Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Jul 2012 20:44:44 +0000 (UTC)
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r301669 - in head/german: bugzilla bugzilla/files bugzilla3 bugzilla42 bugzilla42/files
Message-ID:  <201207282044.q6SKiiGs066229@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ohauer
Date: Sat Jul 28 20:44:43 2012
New Revision: 301669
URL: http://svn.freebsd.org/changeset/ports/301669

Log:
  - patch language templates so they match current bugzilla.
  - patch language templates so they match current bugzilla version.
  
    Patches are seen as workaround until official Version is released.
    Fix for bugzilla42 contains security updates.

Added:
  head/german/bugzilla/files/patch_405-407   (contents, props changed)
  head/german/bugzilla42/files/
  head/german/bugzilla42/files/patch_421-422   (contents, props changed)
Modified:
  head/german/bugzilla/Makefile
  head/german/bugzilla3/Makefile
  head/german/bugzilla42/Makefile

Modified: head/german/bugzilla/Makefile
==============================================================================
--- head/german/bugzilla/Makefile	Sat Jul 28 19:41:21 2012	(r301668)
+++ head/german/bugzilla/Makefile	Sat Jul 28 20:44:43 2012	(r301669)
@@ -7,7 +7,7 @@
 
 PORTNAME=	bugzilla
 PORTVERSION=	4.0.5
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	german
 MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION}
@@ -18,7 +18,7 @@ COMMENT=	German localization for Bugzill
 
 RUN_DEPENDS=	bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
 
-LATEST_LINK=	${PKGNAMEPREFIX}bugzilla${PKGNAMESUFFIX}
+LATEST_LINK=	${PKGNAMEPREFIX}bugzilla
 
 NO_WRKSUBDIR=	yes
 

Added: head/german/bugzilla/files/patch_405-407
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/german/bugzilla/files/patch_405-407	Sat Jul 28 20:44:43 2012	(r301669)
@@ -0,0 +1,28 @@
+====================================================
+This patch is fix security issues in the german
+bugzilla language templates (4.0.5 -> 4.0.7)
+
+--- ./de/default/global/confirm-user-match.html.tmpl.orig	2012-07-27 21:42:53.000000000 +0200
++++ ./de/default/global/confirm-user-match.html.tmpl	2012-07-27 21:44:33.000000000 +0200
+@@ -159,8 +159,6 @@
+                 [% ELSE %]
+                   passte zu
+                   <b>[% query.value.users.0.identity FILTER html %]</b>
+-                  <input type="hidden" name="[% field.key FILTER html %]"
+-                         value="[% query.value.users.0.login FILTER html %]">
+                 [% END %]
+             [% ELSE %]
+                 [% IF (query.key.length < 3) && !Param('emailsuffix') %]
+@@ -186,8 +184,10 @@
+ 
+ [% IF matchsuccess == 1 %]
+ 
+-  [% SET exclude_these =
+-           matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %]
++  [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
++  [% FOREACH key IN matches.keys %]
++    [% exclude_these.push(key) IF cgi.param(key) == '' %]
++  [% END %]
+   [% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
+   [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
+ 

Modified: head/german/bugzilla3/Makefile
==============================================================================
--- head/german/bugzilla3/Makefile	Sat Jul 28 19:41:21 2012	(r301668)
+++ head/german/bugzilla3/Makefile	Sat Jul 28 20:44:43 2012	(r301669)
@@ -18,7 +18,7 @@ COMMENT=	German localization for Bugzill
 
 RUN_DEPENDS=	bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla3
 
-LATEST_LINK=	${PKGNAMEPREFIX}bugzilla3${PKGNAMESUFFIX}
+LATEST_LINK=	${PKGNAMEPREFIX}bugzilla3
 
 NO_WRKSUBDIR=	yes
 
@@ -28,7 +28,7 @@ LANGDIR=	${WWWDIR}/template/de
 
 # german template checks the bugzilla version number and displays
 # non supported bugzilla version, however there are no relevant
-# changes in the template between 3.6.8 and 3.6.9
+# changes in the template between 3.6.8 and 3.6.10
 post-patch:
 	@${SED} -i '' -e 's|3.6.8|3.6.10|' ${WRKDIR}/de/default/global/gzversion.html.tmpl
 	@${FIND} ${WRKDIR}/ -name \*.orig -delete

Modified: head/german/bugzilla42/Makefile
==============================================================================
--- head/german/bugzilla42/Makefile	Sat Jul 28 19:41:21 2012	(r301668)
+++ head/german/bugzilla42/Makefile	Sat Jul 28 20:44:43 2012	(r301669)
@@ -7,6 +7,7 @@
 
 PORTNAME=	bugzilla
 PORTVERSION=	4.2.1
+PORTREVISION=	1
 CATEGORIES=	german
 MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION}
@@ -17,7 +18,7 @@ COMMENT=	German localization for Bugzill
 
