Bug 40 - Upgrade to Bugzilla 4.4rc2
Summary: Upgrade to Bugzilla 4.4rc2
Status: RESOLVED FIXED
Alias: None
Product: Infrastructure
Classification: Unclassified
Component: Bugzilla (show other bugs)
Version: unspecified
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: D Morgan
QA Contact:
URL: http://www.bugzilla.org/security/3.6.12
Whiteboard:
Keywords: Security
: 1356 (view as bug list)
Depends on: 6093
Blocks: 166 1868 6340 42 912 2360 4482 8500 9130 9132 9133 9144
  Show dependency treegraph
 
Reported: 2011-02-16 00:30 CET by Frédéric "LpSolit" Buclin
Modified: 2017-04-15 15:06 CEST (History)
8 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Frédéric "LpSolit" Buclin 2011-02-16 00:30:15 CET
We released Bugzilla 4.0 today. You should upgrade bugs.mageia.org to this version before you start getting too much traffic and start having too many customizations. The sooner, the better.
Comment 1 D Morgan 2011-02-16 02:11:32 CET
i agree and i plan to update. I just need to convert our templates, i missed time but i think i will do it later this week or in the begining of the next week.

Of course if you want to help the current templates are here:

http://viewvc.mageia.org/web/templates/bugzilla/

patches => Patch again bugzilla 3.6.4 template
trunk   => The template customized


i saw 2 issues for now :

1- in the "simplified" template: the assignee field add a , in so i can let it empty, this alway show and if i add an email this gives: ,toto@titi.uk


2- in the normal template, the status show "Hashes"
Comment 2 Michael Scherer 2011-02-16 09:01:50 CET
Derek, last time we discussed of the upgrade, didn't we said that we had other stuff to deploy before upgrading the already working infrastructure ? 

There is really more urgent thing to do, and unless there is blocking issues with bugzilla warranting the upgrade, I would simply report it. For example, now one answered to the bittorent setup request I made. There is still no secondary ldap, the backup server is not ready. Upgrading bugzilla is really not the top priority.

CC: (none) => misc

Comment 3 Frédéric "LpSolit" Buclin 2011-02-16 14:52:58 CET
(In reply to comment #1)
> 1- in the "simplified" template: the assignee field add a , in so i can let it
> empty, this alway show and if i add an email this gives: ,toto@titi.uk

That's because you have two assignee fields in your template. The hidden one which is already there and always empty, and the one you added:

<form method="post" action="post_bug.cgi">
  <input type="hidden" name="format" value="guided">
  <input type="hidden" name="assigned_to" value=""> 

This one must go away.


> 2- in the normal template, the status show "Hashes"

Did you edit the template? We now pass bug status objects to the template, not strings. This would explain the problem (e.g. if you took it from Mandriva's Bugzilla 3.2).
Kristoffer Grundström 2011-02-16 15:01:04 CET

CC: (none) => kristoffer.grundstrom1983

Marcello Anni 2011-02-24 15:41:12 CET

CC: (none) => marcello.anni

Comment 4 Marcello Anni 2011-04-02 13:12:30 CEST
any news about the switch?

in the 4.0 release there are interesting new features that can help mageia to improve the bugfixing phase:

http://www.bugzilla.org/releases/4.0/release-notes.html#v40_feat

cheers,
Marcello
Comment 5 D Morgan 2011-04-02 17:17:17 CEST
it will be done, i started to work on the templates but this ask time, and we have other task pending too so we try to achieve which can't be done all at a time.
Thierry Vignaud 2011-04-04 20:45:41 CEST

CC: (none) => thierry.vignaud

Comment 6 Frédéric "LpSolit" Buclin 2011-04-05 21:04:37 CEST
(In reply to comment #5)
> it will be done, i started to work on the templates but this ask time

I forgot if I asked you already (maybe on IRC), but do you really have so many customizations in your templates and backend code?
Comment 7 Frédéric "LpSolit" Buclin 2011-04-28 22:47:57 CEST
We released Bugzilla 4.0.1 last night.

Summary: Upgrade to Bugzilla 4.0 => Upgrade to Bugzilla 4.0.1

Comment 8 Kristoffer Grundström 2011-04-28 23:09:42 CEST
Not according to bugs.mageia.org
Comment 9 D Morgan 2011-04-28 23:12:07 CEST
for comment #8, Frédéric doesn't tell in mageia but that the last version of bugzilla is 4.0.1
Comment 10 Kristoffer Grundström 2011-04-28 23:16:10 CEST
http://bugs.mageia.org says: version 3.6.4
Comment 11 Frédéric "LpSolit" Buclin 2011-04-28 23:17:59 CEST
bugs.mageia.org runs 3.6.4, yes. And this bug is about upgrading bugs.mageia.org to 4.0.1, which has been released last night: http://www.bugzilla.org/news/#release401. I used "we" in comment 7 because I'm in the team which released it. :)
Comment 12 D Morgan 2011-05-17 15:26:26 CEST
*** Bug 1040 has been marked as a duplicate of this bug. ***
Comment 13 Damien Lallement 2011-05-20 14:58:08 CEST
*** Bug 1356 has been marked as a duplicate of this bug. ***
Comment 14 Marcello Anni 2011-06-26 16:33:16 CEST
when is planned the switch to the new bugzilla? i think it can have an important role about the improving of the distro quality and stability. thanks


cheers,
Marcello
Michael Scherer 2011-06-26 20:11:28 CEST

Blocks: (none) => 42

Michael Scherer 2011-06-26 20:11:43 CEST

Blocks: (none) => 166

Comment 15 Frédéric "LpSolit" Buclin 2011-08-05 12:03:48 CEST
4.0.2 has been released last night. It includes several security fixes.

Summary: Upgrade to Bugzilla 4.0.1 => Upgrade to Bugzilla 4.0.2

Frédéric "LpSolit" Buclin 2011-08-29 18:16:41 CEST

Blocks: (none) => 2360

Comment 16 Marja Van Waes 2011-10-10 19:52:22 CEST
Frédéric said today that he is focused on bugs blocking the release of Bugzilla 4.2.

@ D Morgan
Any news about the upgrade of Mageia Bugzilla?

CC: (none) => marja11

Comment 17 Marja Van Waes 2011-11-23 22:33:05 CET
Dear D Morgan

We can't find old bugs that were never seen by anybody else than the reporter, if the reporter comments once in a while, like in bug 1598

In Bugzilla 4.x it is possible to find those bugs by using the following search string (kindly provided by LpSolit):

https://bugs.mageia.org/buglist.cgi?negate0=1&field0-0-0=commenter&resolution=---&query_format=advanced&type0-0-0=notequals&value0-0-0=%25reporter%25
Comment 18 Marcello Anni 2011-12-23 21:57:45 CET
news? i think this is a extremely useful improvement necessary to debug at the best mageia 2 development process.
Comment 19 D Morgan 2011-12-23 22:08:22 CET
i am working on it, and i am trying to prepare a test server to test migration before having it in "poduction".


i hope to finish soon ( maybe a new year gift ( or almost ) )
Comment 20 Marja Van Waes 2011-12-23 22:34:27 CET
(In reply to comment #19)
> i am working on it, and i am trying to prepare a test server to test migration
> before having it in "poduction".
> 
> 
> i hope to finish soon ( maybe a new year gift ( or almost ) )

[22:32] <Sophie> dmorgan (Mageia) maintains 1120 rpms

Dexter, I don't understand where you find the time to work on it, but this makes me very, very happy.

Thanks a lot!
Comment 21 Marcello Anni 2011-12-24 16:01:58 CET
thank you Dexter!! i'm looking for the new year's gift :-P

cheers,
Marcello
Comment 22 Frédéric "LpSolit" Buclin 2011-12-29 11:49:56 CET
We released Bugzilla 4.0.3 last night, with two more security fixes. We also released Bugzilla 4.2rc1. Maybe you could jump to it directly?

Summary: Upgrade to Bugzilla 4.0.2 => Upgrade to Bugzilla 4.0.3

Comment 23 D Morgan 2011-12-29 12:30:12 CET
our templates will be compatible ?
Marja Van Waes 2012-01-13 22:13:08 CET

Blocks: (none) => 912

Frédéric "LpSolit" Buclin 2012-01-20 20:05:58 CET

Blocks: (none) => 1868

Comment 24 Frédéric "LpSolit" Buclin 2012-01-20 20:06:27 CET
(In reply to comment #23)
> our templates will be compatible ?

Which templates?
Comment 25 Frédéric "LpSolit" Buclin 2012-01-29 18:08:28 CET
We are going to release Bugzilla 4.2rc2 tomorrow. This will be our last RC before 4.2 final, which should be released mid-February. Due to all the improvements it has, including security-related improvements, you should consider upgrading to 4,2 directly (much more efficient than the 3.6 -> 4.0 -> 4.2 transition).

Summary: Upgrade to Bugzilla 4.0.3 => Upgrade to Bugzilla 4.2

Comment 26 Marja Van Waes 2012-01-29 18:20:38 CET
@ Frédéric

Great :)

I just pinged DMorgan on IRC, I hope I can point him to your question:


(In reply to comment #24)
> (In reply to comment #23)
> > our templates will be compatible ?
> 
> Which templates?

Of course, when he answers, answer it for 4.2, too :)
Comment 27 D Morgan 2012-01-29 21:45:30 CET
yes we wil go to 4.2 directly. I started a thread on mageia-sysadm to talk about how to proceed
Comment 28 Marja Van Waes 2012-03-27 05:48:01 CEST
(In reply to comment #27)
> yes we wil go to 4.2 directly. I started a thread on mageia-sysadm to talk
> about how to proceed

Now that the urge to update the forum software has fallen away (because there are no missed security updates, see https://www.mageia.org/pipermail/mageia-sysadm/2012-March/004328.html):

Can upgrading bugzilla please get a higher priority than updating the forum software? There are security updates our bugzilla missed, as mentioned by Frédéric, from Bugzilla upstream, in comment 15 and comment 22

Besides, being able to find the bugs described in comment 17, would help the work of the Bug Squad :)

CC: (none) => mageia-sysadm

Marja Van Waes 2012-03-27 07:26:11 CEST

Keywords: (none) => Security
Severity: enhancement => normal

Marja Van Waes 2012-03-30 09:15:31 CEST

CC: mageia-sysadm => (none)

Comment 29 Marja Van Waes 2012-04-23 07:01:09 CEST
Just to have it documented here, too:

https://bugs.mageia.org/show_bug.cgi?id=3879#c26

(In reply to https://bugs.mageia.org/show_bug.cgi?id=3879#c5)
> we should simplify the user work, we shouldn't assume that user automatically
> searchs for duplicates, it is a problem of the project contributors that can be
> resolved manually or automatically (as for firefox, that before the filling of
> the bug, shows similar bugs).

If Mageia was running Bugzilla 4.0 or 4.2, you would get this feature for free
(i.e. the automatic search for duplicates). But as long as you run 3.6, this
won't happen.
Frédéric "LpSolit" Buclin 2012-04-29 15:04:15 CEST

Blocks: (none) => 4482

Comment 30 Marcello Anni 2012-05-27 11:50:37 CEST
is it possible to implement bugzilla 4 soon? now that mageia 2 is ready and cauldron will open again, we could have the feature that allows to handle bugs that affect different version of the distro, without dulpicating them manually. 

cheers,
Marcello
Comment 31 Nicolas Vigier 2012-05-27 12:06:15 CEST
It is in TODO list.

CC: (none) => boklm

Manuel Hiebel 2012-06-05 13:07:19 CEST

Blocks: (none) => 6340

Comment 32 Marcello Anni 2012-07-25 14:00:08 CEST
news? i've just seen https://bugs.kde.org/ it's impressive the difference between our bugzilla tracker and their. is there a lack of manpower? i see even more packagers coming, but it seems that real developers and web-designers are lacking...


cheers,
Marcello
Comment 33 Frédéric "LpSolit" Buclin 2012-07-26 00:01:44 CEST
I don't think it's related to a lack of manpower, see the thread at:

https://www.mageia.org/pipermail/mageia-sysadm/2012-June/004473.html
Frédéric "LpSolit" Buclin 2012-08-02 13:21:01 CEST

Depends on: (none) => 6093

Comment 34 Marcello Anni 2012-08-14 13:15:36 CEST
so, are you becoming the new bugzilla maintainer? thanks for your efforts in mageia, i'm sure you'll do a great work...


cheers,
Marcello
Comment 35 Frédéric "LpSolit" Buclin 2012-08-14 14:29:54 CEST
No, I'm not. I disagreed with the way they wanted to manage Bugzilla, and so dmorgan remains the maintainer.
Comment 36 Marcello Anni 2012-08-14 14:39:12 CEST
and I add, bugzilla remains unmaintained. thank you guys
Comment 37 Nicolas Vigier 2012-08-14 15:36:01 CEST
(In reply to comment #36)
> and I add, bugzilla remains unmaintained. thank you guys

If you can't be bothered to do anything useful for mageia, could you at least refrain from posting such useless comments ?
Comment 38 Marcello Anni 2012-08-16 21:33:21 CEST
i'm not bothered to do anything useful for mageia, simply i don't have technical skills to do this and, proper for this reason, i can't understand why a person who is willing to do it and has excellents skills for this, he's not allowed while is clear that D.Morgan hasn't enough time free to do this... i simply can't understand the reasons, and the fact that i'm not directely involved in the development of the distro doesn't mean i can criticize some aspects i do not like it.


cheers,
Marcello
Comment 39 Romain d'Alverny 2012-08-16 21:42:38 CEST
(In reply to comment #38)
> i don't have technical skills to do this and, proper for this reason,
> i can't understand why

That's the point.

> a person who is willing to do it and has excellents skills for this, he's not
> allowed while is clear that D.Morgan hasn't enough time free to do this...

Sysadmin team has some requirements on how (at least some) systems are to be managed. Whether these requirements should evolve or not, they're not random, and you won't change them with clueless sarcasm.

> the fact that i'm not directely involved in the development
> of the distro doesn't mean i can criticize some aspects i do not like it.

Sure. But don't expect your points to have any significant weight then.

CC: (none) => rdalverny

Comment 40 Nicolas Vigier 2012-08-16 23:18:11 CEST
(In reply to comment #38)
> i'm not bothered to do anything useful for mageia, simply i don't have
> technical skills to do this and, proper for this reason, i can't understand why
> a person who is willing to do it and has excellents skills for this, he's not
> allowed while is clear that D.Morgan hasn't enough time free to do this... i
> simply can't understand the reasons, and the fact that i'm not directely
> involved in the development of the distro doesn't mean i can criticize some
> aspects i do not like it.

Why do you keep telling other people what they should do although you obviously don't know what you're talking about ?

- As far as I know the bugzilla is still working, even if not with the latest version. So it's not unmaintained contrary to what you're saying.
- The help from Frédéric is not refused. What is refused is to stop using an rpm package, with reasons already explained in the thread.
- An upgrade to bugzilla 4 is ready but needs some testing before we do it on production server. To do this we need to setup test VMs, which can also be used for bugzilla developement and testing by Frédéric or other people who want to help on bugzilla maintainance. I planned to install those VMs but I'm late. However clueless comments is not what will make it happen faster.
Comment 41 Frédéric "LpSolit" Buclin 2012-08-17 03:12:28 CEST
(In reply to comment #40)
> - As far as I know the bugzilla is still working, even if not with the latest
> version. So it's not unmaintained contrary to what you're saying.

I don't see how "is still working" = "it's not unmaintained". Did you ever look at the security advisories? http://www.bugzilla.org/security/. There are currently 13 relevant security advisories which affect Bugzilla 3.6.4, the version you are running. Talking about the 3.6 branch only, you are 6 releases behind, the current release being 3.6.10.
Comment 42 Marcello Anni 2012-08-17 11:09:22 CEST
in reply to comment #40:

because maybe i don't know what we're talking about, but i'm sure frederic does. i consider this situation very linear:

- bugzilla is unmaintained (see comment #41) since the start of mageia - no matter why, simply it is

- frederic asked to maintain bugzilla; he has excellent technical skills, he's directely involved in the project and, overall, he wants to keep our bugzilla updated, secure and full-working

- sysadmins assign this task to frederic, and is up to him to choose how to manage his work, the important thing is that the objectives get reached

- FINAL result: one more contributor, minor workload to other contributors, bugzilla stable, updated and secure. I don't see the problems, it's you that are creating problems that have never been


cheers,
Marcello
Comment 43 Sander Lepik 2012-08-17 11:32:15 CEST
(In reply to comment #42)
> in reply to comment #40:
> 
> because maybe i don't know what we're talking about, but i'm sure frederic
> does. i consider this situation very linear:
> 
> - bugzilla is unmaintained (see comment #41) since the start of mageia - no
> matter why, simply it is
> 
> - frederic asked to maintain bugzilla; he has excellent technical skills, he's
> directely involved in the project and, overall, he wants to keep our bugzilla
> updated, secure and full-working
> 
> - sysadmins assign this task to frederic, and is up to him to choose how to
> manage his work, the important thing is that the objectives get reached
> 
> - FINAL result: one more contributor, minor workload to other contributors,
> bugzilla stable, updated and secure. I don't see the problems, it's you that
> are creating problems that have never been

I can see you are a superb sysadmin and know how things work for Mageia?

Frédéric wants to use version control to keep it up-to-date. But this doesn't quite work with the puppet + rpm setup. If you don't know how things work and why it's complicated then you should not comment on it with such attitude.

There are good reasons to keep bugzilla rpm-based. Yes, it might be unmaintained thanks to it but this is how things are today. If you want things to change then actually start doing something.. talking doesn't help much here..

CC: (none) => sander.lepik

Comment 44 Romain d'Alverny 2012-08-17 11:41:05 CEST
(In reply to comment #43)
> Frédéric wants to use version control to keep it up-to-date. But this doesn't
> quite work with the puppet + rpm setup.

But maybe it should be rethought if the puppet + rpm setup is the only and true way to do things there (for instance, it's not how we manage several of our websites).

I know why we went this way to keep things manageable and stable at a lower cost for sysadmin, but if that puts too heavy a burden on developer/contributor side to do anything in a timely manner, we need to acknowledge that it's not satisfying and productive (call that a barrier to contribute/progress).

Or, to setup an "experimental" area where contributors can setup and maintain services for Mageia.org, without the same framework, and see how it goes.
Comment 45 Nicolas Vigier 2012-08-17 11:49:18 CEST
puppet + rpm is not what is delaying the update. Using version control does not remove the need to test the upgrade in a VM before applying it.

By the way we are now using version 3.6.10.
Comment 46 Frédéric "LpSolit" Buclin 2012-08-17 12:36:33 CEST
(In reply to comment #45)
> By the way we are now using version 3.6.10.

Thanks! 10+ security vulnerabilities cleared at once!
Comment 47 Marcello Anni 2012-09-02 15:21:27 CEST
in reply to comment #45

are you saying that what is delaying the update is the test in a VM? if it isn't a difficult task i'm volunteering to test the upgrade.
Marcello Anni 2012-12-26 12:44:32 CET

Blocks: (none) => 8500

Comment 48 Marcello Anni 2012-12-26 12:45:29 CET
news?
Comment 49 Manuel Hiebel 2012-12-26 12:48:39 CET
please
Comment 50 Thierry Vignaud 2012-12-26 14:07:06 CET
Someone needs to step up and offers help on sysadmin ml
Comment 51 Marja Van Waes 2013-02-16 21:25:40 CET
if anyone finds time, please upgrade to version 4.2.4 (or better, if time has passed)

See bug 9088

Summary: Upgrade to Bugzilla 4.2 => Upgrade to Bugzilla 4.2.4

Marja Van Waes 2013-02-16 21:26:45 CET

URL: (none) => http://www.bugzilla.org/security/3.6.11/

Comment 52 Frédéric "LpSolit" Buclin 2013-02-16 22:36:31 CET
We are going to release Bugzilla 4.2.5 next week, which fixes one security bug discovered today. I'm already updating the URL to the new security advisory, despite it will only be accessible next week.

URL: http://www.bugzilla.org/security/3.6.11/ => http://www.bugzilla.org/security/3.6.12
Summary: Upgrade to Bugzilla 4.2.4 => Upgrade to Bugzilla 4.2.5

Comment 53 Manuel Hiebel 2013-02-20 18:29:48 CET
we are now on bugzilla 4.4rc, thanks dmorgan

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 54 Frédéric "LpSolit" Buclin 2013-02-20 18:33:44 CET
Yay!

Status: RESOLVED => VERIFIED
Summary: Upgrade to Bugzilla 4.2.5 => Upgrade to Bugzilla 4.4rc2

Frédéric "LpSolit" Buclin 2013-02-20 19:28:44 CET

Blocks: (none) => 9130

Frédéric "LpSolit" Buclin 2013-02-20 19:40:51 CET

Blocks: (none) => 9132

Comment 55 Marja Van Waes 2013-02-20 19:51:41 CET
we don't use VERIFIED status

Status: VERIFIED => RESOLVED

Comment 56 Frédéric "LpSolit" Buclin 2013-02-20 19:53:13 CET
(In reply to Marja van Waes from comment #55)
> we don't use VERIFIED status

So remove it from the workflow. :)
Manuel Hiebel 2013-02-20 19:56:13 CET

Blocks: (none) => 9133

Manuel Hiebel 2013-02-21 01:38:06 CET

Depends on: (none) => 9144

Frédéric "LpSolit" Buclin 2013-02-24 21:56:12 CET

Blocks: (none) => 9144
Depends on: 9144 => (none)

Nicolas Vigier 2014-05-08 18:06:06 CEST

CC: boklm => (none)

Comment 57 Frédéric "LpSolit" Buclin 2017-04-15 15:06:09 CEST
.

Note You need to log in before you can comment on or make changes to this bug.