From a8908d5eb9835c03308a0f03084d42da4977108f Mon Sep 17 00:00:00 2001 From: "bzrmirror%bugzilla.org" Date: Wed, 3 Dec 2014 22:15:43 +0000 Subject: [PATCH] WIP git-svn-id: svn://10.0.0.236/trunk@265709 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/webtools/bugzilla/.bzrrev | 2 +- mozilla/webtools/bugzilla/.gitrev | 2 +- .../en/rst/administering/categorization.rst | 4 +- .../en/rst/administering/custom-fields.rst | 2 +- .../docs/en/rst/administering/groups.rst | 4 +- .../docs/en/rst/administering/keywords.rst | 2 +- .../docs/en/rst/installing/windows.rst | 6 +- .../bugzilla/docs/en/rst/integrating/tips.rst | 4 +- .../docs/en/rst/maintaining/backups.rst | 6 + .../bugzilla/docs/en/rst/security.rst | 165 ------------------ .../docs/en/rst/upgrading/overview.rst | 4 +- .../en/rst/upgrading/upgrading-from-1.rst | 27 ++- .../en/rst/upgrading/upgrading-from-2.rst | 6 +- .../rst/upgrading/upgrading-from-bazaar.rst | 1 - .../en/rst/upgrading/upgrading-from-cvs.rst | 9 +- .../upgrading/upgrading-with-a-tarball.rst | 4 +- .../en/rst/upgrading/upgrading-with-git.rst | 6 +- .../bugzilla/docs/en/rst/using/editing.rst | 2 +- .../bugzilla/docs/en/rst/using/finding.rst | 2 +- .../docs/en/rst/using/preferences.rst | 2 +- .../bugzilla/extensions/Voting/doc/voting.rst | 2 +- 21 files changed, 59 insertions(+), 203 deletions(-) delete mode 100644 mozilla/webtools/bugzilla/docs/en/rst/security.rst diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev index 7b1969a14fa..e26aa732329 100644 --- a/mozilla/webtools/bugzilla/.bzrrev +++ b/mozilla/webtools/bugzilla/.bzrrev @@ -1 +1 @@ -9237 \ No newline at end of file +9238 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/.gitrev b/mozilla/webtools/bugzilla/.gitrev index 905cc1bfad7..d5298e71a12 100644 --- a/mozilla/webtools/bugzilla/.gitrev +++ b/mozilla/webtools/bugzilla/.gitrev @@ -1 +1 @@ -183bf9ac1928e570a922057954aa38e1d40dadb7 \ No newline at end of file +1d769a4744586b2a0125338aceece84733a6e5e3 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/docs/en/rst/administering/categorization.rst b/mozilla/webtools/bugzilla/docs/en/rst/administering/categorization.rst index f5548fbebb4..b34fdf8a990 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/administering/categorization.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/administering/categorization.rst @@ -8,6 +8,8 @@ Bugs in Bugzilla are classified into one of a set of admin-defined Components. Components are themselves each part of a single Product. Optionally, Products can be part of a single Classification, adding a third level to the hierarchy. +.. _classifications: + Classifications ############### @@ -69,7 +71,7 @@ Version Create chart datasets for this product Select to make chart datasets available for this product. -It is compulsory to create at least one :ref:`component` in a product, and +It is compulsory to create at least one :ref:`component ` in a product, and so you will be asked for the details of that too. When editing a product you can change all of the above, and there is also a diff --git a/mozilla/webtools/bugzilla/docs/en/rst/administering/custom-fields.rst b/mozilla/webtools/bugzilla/docs/en/rst/administering/custom-fields.rst index fef5cece559..08e145bb7e4 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/administering/custom-fields.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/administering/custom-fields.rst @@ -85,7 +85,7 @@ The following attributes must be set for each new custom field: - *Can be set on bug creation:* Boolean that determines whether this field can be set on bug creation. If not selected, then a bug must be created - before this field can be set. See :ref:`bugreports` + before this field can be set. See :ref:`filing` for information about filing bugs. - *Displayed in bugmail for new bugs:* diff --git a/mozilla/webtools/bugzilla/docs/en/rst/administering/groups.rst b/mozilla/webtools/bugzilla/docs/en/rst/administering/groups.rst index 6cd162e663a..d649e1428b5 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/administering/groups.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/administering/groups.rst @@ -166,8 +166,8 @@ A User can become a member of a group in several ways: address in the search results to edit their profile. The profile page lists all the groups, and indicates if the user is a member of the group either directly or indirectly. More information on indirect - group membership is below. For more details on User administration, - see :ref:`useradmin`. + group membership is below. For more details on User Administration, + see :ref:`users`. #. The group can include another group of which the user is a member. This is indicated by square brackets around the checkbox diff --git a/mozilla/webtools/bugzilla/docs/en/rst/administering/keywords.rst b/mozilla/webtools/bugzilla/docs/en/rst/administering/keywords.rst index 0e84c7e9604..4127f262a88 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/administering/keywords.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/administering/keywords.rst @@ -11,7 +11,7 @@ bugs much easier. Keywords are global, rather than per-product. If the administrator changes a keyword currently applied to any bugs, the keyword cache must be rebuilt -using the :ref:`sanitycheck` script. XXXDoes this mean changing the name of the keyword? Is it still true? +using the :ref:`sanity-check` script. XXXDoes this mean changing the name of the keyword? Is it still true? Currently keywords cannot be marked obsolete to prevent future usage. diff --git a/mozilla/webtools/bugzilla/docs/en/rst/installing/windows.rst b/mozilla/webtools/bugzilla/docs/en/rst/installing/windows.rst index 4a7c1769b74..4a12357c5c3 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/installing/windows.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/installing/windows.rst @@ -94,11 +94,7 @@ Serving the web pages As is the case on Unix based systems, any web server should be able to handle Bugzilla; however, the Bugzilla Team still -recommends Apache whenever asked. No matter what web server -you choose, be sure to pay attention to the security notes -in :ref:`security-webserver-access`. More -information on configuring specific web servers can be found -in :ref:`http`. +recommends Apache whenever asked. .. note:: The web server looks at :file:`/usr/bin/perl` to call Perl. If you are using Apache on windows, you can set the diff --git a/mozilla/webtools/bugzilla/docs/en/rst/integrating/tips.rst b/mozilla/webtools/bugzilla/docs/en/rst/integrating/tips.rst index f01864a8a4c..d7b8c04f4c0 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/integrating/tips.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/integrating/tips.rst @@ -3,6 +3,4 @@ Integration Tips ################ - - - +XXX Do we have any of these? diff --git a/mozilla/webtools/bugzilla/docs/en/rst/maintaining/backups.rst b/mozilla/webtools/bugzilla/docs/en/rst/maintaining/backups.rst index 1c59dc26f45..bef3c3ada46 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/maintaining/backups.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/maintaining/backups.rst @@ -17,6 +17,12 @@ MySQL :command:`mysqldump --opt -u $USERNAME -p $DATABASENAME > backup.sql` +See the +`mysqldump documentation `_ +for more information on :file:`mysqldump`. + +.. todo:: Mention max_allowed_packet? + PostgreSQL ---------- diff --git a/mozilla/webtools/bugzilla/docs/en/rst/security.rst b/mozilla/webtools/bugzilla/docs/en/rst/security.rst deleted file mode 100644 index bda308cacb4..00000000000 --- a/mozilla/webtools/bugzilla/docs/en/rst/security.rst +++ /dev/null @@ -1,165 +0,0 @@ -.. _security: - -================= -Bugzilla Security -================= - -While some of the items in this chapter are related to the operating -system Bugzilla is running on or some of the support software required to -run Bugzilla, it is all related to protecting your data. This is not -intended to be a comprehensive guide to securing Linux, Apache, MySQL, or -any other piece of software mentioned. There is no substitute for active -administration and monitoring of a machine. The key to good security is -actually right in the middle of the word: *U R It*. - -While programmers in general always strive to write secure code, -accidents can and do happen. The best approach to security is to always -assume that the program you are working with isn't 100% secure and restrict -its access to other parts of your machine as much as possible. - -.. _security-os: - -Operating System -################ - -.. _security-os-ports: - -TCP/IP Ports -============ - -.. COMMENT: TODO: Get exact number of ports - -The TCP/IP standard defines more than 65,000 ports for sending -and receiving traffic. Of those, Bugzilla needs exactly one to operate -(different configurations and options may require up to 3). You should -audit your server and make sure that you aren't listening on any ports -you don't need to be. It's also highly recommended that the server -Bugzilla resides on, along with any other machines you administer, be -placed behind some kind of firewall. - -.. _security-os-accounts: - -System User Accounts -==================== - -Many daemons, such -as Apache's :file:`httpd` or MySQL's -:file:`mysqld`, run as either ``root`` or -``nobody``. This is even worse on Windows machines where the -majority of services -run as ``SYSTEM``. While running as ``root`` or -``SYSTEM`` introduces obvious security concerns, the -problems introduced by running everything as ``nobody`` may -not be so obvious. Basically, if you run every daemon as -``nobody`` and one of them gets compromised it can -compromise every other daemon running as ``nobody`` on your -machine. For this reason, it is recommended that you create a user -account for each daemon. - -.. note:: You will need to set the ``webservergroup`` option - in :file:`localconfig` to the group your web server runs - as. This will allow :file:`./checksetup.pl` to set file - permissions on Unix systems so that nothing is world-writable. - -.. _security-os-chroot: - -The :file:`chroot` Jail -======================= - -If your system supports it, you may wish to consider running -Bugzilla inside of a :file:`chroot` jail. This option -provides unprecedented security by restricting anything running -inside the jail from accessing any information outside of it. If you -wish to use this option, please consult the documentation that came -with your system. - -.. _security-webserver: - -Web server -########## - -.. _security-webserver-access: - -Disabling Remote Access to Bugzilla Configuration Files -======================================================= - -There are many files that are placed in the Bugzilla directory -area that should not be accessible from the web server. Because of the way -Bugzilla is currently layed out, the list of what should and should not -be accessible is rather complicated. A quick way is to run -:file:`testserver.pl` to check if your web server serves -Bugzilla files as expected. If not, you may want to follow the few -steps below. - -.. note:: Bugzilla ships with the ability to create :file:`.htaccess` - files that enforce these rules. Instructions for enabling these - directives in Apache can be found in :ref:`http-apache` - -- In the main Bugzilla directory, you should: - - Block: :file:`*.pl`, :file:`*localconfig*` - -- In :file:`data`: - - Block everything - -- In :file:`data/webdot`: - - - If you use a remote webdot server: - - - Block everything - - But allow :file:`*.dot` - only for the remote webdot server - - Otherwise, if you use a local GraphViz: - - - Block everything - - But allow: :file:`*.png`, :file:`*.gif`, :file:`*.jpg`, :file:`*.map` - - And if you don't use any dot: - - - Block everything - -- In :file:`Bugzilla`: - - Block everything - -- In :file:`template`: - - Block everything - -Be sure to test that data that should not be accessed remotely is -properly blocked. Of particular interest is the localconfig file which -contains your database password. Also, be aware that many editors -create temporary and backup files in the working directory and that -those should also not be accessible. For more information, see -`bug 186383 `_ -or -`Bugtraq ID 6501 `_. -To test, simply run :file:`testserver.pl`, as said above. - -.. note:: Be sure to check :ref:`http` for instructions - specific to the web server you use. - -.. _security-bugzilla: - -Bugzilla -######## - -.. _security-bugzilla-charset: - -Prevent users injecting malicious Javascript -============================================ - -If you installed Bugzilla version 2.22 or later from scratch, -then the *utf8* parameter is switched on by default. -This makes Bugzilla explicitly set the character encoding, following -`a -CERT advisory `_ recommending exactly this. -The following therefore does not apply to you; just keep -*utf8* turned on. - -If you've upgraded from an older version, then it may be possible -for a Bugzilla user to take advantage of character set encoding -ambiguities to inject HTML into Bugzilla comments. -This could include malicious scripts. -This is because due to internationalization concerns, we are unable to -turn the *utf8* parameter on by default for upgraded -installations. -Turning it on manually will prevent this problem. - - diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/overview.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/overview.rst index 42f59314282..7e6511b80b7 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/overview.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/overview.rst @@ -40,5 +40,5 @@ It is also possible, particularly if your server machine does not have and cannot be configured to have access to the public internet, to upgrade using a tarball. See :ref:`upgrading-with-a-tarball`. -Before performing any upgrade, it's a good idea to back up both your Bugzilla -directory and your database. XXXlink to backup info in Maintenance +Before performing any upgrade, it's a good idea to :ref:`back up ` +both your Bugzilla directory and your database. diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-1.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-1.rst index 67e7ee69a43..08dae9953a1 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-1.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-1.rst @@ -1,5 +1,3 @@ -:orphan: - The procedure to switch to Git is as follows. The idea is to switch version control systems without changing the exact version of Bugzilla you are using, to minimise the risk of conflict or problems. Any major upgrade can then @@ -49,3 +47,28 @@ Then run checksetup to upgrade your database: You should then test your Bugzilla carefully, or just use it for a day or two, to make sure it's all still working fine. + +.. _get-from-git: + +Download Code from Git +====================== + +Download a copy of your current version of Bugzilla from the git repository +into a separate directory alongside your existing Bugzilla installation +(which we will assume is in a directory called :file:`bugzilla`). + +You will need a copy of the git program. All Linux installations have it; +search your package manager for "git". On Windows or Mac OS X, you can +`download the official build `_. + +Once git is installed, run these commands to pull a copy of Bugzilla: + +:command:`git clone https://git.mozilla.org/bugzilla/bugzilla bugzilla-new` + +:command:`cd bugzilla-new` + +:command:`git checkout $VERSION` + +Replace $VERSION with the two-digit version number of your current Bugzilla, e.g. +4.2. These command will automatically change your version to the latest +point release of version $VERSION. diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-2.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-2.rst index e65bde813d3..cc4721f96d8 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-2.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-2.rst @@ -1,5 +1,3 @@ -:orphan: - Save Any Local Customizations ============================= @@ -18,7 +16,7 @@ Shut Down Bugzilla At this point, you should shut down Bugzilla to make sure nothing changes while you make the switch. Go into the administrative interface and put an -appropriate message into the :guilabel:`shutdownhtml` parameter, which is in the +appropriate message into the :param:`shutdownhtml` parameter, which is in the "General" section of the administration parameters. As the name implies, HTML is allowed. @@ -94,7 +92,7 @@ Re-enable Bugzilla ================== Go into the administrative interface and clear the contents of the -:guilabel:`shutdownhtml` parameter. +:param:`shutdownhtml` parameter. Test Bugzilla ============= diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-bazaar.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-bazaar.rst index d0fbfbed85c..3957b91a332 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-bazaar.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-bazaar.rst @@ -8,5 +8,4 @@ Upgrading from Bazaar .. |extstatusinfo| replace:: The command :command:`bzr status extensions/` should help you work out what you added, if anything. .. include:: upgrading-from-1.rst -.. include:: get-from-git.rst .. include:: upgrading-from-2.rst diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-cvs.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-cvs.rst index f072beec605..8e210e5f006 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-cvs.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-from-cvs.rst @@ -3,14 +3,11 @@ Upgrading from CVS ################## -XXX Fill in commands from https://wiki.mozilla.org/Bugzilla:Moving_From_CVS_To_Bazaar - -.. |updatecommand| replace:: :command:`bzr up -r tag:bugzilla-$VERSION` -.. |diffcommand| replace:: :command:`bzr diff > patch.diff` -.. |extstatusinfo| replace:: The command :command:`bzr status extensions/` should help you work out what you added, if anything. +.. |updatecommand| replace:: :command:`cvs update -rBUGZILLA-$VERSION-STABLE -dP` +.. |diffcommand| replace:: :command:`cvs diff -puN > patch.diff` +.. |extstatusinfo| replace:: The command :command:`cvs status extensions/` should help you work out what you added, if anything. .. include:: upgrading-from-1.rst -.. include:: get-from-git.rst .. include:: upgrading-from-2.rst diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-a-tarball.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-a-tarball.rst index 1c04f68b00b..132b82bd7b7 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-a-tarball.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-a-tarball.rst @@ -17,6 +17,8 @@ Bugzilla installation (which we will assume is in a directory called :file:`bugzilla`). .. |diffcommand| replace:: :command:`diff -u > patch.diff` -.. |extstatusinfo| replace:: With no SCM to help you, you will have to work out by hand which extensions came with Bugzilla and which you added. +.. |extstatusinfo| replace:: With no SCM to help you, you will have to + work out by hand which extensions came with + Bugzilla and which you added. .. include:: upgrading-from-2.rst diff --git a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-git.rst b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-git.rst index bfa0717eea0..e52d23bf4d6 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-git.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/upgrading/upgrading-with-git.rst @@ -16,7 +16,7 @@ for you. to trial the upgrade on a development server first, using a copy of the production data and configuration. -In the commands below, :command:`$BUGZILLA_HOME` represents the directory +In the commands below, ``$BUGZILLA_HOME`` represents the directory in which Bugzilla is installed. .. _upgrade-before: @@ -40,7 +40,7 @@ steps to take: possible that you may experience problems during your upgrade. #. Shut down your Bugzilla installation by putting some explanatory text - in the :guilabel:`shutdownhtml` parameter. + in the :param:`shutdownhtml` parameter. #. Make all necessary :ref:`backups`. *THIS IS VERY IMPORTANT*. If anything goes wrong during the upgrade, @@ -107,7 +107,7 @@ Finishing The Upgrade ===================== #. Reactivate Bugzilla by clear the text that you put into the - :guilabel:`shutdownhtml` parameter. + :param:`shutdownhtml` parameter. #. Run a :ref:`sanity-check` on your upgraded Bugzilla. It is recommended that you fix any problems diff --git a/mozilla/webtools/bugzilla/docs/en/rst/using/editing.rst b/mozilla/webtools/bugzilla/docs/en/rst/using/editing.rst index ab016a720ab..a8a5a0cec22 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/using/editing.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/using/editing.rst @@ -31,7 +31,7 @@ field; Bugzilla will convert it into an attachment. This is pretty useful when you are copying and pasting, to avoid the extra step of saving the text in a temporary file. -.. _flags: +.. _editing-flags: Flags ===== diff --git a/mozilla/webtools/bugzilla/docs/en/rst/using/finding.rst b/mozilla/webtools/bugzilla/docs/en/rst/using/finding.rst index c93d7b305e0..578a4f04f64 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/using/finding.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/using/finding.rst @@ -55,7 +55,7 @@ values. If none is selected, then the field can take any value. After a search is run, you can save it as a Saved Search, which will appear in the page footer. If you are in the group defined by the "querysharegroup" parameter, you may share your queries -with other users, see :ref:`savedsearches` for more details. +with other users, see :ref:`saved-searches` for more details. .. _custom-search: diff --git a/mozilla/webtools/bugzilla/docs/en/rst/using/preferences.rst b/mozilla/webtools/bugzilla/docs/en/rst/using/preferences.rst index 8318ed52f61..efe19ffb881 100644 --- a/mozilla/webtools/bugzilla/docs/en/rst/using/preferences.rst +++ b/mozilla/webtools/bugzilla/docs/en/rst/using/preferences.rst @@ -98,7 +98,7 @@ Saved Searches On this tab you can view and run any Saved Searches that you have created, and also any Saved Searches that other members of the group -defined in the :guilabel:`querysharegroup` parameter have shared. +defined in the :param:`querysharegroup` parameter have shared. Saved Searches can be added to the page footer from this screen. If somebody is sharing a Search with a group she or he is allowed to :ref:`assign users to `, the sharer may opt to have diff --git a/mozilla/webtools/bugzilla/extensions/Voting/doc/voting.rst b/mozilla/webtools/bugzilla/extensions/Voting/doc/voting.rst index d114a459835..497eb2898c9 100644 --- a/mozilla/webtools/bugzilla/extensions/Voting/doc/voting.rst +++ b/mozilla/webtools/bugzilla/extensions/Voting/doc/voting.rst @@ -3,7 +3,7 @@ Voting ###### -To enable the Voting exteion, you must remove the :file:`disabled` +To enable the Voting extension, you must remove the :file:`disabled` file from the directory :file:`extensions/Voting/`, and run :file:`checksetup.pl`.