From owner-svn-ports-branches@FreeBSD.ORG Tue Oct 7 21:41:34 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 69A5DC8F; Tue, 7 Oct 2014 21:41:34 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5561238A; Tue, 7 Oct 2014 21:41:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s97LfYdn034047; Tue, 7 Oct 2014 21:41:34 GMT (envelope-from ohauer@FreeBSD.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s97LfXEV032961; Tue, 7 Oct 2014 21:41:33 GMT (envelope-from ohauer@FreeBSD.org) Message-Id: <201410072141.s97LfXEV032961@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ohauer set sender to ohauer@FreeBSD.org using -f From: Olli Hauer Date: Tue, 7 Oct 2014 21:41:33 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r370400 - in branches/2014Q4/devel/bugzilla44: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2014 21:41:34 -0000 Author: ohauer Date: Tue Oct 7 21:41:32 2014 New Revision: 370400 URL: https://svnweb.freebsd.org/changeset/ports/370400 QAT: https://qat.redports.org/buildarchive/r370400/ Log: - remove FreeBSD-specific bits - bump PORTREVISION PR: 194123 Submitted by: mva Reviewed by: eadler MFH: r370211 - update to bugzilla 4.4.6 Summary ======= The following security issues have been discovered in Bugzilla: * The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who aren't in the insider group * Specially formatted values in a CSV search results export could be used in spreadsheet software to attack a user's computer. Security: CVE-2014-1572 CVE-2014-1571 CVE-2014-1571 MFH: r370268 - add CPE information [1] additional MFH revisions: r370209, 370211 Approved by: portmgr (erwin) Deleted: branches/2014Q4/devel/bugzilla44/files/freebsd-project-ldap.diff Modified: branches/2014Q4/devel/bugzilla44/Makefile branches/2014Q4/devel/bugzilla44/Makefile.options branches/2014Q4/devel/bugzilla44/distinfo branches/2014Q4/devel/bugzilla44/pkg-plist Directory Properties: branches/2014Q4/ (props changed) Modified: branches/2014Q4/devel/bugzilla44/Makefile ============================================================================== --- branches/2014Q4/devel/bugzilla44/Makefile Tue Oct 7 21:34:45 2014 (r370399) +++ branches/2014Q4/devel/bugzilla44/Makefile Tue Oct 7 21:41:32 2014 (r370400) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.4.5 +PORTVERSION= 4.4.6 CATEGORIES= devel MASTER_SITES= BUGZILLA MASTER_SITE_SUBDIR= webtools webtools/archived @@ -25,9 +25,11 @@ RUN_DEPENDS= \ p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \ p5-URI>=1.37:${PORTSDIR}/net/p5-URI -USES= perl5 +USES= perl5 cpe USE_PERL5= patch build run +CPE_VENDOR= mozilla + SUB_FILES= pkg-message DATA_DIRS_LIST= images js skins @@ -49,7 +51,7 @@ RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${POR .endif .if ${PORT_OPTIONS:MPGSQL} -USE_PGSQL= yes +USES+= pgsql RUN_DEPENDS+= p5-DBD-Pg>=2.19.3:${PORTSDIR}/databases/p5-DBD-Pg .endif @@ -154,10 +156,6 @@ RUN_DEPENDS+= p5-File-MimeInfo>=0.16:${P p5-IO-stringy>=2.110:${PORTSDIR}/devel/p5-IO-stringy .endif -.if ${PORT_OPTIONS:MFREEBSD} -EXTRA_PATCHES= ${FILESDIR}/freebsd-project-ldap.diff -.endif - post-extract: @${RM} -rf ${WRKSRC}/.bzr @${RM} -f ${WRKSRC}/.bzrignore ${WRKSRC}/.gitignore ${WRKSRC}/.gitrev \ Modified: branches/2014Q4/devel/bugzilla44/Makefile.options ============================================================================== --- branches/2014Q4/devel/bugzilla44/Makefile.options Tue Oct 7 21:34:45 2014 (r370399) +++ branches/2014Q4/devel/bugzilla44/Makefile.options Tue Oct 7 21:41:32 2014 (r370400) @@ -2,8 +2,7 @@ OPTIONS_DEFINE= \ DOCS \ - MODPERL \ - FREEBSD + MODPERL OPTIONS_GROUP= UI DBBACKEND REPORTING ATTACHMENT EMAIL WEBSERVICE AUTH ADMIN @@ -55,7 +54,6 @@ BMP2PNG_DESC= BMP Attachments to PNGs CHARTING_MODULES_DESC= Bug charting support CONTRIB_DESC= Install user-contributed scripts EXPORT_IMPORT_DESC= Import/export bugs (via XML) -FREEBSD_DESC= Patch used internally by the FreeBSD project GRAPH_REPORTS_DESC= Graphical Reports INBOUND_EMAIL_DESC= Inbound Email JSONRPC_DESC= JSON-RPC Interface Modified: branches/2014Q4/devel/bugzilla44/distinfo ============================================================================== --- branches/2014Q4/devel/bugzilla44/distinfo Tue Oct 7 21:34:45 2014 (r370399) +++ branches/2014Q4/devel/bugzilla44/distinfo Tue Oct 7 21:41:32 2014 (r370400) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.4.5.tar.gz) = 70609fa5bbe55a3b802afcf749a098824d7a96dc87b91ce07b000cfdd7987da5 -SIZE (bugzilla/bugzilla-4.4.5.tar.gz) = 2955964 +SHA256 (bugzilla/bugzilla-4.4.6.tar.gz) = ac3547195f2ce156488aac2cc537620775e08a9d888441daab2b40ab66ab01f4 +SIZE (bugzilla/bugzilla-4.4.6.tar.gz) = 2956046 Modified: branches/2014Q4/devel/bugzilla44/pkg-plist ============================================================================== --- branches/2014Q4/devel/bugzilla44/pkg-plist Tue Oct 7 21:34:45 2014 (r370399) +++ branches/2014Q4/devel/bugzilla44/pkg-plist Tue Oct 7 21:41:32 2014 (r370400) @@ -887,178 +887,14 @@ %%WWWDIR%%/whine.pl %%WWWDIR%%/whineatnews.pl %%WWWDIR%%/xmlrpc.cgi -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Auth -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Config -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/DB -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Field -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Install -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/JobQueue -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Search -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Template/Plugin -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Template -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/User/Setting -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/User -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/WebService/Server -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/WebService -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla/Whine -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/Bugzilla -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/contrib -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api/extensions -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html/api -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/images/callouts -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/images -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/pdf -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/txt -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/xml -%%PORTDOCS%%@dirrm %%DOCSDIR%%/en -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod -%%PORTDOCS%%@dirrm %%DOCSDIR%%/lib -%%PORTDOCS%%@dirrm %%DOCSDIR%%/xsl -%%PORTDOCS%%@dirrm %%DOCSDIR%% -@dirrm %%WWWDIR%%/Bugzilla/Attachment -@dirrm %%WWWDIR%%/Bugzilla/Auth/Login -@dirrm %%WWWDIR%%/Bugzilla/Auth/Persist -@dirrm %%WWWDIR%%/Bugzilla/Auth/Verify -@dirrm %%WWWDIR%%/Bugzilla/Auth -@dirrm %%WWWDIR%%/Bugzilla/BugUrl/Bugzilla -@dirrm %%WWWDIR%%/Bugzilla/BugUrl -@dirrm %%WWWDIR%%/Bugzilla/Config -@dirrm %%WWWDIR%%/Bugzilla/DB/Schema -@dirrm %%WWWDIR%%/Bugzilla/DB -@dirrm %%WWWDIR%%/Bugzilla/Field -@dirrm %%WWWDIR%%/Bugzilla/Install -@dirrm %%WWWDIR%%/Bugzilla/Job -@dirrm %%WWWDIR%%/Bugzilla/JobQueue -@dirrm %%WWWDIR%%/Bugzilla/Migrate -@dirrm %%WWWDIR%%/Bugzilla/Search -@dirrm %%WWWDIR%%/Bugzilla/Send -@dirrm %%WWWDIR%%/Bugzilla/Template/Plugin -@dirrm %%WWWDIR%%/Bugzilla/Template -@dirrm %%WWWDIR%%/Bugzilla/User/Setting -@dirrm %%WWWDIR%%/Bugzilla/User -@dirrm %%WWWDIR%%/Bugzilla/WebService/Server -@dirrm %%WWWDIR%%/Bugzilla/WebService -@dirrm %%WWWDIR%%/Bugzilla/Whine -@dirrmtry %%WWWDIR%%/Bugzilla -%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit -%%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline -@dirrmtry %%WWWDIR%%/contrib -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/graphs -@dirrmtry %%WWWDIR%%/images -@dirrm %%WWWDIR%%/js/history.js -@dirrm %%WWWDIR%%/js/yui/animation -@dirrm %%WWWDIR%%/js/yui/assets/skins/sam -@dirrm %%WWWDIR%%/js/yui/assets/skins -@dirrm %%WWWDIR%%/js/yui/assets -@dirrm %%WWWDIR%%/js/yui/autocomplete -@dirrm %%WWWDIR%%/js/yui/base -@dirrm %%WWWDIR%%/js/yui/button -@dirrm %%WWWDIR%%/js/yui/calendar -@dirrm %%WWWDIR%%/js/yui/carousel -@dirrm %%WWWDIR%%/js/yui/charts -@dirrm %%WWWDIR%%/js/yui/colorpicker -@dirrm %%WWWDIR%%/js/yui/connection -@dirrm %%WWWDIR%%/js/yui/container -@dirrm %%WWWDIR%%/js/yui/cookie -@dirrm %%WWWDIR%%/js/yui/datasource -@dirrm %%WWWDIR%%/js/yui/datatable -@dirrm %%WWWDIR%%/js/yui/datemath -@dirrm %%WWWDIR%%/js/yui/dom -@dirrm %%WWWDIR%%/js/yui/dragdrop -@dirrm %%WWWDIR%%/js/yui/element -@dirrm %%WWWDIR%%/js/yui/element-delegate -@dirrm %%WWWDIR%%/js/yui/event -@dirrm %%WWWDIR%%/js/yui/event-delegate -@dirrm %%WWWDIR%%/js/yui/event-mouseenter -@dirrm %%WWWDIR%%/js/yui/event-simulate -@dirrm %%WWWDIR%%/js/yui/fonts -@dirrm %%WWWDIR%%/js/yui/get -@dirrm %%WWWDIR%%/js/yui/grids -@dirrm %%WWWDIR%%/js/yui/history -@dirrm %%WWWDIR%%/js/yui/imagecropper -@dirrm %%WWWDIR%%/js/yui/imageloader -@dirrm %%WWWDIR%%/js/yui/json -@dirrm %%WWWDIR%%/js/yui/layout -@dirrm %%WWWDIR%%/js/yui/logger -@dirrm %%WWWDIR%%/js/yui/menu -@dirrm %%WWWDIR%%/js/yui/paginator -@dirrm %%WWWDIR%%/js/yui/profiler -@dirrm %%WWWDIR%%/js/yui/profilerviewer -@dirrm %%WWWDIR%%/js/yui/progressbar -@dirrm %%WWWDIR%%/js/yui/reset -@dirrm %%WWWDIR%%/js/yui/reset-fonts -@dirrm %%WWWDIR%%/js/yui/reset-fonts-grids -@dirrm %%WWWDIR%%/js/yui/resize -@dirrm %%WWWDIR%%/js/yui/selector -@dirrm %%WWWDIR%%/js/yui/slider -@dirrm %%WWWDIR%%/js/yui/storage -@dirrm %%WWWDIR%%/js/yui/stylesheet -@dirrm %%WWWDIR%%/js/yui/swf -@dirrm %%WWWDIR%%/js/yui/swfdetect -@dirrm %%WWWDIR%%/js/yui/swfstore -@dirrm %%WWWDIR%%/js/yui/tabview -@dirrm %%WWWDIR%%/js/yui/treeview -@dirrm %%WWWDIR%%/js/yui/uploader -@dirrm %%WWWDIR%%/js/yui/yahoo -@dirrm %%WWWDIR%%/js/yui/yahoo-dom-event -@dirrm %%WWWDIR%%/js/yui/yuiloader -@dirrm %%WWWDIR%%/js/yui/yuitest -@dirrm %%WWWDIR%%/js/yui -@dirrm %%WWWDIR%%/js -@dirrmtry %%WWWDIR%%/lib -@dirrm %%WWWDIR%%/skins/contrib/Dusk -@dirrm %%WWWDIR%%/skins/contrib -@dirrm %%WWWDIR%%/skins/standard/dependency-tree -@dirrm %%WWWDIR%%/skins/standard/global -@dirrm %%WWWDIR%%/skins/standard/index -@dirrm %%WWWDIR%%/skins/standard -@dirrmtry %%WWWDIR%%/skins -@dirrmtry %%WWWDIR%%/t -@dirrm %%WWWDIR%%/template/en/default/account/auth -@dirrm %%WWWDIR%%/template/en/default/account/email -@dirrm %%WWWDIR%%/template/en/default/account/password -@dirrm %%WWWDIR%%/template/en/default/account/prefs -@dirrm %%WWWDIR%%/template/en/default/account -@dirrm %%WWWDIR%%/template/en/default/admin/classifications -@dirrm %%WWWDIR%%/template/en/default/admin/components -@dirrm %%WWWDIR%%/template/en/default/admin/custom_fields -@dirrm %%WWWDIR%%/template/en/default/admin/fieldvalues -@dirrm %%WWWDIR%%/template/en/default/admin/flag-type -@dirrm %%WWWDIR%%/template/en/default/admin/groups -@dirrm %%WWWDIR%%/template/en/default/admin/keywords -@dirrm %%WWWDIR%%/template/en/default/admin/milestones -@dirrm %%WWWDIR%%/template/en/default/admin/params -@dirrm %%WWWDIR%%/template/en/default/admin/products/groupcontrol -@dirrm %%WWWDIR%%/template/en/default/admin/products -@dirrm %%WWWDIR%%/template/en/default/admin/sanitycheck -@dirrm %%WWWDIR%%/template/en/default/admin/settings -@dirrm %%WWWDIR%%/template/en/default/admin/users -@dirrm %%WWWDIR%%/template/en/default/admin/versions -@dirrm %%WWWDIR%%/template/en/default/admin/workflow -@dirrm %%WWWDIR%%/template/en/default/admin -@dirrm %%WWWDIR%%/template/en/default/attachment -@dirrm %%WWWDIR%%/template/en/default/bug/activity -@dirrm %%WWWDIR%%/template/en/default/bug/create -@dirrm %%WWWDIR%%/template/en/default/bug/process -@dirrm %%WWWDIR%%/template/en/default/bug -@dirrm %%WWWDIR%%/template/en/default/email -@dirrm %%WWWDIR%%/template/en/default/extensions -@dirrm %%WWWDIR%%/template/en/default/flag -@dirrm %%WWWDIR%%/template/en/default/global -@dirrm %%WWWDIR%%/template/en/default/list -@dirrm %%WWWDIR%%/template/en/default/pages -@dirrm %%WWWDIR%%/template/en/default/reports -@dirrm %%WWWDIR%%/template/en/default/request -@dirrm %%WWWDIR%%/template/en/default/search -@dirrm %%WWWDIR%%/template/en/default/setup -@dirrm %%WWWDIR%%/template/en/default/whine -@dirrm %%WWWDIR%%/template/en/default -@dirrm %%WWWDIR%%/template/en -@dirrmtry %%WWWDIR%%/template -@dirrmtry %%WWWDIR%%/xt -@dirrmtry %%WWWDIR%% +@dir %%WWWDIR%%/Bugzilla +@dir %%WWWDIR%%/contrib +@dir %%WWWDIR%%/data +@dir %%WWWDIR%%/graphs +@dir %%WWWDIR%%/images +@dir %%WWWDIR%%/lib +@dir %%WWWDIR%%/skins +@dir %%WWWDIR%%/t +@dir %%WWWDIR%%/template +@dir %%WWWDIR%%/xt +@dir %%WWWDIR%%