From owner-svn-ports-head@FreeBSD.ORG Mon Oct 6 19:16:44 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04CE26E2; Mon, 6 Oct 2014 19:16:44 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E51E5B9F; Mon, 6 Oct 2014 19:16:43 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s96JGhfO055463; Mon, 6 Oct 2014 19:16:43 GMT (envelope-from ohauer@FreeBSD.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s96JGhYB055457; Mon, 6 Oct 2014 19:16:43 GMT (envelope-from ohauer@FreeBSD.org) Message-Id: <201410061916.s96JGhYB055457@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ohauer set sender to ohauer@FreeBSD.org using -f From: Olli Hauer Date: Mon, 6 Oct 2014 19:16:43 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r370211 - head/devel/bugzilla44 X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2014 19:16:44 -0000 Author: ohauer Date: Mon Oct 6 19:16:42 2014 New Revision: 370211 URL: https://svnweb.freebsd.org/changeset/ports/370211 QAT: https://qat.redports.org/buildarchive/r370211/ Log: - update to bugzilla 4.4.6 Summary ======= The following security issues have been discovered in Bugzilla: * The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who aren't in the insider group * Specially formatted values in a CSV search results export could be used in spreadsheet software to attack a user's computer. Security: CVE-2014-1572 CVE-2014-1571 CVE-2014-1571 Modified: head/devel/bugzilla44/Makefile head/devel/bugzilla44/distinfo head/devel/bugzilla44/pkg-plist Modified: head/devel/bugzilla44/Makefile ============================================================================== --- head/devel/bugzilla44/Makefile Mon Oct 6 19:09:37 2014 (r370210) +++ head/devel/bugzilla44/Makefile Mon Oct 6 19:16:42 2014 (r370211) @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.4.5 -PORTREVISION= 1 +PORTVERSION= 4.4.6 CATEGORIES= devel MASTER_SITES= BUGZILLA MASTER_SITE_SUBDIR= webtools webtools/archived @@ -50,7 +49,7 @@ RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${POR .endif .if ${PORT_OPTIONS:MPGSQL} -USE_PGSQL= yes +USES+= pgsql RUN_DEPENDS+= p5-DBD-Pg>=2.19.3:${PORTSDIR}/databases/p5-DBD-Pg .endif Modified: head/devel/bugzilla44/distinfo ============================================================================== --- head/devel/bugzilla44/distinfo Mon Oct 6 19:09:37 2014 (r370210) +++ head/devel/bugzilla44/distinfo Mon Oct 6 19:16:42 2014 (r370211) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.4.5.tar.gz) = 70609fa5bbe55a3b802afcf749a098824d7a96dc87b91ce07b000cfdd7987da5 -SIZE (bugzilla/bugzilla-4.4.5.tar.gz) = 2955964 +SHA256 (bugzilla/bugzilla-4.4.6.tar.gz) = ac3547195f2ce156488aac2cc537620775e08a9d888441daab2b40ab66ab01f4 +SIZE (bugzilla/bugzilla-4.4.6.tar.gz) = 2956046 Modified: head/devel/bugzilla44/pkg-plist ============================================================================== --- head/devel/bugzilla44/pkg-plist Mon Oct 6 19:09:37 2014 (r370210) +++ head/devel/bugzilla44/pkg-plist Mon Oct 6 19:16:42 2014 (r370211) @@ -887,178 +887,14 @@ %%WWWDIR%%/whine.pl %%WWWDIR%%/whineatnews.pl %%WWWDIR%%/xmlrpc.cgi -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Auth -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Config -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/DB -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Field -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Install -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/JobQueue -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Search -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Template/Plugin -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Template -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/User/Setting -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/User -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/WebService/Server -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/WebService -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Whine -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/contrib -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/extensions -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/images/callouts -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/images -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/pdf -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/txt -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/xml -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib -%%PORTDOCS%%@dirrm %%DOCSDIR%%/xsl -%%PORTDOCS%%@dirrm %%DOCSDIR%% -@dirrm %%WWWDIR%%/Bugzilla/Attachment -@dirrm %%WWWDIR%%/Bugzilla/Auth/Login -@dirrm %%WWWDIR%%/Bugzilla/Auth/Persist -@dirrm %%WWWDIR%%/Bugzilla/Auth/Verify -@dirrm %%WWWDIR%%/Bugzilla/Auth -@dirrm %%WWWDIR%%/Bugzilla/BugUrl/Bugzilla -@dirrm %%WWWDIR%%/Bugzilla/BugUrl -@dirrm %%WWWDIR%%/Bugzilla/Config -@dirrm %%WWWDIR%%/Bugzilla/DB/Schema -@dirrm %%WWWDIR%%/Bugzilla/DB -@dirrm %%WWWDIR%%/Bugzilla/Field -@dirrm %%WWWDIR%%/Bugzilla/Install -@dirrm %%WWWDIR%%/Bugzilla/Job -@dirrm %%WWWDIR%%/Bugzilla/JobQueue -@dirrm %%WWWDIR%%/Bugzilla/Migrate -@dirrm %%WWWDIR%%/Bugzilla/Search -@dirrm %%WWWDIR%%/Bugzilla/Send -@dirrm %%WWWDIR%%/Bugzilla/Template/Plugin -@dirrm %%WWWDIR%%/Bugzilla/Template -@dirrm %%WWWDIR%%/Bugzilla/User/Setting -@dirrm %%WWWDIR%%/Bugzilla/User -@dirrm %%WWWDIR%%/Bugzilla/WebService/Server -@dirrm %%WWWDIR%%/Bugzilla/WebService -@dirrm %%WWWDIR%%/Bugzilla/Whine -@dirrmtry %%WWWDIR%%/Bugzilla -%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit -%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline -@dirrmtry %%WWWDIR%%/contrib -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/graphs -@dirrmtry %%WWWDIR%%/images -@dirrm %%WWWDIR%%/js/history.js -@dirrm %%WWWDIR%%/js/yui/animation -@dirrm %%WWWDIR%%/js/yui/assets/skins/sam -@dirrm %%WWWDIR%%/js/yui/assets/skins -@dirrm %%WWWDIR%%/js/yui/assets -@dirrm %%WWWDIR%%/js/yui/autocomplete -@dirrm %%WWWDIR%%/js/yui/base -@dirrm %%WWWDIR%%/js/yui/button -@dirrm %%WWWDIR%%/js/yui/calendar -@dirrm %%WWWDIR%%/js/yui/carousel -@dirrm %%WWWDIR%%/js/yui/charts -@dirrm %%WWWDIR%%/js/yui/colorpicker -@dirrm %%WWWDIR%%/js/yui/connection -@dirrm %%WWWDIR%%/js/yui/container -@dirrm %%WWWDIR%%/js/yui/cookie -@dirrm %%WWWDIR%%/js/yui/datasource -@dirrm %%WWWDIR%%/js/yui/datatable -@dirrm %%WWWDIR%%/js/yui/datemath -@dirrm %%WWWDIR%%/js/yui/dom -@dirrm %%WWWDIR%%/js/yui/dragdrop -@dirrm %%WWWDIR%%/js/yui/element -@dirrm %%WWWDIR%%/js/yui/element-delegate -@dirrm %%WWWDIR%%/js/yui/event -@dirrm %%WWWDIR%%/js/yui/event-delegate -@dirrm %%WWWDIR%%/js/yui/event-mouseenter -@dirrm %%WWWDIR%%/js/yui/event-simulate -@dirrm %%WWWDIR%%/js/yui/fonts -@dirrm %%WWWDIR%%/js/yui/get -@dirrm %%WWWDIR%%/js/yui/grids -@dirrm %%WWWDIR%%/js/yui/history -@dirrm %%WWWDIR%%/js/yui/imagecropper -@dirrm %%WWWDIR%%/js/yui/imageloader -@dirrm %%WWWDIR%%/js/yui/json -@dirrm %%WWWDIR%%/js/yui/layout -@dirrm %%WWWDIR%%/js/yui/logger -@dirrm %%WWWDIR%%/js/yui/menu -@dirrm %%WWWDIR%%/js/yui/paginator -@dirrm %%WWWDIR%%/js/yui/profiler -@dirrm %%WWWDIR%%/js/yui/profilerviewer -@dirrm %%WWWDIR%%/js/yui/progressbar -@dirrm %%WWWDIR%%/js/yui/reset -@dirrm %%WWWDIR%%/js/yui/reset-fonts -@dirrm %%WWWDIR%%/js/yui/reset-fonts-grids -@dirrm %%WWWDIR%%/js/yui/resize -@dirrm %%WWWDIR%%/js/yui/selector -@dirrm %%WWWDIR%%/js/yui/slider -@dirrm %%WWWDIR%%/js/yui/storage -@dirrm %%WWWDIR%%/js/yui/stylesheet -@dirrm %%WWWDIR%%/js/yui/swf -@dirrm %%WWWDIR%%/js/yui/swfdetect -@dirrm %%WWWDIR%%/js/yui/swfstore -@dirrm %%WWWDIR%%/js/yui/tabview -@dirrm %%WWWDIR%%/js/yui/treeview -@dirrm %%WWWDIR%%/js/yui/uploader -@dirrm %%WWWDIR%%/js/yui/yahoo -@dirrm %%WWWDIR%%/js/yui/yahoo-dom-event -@dirrm %%WWWDIR%%/js/yui/yuiloader -@dirrm %%WWWDIR%%/js/yui/yuitest -@dirrm %%WWWDIR%%/js/yui -@dirrm %%WWWDIR%%/js -@dirrmtry %%WWWDIR%%/lib -@dirrm %%WWWDIR%%/skins/contrib/Dusk -@dirrm %%WWWDIR%%/skins/contrib -@dirrm %%WWWDIR%%/skins/standard/dependency-tree -@dirrm %%WWWDIR%%/skins/standard/global -@dirrm %%WWWDIR%%/skins/standard/index -@dirrm %%WWWDIR%%/skins/standard -@dirrmtry %%WWWDIR%%/skins -@dirrmtry %%WWWDIR%%/t -@dirrm %%WWWDIR%%/template/en/default/account/auth -@dirrm %%WWWDIR%%/template/en/default/account/email -@dirrm %%WWWDIR%%/template/en/default/account/password -@dirrm %%WWWDIR%%/template/en/default/account/prefs -@dirrm %%WWWDIR%%/template/en/default/account -@dirrm %%WWWDIR%%/template/en/default/admin/classifications -@dirrm %%WWWDIR%%/template/en/default/admin/components -@dirrm %%WWWDIR%%/template/en/default/admin/custom_fields -@dirrm %%WWWDIR%%/template/en/default/admin/fieldvalues -@dirrm %%WWWDIR%%/template/en/default/admin/flag-type -@dirrm %%WWWDIR%%/template/en/default/admin/groups -@dirrm %%WWWDIR%%/template/en/default/admin/keywords -@dirrm %%WWWDIR%%/template/en/default/admin/milestones -@dirrm %%WWWDIR%%/template/en/default/admin/params -@dirrm %%WWWDIR%%/template/en/default/admin/products/groupcontrol -@dirrm %%WWWDIR%%/template/en/default/admin/products -@dirrm %%WWWDIR%%/template/en/default/admin/sanitycheck -@dirrm %%WWWDIR%%/template/en/default/admin/settings -@dirrm %%WWWDIR%%/template/en/default/admin/users -@dirrm %%WWWDIR%%/template/en/default/admin/versions -@dirrm %%WWWDIR%%/template/en/default/admin/workflow -@dirrm %%WWWDIR%%/template/en/default/admin -@dirrm %%WWWDIR%%/template/en/default/attachment -@dirrm %%WWWDIR%%/template/en/default/bug/activity -@dirrm %%WWWDIR%%/template/en/default/bug/create -@dirrm %%WWWDIR%%/template/en/default/bug/process -@dirrm %%WWWDIR%%/template/en/default/bug -@dirrm %%WWWDIR%%/template/en/default/email -@dirrm %%WWWDIR%%/template/en/default/extensions -@dirrm %%WWWDIR%%/template/en/default/flag -@dirrm %%WWWDIR%%/template/en/default/global -@dirrm %%WWWDIR%%/template/en/default/list -@dirrm %%WWWDIR%%/template/en/default/pages -@dirrm %%WWWDIR%%/template/en/default/reports -@dirrm %%WWWDIR%%/template/en/default/request -@dirrm %%WWWDIR%%/template/en/default/search -@dirrm %%WWWDIR%%/template/en/default/setup -@dirrm %%WWWDIR%%/template/en/default/whine -@dirrm %%WWWDIR%%/template/en/default -@dirrm %%WWWDIR%%/template/en -@dirrmtry %%WWWDIR%%/template -@dirrmtry %%WWWDIR%%/xt -@dirrmtry %%WWWDIR%% +@dir %%WWWDIR%%/Bugzilla +@dir %%WWWDIR%%/contrib +@dir %%WWWDIR%%/data +@dir %%WWWDIR%%/graphs +@dir %%WWWDIR%%/images +@dir %%WWWDIR%%/lib +@dir %%WWWDIR%%/skins +@dir %%WWWDIR%%/t +@dir %%WWWDIR%%/template +@dir %%WWWDIR%%/xt +@dir %%WWWDIR%%