From owner-svn-ports-head@FreeBSD.ORG Thu Oct 17 19:35:29 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id F3079646; Thu, 17 Oct 2013 19:35:28 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DE3F32C72; Thu, 17 Oct 2013 19:35:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r9HJZSJT094299; Thu, 17 Oct 2013 19:35:28 GMT (envelope-from ohauer@svn.freebsd.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r9HJZMGv094248; Thu, 17 Oct 2013 19:35:22 GMT (envelope-from ohauer@svn.freebsd.org) Message-Id: <201310171935.r9HJZMGv094248@svn.freebsd.org> From: Olli Hauer Date: Thu, 17 Oct 2013 19:35:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r330666 - in head: . devel devel/bugzilla devel/bugzilla40 devel/bugzilla42 devel/bugzilla44 german german/bugzilla german/bugzilla40 german/bugzilla42 german/bugzilla44 japanese japane... X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2013 19:35:29 -0000 Author: ohauer Date: Thu Oct 17 19:35:22 2013 New Revision: 330666 URL: http://svnweb.freebsd.org/changeset/ports/330666 Log: - update to latest release [1] - use PKGNAMESUFFIX instead LATEST_LINK - whitespace cleanup - svn mv */bugzilla to */bugzilla40 - add vuxml entry 4.4.1, 4.2.7, and 4.0.11 Security Advisory Wednesday Oct 16th, 2013 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only can lead to a bug being edited without the user consent. * A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. * Several unfiltered parameters when editing flagtypes can lead to XSS. * Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered field values in tabular reports can lead to XSS. All affected installations are encouraged to upgrade as soon as possible. [1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d CVE-2013-1733 CVE-2013-1734 CVE-2013-1742 CVE-2013-1743 Added: head/devel/bugzilla40/ - copied from r330662, head/devel/bugzilla/ head/german/bugzilla40/ - copied from r330663, head/german/bugzilla/ head/japanese/bugzilla40/ - copied from r330664, head/japanese/bugzilla/ head/russian/bugzilla40/ - copied from r330663, head/russian/bugzilla/ Deleted: head/devel/bugzilla/ head/german/bugzilla/ head/japanese/bugzilla/ head/russian/bugzilla/ Modified: head/MOVED head/devel/Makefile head/devel/bugzilla40/Makefile head/devel/bugzilla40/Makefile.common head/devel/bugzilla40/Makefile.options head/devel/bugzilla40/distinfo head/devel/bugzilla40/pkg-plist head/devel/bugzilla42/Makefile head/devel/bugzilla42/Makefile.common head/devel/bugzilla42/Makefile.options head/devel/bugzilla42/distinfo head/devel/bugzilla42/pkg-plist head/devel/bugzilla44/Makefile head/devel/bugzilla44/Makefile.common head/devel/bugzilla44/distinfo head/devel/bugzilla44/pkg-plist head/german/Makefile head/german/bugzilla40/Makefile head/german/bugzilla42/Makefile head/german/bugzilla44/Makefile head/japanese/Makefile head/japanese/bugzilla40/Makefile head/japanese/bugzilla42/Makefile head/japanese/bugzilla44/Makefile head/russian/Makefile head/russian/bugzilla40/Makefile head/russian/bugzilla42/Makefile head/security/vuxml/vuln.xml Modified: head/MOVED ============================================================================== --- head/MOVED Thu Oct 17 19:22:58 2013 (r330665) +++ head/MOVED Thu Oct 17 19:35:22 2013 (r330666) @@ -5116,3 +5116,6 @@ audio/akode-plugins-oss||2013-10-17|Remo audio/akode-plugins-pulseaudio||2013-10-17|Removed: Dependency of KDE 3.x audio/akode-plugins-resampler||2013-10-17|Removed: Dependency of KDE 3.x audio/akode-plugins-xiph||2013-10-17|Removed: Dependency of KDE 3.x +german/bugzilla|german/bugzilla40|2013-10-17|Reflect PORTNAME +japanese/bugzilla|japanese/bugzilla40|2013-10-17|Reflect PORTNAME +russian/bugzilla|russian/bugzilla40|2013-10-17|Reflect PORTNAME Modified: head/devel/Makefile ============================================================================== --- head/devel/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -147,7 +147,7 @@ SUBDIR += bsdlibdwarf SUBDIR += bufferpool SUBDIR += bug-buddy - SUBDIR += bugzilla + SUBDIR += bugzilla40 SUBDIR += bugzilla42 SUBDIR += bugzilla44 SUBDIR += build Modified: head/devel/bugzilla40/Makefile ============================================================================== --- head/devel/bugzilla/Makefile Thu Oct 17 18:21:55 2013 (r330662) +++ head/devel/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.0.10 +PORTVERSION= 4.0.11 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived @@ -44,8 +44,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib USE_APACHE_RUN= 22+ .endif -.include - .if ${PORT_OPTIONS:MMYSQL} USE_MYSQL= yes RUN_DEPENDS+= p5-DBD-mysql>=2.9003:${PORTSDIR}/databases/p5-DBD-mysql @@ -175,4 +173,4 @@ do-install: .SILENT ${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \; .endif -.include +.include Modified: head/devel/bugzilla40/Makefile.common ============================================================================== --- head/devel/bugzilla/Makefile.common Thu Oct 17 18:21:55 2013 (r330662) +++ head/devel/bugzilla40/Makefile.common Thu Oct 17 19:35:22 2013 (r330666) @@ -1,8 +1,10 @@ # $FreeBSD$ DIST_SUBDIR= ${PORTNAME} +PKGNAMESUFFIX= 40 CONFLICTS_INSTALL= \ + bugzilla4[^0].* \ bugzilla-4.[^0].* PORTSCOUT= limit:^4\.0\. Modified: head/devel/bugzilla40/Makefile.options ============================================================================== --- head/devel/bugzilla/Makefile.options Thu Oct 17 18:21:55 2013 (r330662) +++ head/devel/bugzilla40/Makefile.options Thu Oct 17 19:35:22 2013 (r330666) @@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \ EXPORT_IMPORT \ CONTRIB -OPTIONS_GROUP_ATTACHMENT= \ +OPTIONS_GROUP_ATTACHMENT=\ BMP2PNG -OPTIONS_GROUP_AUTH= \ +OPTIONS_GROUP_AUTH= \ LDAP \ RADIUS Modified: head/devel/bugzilla40/distinfo ============================================================================== --- head/devel/bugzilla/distinfo Thu Oct 17 18:21:55 2013 (r330662) +++ head/devel/bugzilla40/distinfo Thu Oct 17 19:35:22 2013 (r330666) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.0.10.tar.gz) = cdf8a596f34bd0f773a0c9c728a0dd8ed0214d9f19e142e918b25294202e3fa2 -SIZE (bugzilla/bugzilla-4.0.10.tar.gz) = 2804655 +SHA256 (bugzilla/bugzilla-4.0.11.tar.gz) = d2e454a5a705f3728a6645c27793f7c8d3058dda675704eac4a9a856f16b0c0f +SIZE (bugzilla/bugzilla-4.0.11.tar.gz) = 2785420 Modified: head/devel/bugzilla40/pkg-plist ============================================================================== --- head/devel/bugzilla/pkg-plist Thu Oct 17 18:21:55 2013 (r330662) +++ head/devel/bugzilla40/pkg-plist Thu Oct 17 19:35:22 2013 (r330666) @@ -971,6 +971,8 @@ @dirrmtry %%WWWDIR%%/js/yui @dirrmtry %%WWWDIR%%/js @dirrm %%WWWDIR%%/images +@dirrmtry %%WWWDIR%%/graphs +@dirrmtry %%WWWDIR%%/data %%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline %%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit @dirrmtry %%WWWDIR%%/contrib @@ -996,8 +998,6 @@ @dirrm %%WWWDIR%%/Bugzilla/Auth @dirrm %%WWWDIR%%/Bugzilla/Attachment @dirrmtry %%WWWDIR%%/Bugzilla -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/graphs @dirrmtry %%WWWDIR%% %%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch %%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML @@ -1030,9 +1030,3 @@ %%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html %%PORTDOCS%%@dirrm %%DOCSDIR%%/en %%PORTDOCS%%@dirrm %%DOCSDIR%% -@exec mkdir -p %D/%%WWWDIR%%/xt -@exec mkdir -p %D/%%WWWDIR%%/t -@exec mkdir -p %D/%%WWWDIR%%/lib -@exec mkdir -p %D/%%WWWDIR%%/graphs -@exec mkdir -p %D/%%WWWDIR%%/data -@exec mkdir -p %D/%%WWWDIR%%/contrib Modified: head/devel/bugzilla42/Makefile ============================================================================== --- head/devel/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.2.6 +PORTVERSION= 4.2.7 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived @@ -25,8 +25,6 @@ RUN_DEPENDS= \ p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \ p5-URI>=1.37:${PORTSDIR}/net/p5-URI -LATEST_LINK= bugzilla42 - USES= perl5 USE_PERL5= patch run build @@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib USE_APACHE_RUN= 22+ .endif -.include - .if ${PORT_OPTIONS:MMYSQL} USE_MYSQL= yes RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql @@ -184,4 +180,4 @@ do-install: .SILENT ${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \; .endif -.include +.include Modified: head/devel/bugzilla42/Makefile.common ============================================================================== --- head/devel/bugzilla42/Makefile.common Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla42/Makefile.common Thu Oct 17 19:35:22 2013 (r330666) @@ -1,8 +1,10 @@ # $FreeBSD$ DIST_SUBDIR= ${PORTNAME} +PKGNAMESUFFIX= 42 CONFLICTS_INSTALL= \ + bugzilla4[^2].* \ bugzilla-4.[^2].* PORTSCOUT= limitw:1,even Modified: head/devel/bugzilla42/Makefile.options ============================================================================== --- head/devel/bugzilla42/Makefile.options Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla42/Makefile.options Thu Oct 17 19:35:22 2013 (r330666) @@ -11,10 +11,10 @@ OPTIONS_GROUP_ADMIN= \ EXPORT_IMPORT \ CONTRIB -OPTIONS_GROUP_ATTACHMENT= \ +OPTIONS_GROUP_ATTACHMENT=\ BMP2PNG -OPTIONS_GROUP_AUTH= \ +OPTIONS_GROUP_AUTH= \ LDAP \ RADIUS Modified: head/devel/bugzilla42/distinfo ============================================================================== --- head/devel/bugzilla42/distinfo Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla42/distinfo Thu Oct 17 19:35:22 2013 (r330666) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.2.6.tar.gz) = 16ede21f92e672ed19aadeddd24136a8ec76ec14e6bf9627fe33207f2531807d -SIZE (bugzilla/bugzilla-4.2.6.tar.gz) = 2425903 +SHA256 (bugzilla/bugzilla-4.2.7.tar.gz) = c2350e02e287f10dc21d7a1813d5311d84804fb1f3418d4ef5c7e335458fc189 +SIZE (bugzilla/bugzilla-4.2.7.tar.gz) = 2964784 Modified: head/devel/bugzilla42/pkg-plist ============================================================================== --- head/devel/bugzilla42/pkg-plist Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla42/pkg-plist Thu Oct 17 19:35:22 2013 (r330666) @@ -179,7 +179,7 @@ %%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif %%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif %%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif -@comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf +%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf %%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt %%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt %%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml @@ -987,6 +987,8 @@ @dirrmtry %%WWWDIR%%/js/history.js @dirrmtry %%WWWDIR%%/js @dirrm %%WWWDIR%%/images +@dirrmtry %%WWWDIR%%/graphs +@dirrmtry %%WWWDIR%%/data %%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline %%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit @dirrmtry %%WWWDIR%%/contrib @@ -1014,8 +1016,6 @@ @dirrm %%WWWDIR%%/Bugzilla/Auth @dirrm %%WWWDIR%%/Bugzilla/Attachment @dirrmtry %%WWWDIR%%/Bugzilla -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/graphs @dirrmtry %%WWWDIR%% %%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch %%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTML @@ -1048,9 +1048,3 @@ %%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html %%PORTDOCS%%@dirrm %%DOCSDIR%%/en %%PORTDOCS%%@dirrm %%DOCSDIR%% -@exec mkdir -p %D/%%WWWDIR%%/xt -@exec mkdir -p %D/%%WWWDIR%%/t -@exec mkdir -p %D/%%WWWDIR%%/lib -@exec mkdir -p %D/%%WWWDIR%%/graphs -@exec mkdir -p %D/%%WWWDIR%%/data -@exec mkdir -p %D/%%WWWDIR%%/contrib Modified: head/devel/bugzilla44/Makefile ============================================================================== --- head/devel/bugzilla44/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla44/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.4 +PORTVERSION= 4.4.1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_MOZILLA} MASTER_SITE_SUBDIR= webtools webtools/archived @@ -25,8 +25,6 @@ RUN_DEPENDS= \ p5-TimeDate>=1.19:${PORTSDIR}/devel/p5-TimeDate \ p5-URI>=1.37:${PORTSDIR}/net/p5-URI -LATEST_LINK= bugzilla44 - USES= perl5 USE_PERL5= patch build run @@ -47,8 +45,6 @@ EMPTY_DIRS_LIST=data graphs contrib lib USE_APACHE_RUN= 22+ .endif -.include - .if ${PORT_OPTIONS:MMYSQL} USE_MYSQL= yes RUN_DEPENDS+= p5-DBD-mysql>=4.0001:${PORTSDIR}/databases/p5-DBD-mysql @@ -175,6 +171,8 @@ post-patch: @${FIND} ${WRKSRC} \( -name "CVS" -or -name ".cvsignore" -or -name "*.orig" \ -or -name "*.bak" -or -name ".bzr*" -or -name "README.docs" \) \ | ${XARGS} ${RM} -rf +# empty leftover + @${RM} ${WRKSRC}/docs/en/html/Bugzilla-Guide.proc do-install: .SILENT ${MKDIR} ${STAGEDIR}${WWWDIR} @@ -198,4 +196,4 @@ do-install: .SILENT ${FIND} . -type f -exec ${INSTALL_DATA} "{}" "${STAGEDIR}${WWWDIR}/contrib/{}" \; .endif -.include +.include Modified: head/devel/bugzilla44/Makefile.common ============================================================================== --- head/devel/bugzilla44/Makefile.common Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla44/Makefile.common Thu Oct 17 19:35:22 2013 (r330666) @@ -1,8 +1,10 @@ # $FreeBSD$ DIST_SUBDIR= ${PORTNAME} +PKGNAMESUFFIX= 44 CONFLICTS_INSTALL= \ + bugzilla4[^4].* \ bugzilla-4.[^4].* PORTSCOUT= limitw:1,even Modified: head/devel/bugzilla44/distinfo ============================================================================== --- head/devel/bugzilla44/distinfo Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla44/distinfo Thu Oct 17 19:35:22 2013 (r330666) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/bugzilla-4.4.tar.gz) = 709e1b07ca23a91fbf5fb3d34645a8b574af39034b216daa1811effd02ebd72e -SIZE (bugzilla/bugzilla-4.4.tar.gz) = 2441533 +SHA256 (bugzilla/bugzilla-4.4.1.tar.gz) = cc63513b98f7f0a523c58c642554ec72ee1e941f7d13c306e2e8c7e4cceeb428 +SIZE (bugzilla/bugzilla-4.4.1.tar.gz) = 2966058 Modified: head/devel/bugzilla44/pkg-plist ============================================================================== --- head/devel/bugzilla44/pkg-plist Thu Oct 17 19:22:58 2013 (r330665) +++ head/devel/bugzilla44/pkg-plist Thu Oct 17 19:35:22 2013 (r330666) @@ -183,7 +183,7 @@ %%PORTDOCS%%%%DOCSDIR%%/en/images/note.gif %%PORTDOCS%%%%DOCSDIR%%/en/images/tip.gif %%PORTDOCS%%%%DOCSDIR%%/en/images/warning.gif -@comment %%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf +%%PORTDOCS%%%%DOCSDIR%%/en/pdf/Bugzilla-Guide.pdf %%PORTDOCS%%%%DOCSDIR%%/en/rel_notes.txt %%PORTDOCS%%%%DOCSDIR%%/en/txt/Bugzilla-Guide.txt %%PORTDOCS%%%%DOCSDIR%%/en/xml/Bugzilla-Guide.xml @@ -999,6 +999,8 @@ @dirrmtry %%WWWDIR%%/js/history.js @dirrmtry %%WWWDIR%%/js @dirrm %%WWWDIR%%/images +@dirrmtry %%WWWDIR%%/graphs +@dirrmtry %%WWWDIR%%/data %%CONTRIB%%@dirrm %%WWWDIR%%/contrib/cmdline %%CONTRIB%%@dirrm %%WWWDIR%%/contrib/bugzilla-submit @dirrmtry %%WWWDIR%%/contrib @@ -1027,8 +1029,6 @@ @dirrm %%WWWDIR%%/Bugzilla/Auth @dirrm %%WWWDIR%%/Bugzilla/Attachment @dirrmtry %%WWWDIR%%/Bugzilla -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/graphs @dirrmtry %%WWWDIR%% %%PORTDOCS%%@dirrm %%DOCSDIR%%/xsl %%PORTDOCS%%@dirrm %%DOCSDIR%%/lib/Pod/Simple/HTMLBatch @@ -1062,10 +1062,3 @@ %%PORTDOCS%%@dirrm %%DOCSDIR%%/en/html %%PORTDOCS%%@dirrm %%DOCSDIR%%/en %%PORTDOCS%%@dirrm %%DOCSDIR%% -@exec mkdir -p %D/%%WWWDIR%%/xt -@exec mkdir -p %D/%%WWWDIR%%/t -@exec mkdir -p %D/%%WWWDIR%%/lib -@exec mkdir -p %D/%%WWWDIR%%/graphs -@exec mkdir -p %D/%%WWWDIR%%/data -@exec mkdir -p %D/%%WWWDIR%%/contrib -%%PORTDOCS%%@exec mkdir -p %D/%%DOCSDIR%%/en/pdf Modified: head/german/Makefile ============================================================================== --- head/german/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/german/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -11,7 +11,7 @@ SUBDIR += bsdforen-firefox-searchplugin SUBDIR += bsdgroup-firefox-searchplugin SUBDIR += bsdpaste - SUBDIR += bugzilla + SUBDIR += bugzilla40 SUBDIR += bugzilla42 SUBDIR += bugzilla44 SUBDIR += calligra-l10n Modified: head/german/bugzilla40/Makefile ============================================================================== --- head/german/bugzilla/Makefile Thu Oct 17 18:49:09 2013 (r330663) +++ head/german/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -10,9 +10,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf MAINTAINER= bugzilla@FreeBSD.org COMMENT= German localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla - -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla +RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla NO_WRKSUBDIR= yes Modified: head/german/bugzilla42/Makefile ============================================================================== --- head/german/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/german/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -10,9 +10,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf MAINTAINER= bugzilla@FreeBSD.org COMMENT= German localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 - -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42 +RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 NO_WRKSUBDIR= yes Modified: head/german/bugzilla44/Makefile ============================================================================== --- head/german/bugzilla44/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/german/bugzilla44/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -11,9 +11,7 @@ DISTNAME= germzilla-${PORTVERSION}-1.utf MAINTAINER= bugzilla@FreeBSD.org COMMENT= German localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44 - -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla44 +RUN_DEPENDS= bugzilla44>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44 NO_WRKSUBDIR= yes Modified: head/japanese/Makefile ============================================================================== --- head/japanese/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/japanese/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -25,7 +25,7 @@ SUBDIR += awffull SUBDIR += bible_names-fpw SUBDIR += bookview - SUBDIR += bugzilla + SUBDIR += bugzilla40 SUBDIR += bugzilla42 SUBDIR += bugzilla44 SUBDIR += calligra-l10n Modified: head/japanese/bugzilla40/Makefile ============================================================================== --- head/japanese/bugzilla/Makefile Thu Oct 17 18:57:57 2013 (r330664) +++ head/japanese/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -11,7 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-tem MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla +RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla40 NO_WRKSUBDIR= yes Modified: head/japanese/bugzilla42/Makefile ============================================================================== --- head/japanese/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/japanese/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -11,9 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-tem MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 - -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42 +RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 NO_WRKSUBDIR= yes Modified: head/japanese/bugzilla44/Makefile ============================================================================== --- head/japanese/bugzilla44/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/japanese/bugzilla44/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -11,9 +11,7 @@ DISTNAME= Bugzilla-ja-${PORTVERSION}-tem MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44 - -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla44 +RUN_DEPENDS= bugzilla44>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla44 NO_WRKSUBDIR= yes Modified: head/russian/Makefile ============================================================================== --- head/russian/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/russian/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -6,7 +6,7 @@ SUBDIR += MT SUBDIR += artwiz-ru SUBDIR += aspell - SUBDIR += bugzilla + SUBDIR += bugzilla40 SUBDIR += bugzilla42 SUBDIR += calligra-l10n SUBDIR += d1489 Modified: head/russian/bugzilla40/Makefile ============================================================================== --- head/russian/bugzilla/Makefile Thu Oct 17 18:49:09 2013 (r330663) +++ head/russian/bugzilla40/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -10,7 +10,7 @@ DISTNAME= bugzilla-${PORTVERSION}-ru-201 MAINTAINER= bugzilla@FreeBSD.org COMMENT= Russian localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla +RUN_DEPENDS= bugzilla40>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla40 WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru Modified: head/russian/bugzilla42/Makefile ============================================================================== --- head/russian/bugzilla42/Makefile Thu Oct 17 19:22:58 2013 (r330665) +++ head/russian/bugzilla42/Makefile Thu Oct 17 19:35:22 2013 (r330666) @@ -10,14 +10,12 @@ DISTNAME= bugzilla-${PORTVERSION}-ru-201 MAINTAINER= bugzilla@FreeBSD.org COMMENT= Russian localization for Bugzilla -RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 +RUN_DEPENDS= bugzilla42>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42 WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.ru .include "${.CURDIR}/../../devel/bugzilla42/Makefile.common" -LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42 - do-install: ${MKDIR} ${STAGEDIR}${WWWDIR} (cd ${WRKSRC}/ && ${PAX} -r -w * ${STAGEDIR}${WWWDIR}) Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Oct 17 19:22:58 2013 (r330665) +++ head/security/vuxml/vuln.xml Thu Oct 17 19:35:22 2013 (r330666) @@ -51,6 +51,67 @@ Note: Please add new entries to the beg --> + + bugzilla -- multiple vulnerabilities + + + bugzilla + bugzilla40 + bugzilla42 + bugzilla44 + 4.0.04.0.11 + 4.2.04.2.7 + 4.44.4.1 + + + + +

