Commit graph

17 commits

Author SHA1 Message Date
joerg
0268c554bd Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
adrianp
cecb427bcf Update to 2.22.7
+ Saving changes to parameters would sometimes fail silently. Bugzilla
  will now throw an error instead of failing silently. (bug 347707)
Security fixes for: http://www.bugzilla.org/security/2.22.6/
2009-02-03 23:05:28 +00:00
adrianp
a7ec0437e5 Bugzilla 2.22.6 is compatible with Perl 5.10.
Includes a fix for: http://www.bugzilla.org/security/2.20.6/
2008-11-09 20:09:02 +00:00
adrianp
81129e5118 2.22.4
Class:       Cross-Site Scripting
Versions:    2.17.2 and higher
Description: When using the "Format for Printing" view of a bug (or
             the "Long Format" of a bug list, which is the same thing),
	     there was a cross-site scripting hole--arbitrary text
	     from a particular URL parameter could be injected into the
	     page without filtering.
2008-05-06 19:36:39 +00:00
adrianp
87f09110ba Update to 2.22.3
+ Bug lists in iCal format were cutting off bug summaries if they had
  a comma in them. (bug 274408)

+ If collectstats.pl encountered an invalid series when collecting data for
  New Charts, it would stop processing all series, silently. This means
  that several series may not have been collecting data. On PostgreSQL,
  all series were failing, thus meaning that New Charts were not working
  at all on PostgreSQL. (bug 257351)
2007-08-25 09:49:33 +00:00
adrianp
2a4e94a608 Update to 2.22.2
+ Make Bugzilla compatible with Template Toolkit 2.15 (bug 357374)

+ Make Bugzilla compatible with versions of MySQL higher than 5.0.25
  (bug 321645)

+ Sanity Check can now only be run by people with the "admin" privilege.
  (bug 91761)

+ Security [XSS] fix
  https://bugzilla.mozilla.org/show_bug.cgi?id=367674
2007-02-03 17:21:02 +00:00
adrianp
e85c0e71ef Update to 2.22.1
+ When sending mail, Bugzilla could throw the error "Insecure dependency in
exec while running with -T switch" (bug 340538).

+ Using the public webdot server (for dependency graphs) should work
again (bug 351243).

+ The "I'm added to or removed from this capacity" email preference
wasn't working for new bugs (bug 349852).

+ The original release of 2.22 incorrectly said it required Template-Toolkit
version 2.08. In actual fact, Bugzilla requires version 2.10 (bug 351478).

+ votes.cgi would crash if your bug was the one confirming a bug (bug 351300).

+ checksetup.pl now correctly reports if your Template::Plugin::GD module
is missing. If missing, it could lead to charts and graphs not working
(bug 345389).

+ The "Keyword" field on buglist.cgi was not sorted alphabetically, so
it wasn't very useful for sorting (bug 342828).

+ Sendmail will no longer complain about there being a newline in the
email address, when Bugzilla sends mail (bug 331365).

+ contrib/bzdbcopy.pl would try to insert an invalid value into the
database, unnecessarily (bug 335572).

+ Deleting a bug now correctly deletes its attachments from the database
(bug 339667).
2006-10-15 12:36:05 +00:00
adrianp
86c9ea26c4 Update to 2.22
New features include:
* Complete PostgreSQL Support
* Parameters In Sections
* One Codebase, Multiple Databases
* UTF-8 for New Installations
* Admins Can Impersonate Users
* Bug Import and Moving Improvements
* Adding Individual Bugs to Saved Searches
* Attach URLs
* Optional "Strict Isolation" for Groups
* "editcomponents" Change
* "shutdownhtml" Change
* Miscellaneous Improvements

For further details see:
	http://www.bugzilla.org/releases/2.22/new-features.html
	http://www.bugzilla.org/releases/2.22/release-notes.html
2006-10-15 12:21:13 +00:00
rillig
23ed7943f2 Fixed most pkglint warnings. 2006-06-17 19:03:05 +00:00
adrianp
352fe1b620 Update to 2.20.1
Make pkglint happer
This also fixes a number of security issues:
	http://www.securityfocus.com/archive/1/425584/30/0/threaded

