Alexandre Julliard : Import of upstream bugzilla release 4.4.11.
Alexandre Julliard
julliard at wine.codeweavers.com
Thu Dec 24 07:39:48 CST 2015
Module: bugzilla
Branch: upstream
Commit: 6f9bf887fbf23b4c5ca77b6ad2043acd5f49bf63
URL: http://source.winehq.org/git/bugzilla.git/?a=commit;h=6f9bf887fbf23b4c5ca77b6ad2043acd5f49bf63
Author: Alexandre Julliard <julliard at winehq.org>
Date: Thu Dec 24 14:33:49 2015 +0100
Import of upstream bugzilla release 4.4.11.
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
.htaccess | 7 +---
Bugzilla/Constants.pm | 2 +-
Bugzilla/Install/Filesystem.pm | 45 ++++-------------------
Bugzilla/Template.pm | 3 ++
Bugzilla/WebService/Product.pm | 1 +
docs/bugzilla.ent | 12 +++---
docs/bugzilla.ent.tmpl | 4 +-
docs/en/xml/bugzilla.ent | 12 +++---
docs/en/xml/installation.xml | 2 +-
mod_perl.pl | 2 +-
showdependencygraph.cgi | 11 ++++--
template/en/default/pages/release-notes.html.tmpl | 19 ++++++++++
12 files changed, 55 insertions(+), 65 deletions(-)
diff --git a/.htaccess b/.htaccess
index 8b50250..22e6658 100644
--- a/.htaccess
+++ b/.htaccess
@@ -5,12 +5,7 @@
Deny from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Deny from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require all denied
- </IfModule>
+ Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 64356c0..f35e416 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -182,7 +182,7 @@ use Memoize;
# CONSTANTS
#
# Bugzilla version
-use constant BUGZILLA_VERSION => "4.4.10";
+use constant BUGZILLA_VERSION => "4.4.11";
# Location of the remote and local XML files to track new releases.
use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 457f66f..eaca1f8 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -48,12 +48,7 @@ use constant HT_DEFAULT_DENY => <<EOT;
Deny from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Deny from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require all denied
- </IfModule>
+ Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
@@ -349,12 +344,7 @@ EOT
Allow from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Allow from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require all granted
- </IfModule>
+ Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
@@ -368,12 +358,7 @@ EOT
Deny from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Deny from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require all denied
- </IfModule>
+ Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
@@ -393,14 +378,8 @@ EOT
Deny from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Allow from 192.20.225.0/24
- Deny from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require ip 192.20.225.0/24
- Require all denied
- </IfModule>
+ Require ip 192.20.225.0/24
+ Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
@@ -416,12 +395,7 @@ EOT
Allow from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Allow from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require all granted
- </IfModule>
+ Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
@@ -435,12 +409,7 @@ EOT
Deny from all
</IfVersion>
<IfVersion >= 2.4>
- <IfModule mod_perl.c>
- Deny from all
- </IfModule>
- <IfModule !mod_perl.c>
- Require all denied
- </IfModule>
+ Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 72d899c..cfcbc66 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -719,6 +719,9 @@ sub create {
{
my ($var) = @_;
$var = ' ' . $var if substr($var, 0, 1) eq '=';
+ # backslash is not special to CSV, but it can be used to confuse some browsers...
+ # so we do not allow it to happen. We only do this for logged-in users.
+ $var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
$var =~ s/\"/\"\"/g;
if ($var !~ /^-?(\d+\.)?\d*$/) {
$var = "\"$var\"";
diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm
index 1c8d75b..e383cb5 100644
--- a/Bugzilla/WebService/Product.pm
+++ b/Bugzilla/WebService/Product.pm
@@ -28,6 +28,7 @@ use constant PUBLIC_METHODS => qw(
get
get_accessible_products
get_enterable_products
+ get_products
get_selectable_products
update
);
diff --git a/docs/bugzilla.ent b/docs/bugzilla.ent
index 34b6472..5a9e044 100644
--- a/docs/bugzilla.ent
+++ b/docs/bugzilla.ent
@@ -1,5 +1,5 @@
-<!ENTITY bz-ver "4.4.10">
-<!ENTITY bz-date "2015-09-10">
+<!ENTITY bz-ver "4.4.11">
+<!ENTITY bz-date "2015-12-22">
<!ENTITY current-year "2015">
<!ENTITY min-perl-ver "5.8.1">
@@ -52,11 +52,11 @@
<!ENTITY min-io-scalar-ver "any">
<!-- Database Versions -->
-<!ENTITY min-dbd-mysql-ver "4.001">
-<!ENTITY min-mysql-ver "5.0.15">
-<!ENTITY min-dbd-oracle-ver "1.19">
-<!ENTITY min-oracle-ver "10.02.0">
<!ENTITY min-dbd-pg-ver "2.7.0">
<!ENTITY min-pg-ver "8.03.0000">
+<!ENTITY min-dbd-mysql-ver "4.001">
+<!ENTITY min-mysql-ver "5.0.15">
<!ENTITY min-dbd-sqlite-ver "1.29">
<!ENTITY min-sqlite-ver "3.6.22">
+<!ENTITY min-dbd-oracle-ver "1.19">
+<!ENTITY min-oracle-ver "10.02.0">
diff --git a/docs/bugzilla.ent.tmpl b/docs/bugzilla.ent.tmpl
index cb37c0e..f81421a 100644
--- a/docs/bugzilla.ent.tmpl
+++ b/docs/bugzilla.ent.tmpl
@@ -1,5 +1,5 @@
-<!ENTITY bz-ver "4.4.10">
-<!ENTITY bz-date "2015-09-10">
+<!ENTITY bz-ver "4.4.11">
+<!ENTITY bz-date "2015-12-22">
<!ENTITY current-year "2015">
<!ENTITY min-perl-ver "5.8.1">
diff --git a/docs/en/xml/bugzilla.ent b/docs/en/xml/bugzilla.ent
index 34b6472..5a9e044 100644
--- a/docs/en/xml/bugzilla.ent
+++ b/docs/en/xml/bugzilla.ent
@@ -1,5 +1,5 @@
-<!ENTITY bz-ver "4.4.10">
-<!ENTITY bz-date "2015-09-10">
+<!ENTITY bz-ver "4.4.11">
+<!ENTITY bz-date "2015-12-22">
<!ENTITY current-year "2015">
<!ENTITY min-perl-ver "5.8.1">
@@ -52,11 +52,11 @@
<!ENTITY min-io-scalar-ver "any">
<!-- Database Versions -->
-<!ENTITY min-dbd-mysql-ver "4.001">
-<!ENTITY min-mysql-ver "5.0.15">
-<!ENTITY min-dbd-oracle-ver "1.19">
-<!ENTITY min-oracle-ver "10.02.0">
<!ENTITY min-dbd-pg-ver "2.7.0">
<!ENTITY min-pg-ver "8.03.0000">
+<!ENTITY min-dbd-mysql-ver "4.001">
+<!ENTITY min-mysql-ver "5.0.15">
<!ENTITY min-dbd-sqlite-ver "1.29">
<!ENTITY min-sqlite-ver "3.6.22">
+<!ENTITY min-dbd-oracle-ver "1.19">
+<!ENTITY min-oracle-ver "10.02.0">
diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml
index 5ef6be5..4bc2da7 100644
--- a/docs/en/xml/installation.xml
+++ b/docs/en/xml/installation.xml
@@ -1058,7 +1058,7 @@ SetEnv LD_LIBRARY_PATH /u01/app/oracle/product/10.2.0/lib/
AddHandler cgi-script .cgi
Options +ExecCGI
DirectoryIndex index.cgi index.html
-AllowOverride Limit FileInfo Indexes Options
+AllowOverride All
</Directory>
</programlisting>
diff --git a/mod_perl.pl b/mod_perl.pl
index ae15ae5..4794e28 100644
--- a/mod_perl.pl
+++ b/mod_perl.pl
@@ -73,7 +73,7 @@ PerlChildInitHandler "sub { Bugzilla::RNG::srand(); srand(); }"
PerlCleanupHandler Apache2::SizeLimit Bugzilla::ModPerl::CleanupHandler
PerlOptions +ParseHeaders
Options +ExecCGI
- AllowOverride Limit FileInfo Indexes Options
+ AllowOverride All
DirectoryIndex index.cgi index.html
</Directory>
EOT
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 4187bdd..00fd206 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -58,7 +58,7 @@ sub CreateImagemap {
# Pick up bugid from the mapdata label field. Getting the title from
# bugtitle hash instead of mapdata allows us to get the summary even
# when showsummary is off, and also gives us status and resolution.
- my $bugtitle = html_quote(clean_text($bugtitles{$bugid}));
+ my $bugtitle = $bugtitles{$bugid};
$map .= qq{<area alt="bug $bugid" name="bug$bugid" shape="rect" } .
qq{title="$bugtitle" href="$url" } .
qq{coords="$leftx,$topy,$rightx,$bottomy">\n};
@@ -176,13 +176,16 @@ foreach my $k (@bug_ids) {
# Retrieve bug information from the database
my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
+ $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
+
# Resolution and summary are shown only if user can see the bug
- if (!$user->can_see_bug($k)) {
+ if ($user->can_see_bug($k)) {
+ $summary = html_quote(clean_text($summary));
+ }
+ else {
$resolution = $summary = '';
}
- $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id'));
-
my @params;
if ($summary ne "" && $cgi->param('showsummary')) {
diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index d810688..7763413 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -45,6 +45,25 @@
<h2 id="v44_point">Updates in this 4.4.x Release</h2>
+<h3>4.4.11</h3>
+
+<p>This release fixes two security issues. See the
+ <a href="https://www.bugzilla.org/security/4.2.15/">Security Advisory</a>
+ for details.</p>
+
+<p>This release also contains the following [% terms.bug %] fix:</p>
+
+<ul>
+ <li>mod_perl now works correctly with mod_access_compat turned off on
+ Apache 2.4. The (incorrect) fix implemented in [% terms.Bugzilla %] 4.4.9
+ has been backed out. To regenerate the <kbd>.htaccess</kbd> files, you
+ must first delete all existing ones in subdirectories:
+ <pre>find . -mindepth 2 -name .htaccess -exec rm -f {} \;</pre>
+ You must then run <kbd>checksetup.pl</kbd> again to recreate them with
+ the correct syntax.
+ (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1223790">[% terms.Bug %] 1223790</a>)</li>
+</ul>
+
<h3>4.4.10</h3>
<p>This release fixes one security issue. See the
More information about the wine-cvs
mailing list