aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--german/bugzilla/Makefile4
-rw-r--r--german/bugzilla/files/patch_405-40728
-rw-r--r--german/bugzilla3/Makefile4
-rw-r--r--german/bugzilla42/Makefile4
-rw-r--r--german/bugzilla42/files/patch_421-422193
5 files changed, 228 insertions, 5 deletions
diff --git a/german/bugzilla/Makefile b/german/bugzilla/Makefile
index 149bf148164..9824eac7c3b 100644
--- a/german/bugzilla/Makefile
+++ b/german/bugzilla/Makefile
@@ -7,7 +7,7 @@
PORTNAME= bugzilla
PORTVERSION= 4.0.5
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= german
MASTER_SITES= SF
MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION}
@@ -18,7 +18,7 @@ COMMENT= German localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla${PKGNAMESUFFIX}
+LATEST_LINK= ${PKGNAMEPREFIX}bugzilla
NO_WRKSUBDIR= yes
diff --git a/german/bugzilla/files/patch_405-407 b/german/bugzilla/files/patch_405-407
new file mode 100644
index 00000000000..14da1494dbe
--- /dev/null
+++ b/german/bugzilla/files/patch_405-407
@@ -0,0 +1,28 @@
+====================================================
+This patch is fix security issues in the german
+bugzilla language templates (4.0.5 -> 4.0.7)
+
+--- ./de/default/global/confirm-user-match.html.tmpl.orig 2012-07-27 21:42:53.000000000 +0200
++++ ./de/default/global/confirm-user-match.html.tmpl 2012-07-27 21:44:33.000000000 +0200
+@@ -159,8 +159,6 @@
+ [% ELSE %]
+ passte zu
+ <b>[% query.value.users.0.identity FILTER html %]</b>
+- <input type="hidden" name="[% field.key FILTER html %]"
+- value="[% query.value.users.0.login FILTER html %]">
+ [% END %]
+ [% ELSE %]
+ [% IF (query.key.length < 3) && !Param('emailsuffix') %]
+@@ -186,8 +184,10 @@
+
+ [% IF matchsuccess == 1 %]
+
+- [% SET exclude_these =
+- matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %]
++ [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
++ [% FOREACH key IN matches.keys %]
++ [% exclude_these.push(key) IF cgi.param(key) == '' %]
++ [% END %]
+ [% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
+ [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
+
diff --git a/german/bugzilla3/Makefile b/german/bugzilla3/Makefile
index ab63368ae98..18a8eb36aaf 100644
--- a/german/bugzilla3/Makefile
+++ b/german/bugzilla3/Makefile
@@ -18,7 +18,7 @@ COMMENT= German localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla3
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla3${PKGNAMESUFFIX}
+LATEST_LINK= ${PKGNAMEPREFIX}bugzilla3
NO_WRKSUBDIR= yes
@@ -28,7 +28,7 @@ LANGDIR= ${WWWDIR}/template/de
# german template checks the bugzilla version number and displays
# non supported bugzilla version, however there are no relevant
-# changes in the template between 3.6.8 and 3.6.9
+# changes in the template between 3.6.8 and 3.6.10
post-patch:
@${SED} -i '' -e 's|3.6.8|3.6.10|' ${WRKDIR}/de/default/global/gzversion.html.tmpl
@${FIND} ${WRKDIR}/ -name \*.orig -delete
diff --git a/german/bugzilla42/Makefile b/german/bugzilla42/Makefile
index 0a56bfec9d7..1c1668ce442 100644
--- a/german/bugzilla42/Makefile
+++ b/german/bugzilla42/Makefile
@@ -7,6 +7,7 @@
PORTNAME= bugzilla
PORTVERSION= 4.2.1
+PORTREVISION= 1
CATEGORIES= german
MASTER_SITES= SF
MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION}
@@ -17,7 +18,7 @@ COMMENT= German localization for Bugzilla
RUN_DEPENDS= bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla42
-LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42${PKGNAMESUFFIX}
+LATEST_LINK= ${PKGNAMEPREFIX}bugzilla42
NO_WRKSUBDIR= yes
@@ -28,6 +29,7 @@ LANGDIR= ${WWWDIR}/template/de
# german template checks the bugzilla version number and displays
# non supported bugzilla version.
post-patch:
+ @${SED} -i '' -e 's|4.2.1|4.2.2|' ${WRKDIR}/de/default/global/gzversion.html.tmpl
@${FIND} ${WRKDIR}/ -name \*.orig -delete
do-install:
diff --git a/german/bugzilla42/files/patch_421-422 b/german/bugzilla42/files/patch_421-422
new file mode 100644
index 00000000000..5c5976b56df
--- /dev/null
+++ b/german/bugzilla42/files/patch_421-422
@@ -0,0 +1,193 @@
+====================================================
+This patch is fix security issues in the german
+bugzilla language templates (4.2.1 -> 4.2.2)
+
+--- ./de/default/admin/params/editparams.html.tmpl.orig 2012-07-28 11:54:15.000000000 +0200
++++ ./de/default/admin/params/editparams.html.tmpl 2012-07-28 11:55:48.000000000 +0200
+@@ -95,7 +95,7 @@
+ [% ELSE %]
+
+ <div class="contribute"><strong>Hinweis:</strong>
+- [%+ terms.Bugzilla %] wird ausschließlich ehrenamtlich
++ B[% %]ugzilla wird ausschließlich ehrenamtlich
+ weiterentwickelt.
+ Die beste Weise, dem Projekt zu helfen, ist,
+ <a href="http://www.bugzilla.org/contribute/">selbst beizutragen</a>!
+--- ./de/default/bug/dependency-tree.html.tmpl.orig 2012-07-28 11:27:44.000000000 +0200
++++ ./de/default/bug/dependency-tree.html.tmpl 2012-07-28 11:50:21.000000000 +0200
+@@ -85,13 +85,28 @@
+ [% END %]
+ </h3>
+ [% IF ids.size %]
+- ([% IF maxdepth -%]Bis Tiefe [% maxdepth %] | [% END -%]
+- [%%]<a href="buglist.cgi?bug_id=[% ids.join(",") %]">Als
+- [%+ terms.bug %]liste anzeigen</a>
++ [%# 27 chars is the length of buglist.cgi?tweak=&bug_id=" %]
++ [% use_post = (ids.join(",").length > constants.CGI_URI_LIMIT - 27 ) ? 1 : 0 %]
++ [% IF use_post %]
++ <form action="buglist.cgi" method="post">
++ <input type="hidden" name="bug_id" value="[% ids.join(",") %]">
++ [% END %]
++
++ [% IF maxdepth -%]Up to [% maxdepth %] level[% "s" IF maxdepth > 1 %] deep | [% END -%]
++ [% IF use_post %]
++ <button>view as [% terms.bug %] list</button>
++ [% IF user.in_group('editbugs') && ids.size > 1 %]
++ | <button type="submit" name="tweak" value="1">change several</button>
++ [% END %]
++ </form>
++ [% ELSE %]
++ [%%]<a href="buglist.cgi?bug_id=[% ids.join(",") %]">Als [%+ terms.bug %]liste anzeigen</a>
+ [% IF user.in_group('editbugs') && ids.size > 1 %]
+ | <a href="buglist.cgi?bug_id=[% ids.join(",") %]&amp;tweak=1">Mehrere
+ [% terms.bugs %] gleichzeitig ändern</a>
+- [% END %])
++ [% END %]
++ [% END %]
++
+ <ul class="tree">
+ [% INCLUDE display_tree tree=$tree_name %]
+ </ul>
+--- ./de/default/email/bugmail.html.tmpl.orig 2012-07-28 11:01:28.000000000 +0200
++++ ./de/default/email/bugmail.html.tmpl 2012-07-28 11:26:34.000000000 +0200
+@@ -33,11 +33,12 @@
+ [% FOREACH comment = new_comments.reverse %]
+ <div>
+ [% IF comment.count %]
+- <b>[% "Kommentar ${comment.count}" FILTER bug_link( bug,
+- {comment_num => comment.count, full_url => 1}) FILTER none %]
++ <b>[% "Kommentar # ${comment.count}" FILTER bug_link(bug,
++ {comment_num => comment.count, full_url => 1, user => to_user}) FILTER none %]
++ on [% "$terms.bug $bug.id" FILTER bug_link(bug, { full_url => 1, user => to_user }) FILTER none %]
+ von [% INCLUDE global/user.html.tmpl who = comment.author %]</b>
+ [% END %]
+- <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment) %]</pre>
++ <pre>[% comment.body_full({ wrap => 1 }) FILTER quoteUrls(bug, comment, to_user) %]</pre>
+ </div>
+ [% END %]
+ </p>
+@@ -70,13 +71,14 @@
+ [% SET in_table = 0 %]
+ [% END %]
+ [% IF change.blocker %]
+- [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %]
+- hängt von [% "${terms.bug_dat} ${change.blocker.id}"
+- FILTER bug_link(change.blocker, full_url => 1) FILTER none %]
++ [% "${terms.Bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
++ hängt von
++ [%+ "${terms.bug} ${change.blocker.id}"
++ FILTER bug_link(change.blocker, {full_url => 1, user => to_user}) FILTER none %],
+ ab, dessen Status sich geändert hat.
+ [% ELSE %]
+- Änderung von [% INCLUDE global/user.html.tmpl who = change.who %]
+- an [% "${terms.bug_dat} ${bug.id}" FILTER bug_link(bug, full_url => 1) FILTER none %]:
++ Änderung von [% INCLUDE global/user.html.tmpl who = change.who %] an
++ [%+ "${terms.bug} ${bug.id}" FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
+ [% END %]
+ <br>
+ [% IF in_table == 0 %]
+@@ -100,7 +102,7 @@
+ <th>[% field_label FILTER html %]</th>
+ <td>
+ [% IF change.field_name == "bug_id" %]
+- [% new_value FILTER bug_link(bug, full_url => 1) FILTER none %]
++ [% new_value FILTER bug_link(bug, {full_url => 1, user => to_user}) FILTER none %]
+ [% ELSE %]
+ [% new_value FILTER html %]
+ [% END %]
+--- ./de/default/global/code-error.html.tmpl.orig 2012-07-28 10:57:03.000000000 +0200
++++ ./de/default/global/code-error.html.tmpl 2012-07-28 10:59:39.000000000 +0200
+@@ -500,6 +500,10 @@
+ [% ELSIF error == "invalid_post_bug_submit_action" %]
+ Ungültige Einstellung für post_bug_submit_action.
+
++ [% ELSIF error == "search_field_operator_unsupported" %]
++ [% terms.Bugzilla %] does not support the search type
++ "[% operator FILTER html %]".
++
+ [% ELSE %]
+ [%# Try to find hooked error messages %]
+ [% error_message = Hook.process("errors") %]
+--- ./de/default/global/confirm-user-match.html.tmpl.orig 2012-07-28 10:52:48.000000000 +0200
++++ ./de/default/global/confirm-user-match.html.tmpl 2012-07-28 10:56:09.000000000 +0200
+@@ -159,8 +159,6 @@
+ [% ELSE %]
+ passte zu
+ <b>[% query.value.users.0.identity FILTER html %]</b>
+- <input type="hidden" name="[% field.key FILTER html %]"
+- value="[% query.value.users.0.login FILTER html %]">
+ [% END %]
+ [% ELSE %]
+ [% IF (query.key.length < 3) && !Param('emailsuffix') %]
+@@ -186,8 +184,10 @@
+
+ [% IF matchsuccess == 1 %]
+
+- [% SET exclude_these =
+- matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %]
++ [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
++ [% FOREACH key IN matches.keys %]
++ [% exclude_these.push(key) IF cgi.param(key) == '' %]
++ [% END %]
+ [% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
+ [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
+
+--- ./de/default/list/server-push.html.tmpl.orig 2012-07-28 10:49:41.000000000 +0200
++++ ./de/default/list/server-push.html.tmpl 2012-07-28 10:51:31.000000000 +0200
+@@ -36,15 +36,10 @@
+ die Arbeit der Datenbank ab…</h1>
+
+ [% IF debug %]
+- <p>
+- [% FOREACH debugline = debugdata %]
+- <code>[% debugline FILTER html %]</code><br>
++ <p>[% query FILTER html %]</p>
++ [% IF query_explain.defined %]
++ <pre>[% query_explain FILTER html %]</pre>
+ [% END %]
+- </p>
+- <p>
+- <code>[% query FILTER html %]</code>
+- </p>
+ [% END %]
+-
+ </body>
+ </html>
+--- ./de/default/search/knob.html.tmpl.orig 2012-07-28 09:42:38.000000000 +0200
++++ ./de/default/search/knob.html.tmpl 2012-07-28 09:47:28.000000000 +0200
+@@ -42,6 +42,9 @@
+ "Last Changed" => "Zeitpunkt der letzten Änderung" } %]
+
+ <input type="hidden" name="cmdtype" value="doit">
++[% IF user.id %]
++ <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]">
++[% END %]
+
+ <p>
+ <label for="order">Anfrageergebnisse sortieren nach</label>:
+@@ -70,7 +73,8 @@
+ [% END %]
+ </p>
+
+-<p>
++[% IF user.id %]
++ <p>
+ &nbsp;&nbsp;&nbsp;
+ <input type="checkbox" id="remasdefault"
+ name="remtype" value="asdefault">
+@@ -78,11 +82,13 @@
+ und verwende die Formulareinträge in Zukunft als meine
+ persönlichen Standard-Abfrageoptionen
+ </label>
+-</p>
++ </p>
++[% END %]
+
+ [% IF userdefaultquery %]
+ <p>
+- <a href="query.cgi?nukedefaultquery=1">
++ <a href="query.cgi?nukedefaultquery=1&amp;token=
++ [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]">
+ Setze meine persönlichen Standard-Suchoptionen
+ zurück auf die Systemvoreinstellung</a>.
+ </p>