I prepared a fix for the roundup regression that was introduced by a security update. A member of the security team suggested I use p-u for this: ----- Forwarded message from Nico Golde <nico@ngolde.de> ----- Date: Tue, 8 Dec 2009 13:20:01 +0100 From: Nico Golde <nico@ngolde.de> To: Maximilian Gass <mxey@ghosthacking.net> Cc: team@security.debian.org Subject: Re: Regression fix for roundup (#523516) Message-ID: <20091208122001.GC27383@ngolde.de> Hi, * Maximilian Gass <mxey@ghosthacking.net> [2009-12-01 15:05]: > Since the security update 1.4.4-4+lenny1, pagination in the Roundup issue > tracker has been broken, described in #523516. > > This bug has been fixed in unstable by the maintainer, but I believe this > regression is serious enough to warrant fixing it via stable-security. > > Sebastian Harl has provided a patch that fixes the regression. Several people > have reported in the bug report that this patch works. I have been running a > production Roundup using it for a while now, so has a friend of mine. Neither of > us has experienced problems. > > Without this patch, a Roundup installation is much less usable! [...] Could you please go through -proposed-updates to fix this? ----- End forwarded message ----- I have attached the source package diff for your review. If this is okay, I will look for a sponsor to upload it to stable-proposed-updates.
diff --git a/debian/changelog b/debian/changelog index a80c14b..81cbbb9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +roundup (1.4.4-4+lenny1.1) stable; urgency=high + + * Non-maintainer upload + * Fix pagination broken by security fix. Patch by Sebastian Harl (closes: + #523516) + + -- Maximilian Gass <mxey@cloudconnected.org> Tue, 01 Dec 2009 13:29:55 +0100 + roundup (1.4.4-4+lenny1) stable-security; urgency=high * fix EditCSVAction and other security issues (closes: #518768) diff --git a/debian/patches/19_bogus_pagination_request.dpatch b/debian/patches/19_bogus_pagination_request.dpatch index 8a22d86..dc680c4 100644 --- a/debian/patches/19_bogus_pagination_request.dpatch +++ b/debian/patches/19_bogus_pagination_request.dpatch @@ -27,7 +27,7 @@ diff -urNad roundup-1.4.4~/roundup/cgi/templating.py roundup-1.4.4/roundup/cgi/t self.special_char = name[0] - self.startwith = int(self.form[name].value) + try: -+ self.pagesize = int(self.form.getfirst(name)) ++ self.startwith = int(self.form.getfirst(name)) + except ValueError: + # Not an integer. XXX report to user somehow? + pass
Attachment:
signature.asc
Description: Digital signature