Fixes broken in 2.14.2 ability to sort bug lists on more then one field
and possible security hole with contrib/bug_email.pl and
contrib/bugzilla_email_append.pl scripts.
This is bugfix release and latest release from 2.14 branch. This update
provided for 2.14 users who would like to stay with 2.14. All new users
should wait until port is updated to 2.16.
recomended!
From Security Advisory for Bugzilla:
: *** SECURITY ISSUES RESOLVED ***
:
: - Multiple instances of user-account hijacking capability were fixed (Bugs
: 54901, 108385, 185516)
:
: - Two occurrences of allowing data protected by Bugzilla's groupset
: restrictions to be visible to users outside of those groups were fixes
: (Bugs 102141, 108821)
:
: - One instance of an untrusted variable being echoed back to a user via
: HTML was fixed (Bug 98146)
:
: - Multiple instances of untrusted variables being passed to SQL queries
: were fixed (Bugs 108812, 108822, 109679, 109690)
* learn default distribution about some default FreeBSD settings
* add new option to setup XML modules used to export/import bugs to share
them between different Bugzilla instances
* use ${INSTALL_SCRIPT} rather than ${INSTALL}. Inspired by petef's letter.
This also caused me to think "when such complex system as FreeBSD ports
should do such simple things like prepearing of cap of coffee?"
* use ${INSTALL} directly instead of ${INSTALL_DATA} to preserve
exec permissions for scripts
* add post-install target to display pkg-message
* rewrite pkg-message to give minimal quick setup instructions