# We don't html escape here because we escape above;
# wierd terminators are because of that
$body =~ s{((?:ftp|http|https|svn|ftps|rsync)://[\S~-]+?/?) # Url
- ((?:\>\;)?[)]?(?:'|\&\#39\;)?[:.\,]?(?:\s|$)) # terminators
+ ((?:\>\;)?[)]?(?:'|\&\#39\;|\"\;)?[:.\,]?(?:\s|$)) # terminators
}{<a href=\"$1\">$1</a>$2}gox;
# Add links to bug closures
$body =~ s[((?:closes|see):\s* # start of closed/referenced bugs
$output .= $text;
# Link to forwarded http:// urls in the midst of the report
# (even though these links already exist at the top)
- $output =~ s,((?:ftp|http|https)://[\S~-]+?/?)((?:[\)\'\:\.\,]|\&\#39;)?(?:\s|\.<|$)),<a href=\"$1\">$1</a>$2,go;
+ $output =~ s,((?:ftp|http|https)://[\S~-]+?/?)((?:[\)\'\:\.\,]|\&\#39;|\"\;)?
+ (?:\s|\.<|$)),<a href=\"$1\">$1</a>$2,gxo;
# Add links to the cloned bugs
$output =~ s{(Bug )(\d+)( cloned as bugs? )(\d+)(?:\-(\d+)|)}{$1.bug_links(bug=>$2).$3.bug_links(bug=>(defined $5)?[$4..$5]:$4)}eo;
# Add links to merged bugs
{$1.$2.(bug_links(bug=>$3)).$4.
english_join([map {bug_links(bug=>$_)} (split /\,?\s+(?:and\s+)?/, $5)])}eo;
# Add links to reassigned packages
- $output =~ s{(Bug reassigned from package (?:[\`']|\&\#39;))([^']+?)((?:'|\&\#39;) to (?:[\`']|\&\#39;))([^']+?)((?:'|\&\#39;))}
- {$1.q(<a href=").html_escape(package_links(package=>$2)).qq(">$2</a>).$3.q(<a href=").html_escape(package_links(package=>$4)).qq(">$4</a>).$5}eo;
+ $output =~ s{(Bug\sreassigned\sfrom\spackage\s(?:[\`']|\&\#39;))([^']+?)((?:'|\&\#39;|\"\;)
+ \sto\s(?:[\`']|\&\#39;|\"\;))([^']+?)((?:'|\&\#39;|\"\;))}
+ {$1.q(<a href=").html_escape(package_links(package=>$2)).qq(">$2</a>).$3.
+ q(<a href=").html_escape(package_links(package=>$4)).qq(">$4</a>).$5}exo;
if (defined $time) {
$output .= ' ('.strftime('%a, %d %b %Y %T GMT',gmtime($time)).') ';
}
#412815). Thanks to martin krafft, Paul Wise, and Julien Valroff.
* Fix XSS in version.cgi, thanks to Vlad Constantin (Closes: #762967).
* Add affects to bugreport.cgi package info header (Closes: #609687).
+ * Stop URLs at " too. Thanks to Vincent Lefevre (Closes: #766354).
[Thanks to Arnout Engelen: ]
* Add Homepage (closes: #670555).
Architecture: all
Depends:
${misc:Depends},
- libdebbugs-perl, apache | httpd
+ libdebbugs-perl, apache2 | httpd
Suggests: libcgi-alert-perl, libapache2-mod-perl2
Description: web scripts for the active Debian BTS
Debian has a bug tracking system which files details of bugs reported by
+# -*- mode: apache; -*-
<VirtualHost *>
ServerName bugs.debian.org
ServerAdmin owner@bugs.debian.org
DocumentRoot /var/lib/debbugs/www/
- ErrorLog /var/log/apache/debbugs-error.log
- CustomLog /var/log/apache/debbugs-access.log combined
-
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
+ ErrorLog /var/log/apache2/debbugs-error.log
+ CustomLog /var/log/apache2/debbugs-access.log combined
<Directory /var/lib/debbugs/www>
- Options -Indexes FollowSymLinks MultiViews
- AllowOverride Options
- Order allow,deny
- allow from all
- </Directory>
-
- <Directory /var/lib/debbugs/www/db>
- AllowOverride Indexes
- </Directory>
-
- <Directory /var/lib/debbugs/www/txt>
- Options +Indexes
+ Options Indexes SymLinksIfOwnerMatch MultiViews
+ DirectoryIndex index.en.html
+ Require all granted
</Directory>
ScriptAlias /cgi-bin/ /var/lib/debbugs/www/cgi/
<Directory "/var/lib/debbugs/www/cgi/">
AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
+ Options ExecCGI SymLinksIfOwnerMatch
+ Require all granted
</Directory>
RewriteEngine on
RewriteRule .* - [L]
RewriteRule ^/([0-9]+)$ /cgi-bin/bugreport.cgi?bug=$1 [L,R,NE]
RewriteRule ^/([^/]+)$ /cgi-bin/pkgreport.cgi?pkg=$1 [L,R,NE]
- <IfModule mod_perl.c>
- <Directory /org/bugs.debian.org/cgi-bin/sql>
- SetHandler perl-script
- PerlHandler Apache::Registry
- Options +ExecCGI
- </Directory>
- </IfModule>
</VirtualHost>
--- /dev/null
+# -*- mode: cperl -*-
+# This is the template debbugs configuration file.
+# You *must* edit it in order for debbugs to work.
+# $Id: config.in,v 1.23 2005/07/17 19:07:01 cjwatson Exp $
+
+$gConfigDir = "/etc/debbugs"; # directory where this file is
+$gSpoolDir = "/var/lib/debbugs/spool"; # working directory
+$gIncomingDir = "incoming"; # unprocessed e-mails
+$gWebDir = "/var/lib/debbugs/www"; # base location of web pages
+$gDocDir = "/var/lib/debbugs/www/txt"; # location of text doc files
+
+# Domains
+$gEmailDomain = "bugs.something"; # e.g. bugs.debian.org
+$gListDomain = "lists.something"; # e.g. lists.debian.org
+$gWebHost = "localhost"; # e.g. www.debian.org
+$gWebHostBugDir = "Bugs"; # e.g. Bugs
+# For now, don't change this one manually!
+$gWebDomain = "$gWebHost/$gWebHostBugDir";
+$gHTMLSuffix = ".html";
+$gCGIDomain = "$gWebDomain/cgi"; # e.g. cgi.debian.org
+$gMirrors = ""; # comma separated list
+$gPackagePages = "packages.debian.org"; # e.g. packages.debian.org
+$gSubscriptionDomain = "packages.something"; # e.g. packages.qa.debian.org
+$gBugSubscriptionDomain = ""; # e.g. lists.debian.org (requires one list per bug
+ # of the name bugs=<bugno>@<gBugSubscriptionDomain>
+# Project identification
+$gProject = "Something"; # e.g. Debian
+$gProjectTitle = "Something DebBugs Test"; # e.g. Debian GNU/Linux
+# Person(s) responsible for this installation
+$gMaintainer = "Local DebBugs Owner"; # e.g. Ian Jackson
+$gMaintainerWebpage = "http://localhost/~owner"; # e.g. http://www.debian.org/~iwj
+$gMaintainerEmail = "root\@something"; # e.g. owner@bugs.debian.org
+$gUnknownMaintainerEmail = "$gMaintainerEmail"; # e.g. unknown-package@qa.debian.org
+
+# BTS mailing lists, at $gListDomain
+# if you don't want lists, set them all to $gMaintainerEmail
+# if you don't want that mail at all, filter it out somehow :)
+$gSubmitList = "bug-submit-list"; # e.g. debian-bugs-dist
+$gMaintList = "bug-maint-list"; # e.g. debian-bugs-dist
+$gQuietList = "bug-quiet-list"; # e.g. debian-bugs-dist
+$gForwardList = "bug-forward-list"; # e.g. debian-bugs-forwarded
+$gDoneList = "bug-done-list"; # e.g. debian-bugs-closed
+$gRequestList = "bug-request-list"; # e.g. debian-bugs-dist
+$gSubmitterList = "bug-submitter-list"; # e.g. debian-bugs-dist
+$gStrongList = "bug-strong-list"; # e.g. debian-bugs-dist
+$gControlList = "bug-control-list"; # e.g. debian-bugs-dist
+$gSummaryList = "bug-summary-list"; # e.g. debian-bugs-reports
+$gMirrorList = "bug-mirrors-list"; # sends to all mirrors
+
+# Various configurable options
+$gMailer = "exim"; # valid: exim, qmail and sendmail
+
+$gDefaultSeverity = "normal";
+$gShowSeverities = "critical, grave, normal, minor, wishlist";
+@gStrongSeverities = ( 'critical', 'grave' );
+@gSeverityList = ( 'critical', 'grave', 'normal', 'wishlist' );
+%gSeverityDisplay = ( 'critical', "Critical $gBugs",
+ 'grave', "Grave $gBugs",
+ 'normal', "Normal $gBugs",
+ 'wishlist', "Wishlist items" );
+@gTags = ( 'patch', 'wontfix', 'moreinfo', 'unreproducible', 'fixed', 'stable' );
+
+
+# Required data files
+$gMaintainerFile = "$gConfigDir/Maintainers";
+$gMaintainerFileOverride = "$gConfigDir/Maintainers.override";
+$gPseudoDescFile = "$gConfigDir/pseudo-packages.description";
+$gPackageSource = "$gConfigDir/indices/sources";
+
+
+1;
--- /dev/null
+# This is the bugs.debian.org debbugs configuration file.
+# $Id: config.debian,v 1.27 2005/07/17 19:07:01 cjwatson Exp $
+
+# Domains
+$gEmailDomain = "bugs.debian.org";
+$gListDomain = "lists.debian.org";
+$gWebHostBugDir = "";
+$gWebDomain = "www.debian.org/Bugs";
+$gHTMLSuffix = "";
+$gPackagePages = "packages.debian.org";
+$gCGIDomain = "bugs.debian.org/cgi-bin";
+$gMirrors = ""; # comma separated list
+$gSubscriptionDomain = "packages.qa.debian.org";
+
+# Project identification
+$gProject = "Debian";
+$gProjectTitle = "Debian GNU/Linux";
+# Person(s) responsible for this installation
+$gMaintainer = "Debian bug tracking system administrator"; # should be plural but that would require changes to other scripts
+$gMaintainerEmail = "owner\@bugs.debian.org";
+
+# BTS mailing lists, at $gListDomain
+$gSubmitList = "debian-bugs-dist";
+$gMaintList = "debian-bugs-dist";
+$gQuietList = "debian-bugs-dist";
+$gForwardList = "debian-bugs-forwarded";
+$gDoneList = "debian-bugs-closed";
+$gRequestList = "debian-bugs-dist";
+$gSubmitterList = "debian-bugs-dist";
+$gControlList = "debian-bugs-dist";
+$gSummaryList = "debian-bugs-reports";
+$gMirrorList = "debian-bugs-mirror"; # sends to all mirrors
+$gStrongList = "debian-bugs-rc";
+
+# Various configurable options
+$gMailer = "exim"; # valid: exim, qmail and sendmail
+$gBug = "Bug"; # how to spell `bug'
+$gBugs = "Bugs"; # how to spell `bugs'
+$gRemoveAge = 28; # days after closed bugs are cleaned out,
+ # 0 disables
+$gSaveOldBugs = 1; # whether to archive such bugs
+$gDefaultSeverity = "normal";
+$gShowSeverities = "critical, grave, serious, important, normal, minor, wishlist, fixed";
+@gStrongSeverities = ( "critical", "grave", "serious" );
+@gSeverityList = ( "critical", "grave", "serious", "important", "normal",
+ "minor", "wishlist", "fixed"
+ );
+%gObsoleteSeverities = ( fixed => 'Use the fixed tag instead.' );
+%gSeverityDisplay = ( "critical", "Critical bugs",
+ "grave", "Grave functionality bugs",
+ "serious", "Serious policy violations",
+ "important", "Important bugs",
+ "normal", "Normal bugs",
+ "minor", "Minor bugs",
+ "fixed", "NMU Fixed bugs",
+ "wishlist", "Wishlist items"
+ );
+@gTags = ( "patch", "wontfix", "moreinfo", "unreproducible", "fixed",
+ "potato", "woody", "sid", "help", "security", "upstream",
+ "pending", "sarge", "sarge-ignore", "experimental", "d-i",
+ "confirmed", "ipv6", "lfs", "fixed-in-experimental",
+ "fixed-upstream", "l10n", "etch", "etch-ignore"
+ );
+
+# better don't change this
+$gBounceFroms = "^mailer|^da?emon|^post.*mast|^root|^wpuser|^mmdf|^smt.*|^mrgate|^vmmail|^mail.*system|^uucp|-maiser-|^mal\@|^mail.*agent|^tcpmail|^bitmail|^mailman";
+
+# Directories -- do _not_ change their locations.
+# They are currently hardcoded, variables are here for future expansion.
+$gConfigDir = "/org/bugs.debian.org/etc"; # directory where this file is
+$gSpoolDir = "/org/bugs.debian.org/spool"; # working directory
+$gIndicesDir = "/org/bugs.debian.org/indices"; # directory where the indices are
+$gIncomingDir = "incoming"; # unprocessed e-mails
+$gWebDir = "/org/bugs.debian.org/www"; # base location of web pages
+$gDocDir = "/org/ftp.debian.org/ftp/doc"; # location of text doc files
+
+# Required data files
+$gMaintainerFile = "$gConfigDir/Maintainers";
+$gMaintainerFileOverride = "$gConfigDir/Maintainers.override";
+$gUnknownMaintainerEmail = "unknown-package\@qa.debian.org";
+
+$gPseudoDescFile = "$gConfigDir/pseudo-packages.description";
+$gPackageSource = "$gConfigDir/indices/sources";
+
+1;
+++ /dev/null
-# -*- mode: cperl -*-
-# This is the template debbugs configuration file.
-# You *must* edit it in order for debbugs to work.
-# $Id: config.in,v 1.23 2005/07/17 19:07:01 cjwatson Exp $
-
-# Domains
-$gEmailDomain = "bugs.something"; # e.g. bugs.debian.org
-$gListDomain = "lists.something"; # e.g. lists.debian.org
-$gWebHost = "localhost"; # e.g. www.debian.org
-$gWebHostBugDir = "Bugs"; # e.g. Bugs
-# For now, don't change this one manually!
-$gWebDomain = "$gWebHost/$gWebHostBugDir";
-$gHTMLSuffix = ".html";
-$gCGIDomain = "$gWebDomain/cgi"; # e.g. cgi.debian.org
-$gMirrors = ""; # comma separated list
-$gPackagePages = "packages.debian.org"; # e.g. packages.debian.org
-$gSubscriptionDomain = "packages.something"; # e.g. packages.qa.debian.org
-$gBugSubscriptionDomain = ""; # e.g. lists.debian.org (requires one list per bug
- # of the name bugs=<bugno>@<gBugSubscriptionDomain>
-# Project identification
-$gProject = "Something"; # e.g. Debian
-$gProjectTitle = "Something DebBugs Test"; # e.g. Debian GNU/Linux
-# Person(s) responsible for this installation
-$gMaintainer = "Local DebBugs Owner"; # e.g. Ian Jackson
-$gMaintainerWebpage = "http://localhost/~owner"; # e.g. http://www.debian.org/~iwj
-$gMaintainerEmail = "root\@something"; # e.g. owner@bugs.debian.org
-$gUnknownMaintainerEmail = "$gMaintainerEmail"; # e.g. unknown-package@qa.debian.org
-
-# BTS mailing lists, at $gListDomain
-# if you don't want lists, set them all to $gMaintainerEmail
-# if you don't want that mail at all, filter it out somehow :)
-$gSubmitList = "bug-submit-list"; # e.g. debian-bugs-dist
-$gMaintList = "bug-maint-list"; # e.g. debian-bugs-dist
-$gQuietList = "bug-quiet-list"; # e.g. debian-bugs-dist
-$gForwardList = "bug-forward-list"; # e.g. debian-bugs-forwarded
-$gDoneList = "bug-done-list"; # e.g. debian-bugs-closed
-$gRequestList = "bug-request-list"; # e.g. debian-bugs-dist
-$gSubmitterList = "bug-submitter-list"; # e.g. debian-bugs-dist
-$gStrongList = "bug-strong-list"; # e.g. debian-bugs-dist
-$gControlList = "bug-control-list"; # e.g. debian-bugs-dist
-$gSummaryList = "bug-summary-list"; # e.g. debian-bugs-reports
-$gMirrorList = "bug-mirrors-list"; # sends to all mirrors
-
-# Various configurable options
-$gMailer = "exim"; # valid: exim, qmail and sendmail
-$gBug = "bug"; # how to spell `bug'
-$gBugs = "bugs"; # how to spell `bugs'
-$gRemoveAge = 28; # days after closed bugs are cleaned out,
- # 0 disables
-$gSaveOldBugs = 1; # whether to archive such bugs
-$gDefaultSeverity = "normal";
-$gShowSeverities = "critical, grave, normal, minor, wishlist";
-@gStrongSeverities = ( 'critical', 'grave' );
-@gSeverityList = ( 'critical', 'grave', 'normal', 'wishlist' );
-%gSeverityDisplay = ( 'critical', "Critical $gBugs",
- 'grave', "Grave $gBugs",
- 'normal', "Normal $gBugs",
- 'wishlist', "Wishlist items" );
-@gTags = ( 'patch', 'wontfix', 'moreinfo', 'unreproducible', 'fixed', 'stable' );
-
-# better don't change this
-$gBounceFroms = "^mailer|^da?emon|^post.*mast|^root|^wpuser|^mmdf|^smt.*|^mrgate|^vmmail|^mail.*system|^uucp|-maiser-|^mal\@|^mail.*agent|^tcpmail|^bitmail|^mailman";
-
-# Directories -- do _not_ change their locations.
-# They are currently hardcoded, variables are here for future expansion.
-$gConfigDir = "/etc/debbugs"; # directory where this file is
-$gSpoolDir = "/var/lib/debbugs/spool"; # working directory
-$gIncomingDir = "incoming"; # unprocessed e-mails
-$gWebDir = "/var/lib/debbugs/www"; # base location of web pages
-$gDocDir = "/var/lib/debbugs/www/txt"; # location of text doc files
-
-# Required data files
-$gMaintainerFile = "$gConfigDir/Maintainers";
-$gMaintainerFileOverride = "$gConfigDir/Maintainers.override";
-$gPseudoDescFile = "$gConfigDir/pseudo-packages.description";
-$gPackageSource = "$gConfigDir/indices/sources";
-
-
-# Estraier Configuration
-%gSearchEstraier = (url => 'http://localhost:1978/node/bts1',
- user => 'user',
- pass => 'pass',
- );
-
-1;
+++ /dev/null
-# This is the bugs.debian.org debbugs configuration file.
-# $Id: config.debian,v 1.27 2005/07/17 19:07:01 cjwatson Exp $
-
-# Domains
-$gEmailDomain = "bugs.debian.org";
-$gListDomain = "lists.debian.org";
-$gWebHostBugDir = "";
-$gWebDomain = "www.debian.org/Bugs";
-$gHTMLSuffix = "";
-$gPackagePages = "packages.debian.org";
-$gCGIDomain = "bugs.debian.org/cgi-bin";
-$gMirrors = ""; # comma separated list
-$gSubscriptionDomain = "packages.qa.debian.org";
-
-# Project identification
-$gProject = "Debian";
-$gProjectTitle = "Debian GNU/Linux";
-# Person(s) responsible for this installation
-$gMaintainer = "Debian bug tracking system administrator"; # should be plural but that would require changes to other scripts
-$gMaintainerEmail = "owner\@bugs.debian.org";
-
-# BTS mailing lists, at $gListDomain
-$gSubmitList = "debian-bugs-dist";
-$gMaintList = "debian-bugs-dist";
-$gQuietList = "debian-bugs-dist";
-$gForwardList = "debian-bugs-forwarded";
-$gDoneList = "debian-bugs-closed";
-$gRequestList = "debian-bugs-dist";
-$gSubmitterList = "debian-bugs-dist";
-$gControlList = "debian-bugs-dist";
-$gSummaryList = "debian-bugs-reports";
-$gMirrorList = "debian-bugs-mirror"; # sends to all mirrors
-$gStrongList = "debian-bugs-rc";
-
-# Various configurable options
-$gMailer = "exim"; # valid: exim, qmail and sendmail
-$gBug = "Bug"; # how to spell `bug'
-$gBugs = "Bugs"; # how to spell `bugs'
-$gRemoveAge = 28; # days after closed bugs are cleaned out,
- # 0 disables
-$gSaveOldBugs = 1; # whether to archive such bugs
-$gDefaultSeverity = "normal";
-$gShowSeverities = "critical, grave, serious, important, normal, minor, wishlist, fixed";
-@gStrongSeverities = ( "critical", "grave", "serious" );
-@gSeverityList = ( "critical", "grave", "serious", "important", "normal",
- "minor", "wishlist", "fixed"
- );
-%gObsoleteSeverities = ( fixed => 'Use the fixed tag instead.' );
-%gSeverityDisplay = ( "critical", "Critical bugs",
- "grave", "Grave functionality bugs",
- "serious", "Serious policy violations",
- "important", "Important bugs",
- "normal", "Normal bugs",
- "minor", "Minor bugs",
- "fixed", "NMU Fixed bugs",
- "wishlist", "Wishlist items"
- );
-@gTags = ( "patch", "wontfix", "moreinfo", "unreproducible", "fixed",
- "potato", "woody", "sid", "help", "security", "upstream",
- "pending", "sarge", "sarge-ignore", "experimental", "d-i",
- "confirmed", "ipv6", "lfs", "fixed-in-experimental",
- "fixed-upstream", "l10n", "etch", "etch-ignore"
- );
-
-# better don't change this
-$gBounceFroms = "^mailer|^da?emon|^post.*mast|^root|^wpuser|^mmdf|^smt.*|^mrgate|^vmmail|^mail.*system|^uucp|-maiser-|^mal\@|^mail.*agent|^tcpmail|^bitmail|^mailman";
-
-# Directories -- do _not_ change their locations.
-# They are currently hardcoded, variables are here for future expansion.
-$gConfigDir = "/org/bugs.debian.org/etc"; # directory where this file is
-$gSpoolDir = "/org/bugs.debian.org/spool"; # working directory
-$gIndicesDir = "/org/bugs.debian.org/indices"; # directory where the indices are
-$gIncomingDir = "incoming"; # unprocessed e-mails
-$gWebDir = "/org/bugs.debian.org/www"; # base location of web pages
-$gDocDir = "/org/ftp.debian.org/ftp/doc"; # location of text doc files
-
-# Required data files
-$gMaintainerFile = "$gConfigDir/Maintainers";
-$gMaintainerFileOverride = "$gConfigDir/Maintainers.override";
-$gUnknownMaintainerEmail = "unknown-package\@qa.debian.org";
-
-$gPseudoDescFile = "$gConfigDir/pseudo-packages.description";
-$gPackageSource = "$gConfigDir/indices/sources";
-
-1;