Date: Sat, 28 Jul 2012 20:44:44 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r301669 - in head/german: bugzilla bugzilla/files bugzilla3 bugzilla42 bugzilla42/files Message-ID: <201207282044.q6SKiiGs066229@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Sat Jul 28 20:44:43 2012 New Revision: 301669 URL: http://svn.freebsd.org/changeset/ports/301669 Log: - patch language templates so they match current bugzilla. - patch language templates so they match current bugzilla version. Patches are seen as workaround until official Version is released. Fix for bugzilla42 contains security updates. Added: head/german/bugzilla/files/patch_405-407 (contents, props changed) head/german/bugzilla42/files/ head/german/bugzilla42/files/patch_421-422 (contents, props changed) Modified: head/german/bugzilla/Makefile head/german/bugzilla3/Makefile head/german/bugzilla42/Makefile Modified: head/german/bugzilla/Makefile ============================================================================== --- head/german/bugzilla/Makefile Sat Jul 28 19:41:21 2012 (r301668) +++ head/german/bugzilla/Makefile Sat Jul 28 20:44:43 2012 (r301669) @@ -7,7 +7,7 @@ PORTNAME= bugzilla PORTVERSION= 4.0.5 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= german MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION} @@ -18,7 +18,7 @@ COMMENT= German localization for Bugzill RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla${PKGNAMESUFFIX} +LATEST_LINK= ${PKGNAMEPREFIX}bugzilla NO_WRKSUBDIR= yes Added: head/german/bugzilla/files/patch_405-407 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/german/bugzilla/files/patch_405-407 Sat Jul 28 20:44:43 2012 (r301669) @@ -0,0 +1,28 @@ +==================================================== +This patch is fix security issues in the german +bugzilla language templates (4.0.5 -> 4.0.7) + +--- ./de/default/global/confirm-user-match.html.tmpl.orig 2012-07-27 21:42:53.000000000 +0200 ++++ ./de/default/global/confirm-user-match.html.tmpl 2012-07-27 21:44:33.000000000 +0200 +@@ -159,8 +159,6 @@ + [% ELSE %] + passte zu + <b>[% query.value.users.0.identity FILTER html %]</b> +- <input type="hidden" name="[% field.key FILTER html %]" +- value="[% query.value.users.0.login FILTER html %]"> + [% END %] + [% ELSE %] + [% IF (query.key.length < 3) && !Param('emailsuffix') %] +@@ -186,8 +184,10 @@ + + [% IF matchsuccess == 1 %] + +- [% SET exclude_these = +- matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %] ++ [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %] ++ [% FOREACH key IN matches.keys %] ++ [% exclude_these.push(key) IF cgi.param(key) == '' %] ++ [% END %] + [% SET exclude = '^' _ exclude_these.join('|') _ '$' %] + [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %] + Modified: head/german/bugzilla3/Makefile ============================================================================== --- head/german/bugzilla3/Makefile Sat Jul 28 19:41:21 2012 (r301668) +++ head/german/bugzilla3/Makefile Sat Jul 28 20:44:43 2012 (r301669) @@ -18,7 +18,7 @@ COMMENT= German localization for Bugzill RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla3 -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla3${PKGNAMESUFFIX} +LATEST_LINK= ${PKGNAMEPREFIX}bugzilla3 NO_WRKSUBDIR= yes @@ -28,7 +28,7 @@ LANGDIR= ${WWWDIR}/template/de # german template checks the bugzilla version number and displays # non supported bugzilla version, however there are no relevant -# changes in the template between 3.6.8 and 3.6.9 +# changes in the template between 3.6.8 and 3.6.10 post-patch: @${SED} -i '' -e 's|3.6.8|3.6.10|' ${WRKDIR}/de/default/global/gzversion.html.tmpl @${FIND} ${WRKDIR}/ -name \*.orig -delete Modified: head/german/bugzilla42/Makefile ============================================================================== --- head/german/bugzilla42/Makefile Sat Jul 28 19:41:21 2012 (r301668) +++ head/german/bugzilla42/Makefile Sat Jul 28 20:44:43 2012 (r301669) @@ -7,6 +7,7 @@ PORTNAME= bugzilla PORTVERSION= 4.2.1 +PORTREVISION= 