+ add devel/p5-PathTools, remove devel/p5-File-Spec
+ update dependencies for all affected ports (make them unconditional),
bump PORTREVISION for these ports
module was renamed
* reflect renaming on CPAN PodParser to Pod-Parser
+ add textproc/p5-Pod-Parser, remove textproc/p5-PodParser
+ update dependencies for all affected ports (make them unconditional),
bump PORTREVISION for these ports
* for all changed ports make dependencies on File::Temp, Digest::MD5,
Storable unconditional
* remove 'CONFIGURE_ARGS= INSTALLDIRS=site' from Makefile's
(this variable is forced by bsd.port.mk now)
* update Class-Autouse to 1.17
* update POE-API-Hooks to 1.05
* make portlint happy (clean IGNORE, convert spaces to tabs and so on)
Class: Unauthorized Bug Change
Versions: 2.9 through 2.18rc2 and 2.19
Description: It is possible to send a carefully crafted HTTP POST
message to process_bug.cgi which will remove keywords from
a bug even if you don't have permissions to edit all bug
fields (the "editbugs" permission). Such changes are
reported in "bug changed" email notifications, so they are
easily detected and reversed if someone abuses it.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=252638
- Correct SQL command in pkg-message
PR: ports/71161, ports/73166
Submitted by: Dmitry A Grigorovich <odip@bionet.nsc.ru>
libmysqlclient.so.10 from the mysql323-client port. However, bugzilla
will work fine with just about any version of MySQL.
Could just insert USE_MYSQL, but the bugzilla port only really needs
access to the perl DBD::Mysql modules and can depend on MySQL
implicitly through that port..
PR: 57607
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
5.005_03 use databases/p5-DBI-137 as newer versions do not
support the old perl.
Note that for some port, I merely removed the explicit
dependency as they already have implicit dependencies
via other ports.
Approved by: portmgr (marcus)
installation to ${PREFIX}/www/data.default. "data.default" was an artifact
of a long obsolete version of the Apache port. Put installation directory
under control of a variable $BUGZILLADIR instead. Carry through to
pkg-plist via a pragma.
- Bump $PORTREVISION.
Fixes broken in 2.14.2 ability to sort bug lists on more then one field
and possible security hole with contrib/bug_email.pl and
contrib/bugzilla_email_append.pl scripts.
This is bugfix release and latest release from 2.14 branch. This update
provided for 2.14 users who would like to stay with 2.14. All new users
should wait until port is updated to 2.16.
recomended!
From Security Advisory for Bugzilla:
: *** SECURITY ISSUES RESOLVED ***
:
: - Multiple instances of user-account hijacking capability were fixed (Bugs
: 54901, 108385, 185516)
:
: - Two occurrences of allowing data protected by Bugzilla's groupset
: restrictions to be visible to users outside of those groups were fixes
: (Bugs 102141, 108821)
:
: - One instance of an untrusted variable being echoed back to a user via
: HTML was fixed (Bug 98146)
:
: - Multiple instances of untrusted variables being passed to SQL queries
: were fixed (Bugs 108812, 108822, 109679, 109690)