Am 15.10.2010 08:02, schrieb Luk Claes:
Please unblock package otrs2 It fixes some security relevant bugs and many other upstream bugs, no new features or something like that. The package already has been aged and the CVE ids it fixes areCVE-2010-2080and CVE-2010-3476, they are not mentioned in the changelog, because Ihave uploadedthe package before I have noticed the cve id/it gets some. The debdiff is bloated, because of a little fault of upstream, soplease use thepatches from: http://lists.debian.org/debian-release/2010/09/msg01530.htmlWhat fault are you talking about?
e.g. http://lists.debian.org/debian-release/2010/09/msg01296.html "I crawled myself through the full diff and found out, that upstream tried to update the fckeditor, but reverted the change, because it is not working so well with newer IE and Chrome browsers and the diff blowed up, because of whitespace changes.." This produced a diff with > 50k lines or something like this. I have attached a cleaned up diff of 2.4.7 => 2.4.8: 70 files changed, 1891 insertions(+), 593 deletions(-) For fixing two CVEs and a big bunch of other errors, it is small :) Upstream changelog: http://lists.debian.org/debian-release/2010/09/msg01296.html
Why is fckeditor included in the package? What changes are there in the code base of fckeditor and is that still worth not using the fckeditor already in the archive?
Yeah that is another building site :/ I already tried to port otrs to the fckeditor version of Debian, but without success:
http://packages.debian.org/changelogs/pool/main/o/otrs2/current/changelog#versionversion2.4.5-4I also patched out libjs-yui from otrs a few weeks ago with the consequence, that the dashboard statistics are not useable anymore.. And breaking the editor (as you can think a quite important feature) again before we release - I think this would be a bad idea.
Much thanks for taking care of otrs!