[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Regression fix for roundup (#523516)

I prepared a fix for the roundup regression that was introduced by a security
update. A member of the security team suggested I use p-u for this:

----- Forwarded message from Nico Golde <nico@ngolde.de> -----

Date: Tue, 8 Dec 2009 13:20:01 +0100
From: Nico Golde <nico@ngolde.de>
To: Maximilian Gass <mxey@ghosthacking.net>
Cc: team@security.debian.org
Subject: Re: Regression fix for roundup (#523516)
Message-ID: <20091208122001.GC27383@ngolde.de>

Hi,
* Maximilian Gass <mxey@ghosthacking.net> [2009-12-01 15:05]:
> Since the security update 1.4.4-4+lenny1, pagination in the Roundup issue
> tracker has been broken, described in #523516.
> 
> This bug has been fixed in unstable by the maintainer, but I believe this
> regression is serious enough to warrant fixing it via stable-security.
> 
> Sebastian Harl has provided a patch that fixes the regression. Several people
> have reported in the bug report that this patch works. I have been running a
> production Roundup using it for a while now, so has a friend of mine. Neither of
> us has experienced problems.
> 
> Without this patch, a Roundup installation is much less usable!
[...]
Could you please go through -proposed-updates to fix this?

----- End forwarded message -----

I have attached the source package diff for your review. If this is okay, I will
look for a sponsor to upload it to stable-proposed-updates.

diff --git a/debian/changelog b/debian/changelog
index a80c14b..81cbbb9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+roundup (1.4.4-4+lenny1.1) stable; urgency=high
+
+  * Non-maintainer upload
+  * Fix pagination broken by security fix. Patch by Sebastian Harl (closes:
+    #523516)
+
+ -- Maximilian Gass <mxey@cloudconnected.org>  Tue, 01 Dec 2009 13:29:55 +0100
+
 roundup (1.4.4-4+lenny1) stable-security; urgency=high
 
   * fix EditCSVAction and other security issues (closes: #518768)
diff --git a/debian/patches/19_bogus_pagination_request.dpatch b/debian/patches/19_bogus_pagination_request.dpatch
index 8a22d86..dc680c4 100644
--- a/debian/patches/19_bogus_pagination_request.dpatch
+++ b/debian/patches/19_bogus_pagination_request.dpatch
@@ -27,7 +27,7 @@ diff -urNad roundup-1.4.4~/roundup/cgi/templating.py roundup-1.4.4/roundup/cgi/t
                  self.special_char = name[0]
 -                self.startwith = int(self.form[name].value)
 +                try:
-+                    self.pagesize = int(self.form.getfirst(name))
++                    self.startwith = int(self.form.getfirst(name))
 +                except ValueError:
 +                    # Not an integer. XXX report to user somehow?
 +                    pass

Attachment: signature.asc
Description: Digital signature

Reply to: