From 7e4fb28341abfe2a5c31645e20c5804229e8eaea Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 19 Feb 2013 09:58:54 +0100
Subject: Bug 832264: Release notes for Bugzilla 4.2.5 r=dkl a=LpSolit

---
 template/en/default/pages/release-notes.html.tmpl | 33 +++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl
index 86a12af8d..32940b715 100644
--- a/template/en/default/pages/release-notes.html.tmpl
+++ b/template/en/default/pages/release-notes.html.tmpl
@@ -53,6 +53,39 @@
 
 <h2 id="v42_point">Updates in this 4.2.x Release</h2>
 
+<h3>4.2.5</h3>
+
+<p>This release fixes one security issue. See the
+  <a href="http://www.bugzilla.org/security/3.6.12/">Security Advisory</a>
+  for details.</p>
+
+<p>In addition, the following important fixes/changes have been made in this
+  release:</p>
+
+<ul>
+  <li>Queries involving commenters were slow to return results. These queries
+    have been optimized for better performance.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=818007">[% terms.Bug %] 818007</a>)</li>
+  <li>It is no longer possible to create a new [% terms.bug %] using a disabled
+    component, target milestone or version. These inactive values are also no
+    longer accessible when moving [% terms.abug %] into another product.
+    ([% terms.Bugs %] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=752946">752946</a>
+    and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=840824">840824</a>)</li>
+  <li>It was possible to create a new [% terms.bug %] with no description
+    despite the status workflow required one for new [% terms.bugs %].
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=818890">[% terms.Bug %] 818890</a>)</li>
+  <li>Custom multi-select fields are now available in the "Search By Change
+    History" section of the "Advanced Search" page.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=839950">[% terms.Bug %] 839950</a>)</li>
+  <li>A custom select field could have its list of values truncated if one
+    or more of its values were disabled and the visibility of the values were
+    controlled by another field.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=806809">[% terms.Bug %] 806809</a>)</li>
+  <li>Warnings thrown by Return::Value 1.666002 about this deprecated module
+    and which are polluting the web server error log are now disabled.
+    (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=826678">[% terms.Bug %] 826678</a>)</li>
+</ul>
+
 <h3>4.2.4</h3>
 
 <p>This release fixes several security issues. See the
-- 
cgit v1.2.3-24-g4f1b


From 0bd4c361b4a5fe0e0773e77571a84234b8f91f76 Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Tue, 19 Feb 2013 18:14:59 +0100
Subject: Bug 824399: (CVE-2013-0786) [SECURITY] build_subselect() leaks the
 existence of products and components you cannot access r/a=LpSolit

---
 Bugzilla/Config/GroupSecurity.pm                         | 8 ++++++++
 buglist.cgi                                              | 5 ++++-
 report.cgi                                               | 8 +++++++-
 template/en/default/admin/params/groupsecurity.html.tmpl | 3 +++
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Bugzilla/Config/GroupSecurity.pm b/Bugzilla/Config/GroupSecurity.pm
index f7f717379..6296583d9 100644
--- a/Bugzilla/Config/GroupSecurity.pm
+++ b/Bugzilla/Config/GroupSecurity.pm
@@ -80,6 +80,14 @@ sub get_param_list {
    checker => \&check_group
   },
   
+  {
+   name => 'debug_group',
+   type => 's',
+   choices => \&_get_all_group_names,
+   default => 'admin',
+   checker => \&check_group
+  },
+  
   {
    name => 'usevisibilitygroups',
    type => 'b',
diff --git a/buglist.cgi b/buglist.cgi
index 7439b78ee..b5604d2bd 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -786,7 +786,10 @@ $params->delete('limit') if $vars->{'default_limited'};
 # Query Execution
 ################################################################################
 
-if ($cgi->param('debug')) {
+if ($cgi->param('debug')
+    && Bugzilla->params->{debug_group}
+    && $user->in_group(Bugzilla->params->{debug_group})
+) {
     $vars->{'debug'} = 1;
     $vars->{'query'} = $query;
     # Explains are limited to admins because you could use them to figure
diff --git a/report.cgi b/report.cgi
index 5d5033b7d..7bff62be9 100755
--- a/report.cgi
+++ b/report.cgi
@@ -226,7 +226,13 @@ $vars->{'width'} = $width if $width;
 $vars->{'height'} = $height if $height;
 
 $vars->{'query'} = $query;
-$vars->{'debug'} = $cgi->param('debug');
+
+if ($cgi->param('debug')
+    && Bugzilla->params->{debug_group}
+    && Bugzilla->user->in_group(Bugzilla->params->{debug_group})
+) {
+    $vars->{'debug'} = 1;
+}
 
 if ($action eq "wrap") {
     # So which template are we using? If action is "wrap", we will be using
diff --git a/template/en/default/admin/params/groupsecurity.html.tmpl b/template/en/default/admin/params/groupsecurity.html.tmpl
index ab39a9149..783099a11 100644
--- a/template/en/default/admin/params/groupsecurity.html.tmpl
+++ b/template/en/default/admin/params/groupsecurity.html.tmpl
@@ -42,6 +42,9 @@
   querysharegroup => "The name of the group of users who can share their " _
                      "saved searches with others.",
 
+  debug_group => "The name of the group of users who can view the actual " _
+                 "SQL query generated when viewing $terms.bug lists and reports.",
+
   usevisibilitygroups => "Do you wish to restrict visibility of users to members of " _
                          "specific groups?",
   
-- 
cgit v1.2.3-24-g4f1b


From f8aa20925c5b7cc83fa1936a23ed970efba80984 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 19 Feb 2013 18:27:50 +0100
Subject: Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using
 an invalid page format r=glob a=LpSolit

---
 Bugzilla/Template.pm |  1 +
 show_bug.cgi         | 11 +++++------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 663d85957..cd7507963 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -140,6 +140,7 @@ sub get_format {
     return
     {
         'template'    => $template,
+        'format'      => $format,
         'extension'   => $ctype,
         'ctype'       => Bugzilla::Constants::contenttypes->{$ctype}
     };
diff --git a/show_bug.cgi b/show_bug.cgi
index 7ea55e732..a2bf57ada 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -37,9 +37,11 @@ my $vars = {};
 
 my $user = Bugzilla->login();
 
+my $format = $template->get_format("bug/show", scalar $cgi->param('format'),
+                                   scalar $cgi->param('ctype'));
+
 # Editable, 'single' HTML bugs are treated slightly specially in a few places
-my $single = !$cgi->param('format')
-  && (!$cgi->param('ctype') || $cgi->param('ctype') eq 'html');
+my $single = !$format->{format} && $format->{extension} eq 'html';
 
 # If we don't have an ID, _AND_ we're only doing a single bug, then prompt
 if (!$cgi->param('id') && $single) {
@@ -49,9 +51,6 @@ if (!$cgi->param('id') && $single) {
     exit;
 }
 
-my $format = $template->get_format("bug/show", scalar $cgi->param('format'), 
-                                   scalar $cgi->param('ctype'));
-
 my @bugs;
 my %marks;
 
@@ -127,5 +126,5 @@ $vars->{'displayfields'} = \%displayfields;
 
 print $cgi->header($format->{'ctype'});
 
-$template->process("$format->{'template'}", $vars)
+$template->process($format->{'template'}, $vars)
   || ThrowTemplateError($template->error());
-- 
cgit v1.2.3-24-g4f1b


From 77d6ce216e882b1a96f2a8dd11c7b6cff962176d Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Tue, 19 Feb 2013 12:42:30 -0500
Subject: Bump version to 4.2.5

---
 Bugzilla/Constants.pm          | 2 +-
 docs/en/xml/Bugzilla-Guide.xml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 8056706b1..9761c125a 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -202,7 +202,7 @@ use Memoize;
 # CONSTANTS
 #
 # Bugzilla version
-use constant BUGZILLA_VERSION => "4.2.4+";
+use constant BUGZILLA_VERSION => "4.2.5";
 
 # Location of the remote and local XML files to track new releases.
 use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml';
diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml
index e8497962d..1f10d2b73 100644
--- a/docs/en/xml/Bugzilla-Guide.xml
+++ b/docs/en/xml/Bugzilla-Guide.xml
@@ -32,9 +32,9 @@
      For a devel release, simple bump bz-ver and bz-date
 -->
 
-<!ENTITY bz-ver "4.2.4">
+<!ENTITY bz-ver "4.2.5">
 <!ENTITY bz-nextver "4.4">
-<!ENTITY bz-date "2012-11-13">
+<!ENTITY bz-date "2013-02-19">
 <!ENTITY current-year "2012">
 
 <!ENTITY landfillbase "http://landfill.bugzilla.org/bugzilla-4.2-branch/">
-- 
cgit v1.2.3-24-g4f1b


From 7ffee28eac073acb132f6f5fe8ba322c823af308 Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Tue, 19 Feb 2013 13:42:23 -0500
Subject: Bumped current year

---
 docs/en/xml/Bugzilla-Guide.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml
index 1f10d2b73..d2461eda1 100644
--- a/docs/en/xml/Bugzilla-Guide.xml
+++ b/docs/en/xml/Bugzilla-Guide.xml
@@ -35,7 +35,7 @@
 <!ENTITY bz-ver "4.2.5">
 <!ENTITY bz-nextver "4.4">
 <!ENTITY bz-date "2013-02-19">
-<!ENTITY current-year "2012">
+<!ENTITY current-year "2013">
 
 <!ENTITY landfillbase "http://landfill.bugzilla.org/bugzilla-4.2-branch/">
 <!ENTITY bz "http://www.bugzilla.org/">
-- 
cgit v1.2.3-24-g4f1b