Freeze exception request for gforge 4.7~rc2-6

To: debian-release@lists.debian.org
Subject: Freeze exception request for gforge 4.7~rc2-6
From: Roland Mas <lolando@debian.org>
Date: Sat, 15 Nov 2008 20:28:40 +0100
Message-id: <87skpszt3r.fsf@mirexpress.internal.placard.fr.eu.org>
Hi release team,

  I would like to request a freeze exception for the gforge package.
Version currently in lenny is 4.7~rc2-5, and 4.7~rc2-6 has been
uploaded to unstable to close bug #504758.  A binary package was only
used to ship code but didn't make it functional since I couldn't
ensure it would work with the Debian standards of quality, and it
contained local copies of PHP libraries that were likely to have
security holes.  That package was never part of a stable release, so I
guess it's mostly okay to remove it (the security team seems to agree,
see http://lists.debian.org/debian-devel/2008/11/msg00170.html).  No
other changes, debdiff follows.

,----
| diff -u gforge-4.7~rc2/debian/changelog gforge-4.7~rc2/debian/changelog
| --- gforge-4.7~rc2/debian/changelog
| +++ gforge-4.7~rc2/debian/changelog
| @@ -1,3 +1,12 @@
| +gforge (4.7~rc2-6) unstable; urgency=high
| +
| +  * Removed gforge-plugins-extra binary package (closes: #504758).  I
| +    can't promise to do security support for it, and it's quite
| +    susceptible to security holes since it ships local copies of PHP
| +    libraries.
| +
| + -- Roland Mas <lolando@debian.org>  Sat, 15 Nov 2008 20:06:46 +0100
| +
|  gforge (4.7~rc2-5) unstable; urgency=high
|  
|    * Fix several SQL injection vulnerabilities due to insufficient input
| diff -u gforge-4.7~rc2/debian/control gforge-4.7~rc2/debian/control
| --- gforge-4.7~rc2/debian/control
| +++ gforge-4.7~rc2/debian/control
| @@ -37,19 +37,6 @@
|   This package contains files and programs used by several other
|   subpackages.
|  
| -Package: gforge-plugins-extra
| -Architecture: all
| -Depends: gforge-common, php5-cli, python, python-subversion, libphp-snoopy, fckeditor
| -Conflicts: sourceforge, gforge-plugin-scmccase
| -Description: collaborative development tool - extra plugins
| - GForge provides many tools to aid collaboration in a
| - development project, such as bug-tracking, task management,
| - mailing-lists, SCM repository, forums, support request helper,
| - web/FTP hosting, release management, etc. All these services are
| - integrated into one web site and managed through a web interface.
| - .
| - This package contains a set of various plugins.
| -
|  Package: gforge-web-apache2
|  Architecture: all
|  Depends: gforge-common, gforge-db-postgresql | gforge-db, libapache2-mod-php5, php5-cgi, php5-pgsql, php5-gd, perl, perl-suid, libdbi-perl, libdbd-pg-perl, debianutils (>= 1.7), debconf (>= 1.0.32) | debconf-2.0, ucf, cronolog, python, ssl-cert
| diff -u gforge-4.7~rc2/debian/rules gforge-4.7~rc2/debian/rules
| --- gforge-4.7~rc2/debian/rules
| +++ gforge-4.7~rc2/debian/rules
| @@ -65,37 +65,6 @@
|  	# gforge
|  	# (gforge is a meta-package and needs no files)
|  
| -	# gforge-plugins-extra
| -	cp -r plugins $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/
| -	cp -r $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/*/etc/* $(CURDIR)/debian/gforge-plugins-extra/etc/gforge/
| -	rm -rf $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/*/etc/*
| -	rm -rf $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/*/debian
| -	# ln -s /var/lib/gforge/www/plugins $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/www
| -	chown www-data:www-data $(CURDIR)/debian/gforge-plugins-extra/var/lib/gforge/www/plugins
| -	chmod 755 $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/*/sbin/*
| -	chmod 755 $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/*/bin/*
| -	rm -f $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/*/COPYING
| -	# cvstracker plugin
| -	chmod +x $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/svntracker/postcommit.example
| -	# webcalendar plugin
| -	mv $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/webcalendar/www/includes/settings.php \
| -		$(CURDIR)/debian/gforge-plugins-extra/var/lib/gforge/www/plugins/webcalendar/www/includes
| -	chown www-data $(CURDIR)/debian/gforge-plugins-extra/var/lib/gforge/www/plugins/webcalendar/www/includes/settings.php
| -	chmod 600 $(CURDIR)/debian/gforge-plugins-extra/var/lib/gforge/www/plugins/webcalendar/www/includes/settings.php
| -	chmod 755 $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/webcalendar/www/tools/send_reminders.php
| -	chmod 755 $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/quota_management/cronjobs/quota_update.pl
| -	ln -s /var/lib/gforge/www/plugins/webcalendar/www/includes/settings.php \
| -		$(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/webcalendar/www/includes/settings.php
| -	chmod +x $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/webcalendar/www/tools/*.pl
| -
| -	# Remove files that are in other packages
| -	rm -r $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/scmcvs/
| -	rm -r $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/scmsvn/
| -	rm -r $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/mediawiki/
| -	rm $(CURDIR)/debian/gforge-plugins-extra/etc/gforge/httpd.d/03mediawiki
| -	rm -rf $(CURDIR)/debian/gforge-plugins-extra/etc/gforge/plugins/scmcvs/
| -	rm -rf $(CURDIR)/debian/gforge-plugins-extra/etc/gforge/plugins/scmsvn/
| -
|  	# gforge-plugin-scmcvs
|  	install -m 755 deb-specific/install-cvs.sh     $(CURDIR)/debian/gforge-plugin-scmcvs/usr/lib/gforge/plugins/scmcvs/bin/
|  	install -m 755 deb-specific/update-user-group-ssh.sh $(CURDIR)/debian/gforge-plugin-scmcvs/usr/lib/gforge/plugins/scmcvs/bin/
| @@ -275,12 +244,6 @@
|  	# Remove Snoopy class from binary packages (provided by libphp-snoopy)
|  	for i in $(addprefix $(CURDIR)/debian/,$(shell dh_listpackages)) ; do find $$i -name Snoopy.class.php | xargs rm -rf ; done
|  
| -	# Remove FCKeditor class from binary packages (provided by fckeditor)
| -	rm -rf $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/plugins/fckeditor/www/*
| -	# ...and add GForge-specific config
| -	mkdir -p $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/www/plugins/fckeditor/
| -	cp deb-specific/fckeditor/config.js $(CURDIR)/debian/gforge-plugins-extra/usr/share/gforge/www/plugins/fckeditor/
| -
|  	# Remove potential SCM artefacts from binary packages
|  	for i in $(addprefix $(CURDIR)/debian/,$(shell dh_listpackages)) ; do find $$i -name .svn -or -name {arch} -or -name .arch-ids -or -name .bzr -or -name .cvsignore | xargs rm -rf ; done
|  	# Also remove uuencoded files
| reverted:
| --- gforge-4.7~rc2/debian/gforge-plugins-extra.dirs
| +++ gforge-4.7~rc2.orig/debian/gforge-plugins-extra.dirs
| @@ -1,13 +0,0 @@
| -etc/gforge
| -etc/gforge/plugins
| -usr/share/doc/gforge-plugins-extra
| -usr/share/gforge/etc/httpd.d
| -usr/share/gforge/etc/local.d
| -usr/share/gforge/etc/templates
| -usr/share/gforge/plugins
| -usr/share/gforge/www/include
| -usr/share/gforge/www/plugins/fckeditor/www
| -var/lib/gforge/etc
| -var/lib/gforge/etc/templates
| -var/lib/gforge/www/plugins
| -var/lib/gforge/www/plugins/webcalendar/www/includes
`----

  Thanks,

Roland.
-- 
Roland Mas

You can't second-guess ineffability, I always say.
  -- Aziraphale, in Good Omens (Terry Pratchett and Neil Gaiman)
Reply to:
Follow-Ups:
- Re: Freeze exception request for gforge 4.7~rc2-6
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>
Prev by Date: Re: Bug#503859: ExtensionClass completely broken with python 2.5
Next by Date: Unblock request for typo3-dummy
Previous by thread: Re: freeze exception for xorg-server
Next by thread: Re: Freeze exception request for gforge 4.7~rc2-6
Index(es):
- Date
- Thread