Bugzilla Project Updates

As you know, we’re working on two fronts in Bugzilla Development:

A quality-of-life release (5.2) which includes support for utf8mb4,

MySQL 8 compatibility, and compatibility with the latest versions of perl.

A feature-packed release (6.0) which includes the UX/UI from bugzilla.mozilla.org, based on mojolicious.

The 5.2 Update

At the behest of justdave I’ve focused my attention on the quality of life release (5.2). I had desired to be able to release that this week, but this has fallen short because of unforeseen complications.

Here’s a list of things that are ready in the 5.2 branch:

  • MySQL 8 regexp compatibility (it turns out our default emailregexp wasn’t compatible with MySQL 8)
  • SQLite works again (sqlite was broken and is untested in the 5.2 branch)
  • Fixing Safe.pm bug in latest perl (the latest perl has a bug with Safe and Bugzilla must work around it)
  • checksetup.pl completes and large parts of the code work on MySQL 8

The problems remaining are that it is there are many places where snippets of sql are generated and it is non-obvious where and when to quote them. There are cases where an ORDER BYmust be quoted, for instance.

Because the patch set to quote all occurrences of is already quite large, I began exploring a more comprehensive fix on February 3rd. This approach is promising, and may result in a bit of reusable code useful to other Perl applications that have forbidden column or table names that used to work.

At the time of writing, I have written a mysql expression parser that can handle nearly every SQL expression used in Bugzilla. It takes a SQL expression and then quotes all column and table references. While the parser is over 300 lines, it means the overall patch is localized to one new file and a minor change to Bugzilla::DB. I hope to finish the parser this week, and have the patch in review over the weekend (Feb 8/Feb 9).

The 6.0 Update

Since the last meeting, I came up with this (rough) release plan. I’m working on the second version of this, but the gist here is very accurate. We know the “6.0” release will work, because we know bugzilla.mozilla.org works every day. 🙂

  • Delete Mozilla-specific code and branding
    • The Mozilla logo
    • Make it so nobody@mozilla.org is not hard-coded anywhere
    • Remove the Bugzilla::Report::* classes as those are specific reporting features of BMO that
  • Ensure a migration (schema migration) is possible from 5.0 to 6.0.
    • This is mainly a matter of reversing the “multiple aliases” support that was added in 5.0 but is not going to be present in 6.0.
    • There are complications involving the db schema and how email works that are TBD
  • If possible, some dependencies that are difficult to package (or not maintained well) must be dropped.
    • Mostly this is Data::Password::passwdqc.
    • As we will not add new features, this means forgoing password complexity checks which is actually a good thing as passwdqc rejects perfectly fine randomly generated passwords and people hate it.
  • Validate that we can run against PostgreSQL

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1541303] Default component bug type is not set as expected; enhancement severity is still used for existing bugs
  • [1543760] When cloning a bug, the bug is added to ‘Regressed by’ of the new bug
  • [1543718] Obsolete attachments should have a strikethrough
  • [1543798] Do not treat email addresses with invalid.bugs as unassigned when displaying bugs
  • [1544304] Wrong escaping of quotes in attachment titles.
  • [1541555] Add facility for requiring an API Key to always come from the same IP address
  • [1545295] socorro lens chart for crash statistics blocked by CSP (Blocked by Content Security Policy)
  • [1543163] Make Toolkit :: Blocklist Policy Request component private by default
  • [1545269] Request for Bug Dependency Graphs return a 404

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1523317] Exclude Graveyard products from QuickSearch results
  • [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
  • [1524213] phabricator revisions list on bug page has extra / in the revision link
  • [1523404] Cannot clear all scopes when editing an oauth2 client. Throws DB error
  • [1525308] Custom Bug Entry Form for Blocklist Policy Requests
  • [1525451] Update triage owner report defaults
  • [1524158] markdown generated by approval comment form could be improved
  • [1525808] Remove CC changes from activity stream
  • [1476111] Enable syntax highlighting in comment code blocks
  • [1528334] Adding image to main bugzilla screen for User Research
  • [1047539] Bugmails including “See Also” bug links do not include a “Referenced Bugs” section with the summary of the other bug
  • [1402894] Remove “Restrict this session to this IP” option from login page
  • [1461492] Add an optional regressed-by field in bugs
  • [1528277] Add “Has STR” and “Has Regression Range” fields for the ‘External Software Affecting Firefox’ product

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1511490] BMO’s oauth tokens should be use jwt
  • [1519782] The OrangeFactor extension should link back to Intermittent Failure View using ‘&tree=all’
  • [1523004] Sort Phabricator revisions by numeric value instead of alphabetically
  • [1523172] Advanced Search link on home page doesn’t always take me to Advanced Search
  • [1523365] Ensure all requests have the HSTS header (if configured)
  • [1433080] No longer show the template for tracking & release notes requests
  • [1522731] When you click “Update comment”, the button changes size and the “Cancel” button jumps underneath your cursor, causing momentary panic that you canceled your edit
  • [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1511261] request queue page shows ‘Bugzilla::User=HASH(…)’ instead of username
  • [1520856] “Opt out of these emails” at bottom of overdue request nagging emails doesn’t open desired page
  • [1520011] Phabbugz panel short description missing
  • [1518886] Remove outdated build plan code from PhabBugz extension used to move revisions from draft mode.
  • [1509329] Do not display revisions that have moved out of the bug, but note the move in the bug history
  • [1520533] Utilize Markdown in uplift form comments
  • [1521653] Cannot edit comments after creating or updating an attachment
  • [1518268] Re-style all markdown content, consistently
  • [1520202] Sometimes the browser can cache the wrong version of an asset
  • [1517429] Search: Filter out by default Product containing “Graveyard”
  • [1512815] Optimize Bugzilla->active_custom_fields() for CPU and memory usage
  • [1520582] Block ips of users that get too many page errors
  • [1522155] Closed bug links don’t get their strike-through

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1487171] Allow setting bug flags when creating/updating attachment with API
  • [1497077] Convert links, image/iframe sources, form actions to absolute path
  • [1469733] Fix scrolling glitch on Safari
  • [1496057] Security bugs report october update
  • [1499905] Update BMO enter bug workflow to include Data Science
  • [1370855] Add a Referrer-Policy response header
  • [1501893] Tell robots to leave the graphs alone, and leave a trap
  • [1501133] Attachment flags layout on new bug page is broken
  • [1501888] Implement Bugzilla::Util::remote_ip() in terms of Mojolicious API
  • [1502181] MockParams should set user/verify authentication classes to match production
  • [1501849] Speed up IP blocked page
  • [1502198] GitHubAuth cannot be removed from user_info_class in data/params if extension enabled or all logins will no longer work
  • [1497230] Several custom form routes are not resolved, leading to 404 page not found, including Trademark Usage Requests
  • [1502739] Disabled account doesn’t show any indication on the profile page
  • [1479535] BUGZILLA.bug_url is wrong on bug page after POSTed, Copy Summary doesn’t work as expected
  • [1501966] Security Bugs Report: Warn when there are outdated products or components in the teams list

discuss these changes on mozilla.tools.bmo.

happy bmo push day!

release tag

the following changes have been pushed to bugzilla.mozilla.org:

  • [1496803] Suggested component links ignore cloned bug data
  • [1497234] Remove Personas Plus GitHub link from Custom Bug Entry Forms index
  • [1497070] In-page links are broken due to <base href> added during Mojo migration
  • [1497437] The crash graph should display Exact Match results by default
  • [623384] Use Module::Runtime instead of eval { require } or eval “use”
  • [1496832] Add monitoring and preventative measures for feed daemon becoming unresponsive
  • [1497343] Add some rudimentary type checking to Bugzilla::WebServe::Util::validate()

discuss these changes on mozilla.tools.bmo.