[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#598655: unblock: otrs2/2.4.8+dfsg1-1



Am 15.10.2010 08:02, schrieb Luk Claes:
Please unblock package otrs2

It fixes some security relevant bugs and many other upstream bugs, no new
features or something like that.

The package already has been aged and the CVE ids it fixes are
CVE-2010-2080
and CVE-2010-3476, they are not mentioned in the changelog, because I
have uploaded
the package before I have noticed the cve id/it gets some.

The debdiff is bloated, because of a little fault of upstream, so
please use the
patches from:
http://lists.debian.org/debian-release/2010/09/msg01530.html

What fault are you talking about?

e.g. http://lists.debian.org/debian-release/2010/09/msg01296.html
"I crawled myself through the full diff and found out, that upstream
tried to update the fckeditor, but reverted the change, because it is
not working so well with newer IE and Chrome browsers and the diff
blowed up, because of whitespace changes.."

This produced a diff with > 50k lines or something like this.

I have attached a cleaned up diff of 2.4.7 => 2.4.8:
70 files changed, 1891 insertions(+), 593 deletions(-)

For fixing two CVEs and a big bunch of other errors, it is small :)
Upstream changelog:
http://lists.debian.org/debian-release/2010/09/msg01296.html


Why is fckeditor included in the package? What changes are there in the
code base of fckeditor and is that still worth not using the fckeditor
already in the archive?

Yeah that is another building site :/ I already tried to port otrs to the fckeditor version of Debian, but without success:
http://packages.debian.org/changelogs/pool/main/o/otrs2/current/changelog#versionversion2.4.5-4

I also patched out libjs-yui from otrs a few weeks ago with the consequence, that the dashboard statistics are not useable anymore.. And breaking the editor (as you can think a quite important feature) again before we release - I think this would be a bad idea.


Much thanks for taking care of otrs!

Attachment: otrs.diff.gz
Description: application/gzip


Reply to: