
>
> + The bzdbcopy.pl script mentioned in these release notes
> has now actually been checked-in to the 2.20 branch, and so
> it's included in this release. (bug 291776)
>
> + When there's only one Classification, you now won't be required
> to pick a Classification on bug entry. (bug 311489)
>
> + You can no longer add dependencies on bugs you can't see.
> (bug 141593)
>
> + The CC list is included in "New" bug emails, again. (bug 313661)
>
> + In the original 2.20, certain scripts were not correctly using
> the "shadow database," if it was specified. This has been fixed
> in 2.20.1. (bug 313695)
>
> + "Saved Searches" that were saved before Bugzilla 2.20, would throw
> an error if they contained "Days Since Bug Changed." as part of their
> criteria. This has been fixed in Bugzilla 2.20.1. (bug 302599)
>
> + You can now successfully delete a product even when Target Milestones
> are turned off. (bug 317025)
>
> + checksetup.pl now correctly pre-compiles templates for languages other
> than English. (bug 304417)
>
> + The "All Closed" chart that is created by default in New Charts
> now actually represents all closed bugs, and not all bugs in the
> product. (bug 300473)
>
> + CSV bug lists with more than 1000 dates now work properly. (bug 257813)
>
> + Various bugs with upgrading from previous versions of Bugzilla
> have been fixed. (bug 307662, bug 311047, bug 310108)
>
> + Many, many other bug fixes. See http://www.bugzilla.org/status/changes.html
> for details on what was fixed between 2.20 and 2.20.1.
From the release-notes.html:
What's New?
New User-Interface Color/Style
Higher-Level Categorization of Bugs (above "Product")
Regular Reports by Email of Complex Queries ("Whining")
"Environment Variable" Authentication Method
User-List Drop-Down Menus
Server-Side Comment Wrapping
UI for Editing Priority, OS, Platform, and Severity
Bugzilla Queries as RSS
Choice of E-Mail Sending Methods
"Large Attachment" Storage
and lots of Miscellaneous Improvements
See http://www.bugzilla.org/releases/2.20/release-notes.html for
all the details.
"Two security issues have been reported in Bugzilla, which can be
exploited by malicious people to disclose system and potentially
sensitive information."
See http://www.bugzilla.org/security/2.18.4/ for more details.
- Update addresses two security issues
- From the ChangeLog:
> Version 2.18.2
> --------------
>
> + You can now create accounts with createaccount.cgi even
> when the "requirelogin" parameter is turned on. (Bug 294778)
>
> + Bugs that are in disabled groups may not show a padlock
> on the bug list, or may otherwise behave strangely. You
> can now fix this using sanitycheck.cgi. (Bug 277454)
>
> + If sendmail dies while you are marking a bug
> as a duplicate, the duplicates table will no longer become
> corrupted. (Bug 225042)
>
> + Any user can change a flag on any bug. This also allows the
> attacker to expose the summary of any bug, even a hidden bug.
>
> + Summaries of private bugs are sometimes exposed under a very rare
> condition if you use MySQL replication.
>
> Version 2.18.3
> --------------
>
> + The query.cgi page was broken in 2.18.2 by bug 300138.
> That is now fixed.
by taken care of by pkgsrc infrastructure anyway.
- The problem is that checkconfig.pl thinks File::Spec v0.90 is v0.9
and complains that the version installed is too old.
- Problem reported by Brandon Adams <brandon.adams@omron.com> on tech-pkg@
- Two "Information Disclosure" security bugs fixed
- From the ChangeLog:
> + You can now enter a negative time for "Hours Worked"
> in the time-tracking area. (Bug 271276)
>
> + The BugMail.pm customization required for Windows (as
> described in the Bugzilla Guide) now actually works. (Bug 280911)
>
> + Users who were using Bugzilla 2.8 can now successfully upgrade
> to 2.18.1 (they couldn't upgrade to 2.18). (Bug 283403)
>
> + Dependency mails are now properly sent during a mass-change of bugs.
> (Bug 178157)
Tracking Systems allow individual or groups of developers to keep track of
outstanding bugs in their product effectively. Most commercial defect-tracking
software vendors charge enormous licensing fees. Despite being "free", Bugzilla
has many features its expensive counterparts lack. Consequently, Bugzilla has
quickly become a favorite of hundreds of organizations across the globe.
What Does Bugzilla Do?
- Track bugs and code changes
- Communicate with teammates
- Submit and review patches
- Manage quality assurance (QA)
Bugzilla can help you get a handle on the software development process.
Successful projects often are the result of successful organization and
communication. Bugzilla is a powerful tool that will help your team get
organized and communicate effectively.
