Module: bugzilla Branch: upstream Commit: 6f9bf887fbf23b4c5ca77b6ad2043acd5f49bf63 URL: http://source.winehq.org/git/bugzilla.git/?a=commit;h=6f9bf887fbf23b4c5ca77b...
Author: Alexandre Julliard julliard@winehq.org Date: Thu Dec 24 14:33:49 2015 +0100
Import of upstream bugzilla release 4.4.11.
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
.htaccess | 7 +--- Bugzilla/Constants.pm | 2 +- Bugzilla/Install/Filesystem.pm | 45 ++++------------------- Bugzilla/Template.pm | 3 ++ Bugzilla/WebService/Product.pm | 1 + docs/bugzilla.ent | 12 +++--- docs/bugzilla.ent.tmpl | 4 +- docs/en/xml/bugzilla.ent | 12 +++--- docs/en/xml/installation.xml | 2 +- mod_perl.pl | 2 +- showdependencygraph.cgi | 11 ++++-- template/en/default/pages/release-notes.html.tmpl | 19 ++++++++++ 12 files changed, 55 insertions(+), 65 deletions(-)
diff --git a/.htaccess b/.htaccess index 8b50250..22e6658 100644 --- a/.htaccess +++ b/.htaccess @@ -5,12 +5,7 @@ Deny from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Deny from all - </IfModule> - <IfModule !mod_perl.c> - Require all denied - </IfModule> + Require all denied </IfVersion> </IfModule> <IfModule !mod_version.c> diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 64356c0..f35e416 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -182,7 +182,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.4.10"; +use constant BUGZILLA_VERSION => "4.4.11";
# Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 457f66f..eaca1f8 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -48,12 +48,7 @@ use constant HT_DEFAULT_DENY => <<EOT; Deny from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Deny from all - </IfModule> - <IfModule !mod_perl.c> - Require all denied - </IfModule> + Require all denied </IfVersion> </IfModule> <IfModule !mod_version.c> @@ -349,12 +344,7 @@ EOT Allow from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Allow from all - </IfModule> - <IfModule !mod_perl.c> - Require all granted - </IfModule> + Require all granted </IfVersion> </IfModule> <IfModule !mod_version.c> @@ -368,12 +358,7 @@ EOT Deny from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Deny from all - </IfModule> - <IfModule !mod_perl.c> - Require all denied - </IfModule> + Require all denied </IfVersion> </IfModule> <IfModule !mod_version.c> @@ -393,14 +378,8 @@ EOT Deny from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Allow from 192.20.225.0/24 - Deny from all - </IfModule> - <IfModule !mod_perl.c> - Require ip 192.20.225.0/24 - Require all denied - </IfModule> + Require ip 192.20.225.0/24 + Require all denied </IfVersion> </IfModule> <IfModule !mod_version.c> @@ -416,12 +395,7 @@ EOT Allow from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Allow from all - </IfModule> - <IfModule !mod_perl.c> - Require all granted - </IfModule> + Require all granted </IfVersion> </IfModule> <IfModule !mod_version.c> @@ -435,12 +409,7 @@ EOT Deny from all </IfVersion> <IfVersion >= 2.4> - <IfModule mod_perl.c> - Deny from all - </IfModule> - <IfModule !mod_perl.c> - Require all denied - </IfModule> + Require all denied </IfVersion> </IfModule> <IfModule !mod_version.c> diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 72d899c..cfcbc66 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -719,6 +719,9 @@ sub create { { my ($var) = @_; $var = ' ' . $var if substr($var, 0, 1) eq '='; + # backslash is not special to CSV, but it can be used to confuse some browsers... + # so we do not allow it to happen. We only do this for logged-in users. + $var =~ s/\/\x{FF3C}/g if Bugzilla->user->id; $var =~ s/"/""/g; if ($var !~ /^-?(\d+.)?\d*$/) { $var = ""$var""; diff --git a/Bugzilla/WebService/Product.pm b/Bugzilla/WebService/Product.pm index 1c8d75b..e383cb5 100644 --- a/Bugzilla/WebService/Product.pm +++ b/Bugzilla/WebService/Product.pm @@ -28,6 +28,7 @@ use constant PUBLIC_METHODS => qw( get get_accessible_products get_enterable_products + get_products get_selectable_products update ); diff --git a/docs/bugzilla.ent b/docs/bugzilla.ent index 34b6472..5a9e044 100644 --- a/docs/bugzilla.ent +++ b/docs/bugzilla.ent @@ -1,5 +1,5 @@ -<!ENTITY bz-ver "4.4.10"> -<!ENTITY bz-date "2015-09-10"> +<!ENTITY bz-ver "4.4.11"> +<!ENTITY bz-date "2015-12-22"> <!ENTITY current-year "2015">
<!ENTITY min-perl-ver "5.8.1"> @@ -52,11 +52,11 @@ <!ENTITY min-io-scalar-ver "any">
<!-- Database Versions --> -<!ENTITY min-dbd-mysql-ver "4.001"> -<!ENTITY min-mysql-ver "5.0.15"> -<!ENTITY min-dbd-oracle-ver "1.19"> -<!ENTITY min-oracle-ver "10.02.0"> <!ENTITY min-dbd-pg-ver "2.7.0"> <!ENTITY min-pg-ver "8.03.0000"> +<!ENTITY min-dbd-mysql-ver "4.001"> +<!ENTITY min-mysql-ver "5.0.15"> <!ENTITY min-dbd-sqlite-ver "1.29"> <!ENTITY min-sqlite-ver "3.6.22"> +<!ENTITY min-dbd-oracle-ver "1.19"> +<!ENTITY min-oracle-ver "10.02.0"> diff --git a/docs/bugzilla.ent.tmpl b/docs/bugzilla.ent.tmpl index cb37c0e..f81421a 100644 --- a/docs/bugzilla.ent.tmpl +++ b/docs/bugzilla.ent.tmpl @@ -1,5 +1,5 @@ -<!ENTITY bz-ver "4.4.10"> -<!ENTITY bz-date "2015-09-10"> +<!ENTITY bz-ver "4.4.11"> +<!ENTITY bz-date "2015-12-22"> <!ENTITY current-year "2015">
<!ENTITY min-perl-ver "5.8.1"> diff --git a/docs/en/xml/bugzilla.ent b/docs/en/xml/bugzilla.ent index 34b6472..5a9e044 100644 --- a/docs/en/xml/bugzilla.ent +++ b/docs/en/xml/bugzilla.ent @@ -1,5 +1,5 @@ -<!ENTITY bz-ver "4.4.10"> -<!ENTITY bz-date "2015-09-10"> +<!ENTITY bz-ver "4.4.11"> +<!ENTITY bz-date "2015-12-22"> <!ENTITY current-year "2015">
<!ENTITY min-perl-ver "5.8.1"> @@ -52,11 +52,11 @@ <!ENTITY min-io-scalar-ver "any">
<!-- Database Versions --> -<!ENTITY min-dbd-mysql-ver "4.001"> -<!ENTITY min-mysql-ver "5.0.15"> -<!ENTITY min-dbd-oracle-ver "1.19"> -<!ENTITY min-oracle-ver "10.02.0"> <!ENTITY min-dbd-pg-ver "2.7.0"> <!ENTITY min-pg-ver "8.03.0000"> +<!ENTITY min-dbd-mysql-ver "4.001"> +<!ENTITY min-mysql-ver "5.0.15"> <!ENTITY min-dbd-sqlite-ver "1.29"> <!ENTITY min-sqlite-ver "3.6.22"> +<!ENTITY min-dbd-oracle-ver "1.19"> +<!ENTITY min-oracle-ver "10.02.0"> diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index 5ef6be5..4bc2da7 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1058,7 +1058,7 @@ SetEnv LD_LIBRARY_PATH /u01/app/oracle/product/10.2.0/lib/ AddHandler cgi-script .cgi Options +ExecCGI DirectoryIndex index.cgi index.html -AllowOverride Limit FileInfo Indexes Options +AllowOverride All </Directory> </programlisting>
diff --git a/mod_perl.pl b/mod_perl.pl index ae15ae5..4794e28 100644 --- a/mod_perl.pl +++ b/mod_perl.pl @@ -73,7 +73,7 @@ PerlChildInitHandler "sub { Bugzilla::RNG::srand(); srand(); }" PerlCleanupHandler Apache2::SizeLimit Bugzilla::ModPerl::CleanupHandler PerlOptions +ParseHeaders Options +ExecCGI - AllowOverride Limit FileInfo Indexes Options + AllowOverride All DirectoryIndex index.cgi index.html </Directory> EOT diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 4187bdd..00fd206 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -58,7 +58,7 @@ sub CreateImagemap { # Pick up bugid from the mapdata label field. Getting the title from # bugtitle hash instead of mapdata allows us to get the summary even # when showsummary is off, and also gives us status and resolution. - my $bugtitle = html_quote(clean_text($bugtitles{$bugid})); + my $bugtitle = $bugtitles{$bugid}; $map .= qq{<area alt="bug $bugid" name="bug$bugid" shape="rect" } . qq{title="$bugtitle" href="$url" } . qq{coords="$leftx,$topy,$rightx,$bottomy">\n}; @@ -176,13 +176,16 @@ foreach my $k (@bug_ids) { # Retrieve bug information from the database my ($stat, $resolution, $summary) = $dbh->selectrow_array($sth, undef, $k);
+ $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); + # Resolution and summary are shown only if user can see the bug - if (!$user->can_see_bug($k)) { + if ($user->can_see_bug($k)) { + $summary = html_quote(clean_text($summary)); + } + else { $resolution = $summary = ''; }
- $vars->{'short_desc'} = $summary if ($k eq $cgi->param('id')); - my @params;
if ($summary ne "" && $cgi->param('showsummary')) { diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index d810688..7763413 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -45,6 +45,25 @@
<h2 id="v44_point">Updates in this 4.4.x Release</h2>
+<h3>4.4.11</h3> + +<p>This release fixes two security issues. See the + <a href="https://www.bugzilla.org/security/4.2.15/">Security Advisory</a> + for details.</p> + +<p>This release also contains the following [% terms.bug %] fix:</p> + +<ul> + <li>mod_perl now works correctly with mod_access_compat turned off on + Apache 2.4. The (incorrect) fix implemented in [% terms.Bugzilla %] 4.4.9 + has been backed out. To regenerate the <kbd>.htaccess</kbd> files, you + must first delete all existing ones in subdirectories: + <pre>find . -mindepth 2 -name .htaccess -exec rm -f {} ;</pre> + You must then run <kbd>checksetup.pl</kbd> again to recreate them with + the correct syntax. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1223790">[% terms.Bug %] 1223790</a>)</li> +</ul> + <h3>4.4.10</h3>
<p>This release fixes one security issue. See the