Bug 474250 - Update bugzilla to the latest upstream version 3.2
Update bugzilla to the latest upstream version 3.2
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: bugzilla (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Itamar Reis Peixoto
Fedora Extras Quality Assurance
:
: 484206 484758 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-02 18:11 EST by Christian Nolte
Modified: 2009-03-18 15:04 EDT (History)
5 users (show)

See Also:
Fixed In Version: 3.2.2-2.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-18 14:56:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
initial spec file diff with modifications to succesfully build new rpm files. (1.35 KB, patch)
2009-01-23 10:54 EST, cje
no flags Details | Diff
spec diff with extra perl requirements excluded (1.67 KB, patch)
2009-01-23 12:40 EST, cje
no flags Details | Diff
spec diff with a bit more tidying up and commenting. (3.65 KB, patch)
2009-01-26 07:31 EST, cje
no flags Details | Diff
more tidying and 3.2.2 (3.91 KB, patch)
2009-02-11 13:48 EST, cje
no flags Details | Diff
updated rw-paths patch file (1.23 KB, patch)
2009-02-18 13:07 EST, cje
no flags Details | Diff

  None (edit)
Description Christian Nolte 2008-12-02 18:11:03 EST
It would be nice if we could get the latest stable upstream version of bugzilla (3.2) in a prepackaged RPM.
Comment 1 cje 2009-01-23 10:54:36 EST
Created attachment 329847 [details]
initial spec file diff with modifications to succesfully build new rpm files.

i haven't even tried installing the resultant rpms yet, let alone test the bugzilla instance that's created, but it's a start.
Comment 2 cje 2009-01-23 11:25:53 EST
hmm.  it seems to think it now depends on perl(Authen::Radius), perl(DBD::Oracle) and perl(sanitycheck.cgi).
Comment 3 cje 2009-01-23 12:40:45 EST
Created attachment 329859 [details]
spec diff with extra perl requirements excluded

okay.  this one installs (well, updates) on my F9 i386 system.

be warned - the post script runs checksetup (i think) which converts some tables to InnoDB .. which can take a while.
Comment 4 cje 2009-01-23 12:55:48 EST
"it's working!  it's working!!"

so far, at least.  :-)
Comment 5 cje 2009-01-26 07:31:40 EST
Created attachment 329979 [details]
spec diff with a bit more tidying up and commenting.

just a small update - mostly comments.

can someone advise what should happen next please?  cheers.
Comment 6 cje 2009-02-11 13:48:31 EST
Created attachment 331602 [details]
more tidying and 3.2.2

exciting new spec for 3.2.2!  got a bit carried away with the Requires - removed lots including smtpdaemon (you don't _have_ to have bugmail) and mod_perl.  opinions very welcome on that.

relevant security advisories:

"Local files on the server can be attached to a bug (making them publicly visible) when importing bugs with --attach_path

Unprivileged users can approve/unapprove all quips

It was possible for users to upload a malicious attachment to that would run in the context of Bugzilla's domain (thus circumventing cross-site request protections in browsers).

Bug updating was vulnerable to a cross-site request forgery.  Note that this issue was only fixed for 3.2.1 and 3.3.2 even though all versions of Bugzilla are affected (see below for an explanation).

Keywords, unused flag types, and saved searches could be deleted via cross-site request forgery. Also, a user's preferences could be changed via cross-site request forgery."
Comment 7 Fedora Admin XMLRPC Client 2009-02-11 14:25:19 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 8 cje 2009-02-18 13:07:30 EST
Created attachment 332429 [details]
updated rw-paths patch file

just re-tested the new spec and the rw-paths.patch fails to apply.

(one of the comments just after the changed lines is messing up the patch context)

here's the updated patch.
Comment 9 Itamar Reis Peixoto 2009-02-28 21:02:12 EST
*** Bug 484206 has been marked as a duplicate of this bug. ***
Comment 10 Itamar Reis Peixoto 2009-02-28 21:25:56 EST
*** Bug 466077 has been marked as a duplicate of this bug. ***
Comment 11 Itamar Reis Peixoto 2009-02-28 21:29:58 EST
*** Bug 484758 has been marked as a duplicate of this bug. ***
Comment 12 Itamar Reis Peixoto 2009-02-28 23:19:17 EST
hello guy's

I have submited 3.0.8 into F-11 , F-10 and F-9 and now I have plans to upgrade to 3.2.2 into rawhide, everyone agree with this ?
Comment 13 Mukund Sivaraman 2009-03-01 08:16:58 EST
+1 for move to 3.2 in rawhide, as this version of Bugzilla removes the use of table locking for MySQL.

I'm also happy to see this package maintained again.
Comment 14 cje 2009-03-02 09:04:23 EST
Itamar - big thanks for picking this up!

will 3.2.2 also appear in F10?  i'd like it to if possible.
Comment 15 Itamar Reis Peixoto 2009-03-04 23:44:17 EST
(In reply to comment #14)

please take a look

http://koji.fedoraproject.org/koji/taskinfo?taskID=1222760

big thanks for your patches, 

why you don't join fedora project and help making bugzilla rpm package better ?
Comment 16 cje 2009-03-05 08:11:11 EST
(In reply to comment #15)

aw, cool!  :-)
just a few thoughts...

1) from the build log:

Processing files: bugzilla-contrib-3.2.2-1.fc11-noarch
/usr/lib/rpm/pythondeps.sh: line 8: python: command not found

do we need a BuildRequires on python for the contrib package?

2) why is mod_perl in the Requires?  afaiui it will only make things quicker, it's not actually required to make things work.

that's why i mentioned it in the updated %description.  if you want to keep it in the Requires then can you remove it from the %description?

3) with the customized __perl_requires only excluding those four things you pick up lots of supposedly optional perl requirements.  that's why i modified the wrapper script to ignore everything.

i'd argue it's also a lot easier to maintain this way - you just check the release notes and put perl(Foo) in the Requires for each thing they list there.  i realise that's not automatic but the many optional features are messing with that, and that's unlikely to change any time soon.

4) according to https://fedoraproject.org/wiki/Packaging/Perl#Perl_Requires_and_Provides we should be using the perl(Foo) style in Requires.  so if you do keep things as they are i guess you ought to change perl-SOAP-Lite to perl(SOAP::Lite) but, again, that's really (according to the release notes) an optional component.

hope that's helpful.  thanks for asking about joining the fedora project - i'm drifting slowly in that direction but at the moment i'm concentrating my effort on encouraging my government to do the same.  :-)
Comment 17 Itamar Reis Peixoto 2009-03-05 09:45:31 EST
> 1) from the build log:
> do we need a BuildRequires on python for the contrib package?

--> done


> 2) why is mod_perl in the Requires?  afaiui it will only make things quicker,
> it's not actually required to make things work.

--> mod_perl is recommended way to run bugzilla in apache.


> that's why i mentioned it in the updated %description.  if you want to keep it
> in the Requires then can you remove it from the %description?

--> done

> 3) with the customized __perl_requires only excluding those four things you
> pick up lots of supposedly optional perl requirements.  that's why i modified
> the wrapper script to ignore everything.
> i'd argue it's also a lot easier to maintain this way - you just check the
> release notes and put perl(Foo) in the Requires for each thing they list there.
>  i realise that's not automatic but the many optional features are messing with
> that, and that's unlikely to change any time soon.

--> I will let it in the current way, the optional perl modules is not too BIG, but I think about your suggestion in the future


> 4) according to
> https://fedoraproject.org/wiki/Packaging/Perl#Perl_Requires_and_Provides we
> should be using the perl(Foo) style in Requires.  so if you do keep things as
> they are i guess you ought to change perl-SOAP-Lite to perl(SOAP::Lite) but,
> again, that's really (according to the release notes) an optional component.

--> done

 
> hope that's helpful.  thanks for asking about joining the fedora project - i'm
> drifting slowly in that direction but at the moment i'm concentrating my effort
> on encouraging my government to do the same.  :-)

-->
this is the future, for government is recommended to know what the software is doing, and this is not possible with a closed source program


thanks :-)
Comment 18 cje 2009-03-05 09:59:14 EST
excellent - that's great!

can i just ask again though, from my comment #14:

if the rawhide/f11 build works okay will we also get an f10 build so we don't have to wait more months (and upgrade fedora) to get 3.2?
Comment 19 Itamar Reis Peixoto 2009-03-05 10:47:29 EST
ok
Comment 20 Fedora Update System 2009-03-05 10:50:01 EST
bugzilla-3.2.2-2.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc9
Comment 21 Fedora Update System 2009-03-05 10:52:26 EST
bugzilla-3.2.2-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc10
Comment 22 Fedora Update System 2009-03-05 15:24:14 EST
bugzilla-3.2.2-2.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bugzilla'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2417
Comment 23 Fedora Update System 2009-03-05 15:24:55 EST
bugzilla-3.2.2-2.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update bugzilla'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-2418
Comment 24 cje 2009-03-05 15:47:31 EST
fantastic!  i'll install and play tomorrow.  :-D
Comment 25 Itamar Reis Peixoto 2009-03-05 15:51:50 EST
(In reply to comment #24)
> fantastic!  i'll install and play tomorrow.  :-D  

make a backup first :-) and go ahead.
Comment 26 Fedora Update System 2009-03-18 14:55:47 EDT
bugzilla-3.2.2-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Fedora Update System 2009-03-18 15:03:23 EDT
bugzilla-3.2.2-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.