Accepting request 402822 from home:ecsos:server

update to 5.0.3; security fix and bug fix. OBS-URL: https://build.opensuse.org/request/show/402822 OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/bugzilla?expand=0&rev=8
2016-06-17 06:19:45 +00:00 · 2016-06-17 06:19:45 +00:00 · 8736bf79c3
commit 8736bf79c3
parent b5a5adcac3
5 changed files with 34 additions and 115 deletions
--- a/bugzilla-5.0.2.tar.gz
+++ b/bugzilla-5.0.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:82fa7bc8e27cfc9fe42d3fce3bfb6e7536bba245d76c2ee268d56253d16e3de3
-size 4004728
--- a/bugzilla-5.0.3.tar.gz
+++ b/bugzilla-5.0.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:594d1d6813f4731b71fbbf3809d4d7e3511f1cd73e12fcad9f498319ff2fcadc
+size 4069689
--- a/bugzilla.changes
+++ b/bugzilla.changes
@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Thu Jun 16 13:10:15 UTC 2016 - ecsos@opensuse.org
+
+- update to 5.0.3
+  This release fixes one security issue and some bug fixes.
+  https://www.bugzilla.org/releases/5.0.3/release-notes.html
+  - A regression in Bugzilla 5.0.2 caused whine.pl to be unable 
+    to send emails due to a missing subroutine. (Bug 1235395)
+  - The Encode module changed the way it encodes strings, 
+    causing email addresses in emails sent by Bugzilla to be encoded,
+    preventing emails from being correctly delivered to recipients. 
+    We now encode email headers correctly. (Bug 1246228)
+  - Fix additional taint issues with Strawberry Perl. 
+    (Bug 987742 and bug 1089448)
+  - When exporting a buglist as a CSV file, fields starting with 
+    either "=", "+", "-" or "@" are preceded by a space to not 
+    trigger formula execution in Excel. (Bug 1259881)
+  - An extension which allows user-controlled data to be used as 
+    a link in tabs could trigger XSS if the data is not correctly 
+    sanitized. Bugzilla no longer relies on the extension to do the 
+    sanity check. A vanilla installation is not affected as no tab
+    is user-controlled. (Bug 1250114)
+  - Extensions can now easily override the favicon used for the 
+    Bugzilla website. (Bug 1250264)
+- Security fix:
+  * (CVE-2016-2803)
+    https://www.bugzilla.org/security/4.4.11/
+- rework patch fix_whine_error.patch because most now in upstream
+
 -------------------------------------------------------------------
 Mon Jan 25 07:53:00 UTC 2016 - ecsos@opensuse.org

--- a/bugzilla.spec
+++ b/bugzilla.spec
@ -20,7 +20,7 @@
 %define has_systemd 1
 %endif
 Name:           bugzilla
-Version:        5.0.2
+Version:        5.0.3
 Release:        0
 Summary:        Bug tracker for software development
 License:        MPL-2.0
@ -87,6 +87,7 @@ Requires:       perl-Module-Pluggable
 Requires:       perl-Object-Pluggable
 Requires:       perl-Cache-Memcached
 Requires:       perl-File-Copy-Recursive
+Requires:       perl-File-Which
 Recommends:     perl-DBD-Oracle >= 1.19
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
--- a/fix_whine_error.patch
+++ b/fix_whine_error.patch
@ -1,114 +1,3 @@
-diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm
-index 7ae81299fde2aee4342a37b2401fd52a0b3aab0f..2d29dd8060bd6f4657b1b0bc6395456e700e0c35 100644
--- a/Bugzilla/Mailer.pm
-+++ b/Bugzilla/Mailer.pm
-@@ -12,13 +12,13 @@ use strict;
- use warnings;
- 
- use parent qw(Exporter);
-@Bugzilla::Mailer::EXPORT = qw(MessageToMTA build_thread_marker);
-
-+@Bugzilla::Mailer::EXPORT = qw(MessageToMTA build_thread_marker generate_email);
- use Bugzilla::Constants;
- use Bugzilla::Error;
- use Bugzilla::Hook;
- use Bugzilla::MIME;
- use Bugzilla::Util;
-+use Bugzilla::User;
- 
- use Date::Format qw(time2str);
- 
-@@ -161,6 +161,67 @@ sub send_staged_mail {
-     }
- }
- 
-+sub generate_email {
-+    my ($vars, $templates) = @_;
-+    my ($lang, $email_format, $msg_text, $msg_html, $msg_header);
-+    state $use_utf8 = Bugzilla->params->{'utf8'};
-+
-+    if ($vars->{to_user}) {
-+        $lang = $vars->{to_user}->setting('lang');
-+        $email_format = $vars->{to_user}->setting('email_format');
-+    } else {
-+        # If there are users in the CC list who don't have an account,
-+        # use the default language for email notifications.
