bugzilla - Bugzilla

Age	Commit message (Collapse)	Author	Files	Lines
2014-05-20	Bug 1009017: users are unable to log in if their password needs to be ↵	Byron Jones	1	-1/+3
	re-encrypted and their password does not match the current complexity rule
2014-03-04	Bug 966180: backport bug 956233 to bmo (enable USE_MEMCACHE on most objects)	Byron Jones	2	-2/+7

2013-12-31	merged with bugzilla/4.2	Dave Lawrence	1	-1/+2

2013-12-21	Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵	Frédéric Buclin	1	-1/+1
	using a non-cookie based authentication method r=dkl a=justdave
2013-10-25	Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵	Dave Lawrence	1	-7/+10
	invalid cookies/tokens are used with webservices
2013-10-17	merged with bugzilla/4.2	Dave Lawrence	1	-3/+3

2013-10-16	Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵	Dave Lawrence	1	-3/+3
	total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-09-27	Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵	Dave Lawrence	1	-13/+8
	should throw errors, not be silently ignored
2013-09-26	Bug 917669 - invalid or expired authentication tokens and cookies should ↵	Dave Lawrence	1	-8/+13
	throw errors, not be silently ignored
2013-08-29	Bug 909634 - backport upstream bug 893195 to bmo/4.2 for token auth support ↵	Dave Lawrence	3	-23/+79
	in webservices
2012-08-30	Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can ↵	Reed Loden	1	-0/+2
	lead to LDAP injection r/a=LpSolit
2011-11-18	Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵	Gervase Markham	1	-2/+8
	returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423
2011-05-06	Bug 653713: editusers.cgi crashes when editing a user profile	Jochen Wiedmann	1	-1/+4
	r/a=mkanat
2011-04-28	Bug 423612 - Allow editing extern_id for users from the admin interface	Jochen Wiedmann	5	-0/+30
	r=mkanat, a=mkanat
2010-10-15	Bug 604522: t/012throwables.t doesn't catch new user errors correctly	Frédéric Buclin	1	-2/+2
	r/a=mkanat
2010-10-14	Bug 575947: Users with passwords length less than 6 characters can't login ↵	Frédéric Buclin	1	-0/+6
	after migration from 3.4.x or older to 3.6 or newer r/a=mkanat
2010-10-07	Bug 602165: Change sql_interval to sql_date_math, in preparation for	Max Kanat-Alexander	1	-2/+3
	MS-SQL and SQLite support.
2010-04-22	Bug 550732: Allow read-only JSON-RPC methods to be called with GET	Max Kanat-Alexander	4	-0/+16
	r=dkl, a=mkanat
2010-03-24	Bug 553770: Make the JSON-RPC WebService throw a proper error when you don't	Max Kanat-Alexander	1	-4/+2
	provide login credentials on a LOGIN_REQUIRED page. (Before this, it was attempting to display the HTML login page to JSON-RPC clients.) r=dkl, a=mkanat
2010-02-01	Fix the data in the bzr repo to match the data in the CVS repo.	Max Kanat-Alexander	1	-0/+0
	During the CVS imports into Bzr, there were some inconsistencies introduced (mostly that files that were deleted in CVS weren't being deleted in Bzr). So this checkin makes the bzr repo actually consistent with the CVS repo, including fixing permissions of files.
2010-01-05	Bug 467992: Login fails if the user's LDAP account is denied search in LDAP ↵	lpsolit%gmail.com	1	-5/+28
	- Patch by Adam Batkin <adam@batkin.net> r/a=mkanat
2009-12-31	Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxies	mkanat%bugzilla.org	2	-2/+2
	Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-12-31	Bug 385606: Logincookies are recreated at each HTTP request when using the ↵	lpsolit%gmail.com	1	-0/+1
	'Env' auth method - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r/a=mkanat
2009-12-13	Bug 355283: Lock out a user account on a particular IP for 30 minutes if ↵	mkanat%bugzilla.org	1	-16/+30
	they fail to log in 5 times from that IP. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-11-24	Bug 430014: Re-write the code hooks system so that it uses modules instead ↵	mkanat%bugzilla.org	2	-2/+2
	of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat
2009-11-09	Bug 525734: Allow WebService clients to authenticate using Bugzilla_login ↵	mkanat%bugzilla.org	2	-8/+7
	and Bugzilla_password Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-10-19	Bug 399073: Remove the 'loginnetmask' parameter - Patch by FrÃ©dÃ©ric ↵	lpsolit%gmail.com	2	-26/+14
	Buclin <LpSolit@gmail.com> r/a=mkanat
2009-10-09	Bug 514913: Eliminate ssl="authenticated sessions"	mkanat%bugzilla.org	2	-16/+3
	Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-04-17	Bug 488467: Verify and Login auth methods were being called in a random ↵	mkanat%bugzilla.org	2	-2/+2
	order, causing sudo sessions to frequently not need the user to re-enter their password. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-03-02	Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi.	mkanat%bugzilla.org	1	-0/+1
	Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-01-20	Bug 134022: PERFORMANCE: deleting old login cookies locks login checks	mkanat%bugzilla.org	1	-0/+9
	Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
2009-01-02	Bug 211006: Make Bugzilla use SHA-256 instead of crypt() to store hashed ↵	mkanat%bugzilla.org	1	-0/+10
	passwords in the database Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2008-10-23	Bug 455584 - Use bz_crypt everywhere instead of the crypt() function	dkl%redhat.com	1	-6/+1
	Patch by David Lawrence <dkl@redhat.com> = r/a=LpSolit
2008-10-21	Bug 460770: Incorrect regexp when parsing the list of LDAP servers - Patch ↵	lpsolit%gmail.com	1	-1/+1
	by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r/a=mkanat
2008-10-05	Partial backout of bug 183665. It's responsible for bug 457719	lpsolit%gmail.com	1	-1/+1

2008-09-12	Bug 453767 - Passwords containing wide characters causes system error	dkl%redhat.com	1	-0/+5
	Patch by David Lawrence <dkl@redhat.com> - a/r=mkanat
2008-08-27	Bug 449984: Login cookies should be created as SSL-only on installations ↵	lpsolit%gmail.com	1	-15/+18
	that require SSL - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r/a=mkanat
2008-08-23	Bug 368502 - "Bugzilla_logincookie should not be accessible via javascript" ↵	reed%reedloden.com	1	-3/+6
	[p=reed r+a=mkanat]
2008-08-18	Bug 428659 â Setting SSL param to 'authenticated sessions' only ↵	dkl%redhat.com	1	-3/+8
	protects logins and param doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
2008-08-07	Bug 438435: Need code hooks for authentication	mkanat%bugzilla.org	2	-8/+24
	Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
2008-07-29	Backing out these patches as they cause a regression. More information	dkl%redhat.com	1	-3/+5
	in the respective bug reports. Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2008-07-10	Bug 428659 â Setting SSL param to 'authenticated sessions' only ↵	dkl%redhat.com	1	-5/+3
	protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
2007-12-15	Bug 408384: Set extern_id when using LDAP auth	mkanat%bugzilla.org	1	-0/+2
	Patch By Emmanuel Seyman <eseyman@linagora.com> r=mkanat, a=mkanat
2007-12-15	Bug 229049: Make LDAP authentication work when there are multiple mail= ↵	mkanat%bugzilla.org	1	-1/+17
	attributes for an account. Patch By Emmanuel Seyman <eseyman@linagora.com> r=mkanat, a=mkanat
2007-11-15	Bug 183665: Accessing post_bug.cgi directly gives a weird error message and ↵	lpsolit%gmail.com	1	-1/+1
	should redirect to enter_bug.cgi instead - Patch by Matt Tasker <mtasker@gmail.com> (based on the original patch from victory <spam@bmo2007.rsz.jp>) r/a=LpSolit
2007-08-03	Bug 380187 â Bugzilla should support RADIUS authentication.	wurblzap%gmail.com	1	-0/+64
	Patch by Marc Schumann <wurblzap@gmail.com>; r=mkanat, a=mkanat
2007-05-24	Bug 380928 â Bugzilla::Auth::Verify::create_or_update_user can return ↵	ghendricks%novell.com	1	-4/+3
	stale Bugzilla::User object patch by vrb@novell.com r=mkanat a=mkanat
2007-03-08	Bug 367480: [LDAP] Try a list of servers in order until we connect successfully	mkanat%bugzilla.org	1	-4/+9
	Patch By Tony Bajan <firefox@tonyb.me.uk> r=mkanat, a=mkanat
2006-10-21	Bug 340538: Insecure dependency in exec while running with -T switch at ↵	wurblzap%gmail.com	1	-3/+5
	/usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
2006-08-26	Bug 349349: Use ->create from Bugzilla::Object instead of insert_new_user ↵	mkanat%bugzilla.org	1	-2/+7
	for Bugzilla::User Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk