Patch by Adam Kennedy <bugzilla@ali.as>
r= justdave x2

Patch by Myk Melez <myk@mozilla.org>.
r=gerv@mozilla.org,jake@acutex.net

Also fixes seeing bugs in the buglist (bug 95024), dependancy lists,
tooltips, duplicates, and everywhere else I could see which checked group
bugs.groupset == 0.

Also fxed bug 101560, by clearing BASH_ENV

r=myk,justdave

Fix for bug 84338: initial implementation of attachment tracker, which lets users flag attachments with statuses.
Patch by Myk Melez <myk@mozilla.org>
r=justdave@syndicomm.com

Fix for bug 95731: "INSERT INTO shadowlog" failed because "Table 'shadowlog' not locked", fixed typo in lock tables command.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com

Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.
Patch by Dave Miller <justdave@syndicomm.com>
r= myk@mozilla.org

Fix for bug 77473, bug 74032, and bug 85472: Passwords are no longer stored in plaintext in the database.  Passwords are no longer encrypted with MySQL's ENCRYPT() function (because it doesn't work on some installs), but with Perl's crypt() function.  The crypt-related routines now properly deal with salts so that they work on systems that use methods other than UNIX crypt to crypt the passwords (such as MD5).  Checksetup.pl will walk through your database and re-crypt everyone's passwords based on the plaintext password entry, then drop the plaintext password column.  As a consequence of no longer having a plaintext password, it is no longer possible to email someone their password, so the login screen has been changed to request a password reset instead.  The user is emailed a temporary identifying token, with a link back to Bugzilla.  They click on the link or paste it into their browser and Bugzilla allows them to change their password.
Patch by Myk Melez <myk@mozilla.org>
r= justdave@syndicomm.com, jake@acutex.net

patch submitted by rufus@nonstuff.de (Rufus)
call QuoteXMLChars on bug_file_loc and attachment desc

logged in yet.  Thanks to luke_harless@attglobal.net for discovering this
one.

add whoid usergroupset comment query to bug data fields
add AppendComment function
add CanChangeField function to check if a person can change a field
add display() for quick dumps of the bug
add Collision to check for midair collisions before changing a bug
added a stub function for changing a bug in the database
init_bug will now take either a userid or an e-mail address as a valid parameter

contributed by dave@intrec.com (Dave Miller)

experimental: Not part of normal bugzilla distibution. Bug.pm creates a bug object and provides methods for getting and setting attributes and for printing out the bug as xml. xml.cgi prompts for a list of bugs and displays the list as html. xml.cgi replaces export_bug.cgi