1 CATEGORIES= german MASTER_SITES= SF MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION} @@ -17,7 +18,7 @@ COMMENT= German localization for Bugzill RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42${PKGNAMESUFFIX} +LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42 NO_WRKSUBDIR= yes @@ -28,6 +29,7 @@ LANGDIR= ${WWWDIR}/template/de # german template checks the bugzilla version number and displays # non supported bugzilla version. post-patch: + @${SED} -i '' -e 's|4.2.1|4.2.2|' ${WRKDIR}/de/default/global/gzversion.html.tmpl @${FIND} ${WRKDIR}/ -name \*.orig -delete do-install: Added: head/german/bugzilla42/files/patch_421-422 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/german/bugzilla42/files/patch_421-422 Sat Jul 28 20:44:43 2012 (r301669) @@ -0,0 +1,193 @@ +==================================================== +This patch is fix security issues in the german +bugzilla language templates (4.2.1 -> 4.2.2) + +--- ./de/default/admin/params/editparams.html.tmpl.orig 2012-07-28 11:54:15.000000000 +0200 ++++ ./de/default/admin/params/editparams.html.tmpl 2012-07-28 11:55:48.000000000 +0200 +@@ -95,7 +95,7 @@ + [% ELSE %] + + <div class="contribute"><strong>Hinweis:</strong> +- [%+ terms.Bugzilla %] wird ausschließlich ehrenamtlich ++ B[% %]ugzilla wird ausschließlich ehrenamtlich + weiterentwickelt. + Die beste Weise, dem Projekt zu helfen, ist, + <a href="http://www.bugzilla.org/contribute/">selbst beizutragen</a>! +--- ./de/default/bug/dependency-tree.html.tmpl.orig 2012-07-28 11:27:44.000000000 +0200 ++++ ./de/default/bug/dependency-tree.html.tmpl 2012-07-28 11:50:21.000000000 +0200 +@@ -85,13 +85,28 @@ + [% END %] + </h3> + [% IF ids.size %] +- ([% IF maxdepth -%]Bis Tiefe [% maxdepth %] | [% END -%] +- [%%]<a href="buglist.cgi?bug_id=[% ids.join(",") %]">Als +- [%+ terms.bug %]liste anzeigen</a> ++ [%# 27 chars is the length of buglist.cgi?tweak=&bug_id=" %] ++ [% use_post = (ids.join(",").length > constants.CGI_URI_LIMIT - 27 ) ? 1 : 0 %] ++ [% IF use_post %] ++ <form action="buglist.cgi" method="post"> ++ <input type="hidden" name="bug_id" value="[% ids.join(",") %]"> ++ [% END %] ++ ++ [% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END -%] ++ [% IF use_post %] ++ <button>view as [% terms.bug %] list</button> ++ [% IF user.in_group('editbugs') && ids.size > 1 %] ++ | <button type="submit" name="tweak" value="1">change several</button> ++ [% END %] ++ </form> ++ [% ELSE %] ++ [%%]<a href="buglist.cgi?bug_id=[% ids.join(",") %]">Als [%+ terms.bug %]liste anzeigen</a> + [% IF user.in_group('editbugs') && ids.size > 1 %] + | <a href="buglist.cgi?bug_id=[% ids.join(",") %]&tweak=1">Mehrere + [% terms.bugs %] gleichzeitig ändern</a> +- [% END %]) ++ [% END %] ++ [% END %] ++ + <ul class="tree"> + [% INCLUDE display_tree tree=$tree_name %] + </ul> +--- ./de/default/email/bugmail.html.tmpl.orig 2012-07-28 11:01:28.000000000 +0200 ++++ ./de/default/email/bugmail.html.tmpl 2012-07-28 11:26:34.000000000 +0200 +@@ -33,11 +33,12 @@ + [% FOREACH comment = new_comments.reverse %] + <div> + [% IF comment.count %] +- <b>[% "Kommentar ${comment.count}" FILTER bug_link( bug, +- {comment_num => comment.count, full_url => 1}) FILTER none %] ++ <b>[% "Kommentar # ${comment.count}" FILTER bug_link(bug, ++ {comment_num => comment.count, full_url => 1, user => to_user}) FILTER none %] ++ on [% "$terms.bug $bug.id" FILTER bug_link(bug, { full_url => 1, user => to_user }) FILTER none %] + von [% INCLUDE global/user.html.tmpl who = comment.author %]</b> + [% END %] +- <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment) %]</pre> ++ <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment, to_user) %]</pre> + </div> + [% END %] + </p> +@@ -70,13 +71,14 @@ + [% SET in_table = 0 %] + [% END %] + [% IF change.blocker %] +- [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %] +- hängt von [% "${terms.bug_dat} ${change.blocker.id}" +- FILTER bug_link(change.blocker, full_url => 1) FILTER none %] ++ [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %] ++ hängt von ++ [%+ "${terms.bug} ${change.blocker.id}" ++ FILTER bug_link(change.blocker, {full_url => 1, user => to_user}) FILTER none %], + ab, dessen Status sich geändert hat. + [% ELSE %] +- Änderung von [% INCLUDE global/user.html.tmpl who = change.who %] +- an [% "${terms.bug_dat} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %]: ++ Änderung von [% INCLUDE global/user.html.tmpl who = change.who %] an ++ [%+ "${terms.bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %] + [% END %] + <br> + [% IF in_table == 0 %] +@@ -100,7 +102,7 @@ + <th>[% field_label FILTER html %]</th> + <td> + [% IF change.field_name == "bug_id" %] +- [% new_value FILTER bug_link(bug, full_url => 1) FILTER none %] ++ [% new_value FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %] + [% ELSE %] + [% new_value FILTER html %] + [% END %] +--- ./de/default/global/code-error.html.tmpl.orig 2012-07-28 10:57:03.000000000 +0200 ++++ ./de/default/global/code-error.html.tmpl 2012-07-28 10:59:39.000000000 +0200 +@@ -500,6 +500,10 @@ + [% ELSIF error == "invalid_post_bug_submit_action" %] + Ungültige Einstellung für post_bug_submit_action. + ++ [% ELSIF error == "search_field_operator_unsupported" %] ++ [% terms.Bugzilla %] does not support the search type ++ "[% operator FILTER html %]". ++ + [% ELSE %] + [%# Try to find hooked error messages %] + [% error_message = Hook.process("errors") %] +--- ./de/default/global/confirm-user-match.html.tmpl.orig 2012-07-28 10:52:48.000000000 +0200 ++++ ./de/default/global/confirm-user-match.html.tmpl 2012-07-28 10:56:09.000000000 +0200 +@@ -159,8 +159,6 @@ + [% ELSE %] + passte zu + <b>[% query.value.users.0.identity FILTER html %]</b> +- <input type="hidden" name="[% field.key FILTER html %]" +- value="[% query.value.users.0.login FILTER html %]"> + [% END %] + [% ELSE %] + [% IF (query.key.length < 3) && !Param('emailsuffix') %] +@@ -186,8 +184,10 @@ + + [% IF matchsuccess == 1 %] + +- [% SET exclude_these = +- matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %] ++ [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %] ++ [% FOREACH key IN matches.keys %] ++ [% exclude_these.push(key) IF cgi.param(key) == '' %] ++ [% END %] + [% SET exclude = '^' _ exclude_these.join('|') _ '$' %] + [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %] + +--- ./de/default/list/server-push.html.tmpl.orig 2012-07-28 10:49:41.000000000 +0200 ++++ ./de/default/list/server-push.html.tmpl 2012-07-28 10:51:31.000000000 +0200 +@@ -36,15 +36,10 @@ + die Arbeit der Datenbank ab…</h1> + + [% IF debug %] +- <p> +- [% FOREACH debugline = debugdata %] +- <code>[% debugline FILTER html %]</code><br> ++ <p>[% query FILTER html %]</p> ++ [% IF query_explain.defined %] ++ <pre>[% query_explain FILTER html %]</pre> + [% END %] +- </p> +- <p> +- <code>[% query FILTER html %]</code> +- </p> + [% END %] +- + </body> + </html> +--- ./de/default/search/knob.html.tmpl.orig 2012-07-28 09:42:38.000000000 +0200 ++++ ./de/default/search/knob.html.tmpl 2012-07-28 09:47:28.000000000 +0200 +@@ -42,6 +42,9 @@ + "Last Changed" => "Zeitpunkt der letzten Änderung" } %] + + <input type="hidden" name="cmdtype" value="doit"> ++[% IF user.id %] ++ <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]"> ++[% END %] + + <p> + <label for="order">Anfrageergebnisse sortieren nach</label>: +@@ -70,7 +73,8 @@ + [% END %] + </p> + +-<p> ++[% IF user.id %] ++ <p> + + <input type="checkbox" id="remasdefault" + name="remtype" value="asdefault"> +@@ -78,11 +82,13 @@ + und verwende die Formulareinträge in Zukunft als meine + persönlichen Standard-Abfrageoptionen + </label> +-</p> ++ </p> ++[% END %] + + [% IF userdefaultquery %] + <p> +- <a href="query.cgi?nukedefaultquery=1"> ++ <a href="query.cgi?nukedefaultquery=1&token= ++ [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]"> + Setze meine persönlichen Standard-Suchoptionen + zurück auf die Systemvoreinstellung</a>. + </p>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207282044.q6SKiiGs066229>