diff options
48 files changed, 644 insertions, 219 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..f0e4ee1f4 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,12 @@ +#### Details +<!-- Explain what you did --> +This PR fixes/adds a feature... + +#### Additional info +* [bmo#](https://bugzilla.mozilla.org/show_bug.cgi?id=) + +#### Test Plan +<!-- How did you verify the fix/feature in steps --> +1. Open the show_bug view +2. Edit the bug +3. ... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..c9198c50e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,74 @@ +# This is a basic workflow to help you get started with Actions + +name: Release Tests + +# Controls when the action will run. Triggers the workflow on push or pull request +# events but only for the main branch +on: + push: + branches: [ 5.0.4 ] + pull_request: + branches: [ 5.0.4 ] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + ubuntu: + name: Release Tests on Ubuntu 20.04 + runs-on: ubuntu-20.04 + steps: + - name: Checkout the repository + uses: actions/checkout@v4 + - name: apt install + run: | + sudo apt-get update + sudo apt-get -y dist-upgrade + sudo apt-get install --ignore-hold --allow-downgrades -y \ + apache2 \ + mariadb-client-10.3 \ + netcat \ + libappconfig-perl \ + libdate-calc-perl \ + libtemplate-perl \ + build-essential \ + libdatetime-timezone-perl \ + libdatetime-perl \ + libemail-address-perl \ + libemail-sender-perl \ + libemail-mime-perl \ + libemail-mime-modifier-perl \ + libdbi-perl \ + libdbix-connector-perl \ + libdbd-mysql-perl \ + libcgi-pm-perl \ + libmath-random-isaac-perl \ + libmath-random-isaac-xs-perl \ + libapache2-mod-perl2 \ + libapache2-mod-perl2-dev \ + libchart-perl \ + libxml-perl \ + libxml-twig-perl \ + perlmagick \ + libgd-graph-perl \ + libtemplate-plugin-gd-perl \ + libsoap-lite-perl \ + libhtml-scrubber-perl \ + libjson-rpc-perl \ + libdaemon-generic-perl \ + libtheschwartz-perl \ + libtest-taint-perl \ + libauthen-radius-perl \ + libfile-slurp-perl \ + libencode-detect-perl \ + libmodule-build-perl \ + libnet-ldap-perl \ + libauthen-sasl-perl \ + libfile-mimeinfo-perl \ + libhtml-formattext-withlinks-perl \ + libpod-coverage-perl \ + graphviz + - name: Get Perl Version and debug info + run: '/usr/bin/perl -V' + - name: Run tests + run: '/usr/bin/perl runtests.pl' diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 000000000..388f03276 --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,16 @@ +version: 2 +build: + os: "ubuntu-20.04" + tools: + python: "3.10" + apt_packages: + - libfile-copy-recursive-perl + jobs: + post_build: + - perl docs/makedocs.pl --pod-only + - cp -rp docs/en/html/integrating/api/ "$READTHEDOCS_OUTPUT/html/integrating/api" + - cp -p docs/en/html/style.css "$READTHEDOCS_OUTPUT/html/" +format: + - htmlzip + - pdf + - epub diff --git a/Bugzilla.pm b/Bugzilla.pm index e4772e08b..e8c078cf8 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -11,6 +11,8 @@ use 5.10.1; use strict; use warnings; +BEGIN { eval { utf8->import; require 'utf8_heavy.pl' }; } + # We want any compile errors to get to the browser, if possible. BEGIN { # This makes sure we're in a CGI. diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm index e98dae149..1aff405d8 100644 --- a/Bugzilla/BugMail.pm +++ b/Bugzilla/BugMail.pm @@ -470,9 +470,10 @@ sub _generate_bugmail { } my $email = Bugzilla::MIME->new($msg_header); - if (scalar(@parts) == 1) { - $email->content_type_set($parts[0]->content_type); - } else { + + # If there's only one part, we don't need to set the overall content type + # because Email::MIME will automatically take it from that part (bug 1657496) + if (scalar(@parts) > 1) { $email->content_type_set('multipart/alternative'); # Some mail clients need same encoding for each part, even empty ones. $email->charset_set('UTF-8') if $use_utf8; diff --git a/Bugzilla/Chart.pm b/Bugzilla/Chart.pm index 2189084fa..2892ec32e 100644 --- a/Bugzilla/Chart.pm +++ b/Bugzilla/Chart.pm @@ -420,11 +420,9 @@ sub dump { # Make sure we've read in our data my $data = $self->data; - + require Data::Dumper; - say "<pre>Bugzilla::Chart object:"; - print html_quote(Data::Dumper::Dumper($self)); - print "</pre>"; + return Data::Dumper::Dumper($self); } 1; diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index edaa8baa5..9cb01b9d0 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -200,7 +200,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "5.0.4+"; +use constant BUGZILLA_VERSION => "5.0.4.1+"; # A base link to the current REST Documentation. We place it here # as it will need to be updated to whatever the current release is. @@ -508,16 +508,42 @@ use constant INSTALLATION_MODE_NON_INTERACTIVE => 1; use constant DB_MODULE => { # MySQL 5.0.15 was the first production 5.0.x release. 'mysql' => {db => 'Bugzilla::DB::Mysql', db_version => '5.0.15', - dbd => { + db_blocklist => ['^[89]\.'], + # the following is a "human-readable" version to show in the + # release notes + db_blklst_str => '>= 8.0', + dbd => { package => 'DBD-mysql', module => 'DBD::mysql', # Disallow development versions - blacklist => ['_'], + blocklist => ['_'], # For UTF-8 support. 4.001 makes sure that blobs aren't # marked as UTF-8. version => '4.001', }, name => 'MySQL'}, + + # MariaDB is a drop-in replacement for MySQL and works with Bugzilla + 'mariadb' => {db => 'Bugzilla::DB::Mysql', db_version => '5.1', + # MariaDB is indistinguishable from MySQL, but skipped 8 and + # 9 so blocklist it anyway in case someone has the driver set + # to mariadb but actually has MySQL. + db_blocklist => ['^[89]\.'], + # no string to show the user on the release notes though. + dbd => { + package => 'DBD-mysql', + module => 'DBD::mysql', + + # Disallow development versions + blocklist => ['_'], + + # For UTF-8 support. 4.001 makes sure that blobs aren't + # marked as UTF-8. + version => '4.001', + }, + name => 'MariaDB' + }, + # Also see Bugzilla::DB::Pg::bz_check_server_version, which has special # code to require DBD::Pg 2.17.2 for PostgreSQL 9 and above. 'pg' => {db => 'Bugzilla::DB::Pg', db_version => '8.03.0000', diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 5bc83f9d6..f59a32feb 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -204,17 +204,33 @@ sub bz_check_server_version { $self->disconnect; my $sql_want = $db->{db_version}; + my $sql_dontwant = exists $db->{db_blocklist} ? $db->{db_blocklist} : []; my $version_ok = vers_cmp($sql_vers, $sql_want) > -1 ? 1 : 0; + my $blocklisted; + if ($version_ok) { + $blocklisted = grep($sql_vers =~ /$_/, @$sql_dontwant); + $version_ok = 0 if $blocklisted; + } my $sql_server = $db->{name}; if ($output) { Bugzilla::Install::Requirements::_checking_for({ package => $sql_server, wanted => $sql_want, - found => $sql_vers, ok => $version_ok }); + found => $sql_vers, ok => $version_ok, + blocklisted => $blocklisted }); } # Check what version of the database server is installed and let # the user know if the version is too old to be used with Bugzilla. + if ($blocklisted) { + die <<EOT; + +Your $sql_server v$sql_vers is blocklisted. Please check the +release notes for details or try a different database engine +or version. + +EOT + } if (!$version_ok) { die <<EOT; diff --git a/Bugzilla/Install/Requirements.pm b/Bugzilla/Install/Requirements.pm index 61496d843..8d7ccfbc7 100644 --- a/Bugzilla/Install/Requirements.pm +++ b/Bugzilla/Install/Requirements.pm @@ -78,8 +78,8 @@ use constant APACHE_PATH => [qw( # installed or not. "version" is the version we need, or 0 if we'll accept # any version. # -# "blacklist" is an arrayref of regular expressions that describe versions that -# are 'blacklisted'--that is, even if the version is high enough, Bugzilla +# "blocklist" is an arrayref of regular expressions that describe versions that +# are 'blocklisted'--that is, even if the version is high enough, Bugzilla # will refuse to say that it's OK to run with that version. sub REQUIRED_MODULES { my @modules = ( @@ -121,10 +121,12 @@ sub REQUIRED_MODULES { version => ($^V >= v5.13.3) ? '1.614' : '1.54' }, # 2.24 contains several useful text virtual methods. + # 2.28-3.007 are broken, see https://bugzilla.mozilla.org/show_bug.cgi?id=1560873 { package => 'Template-Toolkit', module => 'Template', - version => '2.24' + version => '2.24', + blacklist => ['^2.2[89]$', '^3.00[0-7]$'] }, # 1.300011 has a debug mode for SMTP and automatically pass -i to sendmail. { @@ -139,6 +141,11 @@ sub REQUIRED_MODULES { version => '1.904' }, { + package => 'Email-Address', + module => 'Email::Address', + version => 0, + }, + { package => 'URI', module => 'URI', # Follows RFC 3986 to escape characters in URI::Escape. @@ -286,7 +293,7 @@ sub OPTIONAL_MODULES { # throwing warnings with Perl 5.12. version => '0.712', # SOAP::Transport::HTTP 1.12 is bogus. - blacklist => ['^1\.12$'], + blocklist => ['^1\.12$'], feature => ['xmlrpc'], }, # Since SOAP::Lite 1.0, XMLRPC::Lite is no longer included @@ -729,16 +736,16 @@ sub have_vers { # Must do a string comparison as $vnum may be of the form 5.10.1. my $vok = ($vnum ne '-1' && version->new($vnum) >= version->new($wanted)) ? 1 : 0; - my $blacklisted; - if ($vok && $params->{blacklist}) { - $blacklisted = grep($vnum =~ /$_/, @{$params->{blacklist}}); - $vok = 0 if $blacklisted; + my $blocklisted; + if ($vok && $params->{blocklist}) { + $blocklisted = grep($vnum =~ /$_/, @{$params->{blocklist}}); + $vok = 0 if $blocklisted; } if ($output) { _checking_for({ package => $package, ok => $vok, wanted => $wanted, - found => $vnum, blacklisted => $blacklisted + found => $vnum, blocklisted => $blocklisted }); } @@ -747,8 +754,8 @@ sub have_vers { sub _checking_for { my ($params) = @_; - my ($package, $ok, $wanted, $blacklisted, $found) = - @$params{qw(package ok wanted blacklisted found)}; + my ($package, $ok, $wanted, $blocklisted, $found) = + @$params{qw(package ok wanted blocklisted found)}; my $ok_string = $ok ? install_string('module_ok') : ''; @@ -775,10 +782,10 @@ sub _checking_for { $ok_string = install_string('module_not_found'); } - my $black_string = $blacklisted ? install_string('blacklisted') : ''; + my $block_string = $blocklisted ? install_string('blocklisted') : ''; my $want_string = $wanted ? "v$wanted" : install_string('any'); - my $str = sprintf "%s %20s %-11s $ok_string $black_string\n", + my $str = sprintf "%s %20s %-11s $ok_string $block_string\n", install_string('checking_for'), $package, "($want_string)"; print $ok ? $str : colored($str, COLOR_ERROR); } diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm index 5ccf2d1ed..d7c23f857 100644 --- a/Bugzilla/Mailer.pm +++ b/Bugzilla/Mailer.pm @@ -21,6 +21,7 @@ use Bugzilla::MIME; use Bugzilla::Util; use Bugzilla::User; +use Encode qw(); use Date::Format qw(time2str); use Email::Sender::Simple qw(sendmail); @@ -61,6 +62,7 @@ sub generate_email { encoding => 'quoted-printable', }, body_str => $msg_text, + encode_check => Encode::FB_DEFAULT ) ); if ($templates->{html} && $email_format eq 'html') { @@ -73,6 +75,7 @@ sub generate_email { encoding => 'quoted-printable', }, body_str => $msg_html, + encode_check => Encode::FB_DEFAULT ); } diff --git a/Bugzilla/Update.pm b/Bugzilla/Update.pm index 72a7108a8..1c092ebe4 100644 --- a/Bugzilla/Update.pm +++ b/Bugzilla/Update.pm @@ -49,14 +49,15 @@ sub get_notifications { 'latest_ver' => $branch->{'att'}->{'vid'}, 'status' => $branch->{'att'}->{'status'}, 'url' => $branch->{'att'}->{'url'}, - 'date' => $branch->{'att'}->{'date'} + 'date' => $branch->{'att'}->{'date'}, + 'eos_date' => exists($branch->{'att'}->{'eos-date'}) ? $branch->{'att'}->{'eos-date'} : undef, }; push(@releases, $release); } # On which branch is the current installation running? my @current_version = - (BUGZILLA_VERSION =~ m/^(\d+)\.(\d+)(?:(rc|\.)(\d+))?\+?$/); + (BUGZILLA_VERSION =~ m/^(\d+)\.(\d+)(?:\.(\d+))?(?:(rc|\.)(\d+))?\+?$/); my @release; if (Bugzilla->params->{'upgrade_notification'} eq 'development_snapshot') { @@ -68,17 +69,60 @@ sub get_notifications { } } elsif (Bugzilla->params->{'upgrade_notification'} eq 'latest_stable_release') { + # We want the latest stable version for the current branch. + # If we are running a development snapshot, we won't match anything. + # This is the 5.0.4 branch and it won't branch again so just hardcode this. + my $branch_version = '5.0.4'; + + # We do a string comparison instead of a numerical one, because + # e.g. 2.2 == 2.20, but 2.2 ne 2.20 (and 2.2 is indeed much older). + @release = grep {$_->{'branch_ver'} eq $branch_version} @releases; + + # If the branch has an end-of-support date listed, we should + # strongly suggest to upgrade to the latest stable release + # available. + if (scalar(@release) && $release[0]->{'status'} ne 'closed' + && defined($release[0]->{'eos_date'})) { + my $eos_date = $release[0]->{'eos_date'}; + @release = grep {$_->{'status'} eq 'stable'} @releases; + return {'data' => $release[0], + 'branch_version' => $branch_version, + 'eos_date' => $eos_date}; + }; + + # If the branch is now closed, we should strongly suggest + # to upgrade to the latest stable release available. + if (scalar(@release) && $release[0]->{'status'} eq 'closed') { + @release = grep {$_->{'status'} eq 'stable'} @releases; + return {'data' => $release[0], 'deprecated' => $branch_version}; + } + + # If we get here, then we want to recommend the lastest stable + # release without any other messages. @release = grep {$_->{'status'} eq 'stable'} @releases; } elsif (Bugzilla->params->{'upgrade_notification'} eq 'stable_branch_release') { # We want the latest stable version for the current branch. # If we are running a development snapshot, we won't match anything. - my $branch_version = $current_version[0] . '.' . $current_version[1]; + # This is the 5.0.4 branch and it won't branch again so just hardcode this. + my $branch_version = '5.0.4'; # We do a string comparison instead of a numerical one, because # e.g. 2.2 == 2.20, but 2.2 ne 2.20 (and 2.2 is indeed much older). @release = grep {$_->{'branch_ver'} eq $branch_version} @releases; + # If the branch has an end-of-support date listed, we should + # strongly suggest to upgrade to the latest stable release + # available. + if (scalar(@release) && $release[0]->{'status'} ne 'closed' + && defined($release[0]->{'eos_date'})) { + my $eos_date = $release[0]->{'eos_date'}; + @release = grep {$_->{'status'} eq 'stable'} @releases; + return {'data' => $release[0], + 'branch_version' => $branch_version, + 'eos_date' => $eos_date}; + }; + # If the branch is now closed, we should strongly suggest # to upgrade to the latest stable release available. if (scalar(@release) && $release[0]->{'status'} eq 'closed') { @@ -97,12 +141,12 @@ sub get_notifications { # Only notify the administrator if the latest version available # is newer than the current one. my @new_version = - ($release[0]->{'latest_ver'} =~ m/^(\d+)\.(\d+)(?:(rc|\.)(\d+))?\+?$/); + ($release[0]->{'latest_ver'} =~ m/^(\d+)\.(\d+)(?:\.(\d+))?(?:(rc|\.)(\d+))?\+?$/); # We convert release candidates 'rc' to integers (rc ? 0 : 1) in order # to compare versions easily. - $current_version[2] = ($current_version[2] && $current_version[2] eq 'rc') ? 0 : 1; - $new_version[2] = ($new_version[2] && $new_version[2] eq 'rc') ? 0 : 1; + @current_version = map { s/^(?:rc|)$/0/; s/^\.$/1/; $_; } @current_version; + @new_version = map { s/^(?:rc|)$/0/; s/^\.$/1/; $_; } @new_version; my $is_newer = _compare_versions(\@current_version, \@new_version); return ($is_newer == 1) ? {'data' => $release[0]} : undef; diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 1768d7c48..df8f89806 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -132,7 +132,19 @@ sub new { $_[0] = $param; } } - return $class->SUPER::new(@_); + + $user = $class->SUPER::new(@_); + + # MySQL considers some non-ascii characters such as umlauts to equal + # ascii characters returning a user when it should not. + if ($user && ref $param eq 'HASH' && exists $param->{name}) { + my $login = $param->{name}; + if (lc $login ne lc $user->login) { + $user = undef; + } + } + + return $user; } sub super_user { diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 9976b12d6..f3217a1d5 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -1264,18 +1264,44 @@ if Bugzilla is currently using the shadowdb or not. Used like: =back -=head1 B<Methods in need of POD> - =over -=item do_ssl_redirect_if_required +=item C<write_text($filename, $content)> + +Writes $content to $filename. The content will be encoded as UTF-8. Returns 1 if +the atomic write was successful, 0 otherwise. C<$!> will be set to the error +from C<rename()>. + +=item C<read_text($filename)> + +Reads the contents of $filename and returns it as a string. The string will be +decoded as UTF-8. + +=item C<is_ipv4> + +Returns true if the given IP address is an IPv4 address. + +=item C<is_ipv6> + +Returns true if the given IP address is an IPv6 address. + +=item C<do_ssl_redirect_if_required> + +If Bugzilla is configured to redirect all HTTP requests to HTTPS, this function +will redirect the user to the HTTPS version of the current page. It will not do +anything if the user is already on HTTPS, or if there is no C<sslbase> parameter +set. -=item validate_time +=item C<validate_time> -=item is_ipv4 +Validates a time string. Returns true or false depending on whether the time +string is valid. -=item is_ipv6 +=item C<display_value> -=item display_value +Returns the display value for a given field and value. This value comes from the +value_descs template variable. The value_descs variable is set in the template +file C<global/value-descs.none.tmpl>. This is used for localizing Bugzilla to +other languages. =back @@ -33,10 +33,10 @@ sub build_requires { sub recommends { my $recommends = OPTIONAL_MODULES(); - my @blacklist = ('Apache-SizeLimit', 'mod_perl'); # Does not compile properly on Travis + my @blocklist = ('Apache-SizeLimit', 'mod_perl'); # Does not compile properly on Travis my $hrecommends = {}; foreach my $module (@$recommends) { - next if grep($_ eq $module->{package}, @blacklist); + next if grep($_ eq $module->{package}, @blocklist); $hrecommends->{$module->{module}} = $module->{version}; } return $hrecommends; @@ -6,9 +6,6 @@ developed by an active group of volunteers in the Mozilla community, and used by thousands of projects and companies around the world. It can be installed on Linux and other flavors of Unix, Windows or Mac OS X. -You can try Bugzilla out using our testing installation: -https://landfill.bugzilla.org/bugzilla-tip/ - Documentation ============= @@ -96,6 +96,13 @@ $user->in_group(Bugzilla->params->{"chartgroup"}) # Only admins may create public queries $user->in_group('admin') || $cgi->delete('public'); +if ($cgi->param('debug') + && Bugzilla->params->{debug_group} + && Bugzilla->user->in_group(Bugzilla->params->{debug_group}) + ) { + $vars->{'debug'} = 1; +} + # All these actions relate to chart construction. if ($action =~ /^(assemble|add|remove|sum|subscribe|unsubscribe)$/) { # These two need to be done before the creation of the Chart object, so @@ -312,7 +319,16 @@ sub plot { disable_utf8() if ($format->{'ctype'} =~ /^image\//); # Debugging PNGs is a pain; we need to be able to see the error messages - $vars->{'chart'}->dump() if $cgi->param('debug'); + if (exists $vars->{'debug'}) { + # Bug 1439260 - if we're using debug mode, always use the HTML template + # which has proper filters in it. Debug forces an HTML content type + # anyway, and can cause XSS if we're not filtering the output. + $format = $template->get_format("reports/chart", "", "html"); + $vars->{'debug_dump'} = $vars->{'chart'}->dump(); + } + + print $cgi->header($format->{'ctype'}); + disable_utf8() if ($format->{'ctype'} =~ /^image\//); $template->process($format->{'template'}, $vars) || ThrowTemplateError($template->error()); @@ -350,7 +366,9 @@ sub view { # If we have having problems with bad data, we can set debug=1 to dump # the data structure. - $chart->dump() if $cgi->param('debug'); + if (exists $vars->{'debug'}) { + $vars->{'debug_dump'} = $chart->dump(); + } $template->process("reports/create-chart.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/contrib/bugzilla-submit/README b/contrib/bugzilla-submit/README index f9e74b9d4..9d9811bde 100644 --- a/contrib/bugzilla-submit/README +++ b/contrib/bugzilla-submit/README @@ -19,9 +19,8 @@ Its only requirement is Python 2.3 or higher; you should have the Usage Notes ----------- -* Please constrain testing to your own installation of Bugzilla, or use -* http://landfill.bugzilla.org/ for testing purposes -- opening test -* bugs on production instances of Bugzilla is definitely not a good idea +* Please constrain testing to your own installation of Bugzilla, opening test +* bugs on production instances of Bugzilla is definitely not a good idea. Run "bugzilla-submit --help" for a description of the possible options. diff --git a/contrib/bugzilla-submit/bugzilla-submit.xml b/contrib/bugzilla-submit/bugzilla-submit.xml index 2cfdc9209..297e690cc 100755 --- a/contrib/bugzilla-submit/bugzilla-submit.xml +++ b/contrib/bugzilla-submit/bugzilla-submit.xml @@ -201,12 +201,12 @@ password field is the right password. The URL in the machine field must be enclosed in double quotes.</para> <para>For example, if your Bugzilla instance is at -"http://landfill.bugzilla.org/bztest/", and your login and password +"https://bugzilla.example.org/bztest/", and your login and password there are "john@doe.com" and "foo", respectively, your <filename>.netrc</filename> entry should look something like:</para> <screen> - machine "http://landfill.bugzilla.org/bztest/" + machine "https://bugzilla.example.org/bztest/" login john@doe.com password foo diff --git a/contrib/jb2bz.py b/contrib/jb2bz.py index caaa0c5e2..170e82d70 100755 --- a/contrib/jb2bz.py +++ b/contrib/jb2bz.py @@ -30,7 +30,7 @@ if not mimetypes.encodings_map.has_key('.bz2'): bug_status='CONFIRMED' component="default" -version="" +version="unspecified" product="" # this is required, the rest of these are defaulted as above """ @@ -230,6 +230,7 @@ def process_jitterbug(filename): "bug_id=%s," \ "priority='---'," \ "bug_severity='normal'," \ + "op_sys='All'," \ "bug_status=%s," \ "creation_ts=%s," \ "delta_ts=%s," \ diff --git a/docs/en/rst/about/index.rst b/docs/en/rst/about/index.rst index 239c6ecea..76c8d5276 100644 --- a/docs/en/rst/about/index.rst +++ b/docs/en/rst/about/index.rst @@ -10,18 +10,16 @@ that tracks millions of bugs and issues for thousands of organizations around the world. The most current version of this document can always be found on the -`Bugzilla website <http://www.bugzilla.org/docs/>`_. +`Bugzilla website <https://www.bugzilla.org/docs/>`_. .. _evaluating: Evaluating Bugzilla ################### -If you want to try out Bugzilla to see if it meets your needs, you can do so -on `Landfill <https://landfill.bugzilla.org/bugzilla-4.4-branch/>`_, our test -server. The `Bugzilla FAQ <https://wiki.mozilla.org/Bugzilla:FAQ>`_ may also -be helpful, as it answers a number of questions people sometimes have about -whether Bugzilla is for them. +The `Bugzilla FAQ <https://wiki.mozilla.org/Bugzilla:FAQ>`_ may be helpful, +as it answers a number of questions people sometimes have about whether +Bugzilla is for them. .. _getting-help: @@ -36,7 +34,7 @@ Google Group. Please first, and then ask your question there. If you need a guaranteed response, commercial support is -`available <http://www.bugzilla.org/support/consulting.html>`_ for Bugzilla +`available <https://www.bugzilla.org/support/consulting.html>`_ for Bugzilla from a number of people and organizations. .. _conventions: @@ -81,13 +79,13 @@ new text and markup. License ####### -Bugzilla is `free <http://www.gnu.org/philosophy/free-sw.html>`_ and -`open source <http://opensource.org/osd>`_ software, which means (among other +Bugzilla is `free <https://www.gnu.org/philosophy/free-sw.html>`_ and +`open source <https://opensource.org/osd>`_ software, which means (among other things) that you can download it, install it, and run it for any purpose whatsoever without the need for license or payment. Isn't that refreshing? Bugzilla's code is made available under the -`Mozilla Public License 2.0 <http://www.mozilla.org/MPL/2.0/>`_ (MPL), +`Mozilla Public License 2.0 <https://www.mozilla.org/MPL/2.0/>`_ (MPL), specifically the variant which is Incompatible with Secondary Licenses. However, again, if you only want to install and run Bugzilla, you don't need to worry about that; it's only relevant if you redistribute the code or any diff --git a/docs/en/rst/conf.py b/docs/en/rst/conf.py index 34acb4778..db493e999 100644 --- a/docs/en/rst/conf.py +++ b/docs/en/rst/conf.py @@ -383,13 +383,10 @@ pdf_fit_background_mode = 'scale' # Temporary highlighting of TODO items todo_include_todos = False -# The readthedocs.org website cannot access POD. -on_rtd = os.environ.get('READTHEDOCS', None) == 'True' +# Originally, the readthedocs.org website could not access POD, +# so we would conditionally override that here if we were building +# on RTD, but that's no longer the case. +base_api_url = '../integrating/api/' -if on_rtd: - base_api_url = 'https://www.bugzilla.org/docs/5.0/en/html/integrating/api/' -else: - base_api_url = '../integrating/api/' - -extlinks = {'bug': ('https://bugzilla.mozilla.org/show_bug.cgi?id=%s', 'bug '), - 'api': (base_api_url + '%s', '')} +extlinks = {'bug': ('https://bugzilla.mozilla.org/show_bug.cgi?id=%s', 'bug %s'), + 'api': (base_api_url + '%s', '%s')} diff --git a/docs/en/rst/installing/essential-post-install-config.rst b/docs/en/rst/installing/essential-post-install-config.rst index 1b9fd6b94..51ff58719 100644 --- a/docs/en/rst/installing/essential-post-install-config.rst +++ b/docs/en/rst/installing/essential-post-install-config.rst @@ -94,7 +94,7 @@ This section corresponds to choosing a :param:`mail_delivery_method` of :paramval:`Sendmail`. Unless you know what you are doing, and can deal with the possible problems -of spam, bounces and blacklists, it is probably unwise to set up your own +of spam, bounces and blocklists, it is probably unwise to set up your own mail server just for Bugzilla. However, if you wish to do so, some guidance follows. diff --git a/docs/en/rst/installing/linux.rst b/docs/en/rst/installing/linux.rst index e2e05c310..65e9f1110 100644 --- a/docs/en/rst/installing/linux.rst +++ b/docs/en/rst/installing/linux.rst @@ -18,7 +18,7 @@ Install Packages ================ Use your distribution's package manager to install Perl, your preferred -database engine (MySQL if in doubt), and a webserver (Apache if in doubt). +database engine (MySQL or MariaDB if in doubt), and a webserver (Apache if in doubt). Some distributions even have a Bugzilla package, although that will vary in age. @@ -28,64 +28,102 @@ is not found, just remove it from the list and reissue the command. If you want to use a different database or webserver, substitute the package names as appropriate. -Fedora and Red Hat ------------------- +Fedora, CentOS Stream and RHEL +------------------------------ -The following command will install Red Hat's packaged version of Bugzilla: +The following command will install Fedora's packaged version of Bugzilla: -:command:`yum install bugzilla httpd mysql-server` +:command:`dnf install bugzilla httpd mariadb-server` Then, you can skip to :ref:`configuring your database <linux-config-database>`. It may be useful to know that Fedora stores the Bugzilla files in :file:`/usr/share/bugzilla`, so that's where you'll run :file:`checksetup.pl`. -If you want to install a version of Bugzilla from the Bugzilla project, you -will instead need: - -:command:`yum install httpd mysql-server mod_perl mod_perl-devel httpd-devel -gd-devel mysql-devel -graphviz patchutils gcc 'perl(Apache2::SizeLimit)' 'perl(Authen::Radius)' -'perl(Authen::SASL)' 'perl(Cache::Memcached)' 'perl(CGI)' 'perl(Chart::Lines)' -'perl(Daemon::Generic)' 'perl(Date::Format)' 'perl(DateTime)' -'perl(DateTime::TimeZone)' 'perl(DBI)' 'perl(Digest::SHA)' 'perl(Email::MIME)' -'perl(Email::Reply)' 'perl(Email::Sender)' 'perl(Encode)' 'perl(Encode::Detect)' -'perl(File::MimeInfo::Magic)' 'perl(GD)' 'perl(GD::Graph)' -'perl(GD::Text)' 'perl(HTML::FormatText::WithLinks)' 'perl(HTML::Parser)' -'perl(HTML::Scrubber)' 'perl(IO::Scalar)' 'perl(JSON::RPC)' 'perl(JSON::XS)' -'perl(List::MoreUtils)' 'perl(LWP::UserAgent)' 'perl(Math::Random::ISAAC)' -'perl(MIME::Parser)' 'perl(mod_perl2)' 'perl(Net::LDAP)' 'perl(Net::SMTP::SSL)' -'perl(PatchReader)' 'perl(SOAP::Lite)' 'perl(Template)' -'perl(Template::Plugin::GD::Image)' 'perl(Test::Taint)' 'perl(TheSchwartz)' -'perl(URI)' 'perl(XMLRPC::Lite)' 'perl(XML::Twig)'` - -If you are running RHEL6, you will have to enable the "RHEL Server Optional" -channel in RHN to get some of those packages. - -If you plan to use a database other than MySQL, you will need to also install +If you want to install a version of Bugzilla from the Bugzilla project +or have it on RHEL or CentOS, you will need to do the following instead: + +On CentOS Stream and RHEl, add the Fedora EPEL repo, in the way described +in the `installation instructions <https://docs.fedoraproject.org/en-US/epel/>`_. + +Run the following to install the base Bugzilla dependencies: + +:command:`dnf install git httpd httpd-devel mariadb-devel gcc +mariadb-server mod_perl mod_perl-devel 'perl(autodie)' 'perl(CGI)' +'perl(Date::Format)' 'perl(DateTime)' 'perl(DateTime::TimeZone)' +'perl(DBI)' 'perl(DBD::mysql)' 'perl(Digest::SHA)' 'perl(Email::MIME)' +'perl(Email::Sender)' 'perl(fields)' 'perl(JSON::XS)' +'perl(List::MoreUtils)' 'perl(Math::Random::ISAAC)' 'perl(Memoize)' +'perl(Safe)' 'perl(Template)' 'perl(URI)'` + +On Fedora, all the optional dependencies are available: + +:command:`dnf install gd-devel graphviz patchutils +'perl(Apache2::SizeLimit)' 'perl(Authen::Radius)' 'perl(Authen::SASL)' +'perl(Cache::Memcached)' 'perl(Chart::Lines)' 'perl(Daemon::Generic)' +'perl(Email::Reply)' 'perl(Encode)' 'perl(Encode::Detect)' +'perl(File::Copy::Recursive)' 'perl(File::MimeInfo::Magic)' +'perl(File::Which)' 'perl(GD)' 'perl(GD::Graph)' 'perl(GD::Text)' 'perl(HTML::FormatText::WithLinks)' 'perl(HTML::Parser)' +'perl(HTML::Scrubber)' 'perl(IO::Scalar)' 'perl(JSON::RPC)' +'perl(LWP::UserAgent)' 'perl(MIME::Parser)' 'perl(mod_perl2)' +'perl(Net::LDAP)' 'perl(Net::SMTP::SSL)' 'perl(PatchReader)' +'perl(SOAP::Lite)' 'perl(Template::Plugin::GD::Image)' +'perl(Test::Taint)' 'perl(TheSchwartz)' 'perl(XMLRPC::Lite)' +'perl(XML::Twig)'` + +On CentOS Stream and RHEL with EPEL, some modules are missing in the +repositories, so use the following instead: + +:command:`dnf install gd-devel graphviz patchutils +'perl(Apache2::SizeLimit)' 'perl(Authen::Radius)' 'perl(Authen::SASL)' +'perl(Cache::Memcached)' 'perl(Encode)' 'perl(Encode::Detect)' +'perl(File::Copy::Recursive)' 'perl(File::MimeInfo::Magic)' +'perl(File::Which)' 'perl(GD)' 'perl(GD::Graph)' 'perl(GD::Text)' +'perl(HTML::Parser)' 'perl(HTML::Scrubber)' 'perl(IO::Scalar)' +'perl(JSON::RPC)' 'perl(LWP::UserAgent)' 'perl(MIME::Parser)' +'perl(mod_perl2)' 'perl(Net::LDAP)' 'perl(Net::SMTP::SSL)' +'perl(SOAP::Lite)' 'perl(Test::Taint)' 'perl(XMLRPC::Lite)' +'perl(XML::Twig)'` + +and install the missing optional modules with: + +:command:`cd /var/www/html/bugzilla/ && ./install-module.pl Chart::Lines +Daemon::Generic Email::Reply HTML::FormatText::WithLinks PatchReader +Template::Plugin::GD::Image TheSchwartz` + +If you plan to use a database other than MariaDB, you will need to also install the appropriate packages for that. Ubuntu and Debian ----------------- -:command:`apt-get install git nano` - -:command:`apt-get install apache2 mysql-server libappconfig-perl -libdate-calc-perl libtemplate-perl libmime-perl build-essential -libdatetime-timezone-perl libdatetime-perl libemail-sender-perl -libemail-mime-perl libemail-mime-modifier-perl libdbi-perl libdbd-mysql-perl -libcgi-pm-perl libmath-random-isaac-perl libmath-random-isaac-xs-perl -apache2-mpm-prefork libapache2-mod-perl2 libapache2-mod-perl2-dev -libchart-perl libxml-perl libxml-twig-perl perlmagick libgd-graph-perl -libtemplate-plugin-gd-perl libsoap-lite-perl libhtml-scrubber-perl -libjson-rpc-perl libdaemon-generic-perl libtheschwartz-perl -libtest-taint-perl libauthen-radius-perl libfile-slurp-perl -libencode-detect-perl libmodule-build-perl libnet-ldap-perl -libauthen-sasl-perl libtemplate-perl-doc libfile-mimeinfo-perl -libhtml-formattext-withlinks-perl libgd-dev libmysqlclient-dev lynx-cur -graphviz python-sphinx` - -If you plan to use a database other than MySQL, you will need to also install -the appropriate packages for that. +You can install required packages with: +:command:`apt install apache2 build-essential git +libcgi-pm-perl libdatetime-perl libdatetime-timezone-perl +libdbi-perl libdigest-sha-perl libemail-address-perl +libemail-mime-perl libemail-sender-perl libjson-xs-perl +liblist-moreutils-perl libmath-random-isaac-perl libtemplate-perl +libtimedate-perl liburi-perl libmariadb-dev-compat libdbd-mysql-perl +mariadb-server` + +If you plan to use a database other than MariaDB, you will need to also install +the appropriate packages for that (in the command above, the packages required +for MariaDB are ``libdbd-mysql-perl``, ``libmariadb-dev-compat`` and ``mariadb-server``). + +You can install optional packages with: +:command:`apt install graphviz libapache2-mod-perl2 +libapache2-mod-perl2-dev libauthen-radius-perl libauthen-sasl-perl +libcache-memcached-perl libchart-perl libdaemon-generic-perl +libemail-reply-perl libencode-detect-perl libencode-perl +libfile-copy-recursive-perl libfile-mimeinfo-perl libfile-which-perl +libgd-dev libgd-graph-perl libgd-perl libgd-text-perl +libhtml-formattext-withlinks-perl libhtml-parser-perl +libhtml-scrubber-perl libio-stringy-perl libjson-rpc-perl +libmime-tools-perl libnet-ldap-perl libnet-smtp-ssl-perl +libsoap-lite-perl libtemplate-plugin-gd-perl libtest-taint-perl +libtheschwartz-perl libwww-perl libxmlrpc-lite-perl libxml-twig-perl` + +There is no Ubuntu package for ``PatchReader`` and so you will have to install that module +outside the package manager if you want it. Gentoo ------ @@ -98,6 +136,16 @@ USE flag enabled, Bugzilla will end up in :file:`/var/www/localhost/bugzilla`. Then, you can skip to :ref:`configuring your database <linux-config-database>`. +openSUSE +-------- + +:command:`zypper in bugzilla` + +has been available in the openSUSE Leap repositories since 15.2 and is +in the openSUSE Tumbleweed repositories, also comes with an optional +``bugzilla-apache`` package, that allows you to skip to +:ref:`configuring your database <linux-config-database>` + .. _linux-install-perl: Perl @@ -185,10 +233,11 @@ We have specific configuration instructions for the following: Database Engine =============== -Bugzilla supports MySQL, PostgreSQL, Oracle and SQLite as database servers. -You only require one of these systems to make use of Bugzilla. MySQL is -most commonly used. SQLite is good for trial installations as it requires no -setup. Configure your server according to the instructions below: +Bugzilla supports MySQL (or MariaDB, its compatible counterpart), PostgreSQL, +Oracle and SQLite as database servers. You only require one of these systems +to make use of Bugzilla. MySQL or MariaDB are most commonly used. SQLite is +good for trial installations as it requires no setup. Configure your server +according to the instructions below: * :ref:`mysql` * :ref:`postgresql` diff --git a/docs/en/rst/installing/mysql.rst b/docs/en/rst/installing/mysql.rst index 1107547a6..66f44de20 100644 --- a/docs/en/rst/installing/mysql.rst +++ b/docs/en/rst/installing/mysql.rst @@ -3,7 +3,13 @@ MySQL ##### -You need MySQL version 5.0.15 or higher. +It is strongly advised to use MariaDB which is a drop-in replacement for +MySQL and is fully compatible with Bugzilla. If MySQL must be used, be +aware that the minimum required version is MySQL 5.0.15 and that MySQL 8 +or higher cannot be used at this time. + +All commands in this document work regardless of whether MySQL or +MariaDB are used. It's possible to test which version of MySQL you have installed with: @@ -15,12 +21,12 @@ Installing Windows ------- -Download the MySQL 32-bit or 64-bit MSI installer from the -`MySQL website <http://www.mysql.com/downloads/mysql/>`_ (~28 MB). +Download the MariaDB 32-bit or 64-bit MSI installer from the +`MariaDB website <https://mariadb.org/download/?t=mariadb&os=windows>`_ (~66 MB). -MySQL has a standard Windows installer. It's ok to select a Typical MySQL -install (the default). The rest of this documentation assumes assume you -have installed MySQL into :file:`C:\\mysql`. Adjust paths appropriately if not. +MariaDB has a standard Windows installer. It's ok to select a the +default install options. The rest of this documentation assumes assume you +have installed MariaDB into :file:`C:\\mysql`. Adjust paths appropriately if not. Linux/Mac OS X -------------- diff --git a/docs/en/rst/installing/quick-start.rst b/docs/en/rst/installing/quick-start.rst index 7ea5ed58a..eda291458 100644 --- a/docs/en/rst/installing/quick-start.rst +++ b/docs/en/rst/installing/quick-start.rst @@ -1,40 +1,35 @@ .. _quick-start: -Quick Start (Ubuntu Linux 14.04) +Quick Start (Ubuntu Linux 22.04) ################################ This quick start guide makes installing Bugzilla as simple as possible for those who are able to choose their environment. It creates a system using -Ubuntu Linux 14.04 LTS, Apache and MySQL. It requires a little familiarity +Ubuntu Linux 22.04 LTS, Apache and MariaDB. It requires a little familiarity with Linux and the command line. Obtain Your Hardware ==================== -Ubuntu 14.04 LTS Server requires a 64-bit processor. +Ubuntu 22.04 LTS Server requires a 64-bit processor. Bugzilla itself has no prerequisites beyond that, although you should pick reliable hardware. You can also probably use any 64-bit virtual machine -or cloud instance that you have root access on. +or cloud instance that you have root access on. Install the OS ============== -Get `Ubuntu Server 14.04 LTS <http://www.ubuntu.com/download/server>`_ -and follow the `installation instructions <http://www.ubuntu.com/download/server/install-ubuntu-server>`_. +Get `Ubuntu Server 22.04 LTS <https://www.ubuntu.com/download/server>`_ +and follow the `installation instructions <https://www.ubuntu.com/download/server/install-ubuntu-server>`_. Here are some tips: -* Choose any server name you like. -* When creating the initial Linux user, call it ``bugzilla``, give it a - strong password, and write that password down. -* You do not need an encrypted home directory. +* You do not need an encrypted lvm group, root or home directory. * Choose all the defaults for the "partitioning" part (excepting of course where the default is "No" and you need to press "Yes" to continue). -* Choose "install security updates automatically" unless you want to do - them manually. -* From the install options, choose "OpenSSH Server" and "LAMP Server". -* Set the password for the MySQL root user to a strong password, and write - that password down. -* Install the Grub boot loader to the Master Boot Record. +* Choose any server name you like. +* When creating the initial Linux user, call it ``bugzilla``, give it a + strong password, and write that password down. +* From the install options, choose "OpenSSH Server". Reboot when the installer finishes. @@ -44,59 +39,61 @@ Become root ssh to the machine as the 'bugzilla' user, or start a console. Then: :command:`sudo su` - + Install Prerequisites ===================== -:command:`apt-get install git nano` - -:command:`apt-get install apache2 mysql-server libappconfig-perl libdate-calc-perl libtemplate-perl libmime-perl build-essential libdatetime-timezone-perl libdatetime-perl libemail-sender-perl libemail-mime-perl libemail-mime-modifier-perl libdbi-perl libdbd-mysql-perl libcgi-pm-perl libmath-random-isaac-perl libmath-random-isaac-xs-perl apache2-mpm-prefork libapache2-mod-perl2 libapache2-mod-perl2-dev libchart-perl libxml-perl libxml-twig-perl perlmagick libgd-graph-perl libtemplate-plugin-gd-perl libsoap-lite-perl libhtml-scrubber-perl libjson-rpc-perl libdaemon-generic-perl libtheschwartz-perl libtest-taint-perl libauthen-radius-perl libfile-slurp-perl libencode-detect-perl libmodule-build-perl libnet-ldap-perl libauthen-sasl-perl libtemplate-perl-doc libfile-mimeinfo-perl libhtml-formattext-withlinks-perl libgd-dev libmysqlclient-dev lynx-cur graphviz python-sphinx` +:command:`apt install git nano` + +:command:`apt install apache2 build-essential mariadb-server +libcgi-pm-perl libdigest-sha-perl libtimedate-perl libdatetime-perl +libdatetime-timezone-perl libdbi-perl libtemplate-perl +libemail-address-perl libemail-sender-perl libemail-mime-perl +liburi-perl liblist-moreutils-perl libmath-random-isaac-perl +libjson-xs-perl libgd-perl libchart-perl libtemplate-plugin-gd-perl +libgd-text-perl libgd-graph-perl libmime-tools-perl libwww-perl +libxml-twig-perl libnet-ldap-perl libauthen-sasl-perl +libnet-smtp-ssl-perl libauthen-radius-perl libsoap-lite-perl +libxmlrpc-lite-perl libjson-rpc-perl libtest-taint-perl +libhtml-parser-perl libhtml-scrubber-perl libencode-perl +libencode-detect-perl libemail-reply-perl +libhtml-formattext-withlinks-perl libtheschwartz-perl +libdaemon-generic-perl libapache2-mod-perl2 libapache2-mod-perl2-dev +libfile-mimeinfo-perl libio-stringy-perl libcache-memcached-perl +libfile-copy-recursive-perl libfile-which-perl libdbd-mysql-perl +perlmagick lynx graphviz python3-sphinx rst2pdf` This will take a little while. It's split into two commands so you can do the next steps (up to step 7) in another terminal while you wait for the second command to finish. If you start another terminal, you will need to :command:`sudo su` again. -Download Bugzilla +Configure MariaDB ================= -Get it from our Git repository: - -:command:`cd /var/www/html` - -:command:`git clone --branch release-X.X-stable https://github.com/bugzilla/bugzilla bugzilla` - -(where "X.X" is the 2-digit version number of the stable release of Bugzilla -that you want - e.g. 5.0) - -Configure MySQL -=============== - The following instructions use the simple :file:`nano` editor, but feel free to use any text editor you are comfortable with. -:command:`nano /etc/mysql/my.cnf` +:command:`nano /etc/mysql/mariadb.conf.d/50-server.cnf` Set the following values, which increase the maximum attachment size and make it possible to search for short words and terms: -* Alter on Line 52: ``max_allowed_packet=100M`` -* Add as new line 32, in the ``[mysqld]`` section: ``ft_min_word_len=2`` +* Uncomment and alter on Line 34 to have a value of at least: ``max_allowed_packet=100M`` +* Add as new line 42, in the ``[mysqld]`` section: ``ft_min_word_len=2`` Save and exit. -Then, add a user to MySQL for Bugzilla to use: +Then, add a user to MariaDB for Bugzilla to use: -:command:`mysql -u root -p -e "GRANT ALL PRIVILEGES ON bugs.* TO bugs@localhost IDENTIFIED BY '$db_pass'"` +:command:`mysql -u root -e "GRANT ALL PRIVILEGES ON bugs.* TO bugs@localhost IDENTIFIED BY '$db_pass'"` Replace ``$db_pass`` with a strong password you have generated. Write it down. -When you run the above command, it will prompt you for the MySQL root password -that you configured when you installed Ubuntu. You should make ``$db_pass`` -different to that password. +You should make ``$db_pass`` different to your password. -Restart MySQL: +Restart MariaDB: -:command:`service mysql restart` +:command:`service mariadb restart` Configure Apache ================ @@ -107,21 +104,37 @@ Paste in the following and save: .. code-block:: apache - ServerName localhost - - <Directory /var/www/html/bugzilla> + Alias /bugzilla /var/www/webapps/bugzilla + <Directory /var/www/webapps/bugzilla> AddHandler cgi-script .cgi Options +ExecCGI DirectoryIndex index.cgi index.html AllowOverride All </Directory> +This configuration sets up Bugzilla to be served on your server under ``/bugzilla`` path. +For more in depth setup instructions, refer to :ref:`Apache section of this documentation <apache>`. + :command:`a2ensite bugzilla` -:command:`a2enmod cgi headers expires` +:command:`a2enmod cgi headers expires rewrite` :command:`service apache2 restart` +Download Bugzilla +================= + +Get it from our Git repository: + +:command:`mkdir -p /var/www/webapps` + +:command:`cd /var/www/webapps` + +:command:`git clone --branch release-X.X-stable https://github.com/bugzilla/bugzilla bugzilla` + +(where "X.X" is the 2-digit version number of the stable release of Bugzilla +that you want - e.g. 5.0) + Check Setup =========== @@ -131,7 +144,7 @@ generates a config file (called :file:`localconfig`) for the database access information, and the second time (step 10) it uses the info you put in the config file to set up the database. -:command:`cd /var/www/html/bugzilla` +:command:`cd /var/www/webapps/bugzilla` :command:`./checksetup.pl` @@ -144,7 +157,7 @@ You will need to set the following values: * Line 29: set ``$webservergroup`` to ``www-data`` * Line 67: set ``$db_pass`` to the password for the ``bugs`` user you created - in MySQL a few steps ago + in MariaDB a few steps ago Check Setup (again) =================== @@ -162,12 +175,10 @@ Test Server :command:`./testserver.pl http://localhost/bugzilla` -All the tests should pass. You will get warnings about deprecation from -the ``Chart::Base`` Perl module; just ignore those. +All the tests should pass. You will get a warning about failing to run +``gdlib-config``; just ignore it. -.. todo:: Chart::Base gives confusing deprecation warnings :-| - https://rt.cpan.org/Public/Bug/Display.html?id=79658 , unfixed for - 2 years. :bug:`1070117`. +.. todo:: ``gdlib-config`` is no longer in Ubuntu. Access Via Web Browser ====================== @@ -183,8 +194,28 @@ You might well need to configure your DNS such that the server has, and is reachable by, a name rather than IP address. Doing so is out of scope of this document. In the mean time, it is available on your local network at ``http://<ip address>/bugzilla``, where ``<ip address>`` is (unless you -have a complex network setup) the "inet addr" value displayed when you run -:command:`ifconfig eth0`. +have a complex network setup) the address starting with 192 displayed when +you run :command:`hostname -I`. + +Accessing Bugzilla from the Internet +==================================== + +To be able to access Bugzilla from anywhere in the world, you don't have +to make it internet facing at all, there are free VPN services that let +you set up your own network that is accessible anywhere. One of those is +Tailscale, which has a fairly accessible `Quick Start guide <https://tailscale.com/kb/1017/install/>`_. + +If you are setting up an internet facing Bugzilla, it's essential to set +up SSL, so that the communication between the server and users is +encrypted. For local and intranet installation this matters less, and +for those cases, you could set up a self signed local certificate +instead. + +There are a few ways to set up free SSL thanks to `Let's Encrypt <https://letsencrypt.org/>`_. +The two major ones would be Apache's `mod_md <https://httpd.apache.org/docs/2.4/mod/mod_md.html>`_ +and EFF's `certbot <https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal>`_, +but we don't cover the exact specifics of this here, as that's out of +scope of this guide. Configure Bugzilla ================== @@ -198,6 +229,8 @@ the following parameters in the :guilabel:`Required Settings` section: * :param:`urlbase`: :paramval:`http://<servername>/bugzilla/` or :paramval:`http://<ip address>/bugzilla/` +* :param:`ssl_redirect`: + :paramval:`on` if you set up an SSL certificate Click :guilabel:`Save Changes` at the bottom of the page. diff --git a/docs/en/rst/using/creating-an-account.rst b/docs/en/rst/using/creating-an-account.rst index 0ea42ee5d..892ad5e4d 100644 --- a/docs/en/rst/using/creating-an-account.rst +++ b/docs/en/rst/using/creating-an-account.rst @@ -5,9 +5,7 @@ Creating an Account If you want to use a particular installation of Bugzilla, first you need to create an account. Ask the administrator responsible for your installation -for the URL you should use to access it. If you're test-driving Bugzilla, -you can use one of the installations on -`Landfill <http://landfill.bugzilla.org/>`_. +for the URL you should use to access it. The process of creating an account is similar to many other websites. diff --git a/docs/en/rst/using/filing.rst b/docs/en/rst/using/filing.rst index 788cebbd5..229a3f823 100644 --- a/docs/en/rst/using/filing.rst +++ b/docs/en/rst/using/filing.rst @@ -8,18 +8,13 @@ Reporting a New Bug Years of bug writing experience has been distilled for your reading pleasure into the -`Bug Writing Guidelines <http://landfill.bugzilla.org/bugzilla-tip/page.cgi?id=bug-writing.html>`_. +`Bug Writing Guidelines <https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines>`_. While some of the advice is Mozilla-specific, the basic principles of reporting Reproducible, Specific bugs and isolating the Product you are using, the Version of the Product, the Component which failed, the Hardware Platform, and Operating System you were using at the time of the failure go a long way toward ensuring accurate, responsible fixes for the bug that bit you. -.. note:: If you want to file a test bug to see how Bugzilla works, - you can do it on one of our test installations on - `Landfill <http://landfill.bugzilla.org/>`_. Please don't do it on anyone's - production Bugzilla installation. - The procedure for filing a bug is as follows: #. Click the :guilabel:`New` link available in the header or footer diff --git a/docs/en/rst/using/finding.rst b/docs/en/rst/using/finding.rst index a8e18eef2..886af33e3 100644 --- a/docs/en/rst/using/finding.rst +++ b/docs/en/rst/using/finding.rst @@ -43,8 +43,7 @@ Advanced Search =============== The Advanced Search page is used to produce a list of all bugs fitting -exact criteria. `You can play with it on -Landfill <http://landfill.bugzilla.org/bugzilla-tip/query.cgi?format=advanced>`_. +exact criteria. Advanced Search has controls for selecting different possible values for all of the fields in a bug, as described above. For some diff --git a/docs/makedocs.pl b/docs/makedocs.pl index 36ffc45b5..8e11de02a 100755 --- a/docs/makedocs.pl +++ b/docs/makedocs.pl @@ -33,6 +33,7 @@ BEGIN { chdir dirname($0); } use lib qw(.. ../lib lib); use Cwd; +use File::Copy qw(copy); use File::Copy::Recursive qw(rcopy); use File::Find; use File::Path qw(rmtree make_path); @@ -82,12 +83,19 @@ END_HTML $converter->contents_page_start($contents_start); $converter->contents_page_end("</body></html>"); - $converter->add_css('./../../../../style.css'); + if (exists($::ENV{'READTHEDOCS'})) { + $converter->add_css('./../../style.css'); + } else { + $converter->add_css('./../../../../style.css'); + } $converter->javascript_flurry(0); $converter->css_flurry(0); make_path('html/integrating/api'); $converter->batch_convert(['../../'], 'html/integrating/api'); + if (exists($::ENV{'READTHEDOCS'})) { + copy('../style.css', 'html/style.css') or die "Copy failed: $!"; + } print "\n"; } diff --git a/report.cgi b/report.cgi index 2a8317d7a..d5f471ef0 100755 --- a/report.cgi +++ b/report.cgi @@ -359,19 +359,22 @@ my $format = $template->get_format("reports/report", $formatparam, # If we get a template or CGI error, it comes out as HTML, which isn't valid # PNG data, and the browser just displays a "corrupt PNG" message. So, you can # set debug=1 to always get an HTML content-type, and view the error. -$format->{'ctype'} = "text/html" if $cgi->param('debug'); +if (exists $vars->{'debug'}) { + # Bug 1439260 - if we're using debug mode, always use the HTML template + # which has proper filters in it. Debug forces an HTML content type + # anyway, and can cause XSS if we're not filtering the output. + $format = $template->get_format("reports/report", $formatparam, "html"); +} $cgi->set_dated_content_disp("inline", "report", $format->{extension}); print $cgi->header($format->{'ctype'}); # Problems with this CGI are often due to malformed data. Setting debug=1 # prints out both data structures. -if ($cgi->param('debug')) { +if (exists $vars->{'debug'}) { require Data::Dumper; - say "<pre>data hash:"; - say html_quote(Data::Dumper::Dumper(%data)); - say "\ndata array:"; - say html_quote(Data::Dumper::Dumper(@image_data)) . "\n\n</pre>"; + $vars->{'debug_hash'} = Data::Dumper::Dumper(%data); + $vars->{'debug_array'} = Data::Dumper::Dumper(@image_data); } # All formats point to the same section of the documentation. diff --git a/t/002goodperl.t b/t/002goodperl.t index d1858361f..8fcd1a343 100644 --- a/t/002goodperl.t +++ b/t/002goodperl.t @@ -14,7 +14,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Files; diff --git a/t/003safesys.t b/t/003safesys.t index 443f96415..e1d04bed8 100644 --- a/t/003safesys.t +++ b/t/003safesys.t @@ -14,7 +14,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Files; diff --git a/t/004template.t b/t/004template.t index 0a6f0e0aa..f336441ac 100644 --- a/t/004template.t +++ b/t/004template.t @@ -13,7 +13,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Templates; @@ -114,10 +114,10 @@ foreach my $include_path (@include_paths) { # Forbid single quotes to delimit URLs, see bug 926085. if ($data =~ /href=\\?'/) { - ok(0, "$path contains blacklisted constructs: href='...'"); + ok(0, "$path contains blocklisted constructs: href='...'"); } else { - ok(1, "$path contains no blacklisted constructs"); + ok(1, "$path contains no blocklisted constructs"); } } } diff --git a/t/005whitespace.t b/t/005whitespace.t index b6de8cee3..b7f10cae2 100644 --- a/t/005whitespace.t +++ b/t/005whitespace.t @@ -13,7 +13,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Files; use Support::Templates; diff --git a/t/006spellcheck.t b/t/006spellcheck.t index 24e00242d..ea298c5f6 100644 --- a/t/006spellcheck.t +++ b/t/006spellcheck.t @@ -14,7 +14,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Files; # -1 because 006spellcheck.t must not be checked. diff --git a/t/007util.t b/t/007util.t index 66c2df032..6f5ea8b72 100644 --- a/t/007util.t +++ b/t/007util.t @@ -13,7 +13,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Files; use Test::More tests => 17; use DateTime; diff --git a/t/009bugwords.t b/t/009bugwords.t index e36651edb..5b0bf1f94 100644 --- a/t/009bugwords.t +++ b/t/009bugwords.t @@ -19,7 +19,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. t lib); use Support::Files; use Support::Templates; diff --git a/t/010dependencies.t b/t/010dependencies.t index f565554d8..e0e990172 100644 --- a/t/010dependencies.t +++ b/t/010dependencies.t @@ -69,7 +69,7 @@ foreach my $module (keys %mods) { $used =~ s#/#::#g; $used =~ s#\.pm$##; $used =~ s#\$module#[^:]+#; - $used =~ s#\$\{[^}]+}#[^:]+#; + $used =~ s#\$\{[^}]+\}#[^:]+#; $used =~ s#[" ]##g; push(@use, grep(/^\Q$used\E$/, keys %mods)); } diff --git a/t/011pod.t b/t/011pod.t index 8a7f374ce..fd37faa7c 100644 --- a/t/011pod.t +++ b/t/011pod.t @@ -14,7 +14,7 @@ use 5.10.1; use strict; use warnings; -use lib 't'; +use lib qw(. lib t); use Support::Files; use Pod::Checker; diff --git a/template/en/default/config.js.tmpl b/template/en/default/config.js.tmpl index 0399f8b28..0e924d801 100644 --- a/template/en/default/config.js.tmpl +++ b/template/en/default/config.js.tmpl @@ -64,7 +64,7 @@ var [% cf.name FILTER js %] = [ [% FOREACH x = cf.legal_values %]'[% x.name FILT // ======================= // // It is not necessary to list all products and components here. -// Instead, you can define a "blacklist" for some commonly used words +// Instead, you can define a "blocklist" for some commonly used words // or word fragments that occur in a product or component name // but should _not_ trigger product/component search. @@ -84,7 +84,7 @@ var target_milestone = new Object(); // Product and Component Exceptions // ================================ // -// A blacklist for some commonly used words or word fragments +// A blocklist for some commonly used words or word fragments // that occur in a product or component name but should *not* // trigger product/component search in QuickSearch. diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index bd40fff88..0d6849ddb 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -89,6 +89,8 @@ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> [% END %] + <meta name="viewport" content="width=device-width, initial-scale=1"> + [% SET yui = yui_resolve_deps(yui, yui_deps) %] [% SET css_sets = css_files(style_urls, yui, yui_css) %] diff --git a/template/en/default/index.html.tmpl b/template/en/default/index.html.tmpl index 84a5b7d5c..d0ccc61e7 100644 --- a/template/en/default/index.html.tmpl +++ b/template/en/default/index.html.tmpl @@ -19,6 +19,12 @@ [% IF release %] <div id="new_release"> [% IF release.data %] + [% IF release.eos_date %] + <p>[% terms.Bugzilla %] [%+ release.branch_version FILTER html %] will + no longer receive security updates after [% release.eos_date FILTER html %]. + You are highly encouraged to upgrade in order to keep your + system secure.</p> + [% END %] [% IF release.deprecated %] <p>Bugzilla [%+ release.deprecated FILTER html %] is no longer supported. You are highly encouraged to upgrade in order to keep your diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl index 321716873..08c6567e8 100644 --- a/template/en/default/list/list.html.tmpl +++ b/template/en/default/list/list.html.tmpl @@ -268,7 +268,7 @@ [% IF bugowners && user.id %] <button type="button" id="email_assignees" - onclick="document.location='mailto:[% bugowners FILTER html %]'"> + onclick="document.location='mailto:[% bugowners FILTER html FILTER js %]'"> Send Mail to [% terms.Bug %] Assignees</button> [% END %] diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index b89e3a61d..0304c4ad3 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -29,8 +29,8 @@ <h2 id="introduction">Introduction</h2> -<p>Welcome to Bugzilla 5.0! It has been slightly over two years since we released - Bugzilla 4.4 in May of 2013. This new major release comes with many new features +<p>Welcome to [% terms.Bugzilla %] 5.0! It has been slightly over two years since we released + [%+ terms.Bugzilla %] 4.4 in May of 2013. This new major release comes with many new features and improvements to WebServices and performance.</p> <p>If you're upgrading, make sure to read @@ -43,6 +43,66 @@ <h2 id="point">Updates in this 5.0.x Release</h2> +<h3>5.0.4.1</h3> + +<p>This release fixes three security issues. See the + <a href="https://www.bugzilla.org/security/4.4.13/">Security Advisory</a> + for details.</p> + +<p>This release is intended to follow the stable 5.0 branch of +[%+ terms.Bugzilla %]. Version 5.0.5 contained invasive fixes which should not +have been on a stable branch, so we branched again from 5.0.4 to continue to +provide security updates without the invasive changes. <b>This release track of +[%+ terms.Bugzilla %] now lives on the 5.0.4 branch in Git.</b></p> + +<p>This release also contains the following [% terms.bug %] fixes:</p> + +<ul> + + <li>MySQL 8.0 introduced non-backward-compatible changes which broke + Bugzilla. This version now properly detects and prevents you from running it + on MySQL 8 or newer. Future versions of [% terms.Bugzilla %] will support + MySQL 8, but the changes are too invasive for a branch that only gets + security support. If you can't stay on MySQL 5.7.x or older, we recommend + using MariaDB or version 5.2 or newer of [% terms.Bugzilla %]. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1851354">[% terms.Bug %] 1851354</a>)</li> + + <li>The "Email Assignees" link on the [% terms.Bug %] List page was fixed to + properly handle email addresses that contain apostrophes. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1226123">[% terms.Bug %] 1226123</a>)</li> + + <li>Metadata to assist browsers in properly rendering [% terms.Bugzilla %] on + mobile browsers was added. Without this metadata Google Search tools would + report [% terms.Bugzilla %] pages as not suitable for mobile devices. + [%+ terms.Bugzilla %] still needs work to actually look nice on mobile devices + but this is a good start. + (<a href="https://github.com/bugzilla/bugzilla/pull/78">PR #78</a>)</li> + + <li>The Email::MIME module changed the way it set content types on emails in + version 1.949, causing [% terms.Bugzilla %] to throw an error and preventing + emails from being correctly delivered to recipients. We now set the content + type correctly on emails. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1657496">[% terms.Bug %] 1657496</a>)</li> + + <li>Template Toolkit versions 2.28 through 3.007 are blacklisted due to a + compatibility issue. Versions 2.22 through 2.27 and 3.008 and later are + still supported. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1560873">[% terms.Bug %] 1560873</a>)</li> + + <li>[% terms.Bugzilla %] has a dependency on the Email::Address Perl module + which was unstated in the dependency list because it was also a dependency of + Email::Sender which [% terms.Bugzilla %] also uses. Newer versions of + Email::Sender stopped depending on Email::Address, so [% terms.Bugzilla %] + now needs to depend on it explicitly. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1851352">[% terms.Bug %] 1851352</a>)</li> + + <li>The contrib script <code>jb2bz.py</code> for importing from Jitterbugz + was updated to properly handle missing version and operating system values on + imported [% terms.bugs %]. + (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1429243">[% terms.Bug %] 1429243</a>)</li> + +</ul> + <h3>5.0.4</h3> <p>This release fixes one security issue. See the diff --git a/template/en/default/reports/chart.html.tmpl b/template/en/default/reports/chart.html.tmpl index dfab725e6..7004086de 100644 --- a/template/en/default/reports/chart.html.tmpl +++ b/template/en/default/reports/chart.html.tmpl @@ -20,6 +20,13 @@ header_addl_info = time %] +[% IF debug %] + <p>Bugzilla::Chart object:</p> + <pre> + [% debug_dump FILTER html %] + </pre> +[% END %] + <div class="center"> [% imageurl = BLOCK %]chart.cgi? diff --git a/template/en/default/reports/create-chart.html.tmpl b/template/en/default/reports/create-chart.html.tmpl index 6b5fa5fe3..9ae25c608 100644 --- a/template/en/default/reports/create-chart.html.tmpl +++ b/template/en/default/reports/create-chart.html.tmpl @@ -18,6 +18,13 @@ style_urls = ['skins/standard/buglist.css'] %] +[% IF debug %] + <p>Bugzilla::Chart object:</p> + <pre> + [% debug_dump FILTER html %] + </pre> +[% END %] + [% PROCESS "reports/series-common.html.tmpl" donames = 1 %] diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl index a9cd96551..b669070c2 100644 --- a/template/en/default/reports/report.html.tmpl +++ b/template/en/default/reports/report.html.tmpl @@ -61,6 +61,11 @@ %] [% IF debug %] + <p>Data hash:</p> + <pre>[% debug_hash FILTER html %]</pre> + <p>Data array:</p> + <pre>[% debug_array FILTER html %]</pre> + <p>Queries:</p> [% FOREACH query = queries %] <p>[% query.sql FILTER html %]</p> [% END %] diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl index 78c4d861b..202b3c78d 100644 --- a/template/en/default/setup/strings.txt.pl +++ b/template/en/default/setup/strings.txt.pl @@ -23,7 +23,7 @@ happens when you are not running checksetup.pl as ##root##. To see the problem we ran into, run: ##command## END bad_executable => 'not a valid executable: ##bin##', - blacklisted => '(blacklisted)', + blocklisted => '(blocklisted)', bz_schema_exists_before_220 => <<'END', You are upgrading from a version before 2.20, but the bz_schema table already exists. This means that you restored a mysqldump into the Bugzilla |