- update to 4.0.5

Vulnerability Details ===================== Class: Cross-Site Request Forgery Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2 Fixed In: 4.0.5, 4.2 Description: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious HTML code in it, an attacker could make changes to a remote Bugzilla installation on behalf of the victim's account by using the XML-RPC API on a site running mod_perl. Sites running under mod_cgi are not affected. Also the user would have had to be already logged in to the target site for the vulnerability to work. References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663 CVE Number: CVE-2012-0453 Approved by: skv (implicit)
svn path=/head/; revision=294492
2012-04-10 05:15:47 +00:00 · 2012-04-10 05:15:47 +00:00 · 5e7bd302a1 · 2021-03-31 03:12:20 +00:00
commit 5e7bd302a1
parent f8605d1a05
7 changed files with 11 additions and 11 deletions
--- a/devel/bugzilla/Makefile
+++ b/devel/bugzilla/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	bugzilla
-PORTVERSION=	4.0.4
+PORTVERSION=	4.0.5
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_MOZILLA}
 MASTER_SITE_SUBDIR=	webtools webtools/archived
--- a/devel/bugzilla/distinfo
+++ b/devel/bugzilla/distinfo
@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.0.4.tar.gz) = 67c321306e1f796ff1d159083dcdaba7e72c3ec5742292cb5980c23c46e2dc4d
-SIZE (bugzilla/bugzilla-4.0.4.tar.gz) = 2801949
+SHA256 (bugzilla/bugzilla-4.0.5.tar.gz) = 7583f2e7d8c74aa29e8583230024970b420f45f230538273b8eac4cd7c36acbe
+SIZE (bugzilla/bugzilla-4.0.5.tar.gz) = 2900587
--- a/german/bugzilla/Makefile
+++ b/german/bugzilla/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	bugzilla
-PORTVERSION=	4.0.4
+PORTVERSION=	4.0.5
 CATEGORIES=	german
 MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION}
--- a/german/bugzilla/distinfo
+++ b/german/bugzilla/distinfo
@ -1,2 +1,2 @@
-SHA256 (bugzilla/germzilla-4.0.4-1.utf-8.tar.gz) = 41bd9d9155df1fa686ef2a04baf30d3c2bf29e88f7bfb29703ca4065cdb578bb
-SIZE (bugzilla/germzilla-4.0.4-1.utf-8.tar.gz) = 264093
+SHA256 (bugzilla/germzilla-4.0.5-1.utf-8.tar.gz) = 4bb1b085e040eef4cef0612104cc7a03bb8db48f309644d69e6a716b5407572a
+SIZE (bugzilla/germzilla-4.0.5-1.utf-8.tar.gz) = 264181
--- a/russian/bugzilla-ru/Makefile
+++ b/russian/bugzilla-ru/Makefile
@ -6,9 +6,10 @@
 #

 PORTNAME=	bugzilla
-DISTVERSION=	4.0.2-ru-20110808
+DISTVERSION=	4.0.5-ru-20120227
 CATEGORIES=	russian
-MASTER_SITES=	http://ftp.mozilla-russia.org/bugzilla/
+MASTER_SITES=	SF
+MASTER_SITE_SUBDIR=bugzilla-ru/bugzilla-4.0-ru/${PORTVERSION:R:R}
 PKGNAMESUFFIX=	-ru

 MAINTAINER=	skv@FreeBSD.org
--- a/russian/bugzilla-ru/distinfo
+++ b/russian/bugzilla-ru/distinfo
@ -1,2 +1,2 @@
-SHA256 (bugzilla/bugzilla-4.0.2-ru-20110808.tar.gz) = d66d8833c1469378477340d1e3db736ed0877a60c647504b1f134f2dbf20991f
-SIZE (bugzilla/bugzilla-4.0.2-ru-20110808.tar.gz) = 335194
+SHA256 (bugzilla/bugzilla-4.0.5-ru-20120227.tar.gz) = 67f9c7e8ef581808b4c0a4edd27910492bab0c0230f68c0f30ad750ad6266700
+SIZE (bugzilla/bugzilla-4.0.5-ru-20120227.tar.gz) = 336890
--- a/russian/bugzilla-ru/pkg-plist
+++ b/russian/bugzilla-ru/pkg-plist
@ -254,7 +254,6 @@
@dirrmtry %%WWWDIR%%/template/ru-RU/default/flag
@dirrmtry %%WWWDIR%%/template/ru-RU/default/extensions
@dirrmtry %%WWWDIR%%/template/ru-RU/default/email
-@dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/votes
@dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/process
@dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/create
@dirrmtry %%WWWDIR%%/template/ru-RU/default/bug/activity