A Bugzilla Security Advisory reports:

+
+

Cross-Site Request Forgery

+

When a user submits changes to a bug right after another + user did, a midair collision page is displayed to inform + the user about changes recently made. This page contains + a token which can be used to validate the changes if the + user decides to submit his changes anyway. A regression + in Bugzilla 4.4 caused this token to be recreated if a + crafted URL was given, even when no midair collision page + was going to be displayed, allowing an attacker to bypass + the token check and abuse a user to commit changes on his + behalf.

+

Cross-Site Request Forgery

+

When an attachment is edited, a token is generated to + validate changes made by the user. Using a crafted URL, + an attacker could force the token to be recreated, + allowing him to bypass the token check and abuse a user + to commit changes on his behalf.

+

Cross-Site Scripting

+

Some parameters passed to editflagtypes.cgi were not + correctly filtered in the HTML page, which could lead + to XSS.

+

Cross-Site Scripting

+

Due to an incomplete fix for CVE-2012-4189, some + incorrectly filtered field values in tabular reports + could lead to XSS.

+
+ + + + CVE-2013-1733 + https://bugzilla.mozilla.org/show_bug.cgi?id=911593 + CVE-2013-1734 + https://bugzilla.mozilla.org/show_bug.cgi?id=913904 + CVE-2013-1742 + https://bugzilla.mozilla.org/show_bug.cgi?id=924802 + CVE-2013-1743 + https://bugzilla.mozilla.org/show_bug.cgi?id=924932 + + + 2013-10-16 + 2013-10-17 + + + dropbear -- exposure of sensitive information, DoS