Bug#693123: unblock: rt-authen-externalauth/0.10-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#693123: unblock: rt-authen-externalauth/0.10-3
From: Tom Jampen <tom@cryptography.ch>
Date: Tue, 13 Nov 2012 12:06:24 +0100
Message-id: <[🔎] 50A229B0.8080208@cryptography.ch>
Reply-to: Tom Jampen <tom@cryptography.ch>, 693123@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package rt-authen-externalauth in order to ensure compatibility
with request-tracker4/4.0.7-2:

rt-authen-externalauth (0.10-3) unstable; urgency=low

  * Adding patch from Thomas Sibley <trs@bestpractical.com> to redirect
    correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
    (Closes: #691783).
  * Adding postinst script for clearing the mason cache after configuring
    the package.
  * Fixing incorrect line wrap in previous changelog entry.

 -- Tom Jampen <tom@cryptography.ch>  Thu, 08 Nov 2012 07:37:05 +0100

Thanks
Tom

diff -Nru rt-authen-externalauth-0.10/debian/changelog rt-authen-externalauth-0.10/debian/changelog
--- rt-authen-externalauth-0.10/debian/changelog	2012-08-20 10:49:19.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/changelog	2012-11-08 09:08:49.000000000 +0100
@@ -1,8 +1,19 @@
+rt-authen-externalauth (0.10-3) unstable; urgency=low
+
+  * Adding patch from Thomas Sibley <trs@bestpractical.com> to redirect
+    correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+    (Closes: #691783).
+  * Adding postinst script for clearing the mason cache after configuring
+    the package.
+  * Fixing incorrect line wrap in previous changelog entry.
+
+ -- Tom Jampen <tom@cryptography.ch>  Thu, 08 Nov 2012 07:37:05 +0100
+
 rt-authen-externalauth (0.10-2) unstable; urgency=low
 
   * Fixing typos in README.Debian.
-  * Adding patch from Alex Vandiver <alex@chmrr.net> to fix privilege escalation
-    bug (Closes: #683288).
+  * Adding patch from Alex Vandiver <alex@chmrr.net> to fix privilege
+    escalation bug (Closes: #683288).
 
  -- Tom Jampen <tom@cryptography.ch>  Thu, 10 Aug 2012 21:53:49 +0200
 
diff -Nru rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
--- rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch	1970-01-01 01:00:00.000000000 +0100
+++ rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch	2012-11-07 18:45:09.000000000 +0100
@@ -0,0 +1,20 @@
+Author: Thomas Sibley <trs@bestpractical.com>
+Description:
+ Redirect correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+ .
+ The NextPage session stash started storing hashrefs instead of strings.
+ This manifested as redirects to /HASH(0xDEADBEEF) instead of the proper
+ destination.  Older and unpatched RTs will continue to work correctly
+ due to the "if ref $next" check.
+
+diff -Naurp a/html/Callbacks/ExternalAuth/autohandler/Session b/html/Callbacks/ExternalAuth/autohandler/Session
+--- a/html/Callbacks/ExternalAuth/autohandler/Session	2012-10-30 13:01:56.611512695 +0100
++++ b/html/Callbacks/ExternalAuth/autohandler/Session	2012-10-30 18:12:18.663173646 +0100
+@@ -7,6 +7,7 @@ if (   $m->request_comp->path eq '/NoAut
+     && $ARGS{next} )
+ {
+     my $next = delete $session{'NextPage'}->{ $ARGS{'next'} };
++       $next = $next->{'url'} if ref $next;
+     RT::Interface::Web::Redirect( $next || RT->Config->Get('WebURL') );
+ }
+ </%init>
diff -Nru rt-authen-externalauth-0.10/debian/patches/series rt-authen-externalauth-0.10/debian/patches/series
--- rt-authen-externalauth-0.10/debian/patches/series	2012-08-20 10:34:00.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/patches/series	2012-11-07 18:45:09.000000000 +0100
@@ -1,2 +1,3 @@
 01-fix-plugindir.patch
 02-privilege-escalation.patch
+03-rt4-security-fix-compatibility.patch
diff -Nru rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
--- rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst	1970-01-01 01:00:00.000000000 +0100
+++ rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst	2012-11-08 09:07:59.000000000 +0100
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+	configure)
+		# clear mason cache
+		rm -rf /var/cache/request-tracker4/mason_data/obj/*
+		;;
+	abort-upgrade|abort-remove|abort-deconfigure)
+
+		;;
+	*)
+		echo "postinst called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0

Reply to:

Follow-Ups:
- Bug#693123: unblock: rt-authen-externalauth/0.10-3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#693123: unblock: rt-authen-externalauth/0.10-3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Fixing Debian bug #685251 for the ryu plugin in Openstack
Next by Date: Bug#693123: unblock: rt-authen-externalauth/0.10-3
Previous by thread: Bug#693111: marked as done (unblock: libxml-stream-perl/1.23-2)
Next by thread: Bug#693123: unblock: rt-authen-externalauth/0.10-3
Index(es):
- Date
- Thread