It looks like we're going to need some urgent packaging and pushes to stable in very short order: -------- Original Message -------- Subject: [ANN] Warning: Major Security Release Coming Soon Date: Wed, 09 Sep 2009 17:06:08 -0700 From: Max Kanat-Alexander <mkanat> Organization: Bugzilla Project To: announce A major security issue has been discovered in versions of Bugzilla back to 3.0. We will be releasing a version of Bugzilla which fixes the issue within 48 hours (possibly within 24 hours), and all administrators should be ready to perform the upgrade (which does not require any database changes) shortly after the new version is released. If you do not wish to do a full upgrade, patches for just the security issue will be available. The patches are relatively small and do not modify very much of Bugzilla. -Max Kanat-Alexander Release Manager, Bugzilla Project ------------- Thank you for packaging bugzilla.
We're ready for this one.
bugzilla-3.2.5-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/bugzilla-3.2.5-1.fc10
bugzilla-3.2.5-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/bugzilla-3.2.5-1.fc11
bugzilla-3.2.5-1.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bugzilla'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-9550
bugzilla-3.2.5-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bugzilla'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-9554
I had a problem with the update not properly applying. After debugging it's not really the package's fault, but some improved Requires would help. It turned out my yum metadata was boned again. So, I had an previous version of perl-Email-MIME-Encodings. When checksetup.pl is run in %post, it was complaining about an older version of Email::MIME::Encodings, and not getting to pre-compiling my templates. So, the symptom was that the version displayed on the web page headers never got updated, even though all the code was installed fine. Looking at the SPEC, I see: Requires: webserver, patchutils, mod_perl, perl(SOAP::Lite), which I think we need to list all of the current perl module requirements and the versions (when checksetup will fail if they don't meet). In that case, I'd at least have seen RPM grumble at me rather than silently failing. Should I file a separate bug?
(In reply to comment #6) > > I think we need to list all of the current perl module requirements and the > versions (when checksetup will fail if they don't meet). Painful but I don't see any other alternatives. I'll ask around for opinions on this. > In that case, I'd at least have seen RPM grumble at me rather than silently > failing. Should I file a separate bug? Yes, please do.
bugzilla-3.2.5-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.2.5-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.