-+        $lang = Bugzilla::User->new()->setting('lang');
-+        # However we cannot fall back to the default email_format, since
-+        # it may be HTML, and many of the includes used in the HTML
-+        # template require a valid user object. Instead we fall back to
-+        # the plaintext template.
-+        $email_format = 'text_only';
-+    }
-+
-+    my $template = Bugzilla->template_inner($lang);
-+
-+    $template->process($templates->{header}, $vars, \$msg_header)
-+        || ThrowTemplateError($template->error());
-+    $template->process($templates->{text}, $vars, \$msg_text)
-+        || ThrowTemplateError($template->error());
-+
-+    my @parts = (
-+        Bugzilla::MIME->create(
-+            attributes => {
-+                content_type => 'text/plain',
-+                charset      => $use_utf8 ? 'UTF-8' : 'iso-8859-1',
-+                encoding     => 'quoted-printable',
-+            },
-+            body_str => $msg_text,
-+        )
-+    );
-+    if ($templates->{html} && $email_format eq 'html') {
-+        $template->process($templates->{html}, $vars, \$msg_html)
-+            || ThrowTemplateError($template->error());
-+        push @parts, Bugzilla::MIME->create(
-+            attributes => {
-+                content_type => 'text/html',
-+                charset      => $use_utf8 ? 'UTF-8' : 'iso-8859-1',
-+                encoding     => 'quoted-printable',
-+            },
-+            body_str => $msg_html,
-+        );
-+    }
-+
-+    my $email = Bugzilla::MIME->new($msg_header);
-+    if (scalar(@parts) == 1) {
-+        $email->content_type_set($parts[0]->content_type);
-+    } else {
-+        $email->content_type_set('multipart/alternative');
-+        # Some mail clients need same encoding for each part, even empty ones.
-+        $email->charset_set('UTF-8') if $use_utf8;
-+    }
-+    $email->parts_set(\@parts);
-+    return $email;
-+}
-+
- 1;
- 
- __END__
-@@ -173,6 +234,10 @@ Bugzilla::Mailer - Provides methods for sending email
- 
- =over
- 
-+=item C<generate_email>
-+
-+Generates a multi-part email message, using the supplied list of templates.
-+
- =item C<MessageToMTA>
- 
- Sends the passed message to the mail transfer agent.
-diff --git a/Bugzilla/Product.pm b/Bugzilla/Product.pm
-index 30ebc7c6cd564080589ad04db4aedcb59d63290a..0c0cb458d554b2def12164e35d848d8a4c9583de 100644
--- a/Bugzilla/Product.pm
-+++ b/Bugzilla/Product.pm
-@@ -22,7 +22,6 @@ use Bugzilla::Milestone;
- use Bugzilla::Field;
- use Bugzilla::Status;
- use Bugzilla::Install::Requirements;
-use Bugzilla::Mailer;
- use Bugzilla::Series;
- use Bugzilla::Hook;
- use Bugzilla::FlagType;
 diff --git a/whine.pl b/whine.pl
 index 39c9aeed2e766824a900459c4364c6831ba82744..c81ca2022db3d8e6b32dfe1464569b17f6e75374 100755
 --- a/whine.pl