[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#693123: marked as done (unblock: rt-authen-externalauth/0.10-3)

Your message dated Sun, 16 Dec 2012 20:17:32 +0000
with message-id <1355689052.32176.45.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#693123: [request-tracker-maintainers] Bug#693123: unblock: rt-authen-externalauth/0.10-3
has caused the Debian Bug report #693123,
regarding unblock: rt-authen-externalauth/0.10-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
693123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693123
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package rt-authen-externalauth in order to ensure compatibility
with request-tracker4/4.0.7-2:

rt-authen-externalauth (0.10-3) unstable; urgency=low

  * Adding patch from Thomas Sibley <trs@bestpractical.com> to redirect
    correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
    (Closes: #691783).
  * Adding postinst script for clearing the mason cache after configuring
    the package.
  * Fixing incorrect line wrap in previous changelog entry.

 -- Tom Jampen <tom@cryptography.ch>  Thu, 08 Nov 2012 07:37:05 +0100

Thanks
Tom


diff -Nru rt-authen-externalauth-0.10/debian/changelog rt-authen-externalauth-0.10/debian/changelog
--- rt-authen-externalauth-0.10/debian/changelog	2012-08-20 10:49:19.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/changelog	2012-11-08 09:08:49.000000000 +0100
@@ -1,8 +1,19 @@
+rt-authen-externalauth (0.10-3) unstable; urgency=low
+
+  * Adding patch from Thomas Sibley <trs@bestpractical.com> to redirect
+    correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+    (Closes: #691783).
+  * Adding postinst script for clearing the mason cache after configuring
+    the package.
+  * Fixing incorrect line wrap in previous changelog entry.
+
+ -- Tom Jampen <tom@cryptography.ch>  Thu, 08 Nov 2012 07:37:05 +0100
+
 rt-authen-externalauth (0.10-2) unstable; urgency=low
 
   * Fixing typos in README.Debian.
-  * Adding patch from Alex Vandiver <alex@chmrr.net> to fix privilege escalation
-    bug (Closes: #683288).
+  * Adding patch from Alex Vandiver <alex@chmrr.net> to fix privilege
+    escalation bug (Closes: #683288).
 
  -- Tom Jampen <tom@cryptography.ch>  Thu, 10 Aug 2012 21:53:49 +0200
 
diff -Nru rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
--- rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch	1970-01-01 01:00:00.000000000 +0100
+++ rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch	2012-11-07 18:45:09.000000000 +0100
@@ -0,0 +1,20 @@
+Author: Thomas Sibley <trs@bestpractical.com>
+Description:
+ Redirect correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+ .
+ The NextPage session stash started storing hashrefs instead of strings.
+ This manifested as redirects to /HASH(0xDEADBEEF) instead of the proper
+ destination.  Older and unpatched RTs will continue to work correctly
+ due to the "if ref $next" check.
+
+diff -Naurp a/html/Callbacks/ExternalAuth/autohandler/Session b/html/Callbacks/ExternalAuth/autohandler/Session
+--- a/html/Callbacks/ExternalAuth/autohandler/Session	2012-10-30 13:01:56.611512695 +0100
++++ b/html/Callbacks/ExternalAuth/autohandler/Session	2012-10-30 18:12:18.663173646 +0100
+@@ -7,6 +7,7 @@ if (   $m->request_comp->path eq '/NoAut
+     && $ARGS{next} )
+ {
+     my $next = delete $session{'NextPage'}->{ $ARGS{'next'} };
++       $next = $next->{'url'} if ref $next;
+     RT::Interface::Web::Redirect( $next || RT->Config->Get('WebURL') );
+ }
+ </%init>
diff -Nru rt-authen-externalauth-0.10/debian/patches/series rt-authen-externalauth-0.10/debian/patches/series
--- rt-authen-externalauth-0.10/debian/patches/series	2012-08-20 10:34:00.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/patches/series	2012-11-07 18:45:09.000000000 +0100
@@ -1,2 +1,3 @@
 01-fix-plugindir.patch
 02-privilege-escalation.patch
+03-rt4-security-fix-compatibility.patch
diff -Nru rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
--- rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst	1970-01-01 01:00:00.000000000 +0100
+++ rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst	2012-11-08 09:07:59.000000000 +0100
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+	configure)
+		# clear mason cache
+		rm -rf /var/cache/request-tracker4/mason_data/obj/*
+		;;
+	abort-upgrade|abort-remove|abort-deconfigure)
+
+		;;
+	*)
+		echo "postinst called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0

--- End Message ---
--- Begin Message --- 
On Thu, 2012-12-06 at 20:07 +0000, Adam D. Barratt wrote:
> On Thu, 2012-12-06 at 10:01 +0100, Tom Jampen wrote:
> > So I assume, Adam, that you are ok with unblocking the next
> > rt-authen-externalauth version if I use the same solution as request-tracker4
> > does for clearing the mason cache and indicating that apache needs to be
> > restarted?
> 
> Well, there's always the alternative of not clearing the cache, which
> presumably works okay for the only other packaged extension I can see.
> Anyway... yes, it sounds okay. If you're at all worried about specifics,
> feel free to send a debdiff first.

-4 unblocked.

Regards,

Adam

--- End Message ---
Reply to: