This patch updates us from using Email::Address to Email::Address::XS to
resolve CVE-2015-7686.
Regex comparisons have been replaced by parse + is_valid calls as per
current documentation.
Email::Address->parse($string) used to parse all addresses out of a
general string, however Email::Address::XS expects the string to only
contain addresses in the verious forms.
This patch uses a basic regex to parse out strings that look like email
addresses from the overall string passed, before passing to
Email::Address::XS for validation and splitting out the 'host' part of
the address.
This patch restores the Email::Address::XS entry in Requirements.pm so
that we can specify which version of the module we wish to use and make
it explicit that we're using the module rather than relying on
Email::Sender pulling it in for us.
Dave Miller [Wed, 3 Jan 2024 20:47:06 +0000 (15:47 -0500)]
Bug 1851398: Allow testserver.pl to work with self-signed certs (#146)
* Bug 1851398: Allow testserver.pl to work with self-signed certs, and properly test dependencies for https.
* Backports the existing fix from bug 662161 on trunk to the 5.2 branch.
Bug 1785943: Update the MySQL, Linux and Quick Start in the Installation documentation 5.2 (#114)
* Update the Linux and Quick Start in the Installation documentation
* Update the notes to mention MySQL 8 incompatibility and MariaDB as a replacement
* Add notes specific to 5.2
* Add creating the database to the quick start guide
* Default to MariaDB and mention how it relates to MySQL
* Switch to mention how to install optional modules outside of dnf
AJRepo [Sun, 21 Feb 2021 01:43:27 +0000 (19:43 -0600)]
Document Update for Ubuntu 20.04 (#99)
The documentation as-is fails on Ubuntu 20.04. Update fixes the
apt commands and configures Apache. MariaDB is the new default
for Debian distros instead of MySQL and is a drop-in replacement.
[Bug 1592129] Pass a reference to db into Schema object
This change adds a 'db' attribute to the `Bugzilla::DB::Schema` class.
In two places (`get_empty_schema` and `deserialize_abstract`) the invocant
argument was called `$class` but was never actually a class. Those were renamed
to `$self`. It was fortunate that they were always objects because otherwise it
would have been more difficult to ensure a `db` is always present.
[Bug 1592129] Add a shortcut for quoting identifiers in strings.
The Bugzilla::DB object has a qi attribute which returns a special hashref
that can be used inside double-quoted strings to quote database identifiers.
```perl
my $q = Bugzilla->dbh->qi;
Bugzilla->dbh->do("SELECT COUNT(*) FROM $q->{groups}");
```
[Bug 1592129] remove subclass loading and driver delegation from Schema->new.
Bugzilla::DB::Schema->new() was both a normal constructor and also a
class-loading factory method. It is simpler to just do the class loading at the
call-site (in Bugzilla::DB::_bz_schema).
It's not very likely extensions relied on this behavior so this should be a good
change.
* use DBIx::Connector to manage database connections
* Ensure we always call DBIx::Connector->dbh before any DBI method
The code didn't allow a way of doing this without a lot of work.
So I had to take the following approach:
The 'dbh' attribute is now a method that delegates to DBIx::Connector's dbh
method. Per the docs, ->dbh() "Returns the connection's database handle. It will
use a an existing handle if there is one, if the process has not been forked or
a new thread spawned, and if the database is pingable. Otherwise, it will
instantiate, cache, and return a new handle."
Then there is the matter of the 'handles' on dbh. I've used Package::Stash to
insert proxy methods into the class when it is loaded.
* Bug 1328659 - Add support for utf8=utf8mb4 (switches to dynamic/compressed row format, and changes charset to utf8mb4)
* add deps
* add prepare_cached to the list of delegated methods.
This was added in bug 340160
* improve the migration to compressed/dynamic rows, skip views
Add viewport meta to improve rendering on mobile devices. Without this meta Google Search tools would report Bugzilla pages as not suitable for mobile devices.
Convert jb2bz to use "email" module rather than rfc822, multifile,
mimetools, and StringIO for easier manipulation of the mailbox objects.
This fixed (among other things) 1427626 as the Subject of the email is
now obtained correctly.
Fix the date formatting throughout to always use UTC, which is what
Bugzilla expects for the dates. This fixed 1427638.
Fix attachment processing, which was using multifile rather than walking
the parts of the email object. This fixed part of 1427664
Fix the fact that the process_reply_file function never checked for
attachments in any followups. This fixed part of 1427664
Fix attachment processor to ignore various signatures and message/rfc822
multipart messages. For the latter, it sets "filename=" values to files
that don't actually exist, which caused attachment processing to bomb.