Bugzilla Status Update, July 28, 2002

Gervase Markham and J. Paul Reed

Monday, July 28th, 2002

Previous Updates

Introduction

It's here! That's right, after tracking down a number of small regressions, 2.16 is out of the door (for Unix users at least; Win32 users, see note below.)

We have also released 2.14.3, a tiny update for 2.14.2 for people who aren't yet ready to upgrade to 2.16, but would like column sorting in buglists to work.

Administrators' Mailing List

We've started a mailing list for people who administer Bugzillas. It'll be very low traffic - basically, release announcements and security advisories only. We advise all Bugzilla administrators to subscribe, so we can easily contact them with important news.

Localisation

Meanwhile, on the trunk, the last few pieces of infrastructure have been checked in to permit the localisation of all Bugzilla's error messages and system messages, which were previously embedded in the Perl code. The Bugzilla Team is now looking for those who wish to localise Bugzilla to contribute patches moving our (large number) of error messages out of the CGI files into the templates. This is a reasonably large but fairly simple job, and each one moved becomes localisable. If you are able to help with this, please contact Gerv.

The Win32 Situation

Unfortunately, the templatization of process_bug.cgi broke the ability for Bugzilla to send bug update notifications via email on Windows due to the way ActiveState Perl handles fork(). There is a fix for this in the works, but it involves major code changes, and we didn't want to hold up the 2.16 release for another month to give it adequate testing. The bottom line is, if you're using Win32, you do not want Bugzilla 2.16.

A 2.16.1 was considered, but given our resource considerations, the plan is to make the trunk Win32-friendly (which involves the above change and many others) and then announce that fact, so Win32 Bugzilla administrators can pull from the trunk. The Bugzilla Team continue to recommend Linux as the best platform for a Bugzilla installation :-)

For up-to-date information on this topic, see bugs 124174 and 84876.

2.16 Goals

So, how did we do?

  • HTML 4.01 Transitional compliance (complete for templatised pages)
  • Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (complete)
  • Allow users to change their own email addresses (complete)
  • Remove old attachment code in favor of the new attachment tracker system (complete)
  • Enable Perl's taint mode for all user-accessible CGI files, and taint-check anything being sent to the database (complete)

Not so badly, then :-). To give you some idea of what can be done with templates, compare this to this.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • Request tracker, for managing requests to change things about bugs. (Bug 98801) - Now being tested by the Bugzilla Team on bugzilla.mozilla.org
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you're interested, you can run the query for yourself.

The following checkins were made without reference to any specific bugs:

  • 5/9/2002 - Release Notes Updates (MattyT)
  • 5/25/2002 - Release Notes Updates (MattyT)
  • 6/03/2002 - Release Notes Updates (MattyT)
  • 6/04/2002 - Release Notes Updates (MattyT)
  • 6/07/2002 - Release Notes Updates (MattyT)
  • 7/21/2002 - Trivial template "and QA Contact" fix (Gerv)

Da big list:

  • Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
  • Bug 67950c - make quips.cgi compile without warnings, by use vars-ing $userid.
  • Bug 67950b - quick fixes.
  • Bug 67950 - Move the quip list into the database.
  • Bug 158660 - confirm_login in CGI.pl should use a template for the login dialog.
  • bug 159200 - support accesskey in search page.
  • Bug 102648 - a little more thought. We are changing Platform to Hardware (see the search page) for usability; if we do that, Product can be P and Hardware can be H.
  • Bug 102648 - Bugzilla should support accesskey.
  • bug 158498 - defparams.pl prints an error message in a check function instead of returning it.
  • Bug 96003 - buglist.cgi should not return all bugs if called without any parameters.
  • Bug 143650 - general template display system.
  • Tree bustage fix of bug 157074: a filter had the wrong name in hidden-fields template.
  • Bug 95426 - remove $onebug cruft.
  • Bug 157074 - verify-new-product doubles comment linefeeds on Win32
  • Bug 151648 - QA Contact stuff displayed even if you aren't using QA Contacts.
  • Bug 156426: Query interface had :s instead of ':s in "doesn't".
  • Bug 156680: "Undefined variable warning" in createaccount.cgi
  • Bug 156844 - 'use of uninitialized value in string eq' warning
  • Bug 117297: CC list mailing had case-sensitive dupe checking, making it possible to mail both "a@b.com" and"a@B.com".
  • Fix for bug 156559: Changes to mysqld-watcher.pl to make it kill queries quicker, kill 'em all at once, give better notifications, and not include globals.pl, which is unnecessary.
  • Fix for bug 156563: Adds URI of installation to RDF output of buglist.cgi.
  • Bug 155031 - search by votes is shown even when votes are turned off.
  • Bug 155793 - $::FORM is not tainted under perl 5.6.1
  • Fix for bug 156564: flag bug IDs as integers in the RDF output of buglist.cgi.
  • Bug 156568 - data dir is not correctly created
  • Bug 150829 - 'My Votes' link missing from footer
  • bug 155861 - showdependancygraph.cgi fails taint check with local dotinstallation
  • Bug 149246: Allow use of relative time units in query screen.
  • Fix for bug 150925: make email address changes work.
  • Recheckin fix for bug 150798 which I accidentaly broke in the fix for bug150770
  • Bug 151714 - user with no canconfirm permission should not get option tomark bugs they reported as NEW
  • Fix for bug 150804: makes "allwords" the default when searching for keywords.
  • Bug 105472 - expectbigqueries unnecessary with mysql >=3.23.
  • Fix for bug 155700: detaints bug ID in ValidateBugID so it doesn't fail taint checks.2rx=bbaetz
  • Bug 155388: <link> elements for next/prev/first/last in buglists didn't appear post-templatization.
  • Bug 155343: header template interface comment correction: extra parameter renamed to header_html.
  • Bug 145795: editcomponents had error messages referring to products where it should've been components.
  • Bug 155744: fix a used only once warning in tinderbox caused by myk's checkin of bug 99203.
  • Bug 62000: File attachments don't work on Windows. Note: only the code from the patch was checked in, thedocumentation issue was split to bug 155743.
  • Fix for bug 99203: Implements bug aliases feature.
  • Bug 151871 - rewrite quoteUrls to fix major performance problems, and afew other misc bugs too.
  • Fix for bug 122900: implements email preference for unconfirmed bugs.
  • Fix for bug 149347: Corrects interface comment to refer to "javascript" parameter instead of "jscript" parameter.
  • Bug 150770 - Lost <nobr> arround query results
  • Bug 155033 - standardizing on <a>NAME</a>: vs. <a>NAME:</a>patch by davef@tetsubo.com,
  • Bug 152693 - added "resolution" to the INTERFACE comment.
  • Bug 151281 - change duplicates.cgi to make one query instead of several thousand.
  • Bug 148488 - more HTML validation fixes
  • Bug 154036 - ccing an invalid user on a bug posts the bug anyway
  • Bug 157085 - verify-new-product doesn't set defaults
  • Bug 152632: My bugs query doesn't use the mybugstemplate parameter. Also removes the My Bugs query from the index page.
  • Bug 152772 - buglist.cgi truncates emails at 45 characters.
  • Bug 150153 - ConnectToDatabase/quietly_check_login issues pt
  • Bug 153629: Clean up the HTML in the remembered query option knob section of the query page.
  • Bug 150778: Remove an extraneous linefeed above initial bug comments (not visible in all browsers).
  • Bug 152283: Show votes by bug -list has a logged out footer.
  • Bug 151217 - buglist references the wrong priority field.
  • Bug 152541 - After deleting remembered query it is still in page footer
  • Bug 150955 - confirmation doesn't propagate when reassigning to new product/component.
  • Fix for bug 150792: Locks profiles table so adding a CC while creating a bug doesn't fail.
  • Bug 151529 - No list of votes shown if there is a + sign in the address
  • Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledearly enough
  • Bug 151369 - need to trim the entered assignee's email address
  • Bug 148712 - add component with error/invalid initial owner results indouble header outputpatch by stu@xanboo.com (Stu Tomlinson),
  • Bug 151695 - assignee/qa contact can't access secure bugs
  • Fix for bug 151658: get UI for moving bugs showing again.
  • Bug 151122 - Email prefs: Reporter / Owner messed up.
  • Bug 151327 - verify_new_product.html.tmpl prints wrong message.
  • Bug 151023 - duplicates.cgi sort by delta sorts in wrong direction.
  • Bug 150882 - SQL error when sorting by bugs.votes with explicit direction
  • Bug 150802 - default version for bug entry not read from cookies
  • Bug 150826 - missing space between list of attachments
  • Bug 150798 - Extra whitespace included in saved query links
  • Backing out change I accidentally made while checking in fix for bug 137855.
  • Fix for bug 150703: Adds format support to query.cgi.2rx=gerv
  • Bug 149845 - buglist.cgi checks for ORDER validity are wrong
  • Fix for bug 149964 - quietly_check_login() needs to be called in colchange.cgi.
  • Backing out incorrect change to background color that was accidentally checked in as part of the fix for bug 148179.
  • Bug 148919: Make entryheader a separate template. (again)
  • Fix for bug 148679: permit multiple stylesheets in the header template.
  • Fix for bug 148179: Cleans up interface to header.html.tmpl.
  • Bug #142890: Make the banner a separate template.
  • Bug 143574 - taint errors with alternate formats. Also make data/templatewritable for non webservergroup users.
  • Bug 144285 - checksetup.pl fails to set data dir (and other dir)permissions properly
  • Fix for bug 148767: Eliminates warning in rare situations.
  • Fix for bug 145030: Removes use of CGI.pm from Template Toolkit until problems with it can be investigated and resolved.
  • Bug 93167 - &GroupExists and &GroupIsActive should push and pop sql state
  • Bug 148674 Boolean Charts don't work in Netpositive because '-' is sent as '%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
  • Bug 145702 - query.cgi doesn't always ConnectToDatabase() early enough
  • Fix for bug 147476: the affect of changing your dot/webdot preferences on your web server's accessibility option (.htaccessfor Apache) is now mentioned in the parameter description.
  • Fix for bug 143108: comment change in localconfig to eliminate incorrect statement that your permissions won't get touched if$webservergroup is empty.
  • Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz); patch=preed,
  • Bug 148363 - minor html glitch on the enter_bug templatepatch by jouni@heikniemi.net (Jouni Heikniemi),
  • Fix for bug 148157 - Bad sorting in describecomponents.cgi, patch by David Lawrence <dkl@redhat.com>
  • Fix for bug 148011: Move pseudo-method definitions together.
  • Bug 147272 - no background for bugzilla pages
  • Bug 144728 - Midair collision doubles line feeds.
  • Bug 145849 - Non-maintainers with ability to bless others need "users" link in footer.
  • Bug 146091 - Sort order for votes is ascending instead of descending.
  • Bug 144768 - Selecting multiple products on query page causes script error in IE.
  • Fix for bug 146261: fixes bug preventing the sending of email to users when the status of bugs changes in some situations.
  • Bug 93667: Add comments to uncommented sections of sanitycheck.cgi
  • Bug 144565 - describecomponents.cgi shows wrong components when user hasaccess to only one productBug 145113 - describecomponents doesn't call quietly_check_login()
  • Fix for bug 47251: Make HTML output HTML 4.01 Transitional compliant.
  • Fix for bug 143743: Eliminates warning by properly initializing array reference.Fix by Myk Melez <myk@mozilla.org>.
  • Bug 143586 - required modules tests should be sorted.
  • Bug 144165 - enter_bug product selection has a footer like without a login if no usebuggroupsentry.
  • Fix for bug 144091: adding old-params.txt to .cvsignore
  • Bug 129466 - Adding a comment per a discussion w/ bbaetz on IRC about having backported this bug's patch to the 2_14_1-BRANCH, which was checked in today
  • Bug 143560 - showdependencytree.cgi eats all available memory if there's a circular dependency.
  • Bug 143486 - enter_bug.cgi: Using ?format=simple doesn't work.
  • Fix for bug 143547: Don't show bugs as grey if usebuggroups parameter is set to true.
  • Fix for bug 78701: missing . in INVALID description in queryhelp.cgi
  • Bug 143231 - Changing a bug with an empty buglist gives a warning.
  • Fix for bug 135449: allows named queries to override the last sort order.
  • Bug 143251 - RFE: checksetup.pl should report module version in error message.

2.16 Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_16-BRANCH from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you're interested, you can run run the query for yourself.

The following checkins were made without reference to any specific bugs:

  • 05/09/2002 - Release Notes Updates (MattyT)
  • 05/12/2002 - Various documentation updates (Gerv)
  • 05/23/2002 - Release Notes Updates (MattyT)
  • 05/25/2002 - Various documentation updates (Gerv)
  • 05/25/2002 - Release Notes Updates (MattyT)
  • 06/03-07/2002 - Release Notes Updates (MattyT)
  • 07/13/2002 - Various documentation Updates (Gerv)
  • 07/25/2002 - Removed various old documentation files and varioius updates (Gerv)

Da big list:

  • Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
  • Tree bustage fix of bug 157074: a filter had the wrong name in hidden-fields template.
  • Bug 157074 - verify-new-product doubles comment linefeeds on Win32
  • Bug 151648 - QA Contact stuff displayed even if you aren't using QA Contacts.
  • Bug 156426: Query interface had :s instead of ':s in "doesn't".
  • Bug 156680: "Undefined variable warning" in createaccount.cgi
  • Bug 155031 - search by votes is shown even when votes are turned off.
  • Bug 155793 - $::FORM is not tainted under perl 5.6.1
  • Bug 156568 - data dir is not correctly created
  • Bug 150829 - 'My Votes' link missing from footer
  • bug 155861 - showdependancygraph.cgi fails taint check with local dotinstallation
  • Fix for bug 150925: Make email changes work.
  • Recheckin fix for bug 150798 which I accidentaly broke in the fix for bug150770
  • Bug 151714 - user with no canconfirm permission should not get option tomark bugs they reported as NEW
  • Fix for bug 150804: Makes "allwords" the default when searching by keyword.
  • Bug 155388: next/prev/first/last <link> (Mozilla's Site navigation bar) didn't work after 2.16 templatization.
  • Bug 155343: header template interface comment correction: extra parameter renamed to header_html.Note: the patch on the bug didn't apply cleanly to branch anymore; fixed manually.
  • Fix for bug 149347: Corrects interface comment to refer to "javascript" parameter instead of "jscript".
  • Bug 150770 - Lost <nobr> arround query results
  • Bug 155033 - standardizing on <a>NAME</a>: vs. <a>NAME:</a>patch by davef@tetsubo.com,
  • Bug 154036 - ccing an invalid user on a bug posts the bug anyway
  • Bug 157085 - verify-new-product doesn't set defaults
  • Bug 152632: My bugs query in the footer doesn't use the mybugstemplate parameter. Also removes the My Bugs link from the index page.
  • Bug 152772 - buglist.cgi truncates emails at 45 characters.
  • Bug 153629: Clean up the HTML in the remembered query option knob section of the query page.
  • Bug 150778: Remove an extraneous linefeed above initial bug comments (not visible in all browsers).
  • Bug 152283: Show votes by bug -list has a logged out footer.
  • Bug 151217 - buglist references the wrong priority field.
  • Bug 152541 - After deleting remembered query it is still in page footer
  • Bug 150955 - confirmation doesn't propagate when reassigning to new product/component.
  • Fix for bug 150792: Locks profiles table so adding a CC while creating a bug doesn't fail.
  • Bug 151529 - No list of votes shown if there is a + sign in the address
  • Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledearly enough
  • Bug 151369 - need to trim the entered assignee's email address
  • Bug 148712 - add component with error/invalid initial owner results indouble header outputpatch by stu@xanboo.com (Stu Tomlinson),
  • Bug 151695 - assignee/qa contact can't access secure bugs
  • Bug 151122 - Email prefs: Reporter / Owner messed up.
  • Bug 151327 - verify_new_product.html.tmpl prints wrong message.
  • Bug 151023 - duplicates.cgi sort by delta sorts in wrong direction.
  • Bug 150882 - SQL error when sorting by bugs.votes with explicit direction
  • Bug 150802 - default version for bug entry not read from cookies
  • Bug 150826 - missing space between list of attachments
  • Bug 150798 - Extra whitespace included in saved query links
  • Bug 149845 - buglist.cgi checks for ORDER validity are wrong
  • Fix for bug 148993: Makes debug work in the query part of buglist.cgi.
  • Fix for bug 149964 - quietly_check_login() needs to be called in colchange.cgi.
  • Bug 148919: Make entryheader a separate template (again).
  • Fix for bug 148679: permit multiple stylesheets in the header template.
  • Fix for bug 148179: Cleans up interface to header.html.tmpl.
  • Bug #142890: Make the banner a separate template.
  • Bug 143574 - taint errors with alternate formats. Also make data/templatewritable for non webservergroup users.
  • Bug 144285 - checksetup.pl fails to set data dir (and other dir)permissions properly
  • Fix for bug 148767: Eliminates warning in rare situations.
  • Fix for bug 145030: Removes use of CGI.pm from Template Toolkit until problems with it can be resolved.
  • Bug 93167 - &GroupExists and &GroupIsActive should push and pop sql state
  • Bug 148674 Boolean Charts don't work in Netpositive because '-' is sent as '%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
  • Bug 145702 - query.cgi doesn't always ConnectToDatabase() early enough
  • Fix for bug 147476: the affect of changing your dot/webdot preferences on your web server's accessibility option (.htaccessfor Apache) is now mentioned in the parameter description.
  • Fix for bug 143108: comment change in localconfig to eliminate incorrect statement that your permissions won't get touched if$webservergroup is empty.
  • Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz)
  • Bug 148363 - minor html glitch on the enter_bug templatepatch by jouni@heikniemi.net (Jouni Heikniemi),
  • Fix for bug 148157 - Bad sorting in describecomponents.cgi, patch by David Lawrence <dkl@redhat.com>
  • Fix for bug 148011: move TT pseudo-method declarations together.
  • Bug 147272 - no background for bugzilla pages
  • Bug 144728 - Midair collision doubles line feeds.
  • Bug 145849 - Non-maintainers with ability to bless others need "users" link in footer.
  • Bug 146091 - Sort order for votes is ascending instead of descending.
  • Bug 144768 - Selecting multiple products on query page causes script error in IE.
  • Fix for bug 47251: Make Bugzilla HTML 4.01 Transitional compliant.
  • Bug 144565 - describecomponents.cgi shows wrong components when user hasaccess to only one product
  • Bug 145113 - describecomponents doesn't call quietly_check_login()
  • Fix for bug 143743: Eliminates warning by properly initializing array reference.Fix by Myk Melez <myk@mozilla.org>.
  • Bug 143586 - required modules tests should be sorted.
  • Fix for bug 144091: adding old-params.txt to .cvsignore
  • Bug 144165 - enter_bug product selection has a footer like without a login if no usebuggroupsentry.
  • Bug 129466 - Adding a comment per a discussion w/ bbaetz on IRC about having backported this bug's patch to the 2_14_1-BRANCH, which was checked in today
  • Bug 143560 - showdependencytree.cgi eats all available memory if there's a circular dependency.
  • Bug 143486 - enter_bug.cgi: Using ?format=simple doesn't work.
  • Fix for bug 143547: Don't show bugs as grey if usebuggroups parameter is set to true.
  • Fix for bug 78701: missing . in INVALID description in queryhelp.cgi
  • Bug 143231 - Changing a bug with an empty buglist gives a warning.
  • Fix for bug 135449: allows named queries to override the last sort order.
  • Bug 143251 - RFE: checksetup.pl should report module version in error message.

2.14 Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_14_1-BRANCH from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you're interested, you can run run the query for yourself.

The following checkins were made without reference to any specific bugs:

  • 05/25/2002 - HTML Quote reporter's name (Gerv)
  • 05/25/2002 - Release Notes Updates (MattyT)
  • 06/03/2002 - Release Notes Updates (MattyT)

Da big list:

  • Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
  • Bug 152138 - 2.14.2 breaks sorting on more than one field
  • Bug 130821: Backported patch to further validate the order sql parameter.
  • Bug 148674 Boolean Charts don't work in Netpositive because '-' is sent as '%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
  • Bug 93167 - &GroupExists and &GroupIsActive and &UserInGroup need to pushand pop sql state
  • Bug 147486 - First (of many?) fixes of cross site scripting issues; checked in on the 2.14.1 branch; this patch is slightly different (semantically) from the one in 147486; it moves the ) placement, per myk's suggestion in the bug.
  • Bug 107718: backported patch for 2_14_1-BRANCH
  • Fix bug 146447, part
  • Backported patch for bug 92263; patch applies cleanly to the 2_14_1-BRANCH
  • Bug 134575: Backported patch for the 2_14_1 BRANCH
  • Bugs 126801, 141557: backported security patches for the 2.14.1

Previous Updates