lp:ubuntu/intrepid-security/bugzilla
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/bugzilla
Branch merges
Branch information
Recent revisions
- 12. By Stefan Lesicnik
-
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/maintenance/ 33_CVE- 2008-4437. sh: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437 - 9. By Raphael Bossek
-
* Update of French, Russian and German translations. (closes: #488251)
* Added Bulgarian and Belarusian translations. - 8. By Jonathan Davies
-
* New upstream release (LP: #138886, #235701).
* Removed "CVS" directories and ".cvsignore" files from upstream tarball.
* Added patches/ubuntu_ 01_bugzilla_ libpath. dpatch - newly updated as necessary
version of old 01_libpath.dpatch patch.
* Added patches/01_debian_ package_ version. dpatch - replaces old patch
01_VERSION.dpatch, simply changes the version of Bugzilla to show the
Debian packaging's versioning.
* Added patches/ubuntu_ 05_makefile_ install. dpatch - Use a Makefile to
install Bugzilla to the correct locations. Based on Makefile in old
package but in patch form.
* Removed 02_checksetup.dpatch - fixed upstream.
* Removed 101_Config.diff - upstream has changed codebase.
* Renamed 06_contrib.dpatch to ubuntu_02_contrib_ shebang_ fixes.dpatch -
corrects 'shebangs' which point to /usr/local/bin/ to /usr/bin/.
* Renamed 08_showdependencygraph. dpatch to
ubuntu_03_showdependen cygraph_ url_fixes. dpatch and updated code as
necessary - fixes graph URL to make the webdot generation possible.
* Removed CVE-2007-0791.dpatch - applied to upstream code.
* Removed CVE-2007-4543.dpatch - applied to upstream code.
* Renamed 09_homelink.dpatch to ubuntu_04_fixed_ homepage_ linked. dpatch -
upstream now has links in
'template/en/default/ global/ common- links.html. tmpl' instead of
'useful-links.html. tmpl'.
* Removed 03_webpath.dpatch - upstream has changed stylesheet layout.
* Updated 10_perl_scripts_ shebang. dpatch and removed part on "globals.pl" -
no longer in source.
* Removed Debian vhost support patches (see docs/html/multiple- bz-dbs. html
for how to run multiple Bugzilla instances):
- Removed 04_Config.pm.dpatch - duplicate patch and unable to adapt it to
new upstream code.
- Removed 07_virtualhosting.dpatch - duplicate patch of
04_Config. pm.dpatch.
- Removed 'debian/examples' - contained Apache VHost example setup files
for Bugzilla.
- Removed section about vhosts from README.Debian.
* debian/rules:
- Removed rules for "vhost conf dir", "examples" and "101_Config.diff"
installation rules.
- Removed part about bugzilla-fr package.
- Remved part about "whine.pl" - now in Makefile.
- Added rules to check the setup with upstream's "checksetup.pl" script.
* debian/control:
- Updated Standards-Version to 3.7.3.
- Updated compatibity level and debhelper build dependency version to 6.
- Added Homepage field to source package stanza.
- Added part about seeing 'bugzilla' package for more info to
'bugzilla-docs'.
- Added libapache2-mod-perl2, libtemplate-perl, libmime-perl,
libappconfig-perl, libdbd-mysql-perl, libtimedate-perl, libgd-gd2-perl,
libgd-text-perl, libxml-twig-perl, perlmagick, libemail-send-perl,
libemail-mime-modifier- perl, libchart-perl, libgd-graph-perl,
libhtml-scrubber- perl, libdbi-perl, libfile-spec-perl, libgd-graph-perl,
libgd-text-perl, libnet-ldap-perl, libxml-parser-perl: to build
dependencies with the necessary versions as stated by upstream in
docs/html/installati on.html - in order to check packaging correctly with
'checksetup.pl' in rules. Also updated the 'bugzilla' dependencies with
the above (LP: #235461).
- Removed dependencies on old "apache" packages as they are no longer in
the archives.
- Moved mail transport agents on 'bugzilla' from Depends to
Suggests (LP: #156405).
* debian/copyright: Updated the downloaded from link.
* debian/bugzilla. docs: Added "QUICKSTART", "rel_notes.txt" and "UPGRADING"
documentation from source tarball for inclusion in package.
* debian/bugzilla- doc.doc- base: Corrected some spelling mistakes.
* debian/bugzilla. postinst: Removed sections about 101_Config.diff.
* Changed 'X_BUGZILLA_SITE' in bugzilla.cron.daily and bugzilla.postinst to
'PROJECT'. - 7. By Michael Bienia
-
* Merge from Debian unstable, remaining changes:
- debian/rules: Install whine.pl in /usr/share/bugzilla/ lib.
- debian/control: Update maintainer field. - 6. By Michele Angrisano <email address hidden>
-
* Merge from Debian unstable, remaining changes:
- debian/rules: Install whine.pl in /usr/share/bugzilla/ lib
- Upate maintainer field in debian/control. - 5. By Barry deFreese
-
* debian/rules: install whine.pl in /usr/share/
bugzilla/ lib
* Closes (LP#: 65682) - 4. By Alexis Sukrieh <email address hidden>
-
* Depends on mysql-client as we provide mysql support with dbconfig-common.
(closes: #398621)
* Urgency set to high to fix the etch RC bug.
* Updated the Bugzilla version (debian minor) in Bugzilla/Config.pm. - 3. By Francesco Paolo Lovergine
-
* NMU 0-days due to serious/important bug solving which prevents
bugzilla entering testing.[ Alexis Sukrieh ]
* Post-inst won't fail anymore when no MySQL server is
available. Added an automatic way of setting up the MySQL server if
/etc/mysql/debian. cnf exists, will read values from it then.
(closes: #250638)
* Using a MySQL user with '-' inside its name won't fail anymore.
(closes unreported bug)
* Better handling on DBI connection errors. When DBI complains about
something, user is not confused anymore by ugly error messages.
(closes: #154249)
* Running checksetup.pl by hand won't break the Bugzilla's installation
anymore. User can use it as he want without running dpkg-reconfigure.
(closes: #200707)[ Francesco P. Lovergine ]
* Now rules removes .cvsignore file which trashes /usr/share/
bugzilla/ template.
* Added virtual package httpd to the list of web server.
(closes: #213784)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/bugzilla