 RUN_DEPENDS=	bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
 
-LATEST_LINK=	${PKGNAMEPREFIX}bugzilla42${PKGNAMESUFFIX}
+LATEST_LINK=	${PKGNAMEPREFIX}bugzilla42
 
 NO_WRKSUBDIR=	yes
 
@@ -28,6 +29,7 @@ LANGDIR=	${WWWDIR}/template/de
 # german template checks the bugzilla version number and displays
 # non supported bugzilla version.
 post-patch:
+	@${SED} -i '' -e 's|4.2.1|4.2.2|' ${WRKDIR}/de/default/global/gzversion.html.tmpl
 	@${FIND} ${WRKDIR}/ -name \*.orig -delete
 
 do-install:

Added: head/german/bugzilla42/files/patch_421-422
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/german/bugzilla42/files/patch_421-422	Sat Jul 28 20:44:43 2012	(r301669)
@@ -0,0 +1,193 @@
+====================================================
+This patch is fix security issues in the german
+bugzilla language templates (4.2.1 -> 4.2.2)
+
+--- ./de/default/admin/params/editparams.html.tmpl.orig	2012-07-28 11:54:15.000000000 +0200
++++ ./de/default/admin/params/editparams.html.tmpl	2012-07-28 11:55:48.000000000 +0200
+@@ -95,7 +95,7 @@
+       [% ELSE %]
+ 
+         <div class="contribute"><strong>Hinweis:</strong>
+-          [%+ terms.Bugzilla %] wird ausschließlich ehrenamtlich
++          B[% %]ugzilla wird ausschließlich ehrenamtlich
+           weiterentwickelt.
+           Die beste Weise, dem Projekt zu helfen, ist,
+           <a href="http://www.bugzilla.org/contribute/">selbst beizutragen</a>!
+--- ./de/default/bug/dependency-tree.html.tmpl.orig	2012-07-28 11:27:44.000000000 +0200
++++ ./de/default/bug/dependency-tree.html.tmpl	2012-07-28 11:50:21.000000000 +0200
+@@ -85,13 +85,28 @@
+     [% END %]
+   </h3>
+   [% IF ids.size %]
+-    ([% IF maxdepth -%]Bis Tiefe [% maxdepth %] | [% END -%]
+-    [%%]<a href="buglist.cgi?bug_id=[% ids.join(",") %]">Als
+-    [%+ terms.bug %]liste anzeigen</a>
++    [%# 27 chars is the length of buglist.cgi?tweak=&bug_id=" %]
++    [% use_post = (ids.join(",").length > constants.CGI_URI_LIMIT - 27 ) ? 1 : 0 %]
++    [% IF use_post %]
++      <form action="buglist.cgi" method="post">
++      <input type="hidden" name="bug_id" value="[% ids.join(",") %]">
++    [% END %]
++
++    [% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END -%]
++    [% IF use_post %]
++      <button>view as [% terms.bug %] list</button>
++      [% IF user.in_group('editbugs') && ids.size > 1 %]
++        | <button type="submit" name="tweak" value="1">change several</button>
++      [% END %]
++      </form>
++    [% ELSE %]
++    [%%]<a href="buglist.cgi?bug_id=[% ids.join(",") %]">Als [%+ terms.bug %]liste anzeigen</a>
+     [% IF user.in_group('editbugs') && ids.size > 1 %]
+       | <a href="buglist.cgi?bug_id=[% ids.join(",") %]&amp;tweak=1">Mehrere
+       [% terms.bugs %] gleichzeitig ändern</a>
+-    [% END %])
++      [% END %]
++    [% END %]
++
+     <ul class="tree">
+       [% INCLUDE display_tree tree=$tree_name %]
+     </ul>
+--- ./de/default/email/bugmail.html.tmpl.orig	2012-07-28 11:01:28.000000000 +0200
++++ ./de/default/email/bugmail.html.tmpl	2012-07-28 11:26:34.000000000 +0200
+@@ -33,11 +33,12 @@
+       [% FOREACH comment = new_comments.reverse %]
+         <div>
+           [% IF comment.count %]
+-            <b>[% "Kommentar ${comment.count}" FILTER bug_link( bug,
+-              {comment_num => comment.count, full_url => 1}) FILTER none %]
++            <b>[% "Kommentar # ${comment.count}" FILTER bug_link(bug,
++              {comment_num => comment.count, full_url => 1, user => to_user}) FILTER none %]
++              on [% "$terms.bug $bug.id" FILTER bug_link(bug, { full_url => 1, user => to_user }) FILTER none %]
+               von [% INCLUDE global/user.html.tmpl who = comment.author %]</b>
+           [% END %]
+-        <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment) %]</pre>
++        <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment, to_user) %]</pre>
+         </div>
+       [% END %]
+       </p>
+@@ -70,13 +71,14 @@
+           [% SET in_table = 0 %]
+         [% END %]
+         [% IF change.blocker %]
+-              [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none  %]
+-              hängt von [% "${terms.bug_dat} ${change.blocker.id}"
+-                  FILTER bug_link(change.blocker, full_url => 1) FILTER none %]
++              [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
++              hängt von
++              [%+ "${terms.bug} ${change.blocker.id}"
++                  FILTER bug_link(change.blocker, {full_url => 1, user => to_user}) FILTER none %],
+               ab, dessen Status sich geändert hat.
+         [% ELSE %]
+-              Änderung von [% INCLUDE global/user.html.tmpl who = change.who %]
+-              an [% "${terms.bug_dat} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %]:
++              Änderung von [% INCLUDE global/user.html.tmpl who = change.who %] an
++              [%+ "${terms.bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
+         [% END %]
+         <br>
+           [% IF in_table == 0 %]
+@@ -100,7 +102,7 @@
+           <th>[% field_label FILTER html %]</th>
+           <td>
+             [% IF change.field_name == "bug_id" %]
+-              [% new_value FILTER bug_link(bug, full_url => 1) FILTER none %]
++              [% new_value FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
+             [% ELSE %]
+               [% new_value FILTER html %]
+             [% END %]
+--- ./de/default/global/code-error.html.tmpl.orig	2012-07-28 10:57:03.000000000 +0200
++++ ./de/default/global/code-error.html.tmpl	2012-07-28 10:59:39.000000000 +0200
+@@ -500,6 +500,10 @@
+   [% ELSIF error == "invalid_post_bug_submit_action" %]
+     Ungültige Einstellung für post_bug_submit_action.
+ 
++  [% ELSIF error == "search_field_operator_unsupported" %]
++    [% terms.Bugzilla %] does not support the search type
++    "[% operator FILTER html %]".
++
+   [% ELSE %]
+     [%# Try to find hooked error messages %]
+     [% error_message = Hook.process("errors") %]
+--- ./de/default/global/confirm-user-match.html.tmpl.orig	2012-07-28 10:52:48.000000000 +0200
++++ ./de/default/global/confirm-user-match.html.tmpl	2012-07-28 10:56:09.000000000 +0200
+@@ -159,8 +159,6 @@
+                 [% ELSE %]
+                   passte zu
+                   <b>[% query.value.users.0.identity FILTER html %]</b>
+-                  <input type="hidden" name="[% field.key FILTER html %]"
+-                         value="[% query.value.users.0.login FILTER html %]">
+                 [% END %]
+             [% ELSE %]
+                 [% IF (query.key.length < 3) && !Param('emailsuffix') %]
+@@ -186,8 +184,10 @@
+ 
+ [% IF matchsuccess == 1 %]
+ 
+-  [% SET exclude_these =
+-           matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %]
++  [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
++  [% FOREACH key IN matches.keys %]
++    [% exclude_these.push(key) IF cgi.param(key) == '' %]
++  [% END %]
+   [% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
+   [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
+ 
+--- ./de/default/list/server-push.html.tmpl.orig	2012-07-28 10:49:41.000000000 +0200
++++ ./de/default/list/server-push.html.tmpl	2012-07-28 10:51:31.000000000 +0200
+@@ -36,15 +36,10 @@
+       die Arbeit der Datenbank ab…</h1>
+ 
+     [% IF debug %]
+-      <p>
+-        [% FOREACH debugline = debugdata %]
+-          <code>[% debugline FILTER html %]</code><br>
++      <p>[% query FILTER html %]</p>
++      [% IF query_explain.defined %]
++        <pre>[% query_explain FILTER html %]</pre>
+         [% END %]
+-      </p>
+-      <p>
+-        <code>[% query FILTER html %]</code>
+-      </p>
+     [% END %]
+-
+   </body>
+ </html>
+--- ./de/default/search/knob.html.tmpl.orig	2012-07-28 09:42:38.000000000 +0200
++++ ./de/default/search/knob.html.tmpl	2012-07-28 09:47:28.000000000 +0200
+@@ -42,6 +42,9 @@
+    "Last Changed" => "Zeitpunkt der letzten Änderung" } %]
+ 
+ <input type="hidden" name="cmdtype" value="doit">
++[% IF user.id %]
++  <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]">
++[% END %]
+ 
+ <p>
+   <label for="order">Anfrageergebnisse sortieren nach</label>:
+@@ -70,7 +73,8 @@
+   [% END %]
+ </p>
+ 
+-<p>
++[% IF user.id %]
++  <p>
+   &nbsp;&nbsp;&nbsp;
+   <input type="checkbox" id="remasdefault"
+          name="remtype" value="asdefault">
+@@ -78,11 +82,13 @@
+     und verwende die Formulareinträge in Zukunft als meine
+     persönlichen Standard-Abfrageoptionen
+   </label>
+-</p>
++  </p>
++[% END %]
+ 
+ [% IF userdefaultquery %]
+   <p>
+-    <a href="query.cgi?nukedefaultquery=1">
++    <a href="query.cgi?nukedefaultquery=1&amp;token=
++       [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]">
+       Setze meine persönlichen Standard-Suchoptionen
+       zurück auf die Systemvoreinstellung</a>.
+   </p>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207282044.q6SKiiGs066229>