Bugzilla Status Update

by Dave Miller (justdave)

Introduction

At long last we are really and truly in the final countdown for the 2.16 release! Tonight we’ve released 2.16rc1 (first release candidate). As of this time, there are no code bugs remaining targeted for the 2.16 release. The documentation is still incomplete, and will be updated again before the 2.16 release, but the code is basically what we’d like to release, unless any regression bugs are found of course. Check out our downloads page to pick up a copy of the Release Candidate and try it out! Remember we do NOT recommend using the release candidate for production use. You may do so at your own risk. However, if you have someplace to test it out, by all means do so. If you find any regression bugs, please let us know! Win32 users, see note below.

Highly Misleading & Meaningless Statistics

The two remaining “blocker” bugs are the release tracking bug, and the release notes.

Templatisation Update

One of the biggest and most overwhelming changes in Bugzilla since 2.14 is that all of the customer-visible files have been converted to use HTML templates using Template Toolkit. This has the potential to make migration from an older Bugzilla a royal pain if you’ve done any customizing, since this essentially amounted to a rewrite of a huge chunk of Bugzilla (and is the main reason this release is so far behind schedule). If you survive this update, all of our future updates should be tremendously easier, though, since you can now customize the look and feel of your site without having to touch Perl code.

The administrative pages are scheduled to go through this same process during the next development cycle.

The template directory has been completely moved from it’s former location in the CVS repository earlier in the 2.15/2.16 development cycle, to drop things a level deeper in the hierarchy in preparation for localization/internationalization efforts in the near future. The shipped templates now reside in template/en/default instead of template/default. ‘en’ being the language code for English of course. There are already translations in the works for at least Spanish and German, and efforts will be made early in the next development cycle to make this more seamless and integrate with the user’s browser preferences as well.

Email sending is broken on Win32

Unfortunately, the templatization of process_bug.cgi broke the ability for Bugzilla to send bug update notifications via email on Windows due to the way ActiveState Perl handles fork(). There is a fix for this in the works, but it involves major code changes, and we didn’t want to hold up the 2.16 release for another month to give it adequate testing. The bottom line is, if you’re using Win32, you do not want Bugzilla 2.16. There will be a 2.16.1 release which includes this fix as soon as it’s ready. For up-to-date information on this topic, see bugs 124174 and 84876.

2.16 Goals

The current goals for our 2.16 release are still:

• HTML 4.01 Transitional compliance. (this is being handled in tandem with the templatization) (complete)
• Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (complete)
• Allow users to change their own email addresses, instead of having to bug the site admin (using verification emails sent to both the old and new addresses to validate the change) (complete)
• Remove old attachment code in favor of the new attachment tracker system. (complete)
• Enable Perl’s taint mode for all user accessible files, and taint-check anything being sent to the database.(complete)

As always, for an up to date list, see the roadmap.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

• Ability to send email via SMTP instead of relying on a local installation of sendmail. (Bug 84876)
• PostgreSQL support. (Bug 98304)
• Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
• Ability to add generic customized fields to bugs (Bug 91037)
• Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
• Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
• Request tracker, for managing requests to change things about bugs. (Bug 98801)
• mod_perl support. (Bug 87406)
• New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Checkins Since the Last Status Update

The following is a list of specific bugs fixed (and their checkin messages) since the last Bugzilla status report. It is ordered by the checkin date, as ordered by Bonsai. It includes checkins from 03/03/2002 to 05/20/2002. This list was generated by filtering the output from Bonsai; if you’re interested, you can run the query for yourself.

The following general checkins were made without reference to any specific bugs:

• 5/8/2002 - Documentation and Bugzilla Guide updates (Gerv)
• 5/1/2002 - Documentation updates (Gerv)
• 5/1/2002 - Documentation recompile and trial/error updates (justdave)
• 4/24/2002 - tinderbox bustage fixes and .cvsignore updates (justdave/Gerv)
• 4/17/2002 - Missing version string; fixed due to tinderbox bustage (bbaetz)
• Various other random tinderbox bustage fixes ;-)

And now… for da big list:

• Bug 143124, Fix warning messages about *::TESTOUT and clean up test code. Patch makes the tests much better now.
• Bug 143091 - No email to the qa contact when creating bugs.
• Bug 143040 - Tidy up remove parameters message in checksetup.pl.
• Bug 143066 - footer shows as logged out on show_bug.cgi.
• Bug 143045 - Bug groups text is unclear.
• Bug 142950 - query links in footer are broken.
• Bug 140437 - clean up parameters.
• Bug 142231 - template/.cvsignore should contain es, de, but not custom.
• bug 142792 - Output from checksetup.pl contains misspelled words.
• Bug 140435 - Templatise GetCommandMenu.
• Bug 135543 - @Support::Templates::testitems does not list all templates
• Bug 134571 - client-side image maps in showdependencygraph.cgi
• Bug 140355 - warn the user about not using a webserver group
• Bug 140993 - Pass javascript correctly into header; templatise the rest of the header-related parameters.
• Bug 141036 - add INTERFACE comments to all templates. This does the first 20 or so - many more to go…
• Rename getSelection to get_selection. Fixes bug 141716, Mozilla context menus were broken on query.cgi because of getSelection overriding the native method which is used by Mozilla’s context menu code.
• Bug 139313 - warning in buglist.cgi when votes isn’t a parameter
• Bug 135836 - change requests should include expiration details.
• Bug 141609 - “Version unspecified” error when changing product with product groups enabled.
• Bug 97496 - Release notes updates.
• Bug 141635 - showdependencygraph requires bug number for doall.
• Bug 117936 - deprecate Apache 1.2 as our .htaccess files don’t work with it.
• Bug 125395 - remove revision history. That’s what CVS is for :-) Also, do other tidy-ups and updates to front page.
• Bug 105877 - Backup & check for modifications before upgrade.
• Bug 137709 - remove incorrect information about email preferences.
• Bug 111712 - update command for changing path to Perl.
• Bug 126907 - remove “Future” section from guide.
• Bug 141557 - modification to user deletion code in editusers.cgi - prevent allowuserdeletion being bypassed.
• Bug 140770 - Navigation doesn’t work after creating a new bug. This fix displays a new bug to the user immediately after it’s been filed.
• Bug 141385 - dependency graph title is incorrect when doall is specified.
• Bug 141326 - broken hyperlink in editkeywords.cgi.
• Bug 140311 - query.cgi, search/seach.html.tmpl: should move some strings to template.
• Bug 140664 - checksetup.pl fails on perl 5.005.
• Bug 140564 - Unquoted variable in regexp in globals.pl.
• Bug 140329 - Stagger headers have wrong order.
• Bug 140784 - edit*.cgi need a use lib “.” on Win32/IIS w/ taint.
• Bug 140953 - Creating the first attachment status fails.
• Bug 140553 - remaining instances of uri filter.
• Bug 137623 - showdependencytree.cgi has minor grammatical and formatting issues.
• Bug 140765 - midair template has an error.
• Bug 140006 - ThrowTemplateError should try a template before using print statements.
• Bug 138904 - post_bug templates should be separate. Renaming template so that the name’s not so long, and we can use formats.
• Bug 138904 - post_bug templates should be separate.
• Bug 140103 - various templatisations or cleanups in CGI.pl.
• Bug 140633: Template Toolkit bug causes directory “datatemplate” to be created in the Bugzilla root directory instead of creating “template” within the “data” directory. Adding a trailing slash to the compile directory name to work around it.
• Bug 138284 - prepare for Bugzilla Helper replacement enter_bug template.
• Bug 105960 - xml.cgi has wrong content type, and should be standalone
• Bug 97832 - turn on template compilation. This means that the minimum TT version is now 2.07.
• Bug 138994 - split up duplicates.html.tmpl.
• Bug 140419 - fix merge error from bug 138995. Oops.
• Bug 140407 - remove all references to directories template/default and template/custom. They are no more. Oceania is at war with East Asia. Oceania has always been at war with East Asia.
• Move a </center> tag (inserted in bug 129442 in a vain attempt to make this CGI’s HTML validate) to the bottom of the initial page. This has the effect of fixing the alignment of the “choose chart” widgets; returning them back to the centre, where it should be. No bug number.
• Bug 138995 - split up search.html.tmpl.
• Bug 139930 - checksetup.pl no longer fails if data/params does not exist
• Bug 139759 - gets email searches for “cc: list or assignee” working again.
• Bug 140354 - Prevents “edit attachment as comment” from displaying opening and closing HTML tags on recent versions of Mozilla by making the regexp that finds and removes them case-insensitive.
• Bug 135817 - update template filename. Oops.
• Bug 140124 - PuntTryAgain must die.
• Bug 135814 - templatise Token.pm.
• Bug 139588: changes “size” to “maxlength” in abbreviations hash since “size” is a hash built-in method in Template Toolkit 2.07
• Bug 140161: Prevents function call from displaying its return value, which we don’t need.
• Bug 140145 - GetLongDescriptionAsHTML must die.
• Bug 140121 - make sure we keep calling SyncAnyPendingShadowChanges from the footer.
• Bug 140110 - remove 273 lines of redundant code from CGI.pl.
• Bug 139928 - cvs remove templates from template/default directory. These templates now all live in template/en/default, for l10n purposes.
• Bug 137183 - tab names should be in the template not in the .cgi.
• Bug 126571: prevents display of messages to end-users about parameters being removed when an installation upgrades to a later version of Bugzilla from which some parameters have been removed.
• Bug 138456 - use proper error functions in DBNameToIdAndCheck.
• Bug 139632: connect to the database in enter_bug.cgi in case it is time to rebuild the version cache, which needs a database connection.
• Bug 125066 - remove the need to set a milestone on accept for products with just one milestone.
• Bug 136180 - use uri/url_quote filters correctly.
• Bug 139800 - remove errant references to index.html.
• Bug 139787 - more template name fixes to stop tree burning.
• Bug 138588 - missed a DisplayError -> ThrowTemplateError change.
• Bug 138588 - change to use new template structure.
• Bug 138582 - convert all INCLUDEs to PROCESS.
• Bug 124587: Lock bugs table before inserting new bug.
• Bug 138604, make the bugzilla sidebar use valid XUL plus some template cleanup.
• Bug 139051 - fix misspelling of “privilege”.
• Bug 135707 - rearrange templates to normalise filenames, and create directory structure which allows for localised versions of the templates. Earlier versions of these templates can be found, cvs removed, scattered around bugzilla/template/default; but there are no substantial changes between their initial checkin there and here.
• Bug 125013: ProcessMultipartFormFields in CGI.pl would hang if the posting browser included regexp metacharacters in its boundary string.
• Bug 138581 - add template/en/* to the search path.
• Bug 135707 - make template/en/default templates consistent with template/default.
• Bug 135707 - rearrange templates to normalise filenames, and create directory structure which allows for localised versions of the templates. Earlier versions of these templates can be found, cvs removed, scattered around bugzilla/template/default; but there are no substantial changes between their initial checkin there and here.
• Bug 138064 - False-positive error message in checksetup.pl when checking for “png” in data/webdot/.htaccess.
• Bug 135707 - rearrange templates to normalise filenames, and create directory structure which allows for localised versions of the templates. Earlier versions of these templates can be found, cvs removed, scattered around bugzilla/template/default; but there are no substantial changes between their initial checkin there and here.
• Bug 12004: need info on Template and AppConfig in the help docs.
• Bug 137954 - Empty “move-button-text” field blocks changing bugs.
• Bug 126792: Templatizes showdependencytree.cgi.
• Bug 135545 - missing template version strings.
• Bug 136754 - warning in editproduct.cgi if usebuggroups option is on.
• Bug 137589 - fix test 4 not to hang on the “use CGI” in the template.
• Bug 136506: work-around taint error on Perl 5.005.
• bug 117718 - Mass Change removes a bugs groupset if the bug was in the wrong product group
• Bug 125427 - Taint error in duplicates.cgi with perl < 5.6
• Bug 137669: remove tags from attachment status lists
• Bug 121247 - enter_bug comment templates. Template method for amalgamation of free-form enter_bug text fields into the description.
• Bug 134198: Warns installations about Apache configuration issue with security ramifications.
• Bug 92763 Add Windows XP as OS selection for entering/searching bugs
• Bug 135666 Creating bugs: OS detection doesn’t work for Internet Explorer, Win NT 4. Adds Windows XP to the bugzilla OS list Activates the Windows XP detection (it was commented out waiting for this fix…) Makes Windows NT (4) detection match the pattern everything else used
• Bug 129442 - make html of a default installation (mostly) HTML 4.01 transitional compliant Original
• Bug 136751 - warnings with show_bug.cgi
• Bug 110980 - no email to cc list when opening new bug
• Bug 136227: Corrects syntax error in bash script.
• Bug 125660: Templatizes process_bug.cgi.
• Bug 119635 - templatise duplicates.cgi.
• Byg 136003 - two extra spaces after every comment
• Bug 133423 - Audit templates for FILTER usage
• Bug 134575 - some scripts trying to make world writable directories
• Bug 135815 - Regression on CGI.pl for link to showvotes.cgi.
• Bug 135473 - Using back button after failure on attachment.cgi does not disable radio buttons when patch checkbox is checked.
• Bug 135469 - missing version string (tree’s afire).
• Bug 126456 - fix our error handling. Change the name of the functions to something more sane; a few enhancements.
• bug 134562 - taint error in buglist.cgi
• Bug 117760 - Templatise showvotes.cgi and incorporate doeditvotes.cgi.
• Bug 124920 - Templatise post_bug.cgi.
• Bug 126793 - templatise showdependencygraph.cgi.
• Bug 135291: add version string to new templates and fix the string for non xml templates.
• Bug 130373 - sorting by target milestone generated bogus error
• Bug 127200 - query for cc takes long time
• Bug 126883 - bugzilla.dtd isn’t quite correct
• Partial fix for bug 104600: Adds “template/custom” to .cvsignore.
• Bug 126456 - improve our error handling.
• New version of bug writing guidelines - bug 131345. Written by Eli ([email protected]),
• Bug 98658: Let administrator know which customised templates have been updated by Bugzilla team. Patch adds a version string to every template and a check in t/004template.t to check for version strings in templates. Note that two templates that were not included in the initial patch now have version strings added.
• Bug 126801: Suppress display of secure products to users who are not authorized to access those products. Only matters for installations using the “product groups” feature.
• Bug 124937 - templatise show_activity.cgi.
• Bug 109528 - Can’t query for attachment status != value if patch has no statuses
• Bug 82143 and bug 95594: Attempting to reverse dependencies falsely reported a circular dependency loop, and setting both the blocks and depends at the same time allowed a real dependency loop to be created.
• Bug 120537 (b) - fix previous patch to not complain if there’s no .htaccess file.
• Bug 132939 - “zarro bugs found” is no more
• Remaining pieces of Bug 23067 from yesterday… no idea why the first commit didn’t pick these up.
• Bug 107513: Makes it possible to change parameters on an installation where access to the scripts is not limited to the web server user.
• Bug 133833. Error in templatized version of userprefs.cgi. Error with ExcludeSelf form variable being all lowercase.
• Bug 23067: Allow the user to change their email address through the preferences. Sends out tokens in email to both addresses which have to be confirmed by the new address, and can be cancelled by the old one. Entering your password on the preferences page is required to initiate the process.
• Bug 134465 - Don’t die() if the admin email address doesn’t match the regexp.
• Better fix for bug 132929, buglist.cgi “long format” button doesn’t work.
• Bug 133425: adding missing FILTERs in the template
• Bug 92263: Don’t output SQL commands before the footer when syncshadowdb fails (only affects Bugzillas that are running shadow databases)
• Bug 120537 - Allow the use of a local ‘dot’ binary to generate dependency graphs
• Bug 133210 - typo in checksetup; uses $::params instead of $::param
• Bug 133862 - bugzilla index page doesn’t focus text field
• Bug 104589 - prevent user closing window from terminating Bugzilla scripts.
• Bug 133425 - FILTERs and other fixes in show_bug.html.tmpl.
• Bug 133200 - mass change removes dependencies.
• Bug 133206 - mass change uses ‘severity’ rather than ‘bug_severity’.
• Bug 133389: changing anything on a bug from the show_bug.cgi page would reset its component to the first in the product.
• Bug 133372 - FILTER uri on milestone URL.
• Fixes to small issues with show_bug.cgi templatisation. Bug 133276 - groups test is wrong.
• Bug 133201 - js syntax error in show_bug
• Bug 128419 - link to email preferences from bug changed notification is wrong
• Bug 110012 - show_bug templatisation.
• Bug 132634 - remove warning in reports.cgi when quips aren’t used.
• Bug 131659 - need to fixPerms the css directory
• Bug 131521 - Set $::ENV{PATH} so that we don’t get bogus 15 line warnings from perl 5.6.1’s Cwd.pm on every system() call.
• Bug 132929 - buglist.cgi ‘long format’ button doesn’t work
• Bug 106386 rid source of misspellings
• Bug 118953 - incorrect message from checksetup.pl
• Bug 92905 - perl error when editing user and no groups defined
• Bug 131568: template/default/global/header validates HTML 4.01 Transitional
• Bug 103953 again = XHTML fixes.
• Bug 129466 - use IP addr (not hostname) in logincookies table
• Bug 126789 - templatise token.cgi.
• Bug 97739: Confirms deletion of an attachment status in browsers with no-JS/JS-off.
• Bug 103778: Rewrites and templatizes buglist.cgi.
• Bug 130254 - Template params don’t have to exist, since they may be subject to interpolation. Ignore names with $ in them as a workaround
• Bug 72184: prevents users from entering too-large comments/descriptions that get rejected by MySQL’s MAX_PACKET_SIZE restrictions.
• Bug 129017 - perl error in apache log
• Bug 129016: Corrects conditional operator.
• Bug 128784: Eliminates redundant function call in userprefs.cgi.
• Bug 106377 - processmail rescanall should use lastdiffed

Bugzilla 2.16 Release Candidate 1 is now available

by Bugzilla Team

At long last and after much banging of heads against walls, we are proud to announce the availability of a release candidate for Bugzilla 2.16. Check out the download page for links to download or update to it. Unless any major problems are found, this is what we’d like to release as version 2.16. Be sure to check out our latest status update before downloading.

Bugzilla Status Update

by Dave Miller (justdave)

Introduction

Unfortunately, it is clear at this point that we will not make our revised goal of March 1st for the 2.16 release, either. We were almost there at one point, then we discovered several files that needed to be templatized that got missed in the first round, and a number of regressions in other parts of Bugzilla that really need to be fixed before we can release. Although we’ve had a feverish rate of checkins in the last two weeks compared to the last couple months, the new template bugs and the regressions have added to our buglist, so it appears that we’re going backwards. I hate moving targets, so I’m only going to say that it’ll be out whenever it’s done now, but I can tell you it won’t be long. We’re moving at a rapid pace now.

Highly Misleading & Meaningless Statistics

Templatisation Update

Bugzilla Templatisation is taking longer than expected, but we’re considerably far along at this point. There are currently 10 user-visible cgi pages left to templatize (out of 21 total), 5 of which are currently undergoing review. With a couple notable exceptions (buglist.cgi and show_bug.cgi) most of the remaining ones aren’t so difficult.

Bugs relevant to the templating process that are still outstanding are:

• Bug 86168 - The main “umbrella” bug.

• Bug 103778 - buglist.cgi
• Bug 110012 - show_bug.cgi
• Bug 117760 - showvotes.cgi
• Bug 119635 - duplicates.cgi
• Bug 124920 - post_bug.cgi
• Bug 124937 - show_activity.cgi
• Bug 125660 - process_bug.cgi
• Bug 126789 - token.cgi
• Bug 126792 - showdependencygraph.cgi
• Bug 126793 - showdependencytree.cgi

Other bugs about templates in Bugzilla: (targetted for 2.16)

• Bug 98658 - Let administrator know which customised templates have been updated by Bugzilla team
• Bug 97832 - turn on template pre-compilation
• Bug 126908 - no templates should be in the admin directory
• Bug 126955 - Bugzilla should support translated/localized templates

2.16 Goals

The current goals for our 2.16 release are still:

• HTML 4.01 Transitional compliance. (this is being handled in tandem with the templatization)
• Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (10 bugs remain)
• Allow users to change their own email addresses, instead of having to bug the site admin (using verification emails sent to both the old and new addresses to validate the change) (reviewed needs-work, waiting an updated patch)
• Remove old attachment code in favor of the new attachment tracker system. (complete)
• Enable Perl’s taint mode for all user accessible files, and taint-check anything being sent to the database.(complete)

For a more up to date list, see the roadmap. Also, the current list of open bugs that are considered release blockers can be found in this buglist.

New Resources for Reviewers and Developers

We’ve added a Developers’ Guide and a Reviewers’ Guide to our website to assist new developers and reviewers. These are recommended reading for anyone that wants to contribute to the project.

Bugzilla Bug Reports May Have a New Home Soon

Traditionally, bugzilla.mozilla.org (henceforth referred to as “b.m.o”) has always run the cvs tip of Bugzilla, and as such has been the “proving ground” for Bugzilla releases before they get released. b.m.o has a lot of traffic, and due to that traffic level, there were always bugs found there any time b.m.o updated to the tip.

As Bugzilla has grown, so has Mozilla. Mozilla is getting huge (if we didn’t all already know that ;) and mozilla.org, as a result, is starting to view b.m.o as a production-critical installation, and is no longer willing to experiment with it.

But Bugzilla itself has a rapidly growing community of users and supporters as well, and we now believe that the people reporting bugs and developing for Bugzilla produce enough traffic on their own to get a reasonable test of the software in production, if it were on its own. The Bugzilla product has almost 1000 open bugs (and over 1800 resolved bugs).

To this end, mozilla.org is investigating setting up a separate instance of Bugzilla (yet to be named) which will have all bugs from the Bugzilla and Webtools products moved to it. This new installation will become our “live production testbed” for Bugzilla, always running somewhere close to the tip of cvs, while b.m.o will begin running only the stable releases after they’ve been proven.

There are many things which will need to happen first to make way for this. For instance, better ability for Bugzilla installations to communicate with each other. For details and dependencies, see Bug 127876.

Upcoming Major Features

Major new features are being working on. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

• PostgreSQL support. (Bug 98304)
• Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
• Ability to add generic customized fields to bugs (Bug 91037)
• Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
• Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
• Request tracker, for managing requests to change things about bugs. (Bug 98801)
• Use template pages instead of hard-coding the HTML into the perl. (Bug 86168)
• mod_perl support. (Bug 87406)
• New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Checkins Since the Last Status Update

Get this list from Bonsai

• Bug 106377 - processmail rescanall now uses lastdiffed time to locate bugs that have mail that didn’t get sent, also adds a sanity check for the same
• Bug 127524 - checksetup.pl claimed localconfig had compile errors if XML::Parser wasn’t installed ($@ wasn’t getting cleared before testing localconfig)
• Bug 99209 - display links on dependency tree page for modifying multiple bugs listed in the dependency tree
• Bug 128437 - regression from userprefs redesign, default email preferences weren’t being displayed correctly
• Bug 128422 - regression from userprefs redesign, everyone was getting email on all changes regardless of email preferences
• Bug 112537 - some bug summaries were missing in a dependency tree with a depth limit set
• Bug 127318 - push UserInGroup function to templates
• Bug 119657 - cleaning up the way we check for template errors
• Bug 107743 - post_bug.cgi wasn’t properly validating some parameters
• Bug 117060 - templatize userprefs.cgi, also got new tabs and a new layout for the email preferences
• Bug 127519 - fixing an error after doing a change columns from the buglist
• Bug 126788 - templatize xml.cgi
• Bug 127841 - add processmail and syncshadowdb to the list of files that need the bonsaitools perl path changed in order to run from another perl location
• Bug 97729 - uploaders need to be able to obsolete their own attachments
• Bug 127507 - one too many blank lines in each comment
• Bug 126791 - templatize relogin.cgi
• Bug 110711 - resolves a number of issues with the original query.cgi templates
• Bug 97496 - more cleanup to release notes
• Bug 117515 - templatize describekeywords.cgi
• Bug 115369 - templatize long_list.cgi
• Bug 126487 - Edit attachment as comment was causing an immediate submit instead of letting you edit it in newer Mozilla builds
• Bug 118774 - The keyword field wasn’t showing up on the query page because have_keywords wasn’t being properly set before passing it to the template
• Bug 125516 - “-ti” doesn’t work in exim, so changing sendmail calls to use “-t -i” instead.
• Bug 97496 - Some cleanup to the release notes in preparation for the 2.16 release
• Bug 125835 - Removed an old sarcastic comment from the code generated for localconfig so that it doesn’t imply that using a database password might be bad.

New Guides available and another status update

by Bugzilla Team

We’ve added a Developers’ Guide and a Reviewers’ Guide to our “Developer Resources” page to assist those interested in getting involved to get to know how we do things.

We also have a long awaited status update to explain why we still haven’t released Bugzilla 2.16.

Bugzilla Status Update

by Zach Lipton (zach)

Introduction

It is clear at this point that we will not make our goal of February 15th for the 2.16 release. However, the Bugzilla tree is now frozen and is only accepting bugs that have been targeted as 2.16 blockers, and things are moving quickly now, so it looks reasonable that we won’t have to delay again beyond March 1st, and will probably release sooner if the right things fall into place before then.

Highly Misleading & Meaningless Statistics

New Committer

Bugzilla welcomes Christian Reis (kiko has he is known on #mozwebtools, irc.mozilla.org) as Bugzilla’s latest cvs committer. Kiko is looking forward to squashing even more new bugs and making the 2.16 release great.

Templatisation Update

Bugzilla Templatisation is well underway. There are currently 8 user-visible cgi’s or html pages left to templatize, all, but one of which are undergoing review.

Bugs relevant to the templating process that are still outstanding are:

• Bug 86168 - The main “umbrella” bug.
• Bug 103778 - buglist.cgi
• Bug 115369 - long_list.cgi
• Bug 110012 - show_bug.cgi
• Bug 110013 - describecomponents.cgi
• Bug 117515 - describekeywords.cgi
• Bug 117060 - user_prefs.cgi
• Bug 117760 - showvotes.cgi
• Bug 119635 - duplicates.cgi

Other bugs about templates in Bugzilla:

• Bug 98658 - Let administrator know which customised templates have been updated by Bugzilla team
• Bug 97832 - turn on template pre-compilation
• Bug 106612 - All the files *.html files currently in the main directory

2.16 Goals

The current goals for our 2.16 release are still:

• HTML 4.01 Transitional compliance.
• Templatization of all customer-visible CGI pages, to allow easy customization by the administrator (8 bugs remain)
• Allow users to change their own email addresses, instead of having to bug the site admin (using verification emails sent to both the old and new addresses to validate the change) (awaiting review)
• Remove old attachment code in favor of the new attachment tracker system. (complete)
• Enable Perl’s taint mode for all user accessible files, and taint-check anything being sent to the database.(complete)

Note that the “complete redesign of the schema related to security groups to eliminate the “funky groupset math” and allow more than 55 bug groups to be created” has been pushed to early 2.18.

For a more up to date list, see the roadmap. Also, the current list of open bugs that are considered release blockers can be found in this buglist.

Upcoming Major Features

Major new features are being working on. Some of these will appear in 2.16. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

• PostgreSQL support. (Bug 98304)
• Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
• Ability to add generic customized fields to bugs (Bug 91037)
• Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
• Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
• Request tracker, for managing requests to change things about bugs. (Bug 98801)
• Use template pages instead of hard-coding the HTML into the perl. (Bug 86168)
• mod_perl support. (Bug 87406)
• New makefile-based installation system (Bug 104660, Bug 105854, Bug 105855, and Bug 105856)

Checkins Since the Last Status Update

Get this list from Bonsai

• Bug 124869 - Conversion script to import bugs from Jitterbug into Bugzilla contributed by Tom Emerson placed in the contrib folder
• Bug 97471 - The assignee and qa contact should always be able to see their bugs
• Bug 100094 - use generic template handling code
• Bug 99024 - checksetup was not giving proper permissions to the contents of the template directory. This patch also adds an .htaccess file that blocks access to the template folder by the web server.
• Bug 120756 - Moving JS to beginning of file to avoid IE warnings.
• Bug 97966 - Changing the product in the query page would remove your component, version, and milestone selections
• Bug 122897 - Comments entered on the bug form are now added to the bug before it is closed and moved when moving a bug
  to another Bugzilla install
• Bug 119005 - The instructions in editgroups.cgi incorrectly state that you can’t use spaces in a group name. You in
  fact can.
• Bug 117055 - Emails were being truncated if they contained a line with nothing but a period on them
• Bug 119755 - strictvaluechecks should always be enabled
• Bug 122418 - obsoleting a patch from the create attachment screen gave
  a taint error
• Bug 122418 - setting attachment status fails taint checks
• Bug 110012 - show_bug.cgi templatisation
• Bug 87398 - checksetup.pl should warn if not run as root
• Bug 95732 and Bug 58242 - Remove logincookies.cryptpassword, and invalidate cookies from the db when required instead
• Bug 14461 - QA contact is no longer required
• Bug 121747 - Stops every script before it does anything else if Bugzilla is currently shut down
• Bug 98021 - Cleans up “edit attachment” interface on NS4.x by removing text of buttons that do not work in that browser
• Bug 122154 - Eliminiate the use of the “usetms” Javascript cache variable
• Bug 109138 - platform detection not working on macintosh
• Bug 122744 - Charting fails taint checks
• Bug 122636 - Templatise colchange.cgi
• Bug 122589 - Update gnats conversion script to newer schema of 2.14
• Bug 104521 - Removes old attachment interface in favor of new attachment tracker
• Bug 122154 - change arrays to numeric, and clean up query.atml js
• Bug 117509 - createaccount.cgi templatisation.
• Bug 121735 - Perl warning running checksetup.pl if a module has a
  non-numeric version number
• Bug 117759 - quips.cgi rewrite and templatisation
• Bug 93037 - use YYYY-MM-DD HH:MM formatting for attachment dates
• Bug 120543 - Software error when entering a bug when not logged in & only
  one product
• Bug 121074 - taint error after changing bug
• Bug 98368 - dbi connect doesn’t use db_port option
• Bug 121170 - template outputs empty <style> tag
• Bug 113438 - The DTD from Bugzilla’s XML output was not correct, so any attempts to validate the output were futile
• Bug 108982 - enable taint mode for all user-facing CGI files
• Update of documentation
• Bug 120817 - Log Out and %commandmenu% in bannerhtml
• Bug 119060 - Use of Template.pm filters for url and html encoding

Final Countdown to Bugzilla 2.16

by Bugzilla Team

We’ve finally entered our final countdown to the Bugzilla 2.16 release. Read all about it our latest status update.

Bugzilla Status Update

by Jacob Steenhagen (jake)

Introduction

It’s been a while since the previous (AKA, first) status update, so this one will be a bit longer than may be considered ideal. As you are probably aware, the 2.16 release of Bugzilla hasn’t happened yet. We are working hard at making this release a reality, but the members of the core team have been very busy lately with other endevors (rumor has it that some of us have a life :). As of this writing, the goal is to freeze the tree on Saturday, February 2, 2002 with a release happening on Saturday, February 16.

Highly Misleading & Meaningless Statistics

The 2.14.1 Release

During the time that the trunk was open for 2.15 development, the decision was made that in order to provide better security, all .cgi files should run in taint mode. As of the 2.14 release, only processmail ran in taint mode. In the process of turning on taint mode in the perl files and for anything entering the database, there were numerous security holes discovered, some of which allowed you to masquerade as another user, others allowed you to glean information about secure bugs. It was decided that these holes were of a high enough severity to backport the patches to 2.14 and put out an interm release rather than wait for 2.16 to come out. More specific information can be found in the 2.14.1 Release Notes.

Please note that 2.14.1 does not run in taint mode. Also, the goal for 2.16 is to have all the user accessible files running in taint mode (basically, anything that doesn’t start with edit).

Templatisation

For better or for worse, templatisation of all user visible .cgi’s is now a 2.16 release goal. The “better” part is that it makes customizing the look and feel of the front end much easier as you only have to change the template, you don’t have to change any of the perl code. The “worse” is that it’s a lot of work and probably one of the main reasons for the constant delays of 2.16.

The minimum version of the Template Toolkit was recently increased to be 2.06 instead of 2.01. This is because there were certain features that required this newer version that we wanted to take advantage of in Bugzilla. See bug 120081 for more information.

The Template Toolkit is available from their web page. If you use linux, you can also get the module from CPAN. Instructions for using PPM on win32 are available from their web page.

Bugs relevant to the templating process that are still outstanding are:

• Bug 86168 - The main “umbrella” bug.
• Bug 103778 - buglist.cgi
• Bug 115369 - long_list.cgi
• Bug 103953 - enter_bug.cgi
• Bug 110012 - show_bug.cgi
• Bug 110013 - describecomponents.cgi
• Bug 117060 - user_prefs.cgi
• Bug 117509 - createaccount.cgi
• Bug 117759 - quips.cgi
• Bug 106612 - All the files *.html files currently in the main directory

2.16 Goals

The goals for our 2.16 release have changed since the last status update. When that update was written, the goal was to have no patches setting around bit-rotting. It was determined that while this is an admirable goal, there were other things that Bugzilla needed more, such as the aforementioned templates. Reducing the patch queue and accepting submissions from non-core developers is an ongoing goal for the Bugzilla development team, but we are constantly faced with the difficult decision of how to manage what little time we have to work on this project.

The current goals for our 2.16 release are:

• HTML 4.01 Transitional compliance.
• Templatization of all customer-visible CGI pages, to allow easy customization by the administrator
• Allow users to change their own email addresses, instead of having to bug the site admin (using verification emails sent to both the old and new addresses to validate the change)
• Complete redesign of the schema related to security groups to eliminate the “funky groupset math” and allow more than 55 bug groups to be created.
• Remove old attachment code in favor of the new attachment tracker system.
• Enable Perl’s taint mode for all user accessible files, and taint-check anything being sent to the database.

For a more up to date list, see the roadmap. Also, the current list of open bugs that are considered release blockers can be found in this buglist.

Contributions

There are many ways you can help the Bugzilla team.

• Patches to Fix Bugs/Implement New Features. These are very welcome, especially if they are targetted for the 2.16 milestone! They need to be appropriately generic for all Bugzilla installations and conform to our other requirements (see the hackers’ guide) before they can appear in CVS, but if you don’t wish to do this, anything is better than nothing, and we can use your work as a base.
• New documentation. If you think you can help with the documentation for Bugzilla, please contact Matthew Barnson.
• Testing. Search for bugs in the Bugzilla software, as well as trying out pending patches in the bug system.
• Review. If you have experience with Perl and Bugzilla code, it would be very useful if you look over pending patches in the bug system and see if there are any problems with them. Generally we expect reviewers to have submitted some patches first so we can evaluate their ability. If you fit into this category, please contact Dave Miller about this.
• Automatic Problem Finding. If you have ideas for automatically detecting problems, please let the team know by filing a bug in the Testing Suite component.

The Bugzilla team mainly communicates through the IRC channel #mozwebtools on irc.mozilla.org. All are welcome on this channel, whether you are an administrator of a Bugzilla installation or wish to contribute. The more the merrier.

Upcoming Major Features

Major new features are being working on. Some of these will appear in 2.16. If you would like to know when we plan on adding one of these feature, you can get that information from the bug requesting its implementation. These include:

• PostgreSQL support. (Bug 98304)
• Ability to have more than 55 groups, which will also allow a finer grained rights system to be introduced. (Bug 68022)
• Customised resolutions, that allow adding, removing, deactivating and renaming of resolutions. (Bug 94534)
• Expanding the e-mail preferences to allow watching components, keywords, etc. (Bug 73665)
• Request tracker, for managing requests to change things about bugs. (Bug 98801)
• Use template pages instead of hard-coding the HTML into the perl. (Bug 86168)
• mod_perl support. (Bug 87406)

Checkins Since the Last Status Update

Get this list from Bonsai

• Bug 73180 - Put a notice in the versioncache file stating that it’s automatically generated
• Bug 104340 - Change the UI for the toolbar that allows bugs to be hidden in the dependency tree
• Bug 105480 - Use the friendly name from the fielddefs table when reporting strictvalue errors if it’s available
• Bug 71840 - Make comments referenceable using a #c4 to get the fourth comment
• Bug 63249 - The Bug Counts report was running very slowly due to unneeded fields/joins in the SQL query
• Bug 97469 - Fixed the mail handling code to allow “extra” people that can see a restricted bug to get e-mail about it
• Bug 95024 - Fixed the query code to allow “extra” people see their bugs in a buglist
• Bug 101560 - BASH_ENV was casing processmail grief in if it existed due to Taint mode
• Bug 106315 - Added a link to the bottom of a buglist to send e-mail to all QA Contacts contained in that buglist
• Bug 104065 - Stop uninitialized string warnings from getting into the error log when the login cookie doesn’t exist
• Bug 98602 - Completely redesigned the Create Attachment page
• Bug 81594 - SQL error after editing user entry when changing numerous things at once
• Bug 150879 - Footer links have an extra | by Sanity Check
• Bug 96675 - checksetup.pl should require admin e-mail address satisfy emailregexp
• Bug 95615 - cosmetic change to clarify error message when trying to use too many votes
• Bug 105773 - Email addresses in the CC list are now sorted case-insensitively
• Bug 107718 - Do bit fiddling instead of adding groupsets from the first bug to prevent problems with mass changes
• Bug 107672 - All new regular expressions for determining what browser/os is being used
• *Bug 108516 - Stopped trusting the hidden form value from enter_bug.cgi to determine who is filing the bug
• *Bug 108385 - Stopped trusting the hidden value from the bug form when adding a comment to the database.
• Bug 108547 - Use proper DOM code on the edit attachment page
• Bug 101166 - Allow “extra” people to see that the bug is in a group
• *Bug 108812 - Prevent users from running queries containing arbitrary SQL
• *Bug 108821 - Prevent users with blessgroupset privileges from blessing any group set
• *Bug 108822 - Prevent any user from changing their own groupset
• Bug 104652 - Duplicate bugs in the dependency tree now get marked with the message “This bug appears elsewhere in this tree.” so users know why the bug does not appear to have dependencies
• Bug 99519 - timestamps were not being set correctly in the activity table in some situations, and the delta_ts on the bug itself was not always being updated if dependencies or CCs changed
• Bug 109048 - Fixed error when creating attachments without logging in
• Bug 109138 - Fixed a problem where Bugzilla didn’t detect Macs
• *Bug 109690 - Verify that all bugs passed to longlist.cgi are valid
• Bug 86300 - Don’t link to bugs that do not exist. Also, cache the results of the GetBugLink()
• Bug 99518 - Added license header to all templates
• Bug 98110 - Make the attachment change page look like the bug changed page
• Bug 6419 - Tools that can be used to generate Bugzilla queries on the command line were added to the contrib/ directory
• Bug 101560 - Cleared some more environment variables that caused issues when running in Taint mode
• Bug 104667 - Votes field (text style) on showvotes.cgi defaults to size 5, not natural size and doesn’t include a maxlength attribute
• Bug 12284 - allow user to specify which columns to display in a bug list
• Bug 92500 - Line-feeds were not being properly converted when submitting parameter changes with some Mac browsers
• Bug 107120 - Make the header template generate valid HTML 4.01 Transitional
• Bug 107120 - After entering a new bug, the link offering to add an attachment to the bug you just created pointed at the old attachment form instead of the new one
• Bug 100788 - enter_bug.cgi wasn’t correctly interpretting whether or not a partial URL needed an http:// added to the front of it
• Bug 105812 - The footer link for editing Products was incorrectly labled as Components
• Bug 98707 - Complete redesign of the query page
• Bug 109240 - Fixed a regression that caused a really long line in e-mail
• *Bug 102141 - The Product select box now only shows products the user has access to (and the product the bug is in, if the user is viewing it because of some other override)
• Bug 93754 - Individual keywords can be linked to on the describe keywords page by using HTML anchors
• Bug 99864 - consistant use of “product” vs “program”
• Bug 104261 - Made sure all files that use templates look inside the custom directory first
• Bug 61634 - explain what “Milestone URL” is on the editproducts page
• Bug 109530 - Fixed Bug.pm so it doesn’t quote xml characters until it’s asked to output xml (instead of doing it both ways)
• Bug 101875 - Put the product column before the component column rather than after
• Bug 109802 - Make it clear how to enter mysql passwords with special characters into localconfig
• Bug 108312 - The mid-air collision page was only showing the most recent changes if two people committed changes to a bug while you were viewing it.
• Bug 54901 - If you were using LDAP authentication it would let you log in as anyone if you left the password blank
• Bug 37339 - Added a sidebar for Mozilla based browsers that contains the saved queries from the page footer
• Bug 80183 - Make the index page use a template and contain the normal page footer
• Bug 102487 - Check for lack of comments and warn before checking to see if the product has changed
• Bug 113646 - An error would occur if there was a midair collision and the assignee was being changed
• Bug 98080 - If attachment.cgi is run without any params, it will now prompt for the attachment number
• Bug 97784 - Wrap comments properly on “edit attachment” page
• *Bug 109679 - It was possible to send arbitrary SQL to buglist.cgi by altering the HTML form before submitting
• Bug 113975 - Changing only cc on mass change page incorrectly gives an error that you didn’t select anything to change
• Bug 113383 - Add a link to the dependent bug in emails about a dependent bug changing state
• Bug 99608 - Dependency mails are no longer sent if the dependent bug can’t be seen by the would-be recipient of the email
• Bug 120081 - Bugzilla now requires version 2.06 of the Template Toolkit

Bugs with an asterisk (*) next to them were also checked into the 2.14.1 branch

Bugzilla 2.14.1 Released!

by Bugzilla Team

Bugzilla 2.14.1 is now available for download. For details of upgrade options and download locations see the downloads page.

If you already have a version of Bugzilla 2.15 that was checked out of CVS, please DO NOT DOWNLOAD THIS VERSION, but use cvs update to pull in these fixes. Bugzilla 2.14.1 does not contain most of the code currently in CVS, but is only patches that have been back-ported to the 2.14 code base in order to seal security holes that were too important to wait until we finish 2.16. If you have version 2.15 from CVS and have have updated later than January 3, 2002, you already have all of these security fixes.

View the release notes and the security advisory.

For changes between 2.14 and 2.14.1, view the Bugzilla changelog.

Bugzilla 2.16 is still in progress

by Bugzilla Team

We’ve now missed more than one target trying to complete Bugzilla 2.16. Based on our current progress, we’ve backed our target release date off to February 1st. We’re deeply sorry to keep everyone waiting, but we’d rather have it done right than rushed, and several of us have been short on time lately. If you can assist with any coding for the remaining blockers, feel free to submit patches to the bugs in question. See the Master Plan page for a link to those bugs.

Master Plan updated

by Bugzilla Team

The Master Plan page has finally been updated to reflect reality :)