Blog

Want to always keep up-to-date with Bugzilla news? Subscribe to announce@bugzilla.org, a read-only mailing list where we'll post announcements about new versions of Bugzilla and security advisories.

Browse Archives »

You can also see what's going on in the project by looking at the notes of, or watching the video of, our monthly developer meetings.

Loading the upcoming event

01. October 2002

Bugzilla Status Update

by J. Paul Reed (preed)

Introduction

The Bugzilla Team is pleased to announce both the 2.16.1 and 2.14.4 releases.

Both releases provide enhanced security and fix critical bugs on their respective branches, so both are recommended upgrades for 2.14.x and 2.16 users.

Administrators’ Mailing List Reminder

We’d like to remind all Bugzilla administrators that to assist them in keeping up-to-date with release announcements and security advisories, we’ve started a mailing list for people who administer Bugzillas. It is very low traffic - release announcements and security advisories only. We advise all Bugzilla administrators to subscribe, so they can keep up with important Bugzilla news.

The Win32 Situation

Bugzilla on Win32 is still unchanged: administrators using Win32 as their platform for Bugzilla do not want the 2.16 branch, including 2.16.1. The plan is to make the trunk Win32-friendly (which involves a number of quite large changes) and then announce that fact, allowing Win32 Bugzilla administrators to pull from the trunk. Interested admins can search bugzilla on the [needed for Win32bz] status whiteboard entry to track bugs that are part of this process.

Having said that, the Bugzilla Team continues to recommend Unix-based operating systems, including Linux, as the best platform for a Bugzilla installation; please consider it if you are starting a new Bugzilla installation and have some say in the platform decision.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these features, you can get that information from the bug requesting its implementation. These include:

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)
  • Generic Reporting, allowing users to generate arbitrary tabular reports of Bugzilla data. (Bug 12282)

Enterprise Group support

Commercial software developments using Bugzilla for support of multiple customers in confidential reliationships require additional features to prevent accidental cross-contamination of confidential information between customers. A series of Bugzilla features making such strict controls available is being worked on, spearheaded by Joel Peshkin.

  • Ability to mark individual comments and attachments as confidential to a specific group, typically the internal development team, even if the bug to which they are attached is more public. ([bug 143826](https://bugzilla.mozilla.org/show_bug.cgi?id=143826))
  • Ability to have an arbitrarily large number of groups defined, to define groups in terms of other groups, and to make changes to user regular expressions immediately effect all users instead of only future new users. ([bug 157756](https://bugzilla.mozilla.org/show_bug.cgi?id=157756))
  • A more flexible set of controls on the relationships of products and bugs to groups replacing the usebuggroupsentry and usebuggroups features (bug 147275)

Taken together, these changes enable sites to manage large lists of users in a large number of groups and to define appropriate default group restrictions and enforce group access policies on products, thus providing a solid foundation for enterprise group support in Bugzilla.

The largest of these changes (bug 157756) landed last weekend; any new bugs or regressions should be filed as new bugs.

Request Tracker

Request tracker is a series of enhancements to make attachment statuses more powerful and easier to administer. It includes the following changes and additions:

  • Two additional states for attachment statuses: Currently statuses can be in one of two states: off or on. RT adds two more states for a total of four: off, granted, denied, and requested, where “granted” is equivalent to “on” and “denied” and “requested” are new. These additions mean it is no longer necessary to define a second status to negate a previous one (f.e. “needs-work” to negate “has-review”): negation is built into each status.
  • Bug statuses: Currently only attachments have these kinds of statuses. RT allows them to be defined for bugs as well. Since “status” already has a meaning for bugs, attachment statuses have been renamed “status flags” (or “flags” for short) to avoid confusion.
  • Requests: Flags can be requested by setting the flag to the “requested” state and entering the name of the user you want to fulfill the request. Bugzilla emails the requestee about the request and adds the request to a queue that users can browse to keep track of their pending requests.

    When the requestee fulfills the request by setting the flag to a different state, Bugzilla emails the requester and removes the request from the queue. This feature supports development and management processes where some users have to ask others to grant or deny review to a patch, approve a patch for check-in to a restricted branch, etc.

  • Flag types are no longer product-specific. They can be enabled and disabled for any number of product/component combinations via inclusions and exclusions lists. This feature makes it much easier to administer flag types.

    As before, you can search for bugs using flag criteria via the boolean chart on the search form, and flag changes are recorded in the bugs activity table.

An older version of RT is currently being tested by the Bugzilla team on bugzilla.mozilla.org, so if you find a bug or have an enhancement, please check with #mozwebtools before filing new bugs. The status of RT can be monitored in bug 98801.

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 07/29/2002 to 09/22/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs:

  • (9/5/2002) Inline doc (POD) spelling fixes (MattyT)
  • (9/5/2002) Add Mac OS X 10.x to the OS lists (justdave)
  • (8/26/2002) Updated maintainer email address throughout the tree (Jake)

Checkin manifest:

  • Bug 157756 - >55 groups now supported
  • Bug 63601: Recommend filename when downloading attachments (except in IE4, which chokes on the Content-Disposition header)
  • Bug 108987 - Linkify script to use quoteUrls on texts provided by user.
  • Bug 163114 - Templatise all calls to DisplayError.
  • Bug 167476 - unix_timestamp conversion error using MySQL.
  • Bug 152935 - Pref for no notification on Target Milestone change not respected.
  • Bug 160476 - boolean chart addition doesn’t keep query template format.
  • Bug 146945: Hack to support format=rdf for legacy applications that don’t know to do ctype=rdf instead.
  • Bug 169561 - Speed up UserInGroup by using cached information.
  • Bug 168804 - Document CheckCanChangeField so sites can modify it for local needs.
  • Bug 163790 - colchange.cgi is not localisable.
  • Bug 162151 - Fix page.cgi’s method of finding templates. It now looks in a “pages” subdirectory of the template directory.
  • Bug 25521 - Keyword field in new bug entry.
  • Bug 168075 - Undefined subroutine &main::Error called at /opt/webtools/bugzilla/buglist.cgi line 1005.
  • Bug 167978 - Fix Throw*Error l10n regressions and add a test to catch more.
  • Bug 166698 - The error system’s in a bit of a mess. This file was missed on the original checkin.
  • Bug 166821 - reports.cgi broken by recent schema changes.
  • Bug 167595 - Query - multiple-select product (and probably component) broken
  • Bug 167643 - Schema Changes from bug 143826 are out of order
  • Bug 166023 - On failure in template->new, a template is used to display error
  • Bug 166698 - clean up the error system, which was confused and broken.
  • Bug 146134 - checksetup.pl gives weird error message
  • Bug 123957 run checksetup.pl non-interactively (for use with cron jobs on test installs)
  • Bug 165756 - Running tests without checksetup causes failure
  • Bug 166318 - Bugzilla::Config should check for defparams.pl failure
  • bug 163024 - bugzilla_email_append calls processmail incorrectly
  • Bug 166016 checksetup gives torrent of cryptic errors if my_webservergroup is not found
  • Recheckin due to misapplied patch for bug 123957
  • Bug 123957 run checksetup.pl non-interactively (for use with cron jobs on test installs)
  • Bug 121419 - If multiple cookies exist, the least significant is assigned. Also fixes Duplicate Bug 165685 When switching from no cookiepath to using cookiepath, old cookie gets in the way
  • Bug 165221: Apostrophes not properly handled during account creation.
  • Bug 163829 - move pref code into a separate package
  • Correct checkin date for bug 153578 schema modification
  • Bug 165080 - Delete product fails with missing column error
  • Bug 161203 - Bug changes with intermediate pages munges fields withmultiple values (e.g., CC)patch by “Randall M! Gee”,
  • Bug 86651 - cvs-update was setting sticky dates which made committing changes and getting updates more difficult
  • Bug 164623 - xml.cgi - attachments is broken and insiders not enforced
  • Bug 164623 - add .htaccess to .cvsignore
  • Bug 76923 - Don’t |use diagnostics| (its really expensive at startup time)
  • Bug 164470 - mass reassign changes UNCONFIRMED->NEW
  • Bug 164566 - Param and UserInGroup are not defined in Bugzilla::Search
  • Bug 163494 - runtests.sh needs a switch to include optional modulesTests now detect optional modules and only exclude optional filesif optional module dependencies are not met.Also major indent cleanup
  • Bug 164464 - Importxml will fail if versioncache needs update
  • Bug 164465 - importxml.pl fails
  • Fixed merge problem from checkin of 143826 - No bug
  • Bug 143826 - Adding 2 new files missing from repository
  • Bug 163570 - Bugzilla::Search missing Date::Format includepatch by [email protected] (Jussi Sirpoma),
  • Fix for bug 163541: Corrects problem with previous patch that causes primary headers not to appear on some installations.
  • Fix for bug 163541: let there be a page title but no primary page header.
  • Bug 163457 - bugs not registered as “new”.
  • Bug 163331 - shutdownhtml is broken.
  • Bug 163299 - Can’t change cc accessible checkbo
  • Bug 143286 - Add support for Insiders, Private comments, Private Attachments.
  • Big 163291 - Move utility funcs into a module
  • Fix typo from 43600
  • Bug 162854 - buglist.cgi reporter is actually owner
  • bug 160631 - bug_email.pl is broken
  • Bug 160112 - clean up quip table conversion code
  • Bug 10037 - param to disable adding new quips
  • Bug 162066 - Fix callers of ThrowCodeError to use messages in code-error.html.tmpl.
  • Bug 162068 - Fix callers of ThrowUserError to use messages.html.tmpl.
  • Bug 162216 - colchange.cgi, buglist.cgi and page.cgi messages should be l10nable.
  • Bug 162066 - Fix callers of ThrowCodeError to use messages in code-error.html.tmpl.
  • Bug 151619 - Problem with the regex in checksetup.pl to find duplicates
  • Bug 153578 - Attachment modified date is meant to be attachment creationdate
  • Bug 162642 - Cannot accept bugs if requiremilestone is on; regression frombug 43600
  • Bug 162438 - fix permissions/tests for Bugzilla/ directory
  • Bug 24823 - show the last modified date at the top of show_bug
  • Bug 160710 - Taint checking causes problem with rename function
  • Fixing up the changedate from my bug 43600 patch. Knew I must haveforgotten something….
  • Bug 43600 - Convert products/components to use ids instead of names.Initial attempt by [email protected], updated by me
  • Bug 162217: fixed bustage introduced in bug 160410
  • Bug 160410: defparams.pl support for single/multi pulldown menus; p=preed,
  • Bug 160557 - products that start with _ do not show up properly in query.cgi.
  • Bug 155584 - Opening duplicates.cgi with no frequent bugs causes SQL syntax error.
  • Bug 109008 - Footer on create attachment page looks wrong.
  • Bug 159901 - token.cgi: localize strings send to message.html.tmpl.
  • Miseed &:: for call to SqlQuote, no bug # (cleanup from bug 158474)
  • Bug 161402 - Disable DBI taint mode in processmail
  • Bug 158474 - Abstract out GenerateSQL into perl module.
  • Add a test to check for speling errors. It only currently checks for two simple errors that used to be in checksetup.pl, more errors can and will be added in the future.Bug 147151, no review needed for tests
  • Bug 161450 - New search knob causes warnings.
  • Bug 160224 - remember query radio buttons don’t have default
  • Bug 55753 - if order is the first param to buglist.cgi, can’t resort.
  • Bug 118442 - Bugzilla fails to notice if nothing has changed when editingmultiple bugs if no keywords have been definedpatch by [email protected],
  • Bug 160227 - VERSION cookie not set correctly
  • Bug 113459 Bad regexp in emailregexp causes system lockout
  • Bug 160204 - search/knob.html.tmpl: script type missing, space missing
  • Bug 158236 - Remove ‘watchfordiffs’ column from namedqueries table

2.16-Branch Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_16-BRANCH from 07/29/2002 to 09/28/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs: None.

  • Bug 166023 - On failure in template->new, a template is used to display error
  • Bug 167485; group_id is wrong when usebuggroups is on
  • Bug 161203 - Bug changes with intermediate pages munges fields withmultiple values (e.g., CC)
  • bug 163024 - bugzilla_email_append calls processmail incorrectly
  • Bug 165221: Apostrophes not properly handled during account creation.
  • Bug 164464 - Importxml will fail if versioncache needs update
  • bug 160631 - bug_email.pl is broken
  • Bug 151619 - Problem with the regex in checksetup.pl to find duplicates
  • Bug 160710 - Taint checking causes problem with rename function
  • Bug 161305 - SQL error with allowemailchange with mysql 3.22
  • Bug 160227 - VERSION cookie not set correctly

2.14-Branch Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_14_1-BRANCH from 07/29/2002 to 09/22/2002. This list was generated by filtering Bonsai’s output on that query.

Bold italic bugs are security-sensitive bugs.

Checkins made without reference to any specific bugs: None.

  • Bug 167485; group_id is wrong when usebuggroups is on
  • Bug 163024 - bugzilla_email_append calls processmail incorrectly
  • Bug 160631 - bug_email.pl is broken
01. October 2002

Bugzilla 2.16.1 Released

by Bugzilla Team

The Bugzilla Team is pleased to announce the release of Bugzilla 2.16.1. 2.16.1 is the latest stable Bugzilla release, and fixes a number of security bugs and other defects in Bugzilla 2.16, originally released on July 28th.

There is also a new status update available.

01. October 2002

Bugzilla 2.14.4 Released

by Bugzilla Team

The Bugzilla Team announces the release of Bugzilla 2.14.4. 2.14.4 is the latest release on the 2.14 branch and fixes two security bugs involving groups and email and a bug involving the bug_email.pl script.

28. July 2002

Bugzilla Status Update

by Gervase Markham (gerv) and J. Paul Reed (preed)

Introduction

It’s here! That’s right, after tracking down a number of small regressions, 2.16 is out of the door (for Unix users at least; Win32 users, see note below.)

We have also released 2.14.3, a tiny update for 2.14.2 for people who aren’t yet ready to upgrade to 2.16, but would like column sorting in buglists to work.

Administrators’ Mailing List

We’ve started a mailing list for people who administer Bugzillas. It’ll be very low traffic - basically, release announcements and security advisories only. We advise all Bugzilla administrators to subscribe, so we can easily contact them with important news.

Localisation

Meanwhile, on the trunk, the last few pieces of infrastructure have been checked in to permit the localisation of all Bugzilla’s error messages and system messages, which were previously embedded in the Perl code. The Bugzilla Team is now looking for those who wish to localise Bugzilla to contribute patches moving our (large number) of error messages out of the CGI files into the templates. This is a reasonably large but fairly simple job, and each one moved becomes localisable. If you are able to help with this, please contact Gerv.

The Win32 Situation

Unfortunately, the templatization of process_bug.cgi broke the ability for Bugzilla to send bug update notifications via email on Windows due to the way ActiveState Perl handles fork(). There is a fix for this in the works, but it involves major code changes, and we didn’t want to hold up the 2.16 release for another month to give it adequate testing. The bottom line is, if you’re using Win32, you do not want Bugzilla 2.16.

A 2.16.1 was considered, but given our resource considerations, the plan is to make the trunk Win32-friendly (which involves the above change and many others) and then announce that fact, so Win32 Bugzilla administrators can pull from the trunk. The Bugzilla Team continue to recommend Linux as the best platform for a Bugzilla installation :-)

For up-to-date information on this topic, see bugs 124174 and 84876.

2.16 Goals

So, how did we do?

  • HTML 4.01 Transitional compliance (complete for templatised pages)
  • Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (complete)
  • Allow users to change their own email addresses (complete)
  • Remove old attachment code in favor of the new attachment tracker system (complete)
  • Enable Perl’s taint mode for all user-accessible CGI files, and taint-check anything being sent to the database (complete)

Not so badly, then :-). To give you some idea of what can be done with templates, compare this to this.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • Request tracker, for managing requests to change things about bugs. (Bug 98801) - Now being tested by the Bugzilla Team on bugzilla.mozilla.org
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Trunk Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the trunk from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run the query for yourself.

The following checkins were made without reference to any specific bugs:

  • 5/9/2002 - Release Notes Updates (MattyT)
  • 5/25/2002 - Release Notes Updates (MattyT)
  • 6/03/2002 - Release Notes Updates (MattyT)
  • 6/04/2002 - Release Notes Updates (MattyT)
  • 6/07/2002 - Release Notes Updates (MattyT)
  • 7/21/2002 - Trivial template “and QA Contact” fix (Gerv)

Da big list:

  • Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
  • Bug 67950c - make quips.cgi compile without warnings, by use vars-ing $userid.
  • Bug 67950b - quick fixes.
  • Bug 67950 - Move the quip list into the database.
  • Bug 158660 - confirm_login in CGI.pl should use a template for the login dialog.
  • bug 159200 - support accesskey in search page.
  • Bug 102648 - a little more thought. We are changing Platform to Hardware (see the search page) for usability; if we do that, Product can be P and Hardware can be H.
  • Bug 102648 - Bugzilla should support accesskey.
  • bug 158498 - defparams.pl prints an error message in a check function instead of returning it.
  • Bug 96003 - buglist.cgi should not return all bugs if called without any parameters.
  • Bug 143650 - general template display system.
  • Tree bustage fix of bug 157074: a filter had the wrong name in hidden-fields template.
  • Bug 95426 - remove $onebug cruft.
  • Bug 157074 - verify-new-product doubles comment linefeeds on Win32
  • Bug 151648 - QA Contact stuff displayed even if you aren’t using QA Contacts.
  • Bug 156426: Query interface had ´:s instead of ‘:s in “doesn’t”.
  • Bug 156680: “Undefined variable warning” in createaccount.cgi
  • Bug 156844 - ‘use of uninitialized value in string eq’ warning
  • Bug 117297: CC list mailing had case-sensitive dupe checking, making it possible to mail both “[email protected]” and”[email protected]”.
  • Fix for bug 156559: Changes to mysqld-watcher.pl to make it kill queries quicker, kill ‘em all at once, give better notifications, and not include globals.pl, which is unnecessary.
  • Fix for bug 156563: Adds URI of installation to RDF output of buglist.cgi.
  • Bug 155031 - search by votes is shown even when votes are turned off.
  • Bug 155793 - $::FORM is not tainted under perl 5.6.1
  • Fix for bug 156564: flag bug IDs as integers in the RDF output of buglist.cgi.
  • Bug 156568 - data dir is not correctly created
  • Bug 150829 - ‘My Votes’ link missing from footer
  • bug 155861 - showdependencygraph.cgi fails taint check with local dotinstallation
  • Bug 149246: Allow use of relative time units in query screen.
  • Fix for bug 150925: make email address changes work.
  • Recheckin fix for bug 150798 which I accidentally broke in the fix for bug150770
  • Bug 151714 - user with no canconfirm permission should not get option tomark bugs they reported as NEW
  • Fix for bug 150804: makes “allwords” the default when searching for keywords.
  • Bug 105472 - expectbigqueries unnecessary with mysql >=3.23.
  • Fix for bug 155700: detaints bug ID in ValidateBugID so it doesn’t fail taint checks.2rx=bbaetz
  • Bug 155388: elements for next/prev/first/last in buglists didn’t appear post-templatization.
  • Bug 155343: header template interface comment correction: extra parameter renamed to header_html.
  • Bug 145795: editcomponents had error messages referring to products where it should’ve been components.
  • Bug 155744: fix a used only once warning in tinderbox caused by myk’s checkin of bug 99203.
  • Bug 62000: File attachments don’t work on Windows. Note: only the code from the patch was checked in, thedocumentation issue was split to bug 155743.
  • Fix for bug 99203: Implements bug aliases feature.
  • Bug 151871 - rewrite quoteUrls to fix major performance problems, and a few other misc bugs too.
  • Fix for bug 122900: implements email preference for unconfirmed bugs.
  • Fix for bug 149347: Corrects interface comment to refer to “javascript” parameter instead of “jscript” parameter.
  • Bug 150770 - Lost arround query results
  • Bug 155033 - standardizing on NAME: vs. NAME:patch by [email protected],
  • Bug 152693 - added “resolution” to the INTERFACE comment.
  • Bug 151281 - change duplicates.cgi to make one query instead of several thousand.
  • Bug 148488 - more HTML validation fixes
  • Bug 154036 - ccing an invalid user on a bug posts the bug anyway
  • Bug 157085 - verify-new-product doesn’t set defaults
  • Bug 152632: My bugs query doesn’t use the mybugstemplate parameter. Also removes the My Bugs query from the index page.
  • Bug 152772 - buglist.cgi truncates emails at 45 characters.
  • Bug 150153 - ConnectToDatabase/quietly_check_login issues pt
  • Bug 153629: Clean up the HTML in the remembered query option knob section of the query page.
  • Bug 150778: Remove an extraneous linefeed above initial bug comments (not visible in all browsers).
  • Bug 152283: Show votes by bug -list has a logged out footer.
  • Bug 151217 - buglist references the wrong priority field.
  • Bug 152541 - After deleting remembered query it is still in page footer
  • Bug 150955 - confirmation doesn’t propagate when reassigning to new product/component.
  • Fix for bug 150792: Locks profiles table so adding a CC while creating a bug doesn’t fail.
  • Bug 151529 - No list of votes shown if there is a + sign in the address
  • Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledearly enough
  • Bug 151369 - need to trim the entered assignee’s email address
  • Bug 148712 - add component with error/invalid initial owner results indouble header outputpatch by [email protected] (Stu Tomlinson),
  • Bug 151695 - assignee/qa contact can’t access secure bugs
  • Fix for bug 151658: get UI for moving bugs showing again.
  • Bug 151122 - Email prefs: Reporter / Owner messed up.
  • Bug 151327 - verify_new_product.html.tmpl prints wrong message.
  • Bug 151023 - duplicates.cgi sort by delta sorts in wrong direction.
  • Bug 150882 - SQL error when sorting by bugs.votes with explicit direction
  • Bug 150802 - default version for bug entry not read from cookies
  • Bug 150826 - missing space between list of attachments
  • Bug 150798 - Extra whitespace included in saved query links
  • Backing out change I accidentally made while checking in fix for bug 137855.
  • Fix for bug 150703: Adds format support to query.cgi.2rx=gerv
  • Bug 149845 - buglist.cgi checks for ORDER validity are wrong
  • Fix for bug 149964 - quietly_check_login() needs to be called in colchange.cgi.
  • Backing out incorrect change to background color that was accidentally checked in as part of the fix for bug 148179.
  • Bug 148919: Make entryheader a separate template. (again)
  • Fix for bug 148679: permit multiple stylesheets in the header template.
  • Fix for bug 148179: Cleans up interface to header.html.tmpl.
  • Bug #142890: Make the banner a separate template.
  • Bug 143574 - taint errors with alternate formats. Also make data/templatewritable for non webservergroup users.
  • Bug 144285 - checksetup.pl fails to set data dir (and other dir)permissions properly
  • Fix for bug 148767: Eliminates warning in rare situations.
  • Fix for bug 145030: Removes use of CGI.pm from Template Toolkit until problems with it can be investigated and resolved.
  • Bug 93167 - &GroupExists and &GroupIsActive should push and pop sql state
  • Bug 148674 Boolean Charts don’t work in Netpositive because ‘-‘ is sent as ‘%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
  • Bug 145702 - query.cgi doesn’t always ConnectToDatabase() early enough
  • Fix for bug 147476: the affect of changing your dot/webdot preferences on your web server’s accessibility option (.htaccessfor Apache) is now mentioned in the parameter description.
  • Fix for bug 143108: comment change in localconfig to eliminate incorrect statement that your permissions won’t get touched if$webservergroup is empty.
  • Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz); patch=preed,
  • Bug 148363 - minor html glitch on the enter_bug templatepatch by [email protected] (Jouni Heikniemi),
  • Fix for bug 148157 - Bad sorting in describecomponents.cgi, patch by David Lawrence [email protected]
  • Fix for bug 148011: Move pseudo-method definitions together.
  • Bug 147272 - no background for bugzilla pages
  • Bug 144728 - Midair collision doubles line feeds.
  • Bug 145849 - Non-maintainers with ability to bless others need “users” link in footer.
  • Bug 146091 - Sort order for votes is ascending instead of descending.
  • Bug 144768 - Selecting multiple products on query page causes script error in IE.
  • Fix for bug 146261: fixes bug preventing the sending of email to users when the status of bugs changes in some situations.
  • Bug 93667: Add comments to uncommented sections of sanitycheck.cgi
  • Bug 144565 - describecomponents.cgi shows wrong components when user hasaccess to only one productBug 145113 - describecomponents doesn’t call quietly_check_login()
  • Fix for bug 47251: Make HTML output HTML 4.01 Transitional compliant.
  • Fix for bug 143743: Eliminates warning by properly initializing array reference.Fix by Myk Melez [email protected].
  • Bug 143586 - required modules tests should be sorted.
  • Bug 144165 - enter_bug product selection has a footer like without a login if no usebuggroupsentry.
  • Fix for bug 144091: adding old-params.txt to .cvsignore
  • Bug 129466 - Adding a comment per a discussion w/ bbaetz on IRC about having backported this bug’s patch to the 2_14_1-BRANCH, which was checked in today
  • Bug 143560 - showdependencytree.cgi eats all available memory if there’s a circular dependency.
  • Bug 143486 - enter_bug.cgi: Using ?format=simple doesn’t work.
  • Fix for bug 143547: Don’t show bugs as grey if usebuggroups parameter is set to true.
  • Fix for bug 78701: missing . in INVALID description in queryhelp.cgi
  • Bug 143231 - Changing a bug with an empty buglist gives a warning.
  • Fix for bug 135449: allows named queries to override the last sort order.
  • Bug 143251 - RFE: checksetup.pl should report module version in error message.

2.16 Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_16-BRANCH from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run run the query for yourself.

The following checkins were made without reference to any specific bugs:

  • 05/09/2002 - Release Notes Updates (MattyT)
  • 05/12/2002 - Various documentation updates (Gerv)
  • 05/23/2002 - Release Notes Updates (MattyT)
  • 05/25/2002 - Various documentation updates (Gerv)
  • 05/25/2002 - Release Notes Updates (MattyT)
  • 06/03-07/2002 - Release Notes Updates (MattyT)
  • 07/13/2002 - Various documentation Updates (Gerv)
  • 07/25/2002 - Removed various old documentation files and varioius updates (Gerv)

Da big list:

  • Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
  • Tree bustage fix of bug 157074: a filter had the wrong name in hidden-fields template.
  • Bug 157074 - verify-new-product doubles comment linefeeds on Win32
  • Bug 151648 - QA Contact stuff displayed even if you aren’t using QA Contacts.
  • Bug 156426: Query interface had �:s instead of ‘:s in “doesn’t”.
  • Bug 156680: “Undefined variable warning” in createaccount.cgi
  • Bug 155031 - search by votes is shown even when votes are turned off.
  • Bug 155793 - $::FORM is not tainted under perl 5.6.1
  • Bug 156568 - data dir is not correctly created
  • Bug 150829 - ‘My Votes’ link missing from footer
  • bug 155861 - showdependencygraph.cgi fails taint check with local dotinstallation
  • Fix for bug 150925: Make email changes work.
  • Recheckin fix for bug 150798 which I accidentally broke in the fix for bug150770
  • Bug 151714 - user with no canconfirm permission should not get option tomark bugs they reported as NEW
  • Fix for bug 150804: Makes “allwords” the default when searching by keyword.
  • Bug 155388: next/prev/first/last (Mozilla’s Site navigation bar) didn’t work after 2.16 templatization.
  • Bug 155343: header template interface comment correction: extra parameter renamed to header_html.Note: the patch on the bug didn’t apply cleanly to branch anymore; fixed manually.
  • Fix for bug 149347: Corrects interface comment to refer to “javascript” parameter instead of “jscript”.
  • Bug 150770 - Lost arround query results
  • Bug 155033 - standardizing on NAME: vs. NAME:patch by [email protected],
  • Bug 154036 - ccing an invalid user on a bug posts the bug anyway
  • Bug 157085 - verify-new-product doesn’t set defaults
  • Bug 152632: My bugs query in the footer doesn’t use the mybugstemplate parameter. Also removes the My Bugs link from the index page.
  • Bug 152772 - buglist.cgi truncates emails at 45 characters.
  • Bug 153629: Clean up the HTML in the remembered query option knob section of the query page.
  • Bug 150778: Remove an extraneous linefeed above initial bug comments (not visible in all browsers).
  • Bug 152283: Show votes by bug -list has a logged out footer.
  • Bug 151217 - buglist references the wrong priority field.
  • Bug 152541 - After deleting remembered query it is still in page footer
  • Bug 150955 - confirmation doesn’t propagate when reassigning to new product/component.
  • Fix for bug 150792: Locks profiles table so adding a CC while creating a bug doesn’t fail.
  • Bug 151529 - No list of votes shown if there is a + sign in the address
  • Bug 151053, ConnectToDatabase/quietly_check_login sometimes not calledearly enough
  • Bug 151369 - need to trim the entered assignee’s email address
  • Bug 148712 - add component with error/invalid initial owner results indouble header outputpatch by [email protected] (Stu Tomlinson),
  • Bug 151695 - assignee/qa contact can’t access secure bugs
  • Bug 151122 - Email prefs: Reporter / Owner messed up.
  • Bug 151327 - verify_new_product.html.tmpl prints wrong message.
  • Bug 151023 - duplicates.cgi sort by delta sorts in wrong direction.
  • Bug 150882 - SQL error when sorting by bugs.votes with explicit direction
  • Bug 150802 - default version for bug entry not read from cookies
  • Bug 150826 - missing space between list of attachments
  • Bug 150798 - Extra whitespace included in saved query links
  • Bug 149845 - buglist.cgi checks for ORDER validity are wrong
  • Fix for bug 148993: Makes debug work in the query part of buglist.cgi.
  • Fix for bug 149964 - quietly_check_login() needs to be called in colchange.cgi.
  • Bug 148919: Make entryheader a separate template (again).
  • Fix for bug 148679: permit multiple stylesheets in the header template.
  • Fix for bug 148179: Cleans up interface to header.html.tmpl.
  • Bug #142890: Make the banner a separate template.
  • Bug 143574 - taint errors with alternate formats. Also make data/templatewritable for non webservergroup users.
  • Bug 144285 - checksetup.pl fails to set data dir (and other dir)permissions properly
  • Fix for bug 148767: Eliminates warning in rare situations.
  • Fix for bug 145030: Removes use of CGI.pm from Template Toolkit until problems with it can be resolved.
  • Bug 93167 - &GroupExists and &GroupIsActive should push and pop sql state
  • Bug 148674 Boolean Charts don’t work in Netpositive because ‘-‘ is sent as ‘%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
  • Bug 145702 - query.cgi doesn’t always ConnectToDatabase() early enough
  • Fix for bug 147476: the affect of changing your dot/webdot preferences on your web server’s accessibility option (.htaccessfor Apache) is now mentioned in the parameter description.
  • Fix for bug 143108: comment change in localconfig to eliminate incorrect statement that your permissions won’t get touched if$webservergroup is empty.
  • Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz)
  • Bug 148363 - minor html glitch on the enter_bug templatepatch by [email protected] (Jouni Heikniemi),
  • Fix for bug 148157 - Bad sorting in describecomponents.cgi, patch by David Lawrence [email protected]
  • Fix for bug 148011: move TT pseudo-method declarations together.
  • Bug 147272 - no background for bugzilla pages
  • Bug 144728 - Midair collision doubles line feeds.
  • Bug 145849 - Non-maintainers with ability to bless others need “users” link in footer.
  • Bug 146091 - Sort order for votes is ascending instead of descending.
  • Bug 144768 - Selecting multiple products on query page causes script error in IE.
  • Fix for bug 47251: Make Bugzilla HTML 4.01 Transitional compliant.
  • Bug 144565 - describecomponents.cgi shows wrong components when user hasaccess to only one product
  • Bug 145113 - describecomponents doesn’t call quietly_check_login()
  • Fix for bug 143743: Eliminates warning by properly initializing array reference.Fix by Myk Melez [email protected].
  • Bug 143586 - required modules tests should be sorted.
  • Fix for bug 144091: adding old-params.txt to .cvsignore
  • Bug 144165 - enter_bug product selection has a footer like without a login if no usebuggroupsentry.
  • Bug 129466 - Adding a comment per a discussion w/ bbaetz on IRC about having backported this bug’s patch to the 2_14_1-BRANCH, which was checked in today
  • Bug 143560 - showdependencytree.cgi eats all available memory if there’s a circular dependency.
  • Bug 143486 - enter_bug.cgi: Using ?format=simple doesn’t work.
  • Fix for bug 143547: Don’t show bugs as grey if usebuggroups parameter is set to true.
  • Fix for bug 78701: missing . in INVALID description in queryhelp.cgi
  • Bug 143231 - Changing a bug with an empty buglist gives a warning.
  • Fix for bug 135449: allows named queries to override the last sort order.
  • Bug 143251 - RFE: checksetup.pl should report module version in error message.

2.14 Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins on the BUGZILLA-2_14_1-BRANCH from 05/08/2002 to 07/30/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run run the query for yourself.

The following checkins were made without reference to any specific bugs:

  • 05/25/2002 - HTML Quote reporter’s name (Gerv)
  • 05/25/2002 - Release Notes Updates (MattyT)
  • 06/03/2002 - Release Notes Updates (MattyT)

Da big list:

  • Fix for bug 154008: some basic (but incomplete) maintenance on bug_email.pl, also fixes a possible security hole with a misuseof a system() call.
  • Bug 152138 - 2.14.2 breaks sorting on more than one field
  • Bug 130821: Backported patch to further validate the order sql parameter.
  • Bug 148674 Boolean Charts don’t work in Netpositive because ‘-‘ is sent as ‘%2DThis makes CGI.pl closer to CGI.pm by having it unescape the name field in addition to the value field.
  • Bug 93167 - &GroupExists and &GroupIsActive and &UserInGroup need to pushand pop sql state
  • Bug 147486 - First (of many?) fixes of cross site scripting issues; checked in on the 2.14.1 branch; this patch is slightly different (semantically) from the one in 147486; it moves the ) placement, per myk’s suggestion in the bug.
  • Bug 107718: backported patch for 2_14_1-BRANCH
  • Fix bug 146447, part
  • Backported patch for bug 92263; patch applies cleanly to the 2_14_1-BRANCH
  • Bug 134575: Backported patch for the 2_14_1 BRANCH
  • Bugs 126801, 141557: backported security patches for the 2.14.1
28. July 2002

Bugzilla 2.16 Released

by Bugzilla Team

The Bugzilla Team is relieved and pleased to finally announce the release of Bugzilla 2.16, and also a new status update. The product of 11 months of hard work, Bugzilla 2.16 is the first release of Bugzilla to have a templatised UI, allowing administrators easily to customise the look and feel of their Bugzilla without editing Perl code.

There are no security fixes in 2.16 that were not in 2.16rc2 - but anyone running a version of Bugzilla older than that needs to read the 2.16rc2 and 2.14.2 security advisory and previous advisories. Bugzilla 2.16 is the best Bugzilla, and the Bugzilla team strongly recommends its use over all other versions.

28. July 2002

Bugzilla 2.14.3 Released

by Bugzilla Team

Due to a small “brown bag” issue in 2.14.2, 2.14.3 has been released. This release contains two extra fixes to 2.14.2 - we fixed column sorting in buglists, and made a system call in the optional, unsupported, contributed email subsystem more secure.

The 2.14.x branch is Bugzilla’s older stable branch. New installations and upgraders are strongly recommended to use 2.16.

08. June 2002

Bugzilla 2.16 Release Candidate 2 and Bugzilla 2.14.2 are now available

by Bugzilla Team

Based on feedback from Bugzilla 2.16rc1, and some recent security issues that were found, we’ve now made available a second release candidate for 2.16 as well as a security update for the 2.14 branch. All of the security fixes are also included in 2.16rc2. For details, see the following links:

Check out the download page for links to download or update to it. Unless any major problems are found, this is what we’d like to release as version 2.16.

10. May 2002

Bugzilla Status Update

by Dave Miller (justdave)

Introduction

At long last we are really and truly in the final countdown for the 2.16 release! Tonight we’ve released 2.16rc1 (first release candidate). As of this time, there are no code bugs remaining targeted for the 2.16 release. The documentation is still incomplete, and will be updated again before the 2.16 release, but the code is basically what we’d like to release, unless any regression bugs are found of course. Check out our downloads page to pick up a copy of the Release Candidate and try it out! Remember we do NOT recommend using the release candidate for production use. You may do so at your own risk. However, if you have someplace to test it out, by all means do so. If you find any regression bugs, please let us know! Win32 users, see note below.

Highly Misleading & Meaningless Statistics

Date 2.16 Bugs With Patches Waiting For Review 2.16 Bugs Waiting For Patches 2.16 Release Blockers 2.18 Bugs Other Bugs
2002-05-08 0 bugs 0 bugs 2 bugs 597 bugs 410 bugs
2002-04-16 11 bugs 4 bugs 5 bugs 541 bugs 437 bugs
2002-04-07 8 bugs 8 bugs 9 bugs 494 bugs 465 bugs
2002-03-03 16 bugs 17 bugs 23 bugs 487 bugs 430 bugs
2002-02-13 24 bugs 21 bugs 23 bugs 481 bugs 405 bugs
2002-02-11 34 bugs 35 bugs 27 bugs 477 bugs 396 bugs
2002-01-18 49 bugs 61 bugs 34 bugs 459 bugs 337 bugs
2001-10-19 112 bugs 329 bugs   36 bugs 299 bugs

The two remaining “blocker” bugs are the release tracking bug, and the release notes.

Templatisation Update

One of the biggest and most overwhelming changes in Bugzilla since 2.14 is that all of the customer-visible files have been converted to use HTML templates using Template Toolkit. This has the potential to make migration from an older Bugzilla a royal pain if you’ve done any customizing, since this essentially amounted to a rewrite of a huge chunk of Bugzilla (and is the main reason this release is so far behind schedule). If you survive this update, all of our future updates should be tremendously easier, though, since you can now customize the look and feel of your site without having to touch Perl code.

The administrative pages are scheduled to go through this same process during the next development cycle.

The template directory has been completely moved from it’s former location in the CVS repository earlier in the 2.15/2.16 development cycle, to drop things a level deeper in the hierarchy in preparation for localization/internationalization efforts in the near future. The shipped templates now reside in template/en/default instead of template/default. ‘en’ being the language code for English of course. There are already translations in the works for at least Spanish and German, and efforts will be made early in the next development cycle to make this more seamless and integrate with the user’s browser preferences as well.

Email sending is broken on Win32

Unfortunately, the templatization of process_bug.cgi broke the ability for Bugzilla to send bug update notifications via email on Windows due to the way ActiveState Perl handles fork(). There is a fix for this in the works, but it involves major code changes, and we didn’t want to hold up the 2.16 release for another month to give it adequate testing. The bottom line is, if you’re using Win32, you do not want Bugzilla 2.16. There will be a 2.16.1 release which includes this fix as soon as it’s ready. For up-to-date information on this topic, see bugs 124174 and 84876.

2.16 Goals

The current goals for our 2.16 release are still:

  • HTML 4.01 Transitional compliance. (this is being handled in tandem with the templatization) (complete)
  • Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (complete)
  • Allow users to change their own email addresses, instead of having to bug the site admin (using verification emails sent to both the old and new addresses to validate the change) (complete)
  • Remove old attachment code in favor of the new attachment tracker system. (complete)
  • Enable Perl’s taint mode for all user accessible files, and taint-check anything being sent to the database.(complete)

As always, for an up to date list, see the roadmap.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

  • Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
  • PostgreSQL support. (Bug 98304)
  • Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • Request tracker, for managing requests to change things about bugs. (Bug 98801)
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins from 03/03/2002 to 05/20/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run the query for yourself.

The following general checkins were made without reference to any specific bugs:

  • 5/8/2002 - Documentation and Bugzilla Guide updates (Gerv)
  • 5/1/2002 - Documentation updates (Gerv)
  • 5/1/2002 - Documentation recompile and trial/error updates (justdave)
  • 4/24/2002 - tinderbox bustage fixes and .cvsignore updates (justdave/Gerv)
  • 4/17/2002 - Missing version string; fixed due to tinderbox bustage (bbaetz)
  • Various other random tinderbox bustage fixes ;-)

And now… for da big list:

  • Bug 143124, Fix warning messages about *::TESTOUT and clean up test code. Patch makes the tests much better now.
  • Bug 143091 - No email to the qa contact when creating bugs.
  • Bug 143040 - Tidy up remove parameters message in checksetup.pl.
  • Bug 143066 - footer shows as logged out on show_bug.cgi.
  • Bug 143045 - Bug groups text is unclear.
  • Bug 142950 - query links in footer are broken.
  • Bug 140437 - clean up parameters.
  • Bug 142231 - template/.cvsignore should contain es, de, but not custom.
  • bug 142792 - Output from checksetup.pl contains misspelled words.
  • Bug 140435 - Templatise GetCommandMenu.
  • Bug 135543 - @Support::Templates::testitems does not list all templates
  • Bug 134571 - client-side image maps in showdependencygraph.cgi
  • Bug 140355 - warn the user about not using a webserver group
  • Bug 140993 - Pass javascript correctly into header; templatise the rest of the header-related parameters.
  • Bug 141036 - add INTERFACE comments to all templates. This does the first 20 or so - many more to go…
  • Rename getSelection to get_selection. Fixes bug 141716, Mozilla context menus were broken on query.cgi because of getSelection overriding the native method which is used by Mozilla’s context menu code.
  • Bug 139313 - warning in buglist.cgi when votes isn’t a parameter
  • Bug 135836 - change requests should include expiration details.
  • Bug 141609 - “Version unspecified” error when changing product with product groups enabled.
  • Bug 97496 - Release notes updates.
  • Bug 141635 - showdependencygraph requires bug number for doall.
  • Bug 117936 - deprecate Apache 1.2 as our .htaccess files don’t work with it.
  • Bug 125395 - remove revision history. That’s what CVS is for :-) Also, do other tidy-ups and updates to front page.
  • Bug 105877 - Backup & check for modifications before upgrade.
  • Bug 137709 - remove incorrect information about email preferences.
  • Bug 111712 - update command for changing path to Perl.
  • Bug 126907 - remove “Future” section from guide.
  • Bug 141557 - modification to user deletion code in editusers.cgi - prevent allowuserdeletion being bypassed.
  • Bug 140770 - Navigation doesn’t work after creating a new bug. This fix displays a new bug to the user immediately after it’s been filed.
  • Bug 141385 - dependency graph title is incorrect when doall is specified.
  • Bug 141326 - broken hyperlink in editkeywords.cgi.
  • Bug 140311 - query.cgi, search/seach.html.tmpl: should move some strings to template.
  • Bug 140664 - checksetup.pl fails on perl 5.005.
  • Bug 140564 - Unquoted variable in regexp in globals.pl.
  • Bug 140329 - Stagger headers have wrong order.
  • Bug 140784 - edit*.cgi need a use lib “.” on Win32/IIS w/ taint.
  • Bug 140953 - Creating the first attachment status fails.
  • Bug 140553 - remaining instances of uri filter.
  • Bug 137623 - showdependencytree.cgi has minor grammatical and formatting issues.
  • Bug 140765 - midair template has an error.
  • Bug 140006 - ThrowTemplateError should try a template before using print statements.
  • Bug 138904 - post_bug templates should be separate. Renaming template so that the name’s not so long, and we can use formats.
  • Bug 138904 - post_bug templates should be separate.
  • Bug 140103 - various templatisations or cleanups in CGI.pl.
  • Bug 140633: Template Toolkit bug causes directory “datatemplate” to be created in the Bugzilla root directory instead of creating “template” within the “data” directory. Adding a trailing slash to the compile directory name to work around it.
  • Bug 138284 - prepare for Bugzilla Helper replacement enter_bug template.
  • Bug 105960 - xml.cgi has wrong content type, and should be standalone
  • Bug 97832 - turn on template compilation. This means that the minimum TT version is now 2.07.
  • Bug 138994 - split up duplicates.html.tmpl.
  • Bug 140419 - fix merge error from bug 138995. Oops.
  • Bug 140407 - remove all references to directories template/default and template/custom. They are no more. Oceania is at war with East Asia. Oceania has always been at war with East Asia.
  • Move a </center> tag (inserted in bug 129442 in a vain attempt to make this CGI’s HTML validate) to the bottom of the initial page. This has the effect of fixing the alignment of the “choose chart” widgets; returning them back to the centre, where it should be. No bug number.
  • Bug 138995 - split up search.html.tmpl.
  • Bug 139930 - checksetup.pl no longer fails if data/params does not exist
  • Bug 139759 - gets email searches for “cc: list or assignee” working again.
  • Bug 140354 - Prevents “edit attachment as comment” from displaying opening and closing HTML tags on recent versions of Mozilla by making the regexp that finds and removes them case-insensitive.
  • Bug 135817 - update template filename. Oops.
  • Bug 140124 - PuntTryAgain must die.
  • Bug 135814 - templatise Token.pm.
  • Bug 139588: changes “size” to “maxlength” in abbreviations hash since “size” is a hash built-in method in Template Toolkit 2.07
  • Bug 140161: Prevents function call from displaying its return value, which we don’t need.
  • Bug 140145 - GetLongDescriptionAsHTML must die.
  • Bug 140121 - make sure we keep calling SyncAnyPendingShadowChanges from the footer.
  • Bug 140110 - remove 273 lines of redundant code from CGI.pl.
  • Bug 139928 - cvs remove templates from template/default directory. These templates now all live in template/en/default, for l10n purposes.
  • Bug 137183 - tab names should be in the template not in the .cgi.
  • Bug 126571: prevents display of messages to end-users about parameters being removed when an installation upgrades to a later version of Bugzilla from which some parameters have been removed.
  • Bug 138456 - use proper error functions in DBNameToIdAndCheck.
  • Bug 139632: connect to the database in enter_bug.cgi in case it is time to rebuild the version cache, which needs a database connection.
  • Bug 125066 - remove the need to set a milestone on accept for products with just one milestone.
  • Bug 136180 - use uri/url_quote filters correctly.
  • Bug 139800 - remove errant references to index.html.
  • Bug 139787 - more template name fixes to stop tree burning.
  • Bug 138588 - missed a DisplayError -> ThrowTemplateError change.
  • Bug 138588 - change to use new template structure.
  • Bug 138582 - convert all INCLUDEs to PROCESS.
  • Bug 124587: Lock bugs table before inserting new bug.
  • Bug 138604, make the bugzilla sidebar use valid XUL plus some template cleanup.
  • Bug 139051 - fix misspelling of “privilege”.
  • Bug 135707 - rearrange templates to normalise filenames, and create directory structure which allows for localised versions of the templates. Earlier versions of these templates can be found, cvs removed, scattered around bugzilla/template/default; but there are no substantial changes between their initial checkin there and here.
  • Bug 125013: ProcessMultipartFormFields in CGI.pl would hang if the posting browser included regexp metacharacters in its boundary string.
  • Bug 138581 - add template/en/* to the search path.
  • Bug 135707 - make template/en/default templates consistent with template/default.
  • Bug 135707 - rearrange templates to normalise filenames, and create directory structure which allows for localised versions of the templates. Earlier versions of these templates can be found, cvs removed, scattered around bugzilla/template/default; but there are no substantial changes between their initial checkin there and here.
  • Bug 138064 - False-positive error message in checksetup.pl when checking for “png” in data/webdot/.htaccess.
  • Bug 135707 - rearrange templates to normalise filenames, and create directory structure which allows for localised versions of the templates. Earlier versions of these templates can be found, cvs removed, scattered around bugzilla/template/default; but there are no substantial changes between their initial checkin there and here.
  • Bug 12004: need info on Template and AppConfig in the help docs.
  • Bug 137954 - Empty “move-button-text” field blocks changing bugs.
  • Bug 126792: Templatizes showdependencytree.cgi.
  • Bug 135545 - missing template version strings.
  • Bug 136754 - warning in editproduct.cgi if usebuggroups option is on.
  • Bug 137589 - fix test 4 not to hang on the “use CGI” in the template.
  • Bug 136506: work-around taint error on Perl 5.005.
  • bug 117718 - Mass Change removes a bugs groupset if the bug was in the wrong product group
  • Bug 125427 - Taint error in duplicates.cgi with perl < 5.6
  • Bug 137669: remove tags from attachment status lists
  • Bug 121247 - enter_bug comment templates. Template method for amalgamation of free-form enter_bug text fields into the description.
  • Bug 134198: Warns installations about Apache configuration issue with security ramifications.
  • Bug 92763 Add Windows XP as OS selection for entering/searching bugs
  • Bug 135666 Creating bugs: OS detection doesn’t work for Internet Explorer, Win NT 4. Adds Windows XP to the bugzilla OS list Activates the Windows XP detection (it was commented out waiting for this fix…) Makes Windows NT (4) detection match the pattern everything else used
  • Bug 129442 - make html of a default installation (mostly) HTML 4.01 transitional compliant Original
  • Bug 136751 - warnings with show_bug.cgi
  • Bug 110980 - no email to cc list when opening new bug
  • Bug 136227: Corrects syntax error in bash script.
  • Bug 125660: Templatizes process_bug.cgi.
  • Bug 119635 - templatise duplicates.cgi.
  • Byg 136003 - two extra spaces after every comment
  • Bug 133423 - Audit templates for FILTER usage
  • Bug 134575 - some scripts trying to make world writable directories
  • Bug 135815 - Regression on CGI.pl for link to showvotes.cgi.
  • Bug 135473 - Using back button after failure on attachment.cgi does not disable radio buttons when patch checkbox is checked.
  • Bug 135469 - missing version string (tree’s afire).
  • Bug 126456 - fix our error handling. Change the name of the functions to something more sane; a few enhancements.
  • bug 134562 - taint error in buglist.cgi
  • Bug 117760 - Templatise showvotes.cgi and incorporate doeditvotes.cgi.
  • Bug 124920 - Templatise post_bug.cgi.
  • Bug 126793 - templatise showdependencygraph.cgi.
  • Bug 135291: add version string to new templates and fix the string for non xml templates.
  • Bug 130373 - sorting by target milestone generated bogus error
  • Bug 127200 - query for cc takes long time
  • Bug 126883 - bugzilla.dtd isn’t quite correct
  • Partial fix for bug 104600: Adds “template/custom” to .cvsignore.
  • Bug 126456 - improve our error handling.
  • New version of bug writing guidelines - bug 131345. Written by Eli ([email protected]),
  • Bug 98658: Let administrator know which customised templates have been updated by Bugzilla team. Patch adds a version string to every template and a check in t/004template.t to check for version strings in templates. Note that two templates that were not included in the initial patch now have version strings added.
  • Bug 126801: Suppress display of secure products to users who are not authorized to access those products. Only matters for installations using the “product groups” feature.
  • Bug 124937 - templatise show_activity.cgi.
  • Bug 109528 - Can’t query for attachment status != value if patch has no statuses
  • Bug 82143 and bug 95594: Attempting to reverse dependencies falsely reported a circular dependency loop, and setting both the blocks and depends at the same time allowed a real dependency loop to be created.
  • Bug 120537 (b) - fix previous patch to not complain if there’s no .htaccess file.
  • Bug 132939 - “zarro bugs found” is no more
  • Remaining pieces of Bug 23067 from yesterday… no idea why the first commit didn’t pick these up.
  • Bug 107513: Makes it possible to change parameters on an installation where access to the scripts is not limited to the web server user.
  • Bug 133833. Error in templatized version of userprefs.cgi. Error with ExcludeSelf form variable being all lowercase.
  • Bug 23067: Allow the user to change their email address through the preferences. Sends out tokens in email to both addresses which have to be confirmed by the new address, and can be cancelled by the old one. Entering your password on the preferences page is required to initiate the process.
  • Bug 134465 - Don’t die() if the admin email address doesn’t match the regexp.
  • Better fix for bug 132929, buglist.cgi “long format” button doesn’t work.
  • Bug 133425: adding missing FILTERs in the template
  • Bug 92263: Don’t output SQL commands before the footer when syncshadowdb fails (only affects Bugzillas that are running shadow databases)
  • Bug 120537 - Allow the use of a local ‘dot’ binary to generate dependency graphs
  • Bug 133210 - typo in checksetup; uses $::params instead of $::param
  • Bug 133862 - bugzilla index page doesn’t focus text field
  • Bug 104589 - prevent user closing window from terminating Bugzilla scripts.
  • Bug 133425 - FILTERs and other fixes in show_bug.html.tmpl.
  • Bug 133200 - mass change removes dependencies.
  • Bug 133206 - mass change uses ‘severity’ rather than ‘bug_severity’.
  • Bug 133389: changing anything on a bug from the show_bug.cgi page would reset its component to the first in the product.
  • Bug 133372 - FILTER uri on milestone URL.
  • Fixes to small issues with show_bug.cgi templatisation. Bug 133276 - groups test is wrong.
  • Bug 133201 - js syntax error in show_bug
  • Bug 128419 - link to email preferences from bug changed notification is wrong
  • Bug 110012 - show_bug templatisation.
  • Bug 132634 - remove warning in reports.cgi when quips aren’t used.
  • Bug 131659 - need to fixPerms the css directory
  • Bug 131521 - Set $::ENV{PATH} so that we don’t get bogus 15 line warnings from perl 5.6.1’s Cwd.pm on every system() call.
  • Bug 132929 - buglist.cgi ‘long format’ button doesn’t work
  • Bug 106386 rid source of misspellings
  • Bug 118953 - incorrect message from checksetup.pl
  • Bug 92905 - perl error when editing user and no groups defined
  • Bug 131568: template/default/global/header validates HTML 4.01 Transitional
  • Bug 103953 again = XHTML fixes.
  • Bug 129466 - use IP addr (not hostname) in logincookies table
  • Bug 126789 - templatise token.cgi.
  • Bug 97739: Confirms deletion of an attachment status in browsers with no-JS/JS-off.
  • Bug 103778: Rewrites and templatizes buglist.cgi.
  • Bug 130254 - Template params don’t have to exist, since they may be subject to interpolation. Ignore names with $ in them as a workaround
  • Bug 72184: prevents users from entering too-large comments/descriptions that get rejected by MySQL’s MAX_PACKET_SIZE restrictions.
  • Bug 129017 - perl error in apache log
  • Bug 129016: Corrects conditional operator.
  • Bug 128784: Eliminates redundant function call in userprefs.cgi.
  • Bug 106377 - processmail rescanall should use lastdiffed
10. May 2002

Bugzilla 2.16 Release Candidate 1 is now available

by Bugzilla Team

At long last and after much banging of heads against walls, we are proud to announce the availability of a release candidate for Bugzilla 2.16. Check out the download page for links to download or update to it. Unless any major problems are found, this is what we’d like to release as version 2.16. Be sure to check out our latest status update before downloading.

03. March 2002

Bugzilla Status Update

by Dave Miller (justdave)

Introduction

Unfortunately, it is clear at this point that we will not make our revised goal of March 1st for the 2.16 release, either. We were almost there at one point, then we discovered several files that needed to be templatized that got missed in the first round, and a number of regressions in other parts of Bugzilla that really need to be fixed before we can release. Although we’ve had a feverish rate of checkins in the last two weeks compared to the last couple months, the new template bugs and the regressions have added to our buglist, so it appears that we’re going backwards. I hate moving targets, so I’m only going to say that it’ll be out whenever it’s done now, but I can tell you it won’t be long. We’re moving at a rapid pace now.

Highly Misleading & Meaningless Statistics

Date 2.16 Bugs With Patches Waiting For Review 2.16 Bugs Waiting For Patches 2.16 Release Blockers 2.18 Bugs Other Bugs
2002-03-03 16 bugs 17 bugs 23 bugs 487 bugs 430 bugs
2002-02-13 24 bugs 21 bugs 23 bugs 481 bugs 405 bugs
2002-02-11 34 bugs 35 bugs 27 bugs 477 bugs 396 bugs
2002-01-18 49 bugs 61 bugs 34 bugs 459 bugs 337 bugs
2001-10-19 112 bugs 329 bugs   36 bugs 299 bugs

Templatisation Update

Bugzilla Templatisation is taking longer than expected, but we’re considerably far along at this point. There are currently 10 user-visible cgi pages left to templatize (out of 21 total), 5 of which are currently undergoing review. With a couple notable exceptions (buglist.cgi and show_bug.cgi) most of the remaining ones aren’t so difficult.

Bugs relevant to the templating process that are still outstanding are:

Other bugs about templates in Bugzilla: (targetted for 2.16)

  • Bug 98658 - Let administrator know which customised templates have been updated by Bugzilla team
  • Bug 97832 - turn on template pre-compilation
  • Bug 126908 - no templates should be in the admin directory
  • Bug 126955 - Bugzilla should support translated/localized templates

2.16 Goals

The current goals for our 2.16 release are still:

  • HTML 4.01 Transitional compliance. (this is being handled in tandem with the templatization)
  • Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (10 bugs remain)
  • Allow users to change their own email addresses, instead of having to bug the site admin (using verification emails sent to both the old and new addresses to validate the change) (reviewed needs-work, waiting an updated patch)
  • Remove old attachment code in favor of the new attachment tracker system. (complete)
  • Enable Perl’s taint mode for all user accessible files, and taint-check anything being sent to the database.(complete)

For a more up to date list, see the roadmap. Also, the current list of open bugs that are considered release blockers can be found in this buglist.

New Resources for Reviewers and Developers

We’ve added a Developers’ Guide and a Reviewers’ Guide to our website to assist new developers and reviewers. These are recommended reading for anyone that wants to contribute to the project.

Bugzilla Bug Reports May Have a New Home Soon

Traditionally, bugzilla.mozilla.org (henceforth referred to as “b.m.o”) has always run the cvs tip of Bugzilla, and as such has been the “proving ground” for Bugzilla releases before they get released. b.m.o has a lot of traffic, and due to that traffic level, there were always bugs found there any time b.m.o updated to the tip.

As Bugzilla has grown, so has Mozilla. Mozilla is getting huge (if we didn’t all already know that ;) and mozilla.org, as a result, is starting to view b.m.o as a production-critical installation, and is no longer willing to experiment with it.

But Bugzilla itself has a rapidly growing community of users and supporters as well, and we now believe that the people reporting bugs and developing for Bugzilla produce enough traffic on their own to get a reasonable test of the software in production, if it were on its own. The Bugzilla product has almost 1000 open bugs (and over 1800 resolved bugs).

To this end, mozilla.org is investigating setting up a separate instance of Bugzilla (yet to be named) which will have all bugs from the Bugzilla and Webtools products moved to it. This new installation will become our “live production testbed” for Bugzilla, always running somewhere close to the tip of cvs, while b.m.o will begin running only the stable releases after they’ve been proven.

There are many things which will need to happen first to make way for this. For instance, better ability for Bugzilla installations to communicate with each other. For details and dependencies, see Bug 127876.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

  • PostgreSQL support. (Bug 98304)
  • Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
  • Ability to add generic customized fields to bugs (Bug 91037)
  • Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
  • Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
  • Request tracker, for managing requests to change things about bugs. (Bug 98801)
  • Use template pages instead of hard-coding the HTML into the perl. (Bug 86168)
  • mod_perl support. (Bug 87406)
  • New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Checkins Since the Last Status Update

Get this list from Bonsai

  • Bug 106377 - processmail rescanall now uses lastdiffed time to locate bugs that have mail that didn’t get sent, also adds a sanity check for the same
  • Bug 127524 - checksetup.pl claimed localconfig had compile errors if XML::Parser wasn’t installed ([email protected] wasn’t getting cleared before testing localconfig)
  • Bug 99209 - display links on dependency tree page for modifying multiple bugs listed in the dependency tree
  • Bug 128437 - regression from userprefs redesign, default email preferences weren’t being displayed correctly
  • Bug 128422 - regression from userprefs redesign, everyone was getting email on all changes regardless of email preferences
  • Bug 112537 - some bug summaries were missing in a dependency tree with a depth limit set
  • Bug 127318 - push UserInGroup function to templates
  • Bug 119657 - cleaning up the way we check for template errors
  • Bug 107743 - post_bug.cgi wasn’t properly validating some parameters
  • Bug 117060 - templatize userprefs.cgi, also got new tabs and a new layout for the email preferences
  • Bug 127519 - fixing an error after doing a change columns from the buglist
  • Bug 126788 - templatize xml.cgi
  • Bug 127841 - add processmail and syncshadowdb to the list of files that need the bonsaitools perl path changed in order to run from another perl location
  • Bug 97729 - uploaders need to be able to obsolete their own attachments
  • Bug 127507 - one too many blank lines in each comment
  • Bug 126791 - templatize relogin.cgi
  • Bug 110711 - resolves a number of issues with the original query.cgi templates
  • Bug 97496 - more cleanup to release notes
  • Bug 117515 - templatize describekeywords.cgi
  • Bug 115369 - templatize long_list.cgi
  • Bug 126487 - Edit attachment as comment was causing an immediate submit instead of letting you edit it in newer Mozilla builds
  • Bug 118774 - The keyword field wasn’t showing up on the query page because have_keywords wasn’t being properly set before passing it to the template
  • Bug 125516 - “-ti” doesn’t work in exim, so changing sendmail calls to use “-t -i” instead.
  • Bug 97496 - Some cleanup to the release notes in preparation for the 2.16 release
  • Bug 125835 - Removed an old sarcastic comment from the code generated for localconfig so that it doesn’t imply that using a database password might be bad.