pool/bugzilla
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 402822 from home:ecsos:server

Browse Source 
update to 5.0.3; security fix and bug fix.

OBS-URL: https://build.opensuse.org/request/show/402822
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/bugzilla?expand=0&rev=8
This commit is contained in:
Martin Pluskal 2016-06-17 06:19:45 +00:00 committed by Git OBS Bridge
parent b5a5adcac3
commit 8736bf79c3
5 changed files with 34 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bugzilla-5.0.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:82fa7bc8e27cfc9fe42d3fce3bfb6e7536bba245d76c2ee268d56253d16e3de3
size 4004728

3
bugzilla-5.0.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:594d1d6813f4731b71fbbf3809d4d7e3511f1cd73e12fcad9f498319ff2fcadc
size 4069689

29
bugzilla.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Thu Jun 16 13:10:15 UTC 2016 - ecsos@opensuse.org
- update to 5.0.3
This release fixes one security issue and some bug fixes.
https://www.bugzilla.org/releases/5.0.3/release-notes.html
- A regression in Bugzilla 5.0.2 caused whine.pl to be unable
to send emails due to a missing subroutine. (Bug 1235395)
- The Encode module changed the way it encodes strings,
causing email addresses in emails sent by Bugzilla to be encoded,
preventing emails from being correctly delivered to recipients.
We now encode email headers correctly. (Bug 1246228)
- Fix additional taint issues with Strawberry Perl.
(Bug 987742 and bug 1089448)
- When exporting a buglist as a CSV file, fields starting with
either "=", "+", "-" or "@" are preceded by a space to not
trigger formula execution in Excel. (Bug 1259881)
- An extension which allows user-controlled data to be used as
a link in tabs could trigger XSS if the data is not correctly
sanitized. Bugzilla no longer relies on the extension to do the
sanity check. A vanilla installation is not affected as no tab
is user-controlled. (Bug 1250114)
- Extensions can now easily override the favicon used for the
Bugzilla website. (Bug 1250264)
- Security fix:
* (CVE-2016-2803)
https://www.bugzilla.org/security/4.4.11/
- rework patch fix_whine_error.patch because most now in upstream
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 25 07:53:00 UTC 2016 - ecsos@opensuse.org Mon Jan 25 07:53:00 UTC 2016 - ecsos@opensuse.org

3
bugzilla.spec
View File

@ -20,7 +20,7 @@
%define has_systemd 1 %define has_systemd 1
%endif %endif
Name: bugzilla Name: bugzilla
Version: 5.0.2 Version: 5.0.3
Release: 0 Release: 0
Summary: Bug tracker for software development Summary: Bug tracker for software development
License: MPL-2.0 License: MPL-2.0
@ -87,6 +87,7 @@ Requires: perl-Module-Pluggable
Requires: perl-Object-Pluggable Requires: perl-Object-Pluggable
Requires: perl-Cache-Memcached Requires: perl-Cache-Memcached
Requires: perl-File-Copy-Recursive Requires: perl-File-Copy-Recursive
Requires: perl-File-Which
Recommends: perl-DBD-Oracle >= 1.19 Recommends: perl-DBD-Oracle >= 1.19
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch

111
fix_whine_error.patch
View File

@ -1,114 +1,3 @@
diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm
index 7ae81299fde2aee4342a37b2401fd52a0b3aab0f..2d29dd8060bd6f4657b1b0bc6395456e700e0c35 100644
--- a/Bugzilla/Mailer.pm
+++ b/Bugzilla/Mailer.pm
@@ -12,13 +12,13 @@ use strict;
use warnings;
use parent qw(Exporter);
-@Bugzilla::Mailer::EXPORT = qw(MessageToMTA build_thread_marker);
-
+@Bugzilla::Mailer::EXPORT = qw(MessageToMTA build_thread_marker generate_email);
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Hook;
use Bugzilla::MIME;
use Bugzilla::Util;
+use Bugzilla::User;
use Date::Format qw(time2str);
@@ -161,6 +161,67 @@ sub send_staged_mail {
}
}
+sub generate_email {
+ my ($vars, $templates) = @_;
+ my ($lang, $email_format, $msg_text, $msg_html, $msg_header);
+ state $use_utf8 = Bugzilla->params->{'utf8'};
+
+ if ($vars->{to_user}) {
+ $lang = $vars->{to_user}->setting('lang');
+ $email_format = $vars->{to_user}->setting('email_format');
+ } else {
+ # If there are users in the CC list who don't have an account,
+ # use the default language for email notifications.
+ $lang = Bugzilla::User->new()->setting('lang');
+ # However we cannot fall back to the default email_format, since
+ # it may be HTML, and many of the includes used in the HTML
+ # template require a valid user object. Instead we fall back to
+ # the plaintext template.
+ $email_format = 'text_only';
+ }
+
+ my $template = Bugzilla->template_inner($lang);
+
+ $template->process($templates->{header}, $vars, \$msg_header)
+ || ThrowTemplateError($template->error());
+ $template->process($templates->{text}, $vars, \$msg_text)
+ || ThrowTemplateError($template->error());
+
+ my @parts = (
+ Bugzilla::MIME->create(
+ attributes => {
+ content_type => 'text/plain',
+ charset => $use_utf8 ? 'UTF-8' : 'iso-8859-1',
+ encoding => 'quoted-printable',
+ },
+ body_str => $msg_text,
+ )
+ );
+ if ($templates->{html} && $email_format eq 'html') {
+ $template->process($templates->{html}, $vars, \$msg_html)
+ || ThrowTemplateError($template->error());
+ push @parts, Bugzilla::MIME->create(
+ attributes => {
+ content_type => 'text/html',
+ charset => $use_utf8 ? 'UTF-8' : 'iso-8859-1',
+ encoding => 'quoted-printable',
+ },
+ body_str => $msg_html,
+ );
+ }
+
+ my $email = Bugzilla::MIME->new($msg_header);
+ if (scalar(@parts) == 1) {
+ $email->content_type_set($parts[0]->content_type);
+ } else {
+ $email->content_type_set('multipart/alternative');
+ # Some mail clients need same encoding for each part, even empty ones.
+ $email->charset_set('UTF-8') if $use_utf8;
+ }
+ $email->parts_set(\@parts);
+ return $email;
+}
+
1;
__END__
@@ -173,6 +234,10 @@ Bugzilla::Mailer - Provides methods for sending email
=over
+=item C<generate_email>
+
+Generates a multi-part email message, using the supplied list of templates.
+
=item C<MessageToMTA>
Sends the passed message to the mail transfer agent.
diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
index 30ebc7c6cd564080589ad04db4aedcb59d63290a..0c0cb458d554b2def12164e35d848d8a4c9583de 100644
--- a/Bugzilla/Product.pm
+++ b/Bugzilla/Product.pm
@@ -22,7 +22,6 @@ use Bugzilla::Milestone;
use Bugzilla::Field;
use Bugzilla::Status;
use Bugzilla::Install::Requirements;
-use Bugzilla::Mailer;
use Bugzilla::Series;
use Bugzilla::Hook;
use Bugzilla::FlagType;
diff --git a/whine.pl b/whine.pl diff --git a/whine.pl b/whine.pl
index 39c9aeed2e766824a900459c4364c6831ba82744..c81ca2022db3d8e6b32dfe1464569b17f6e75374 100755 index 39c9aeed2e766824a900459c4364c6831ba82744..c81ca2022db3d8e6b32dfe1464569b17f6e75374 100755
--- a/whine.pl --- a/whine.pl