> Version 2.20.1
> --------------
>
> + Many PostgreSQL fixes, including fixing whine.pl on Pg 8
>   (bug 301062) and fixing the --regenerate option of collectstats.pl
>   for all versions of Pg (bug 316971). However, users who want full
>   PostgreSQL support are encouraged to use the 2.22 series, as
>   certain PostgreSQL bugs were discovered that will not be fixed
>   in 2.20 (their fixes were too complex).
>
> + In Bugzilla 2.20, the "administrator" user created by checksetup.pl
>   would not ever be sent email, because their email preferences were
>   left blank. This has been fixed for 2.20.1. However, if you created
>   this administrative user with Bugzilla 2.20, make sure to go back
>   and enable their Email Preferences. (bug 317489)
>
> + The bzdbcopy.pl script mentioned in these release notes
>   has now actually been checked-in to the 2.20 branch, and so
>   it's included in this release. (bug 291776)
>
> + When there's only one Classification, you now won't be required
>   to pick a Classification on bug entry. (bug 311489)
>
> + You can no longer add dependencies on bugs you can't see.
>   (bug 141593)
>
> + The CC list is included in "New" bug emails, again. (bug 313661)
>
> + In the original 2.20, certain scripts were not correctly using
>   the "shadow database," if it was specified. This has been fixed
>   in 2.20.1. (bug 313695)
>
> + "Saved Searches" that were saved before Bugzilla 2.20, would throw
>   an error if they contained "Days Since Bug Changed." as part of their
>   criteria. This has been fixed in Bugzilla 2.20.1. (bug 302599)
>
> + You can now successfully delete a product even when Target Milestones
>   are turned off. (bug 317025)
>
> + checksetup.pl now correctly pre-compiles templates for languages other
>   than English. (bug 304417)
>
> + The "All Closed" chart that is created by default in New Charts
>   now actually represents all closed bugs, and not all bugs in the
>   product. (bug 300473)
>
> + CSV bug lists with more than 1000 dates now work properly. (bug 257813)
>
> + Various bugs with upgrading from previous versions of Bugzilla
>   have been fixed. (bug 307662, bug 311047, bug 310108)
>
> + Many, many other bug fixes. See http://www.bugzilla.org/status/changes.html
>   for details on what was fixed between 2.20 and 2.20.1.
2006-02-21 16:48:55 +00:00
adrianp
035df6049d PLIST fixes for missing files reported by Krister Walfridsson (CHECK_FILES=yes)
Bump nb
2005-11-02 11:35:57 +00:00
adrianp
c27a6d708c Move to bugzilla 2.20
From the release-notes.html:

What's New?
 New User-Interface Color/Style
 Higher-Level Categorization of Bugs (above "Product")
 Regular Reports by Email of Complex Queries ("Whining")
 "Environment Variable" Authentication Method
 User-List Drop-Down Menus
 Server-Side Comment Wrapping
 UI for Editing Priority, OS, Platform, and Severity
 Bugzilla Queries as RSS
 Choice of E-Mail Sending Methods
 "Large Attachment" Storage
 and lots of Miscellaneous Improvements

See http://www.bugzilla.org/releases/2.20/release-notes.html for
all the details.
2005-10-26 10:16:09 +00:00
rillig
984e3a488f Sorted PLIST. 2005-10-23 15:42:43 +00:00
adrianp
813491f44c - Update to 2.18.3
- Update addresses two security issues
- From the ChangeLog:

> Version 2.18.2
> --------------
>
> + You can now create accounts with createaccount.cgi even
>   when the "requirelogin" parameter is turned on. (Bug 294778)
>
> + Bugs that are in disabled groups may not show a padlock
>   on the bug list, or may otherwise behave strangely. You
>   can now fix this using sanitycheck.cgi. (Bug 277454)
>
> + If sendmail dies while you are marking a bug
>   as a duplicate, the duplicates table will no longer become
>   corrupted. (Bug 225042)
>
> + Any user can change a flag on any bug. This also allows the
>   attacker to expose the summary of any bug, even a hidden bug.
>
> + Summaries of private bugs are sometimes exposed under a very rare
>   condition if you use MySQL replication.
>
> Version 2.18.3
> --------------
>
> + The query.cgi page was broken in 2.18.2 by bug 300138.
>   That is now fixed.
2005-07-14 10:26:29 +00:00
adrianp
c40da4a4a5 - Update to 2.18.1
- Two "Information Disclosure" security bugs fixed
- From the ChangeLog:
> + You can now enter a negative time for "Hours Worked"
>   in the time-tracking area. (Bug 271276)
>
> + The BugMail.pm customization required for Windows (as
>   described in the Bugzilla Guide) now actually works. (Bug 280911)
>
> + Users who were using Bugzilla 2.8 can now successfully upgrade
>   to 2.18.1 (they couldn't upgrade to 2.18). (Bug 283403)
>
> + Dependency mails are now properly sent during a mass-change of bugs.
>   (Bug 178157)
2005-05-15 17:04:32 +00:00
adrianp
63faac6b9d - Move to 2.18 release
- No ChangeLog available only known change:
  Incorporate patches from last security issue
2005-01-17 23:03:16 +00:00
adrianp
51333dbf55 Bugzilla is a "Defect Tracking System" or "Bug-Tracking System". Defect
Tracking Systems allow individual or groups of developers to keep track of
outstanding bugs in their product effectively. Most commercial defect-tracking
software vendors charge enormous licensing fees. Despite being "free", Bugzilla
has many features its expensive counterparts lack. Consequently, Bugzilla has
quickly become a favorite of hundreds of organizations across the globe.

What Does Bugzilla Do?

- Track bugs and code changes
- Communicate with teammates
- Submit and review patches
- Manage quality assurance (QA)

Bugzilla can help you get a handle on the software development process.
Successful projects often are the result of successful organization and
communication. Bugzilla is a powerful tool that will help your team get
organized and communicate effectively.
2005-01-02 13:39:52 +00:00