Bug#927433: stretch-pu: package gosa/2.7.4+reloaded2-13+deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear stable release team,
now that we could avoid the full backport of gosa from buster to stretch
(see #927306), the Debian Edu team would still like to introduce various
fixes for gosa to the next Debian 9 point release.
Some issues require a fix (RC / important), some are small fixes here and
there that caused people pain and have been resolved in Debian buster's
gosa.
Resorting the patches, the most critical come first:
Critical (appear often, problematic for the users):
+ + Add 1043_smarty-add-on-function-param-types.patch.
+ Fix missing password field, caused by PHP error "parameter 2 expected
+ to be a reference, value given". (Closes: #918578).
-> definitely happens in Debian buster, I have seen it once on Debian
stretch.
+ + Add 1045_dont_use_filter_caching.patch. Disable filter caching via
+ $_SESSION. The approach stores PHP object in $_SESSION; since php7.0
+ this leads to unexpected results and flawed rendering of class_management
+ based listings. (Closes: #907815).
-> issue is reproducable on Debian stretch, may be a security issue in
fact (as sort-of-random / old data gets accessed).
+ + Add 1031_no-context-loose-continues.patch.
+ Avoid stray continue expression. (Closes: #879105).
-> issue occurs on PHP7, rendering of management view gets aborted with error.
Important fixes (as they can break things when they occur):
+ + Add 1029_better-whitespace-cleanup-in-genuid.patch.
+ Prevent gen_uids() from generating UIDs containing blanks.
-> we saw login uids generated with blanks. If the pattern is
3 initial from last name, 3 from first name, and the user is
Chen Wu -> login uid: "wu che" (which is bad on POSIX).
+ + Add 1032_fix_select_acl_role.patch.
+ Use ACL from role definition: Select the correct role.
-> When returning to ACL editing and a role was used for an
ACL and there are more than one role, always the top role (not
the one configured) gets pre-selected.
+ + Add 1033_fix_unable_to_delete_acl_asignment.patch.
+ Fix removing ACLs from objects (e.g. groups).
-> self-explaining.
Really really nice to have (while at it anyway):
+ + Rebase / update 1016_allow-same-user-ids-as-adduser.patch and
+ 1026_fix-deprecated-constructor-format.patch.
-> required
+ + Add 1035_acl_override_to_allow_delete_of_group_members.patch.
+ Support member removal from groups, if someone has the right
+ to edit the group.
-> self-explaining
+ + Add 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch.
+ Propagate shadow expiry from user templates to created user objects.
-> otherwise, the user won't be able to store the shadowExpiry value.
+ + Add 1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_
+ tmplate_setting.patch. Fix date calculations for sambaKickoffTime and
+ propagation from template to created user object.
-> self-explaining
+ + Add 1040_inactive_pwd_fields_when_using_pwd_proposal.patch.
+ Disable password entry text fields when password proposal is to be used.
-> if people use the password proposal feature/hook (activatable via a
radio button), the password entry field should be disabled. Otherwise, users
are able to select the proposed password _and_ enter one of their own and
wonder, why the entered password won't work.
+ + Add 1041_ref_param_error_in_My_Parser.patch.
+ Compat fix for PHP > 5.4. Hand over real variable to function.
-> self-explaining
Cosmetic fixes (while at it anyway):
+ + Add 1030_column-header-titles-group-members.patch.
+ Fix column titles in member lists of POSIX groups.
+ + Update 1026_fix-deprecated-constructor-format.patch. Drop an unwanted
+ find+replace artefact in class_userFilter.
+ + Add 1034_remove_superfluous__get_post__call_from__save_object.patch.
+ class_sortableListing: Remove superfluous get_post() call
+ from_ save_object()
+ + Add 1036_remove_double_groupList_setEditable_setting.patch.
+ Remove duplicate setEditable() for POSIX group lists.
+ + Add 1038_shadowexpire_in_one_line.patch.
+ Show shadow expiry (esp. the calendar icon) in one line on screen (html
+ template adjustment).
light+love,
Mike
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru gosa-2.7.4+reloaded2/debian/changelog gosa-2.7.4+reloaded2/debian/changelog
--- gosa-2.7.4+reloaded2/debian/changelog 2018-07-04 09:15:17.000000000 +0200
+++ gosa-2.7.4+reloaded2/debian/changelog 2019-04-19 19:03:52.000000000 +0200
@@ -1,3 +1,57 @@
+gosa (2.7.4+reloaded2-13+deb9u2) stretch; urgency=medium
+
+ [ Mike Gabriel ]
+ * debian/patches:
+ + Add 1029_better-whitespace-cleanup-in-genuid.patch.
+ Prevent gen_uids() from generating UIDs containing blanks.
+ + Add 1030_column-header-titles-group-members.patch.
+ Fix column titles in member lists of POSIX groups.
+ + Add 1043_smarty-add-on-function-param-types.patch.
+ Fix missing password field, caused by PHP error "parameter 2 expected
+ to be a reference, value given". (Closes: #918578).
+ + Update 1026_fix-deprecated-constructor-format.patch. Drop an unwanted
+ find+replace artefact in class_userFilter.
+ + Add 1045_dont_use_filter_caching.patch. Disable filter caching via
+ $_SESSION. The approach stores PHP object in $_SESSION; since php7.0
+ this leads to unexpected results and flawed rendering of class_management
+ based listings. (Closes: #907815).
+ + Rebase / update 1016_allow-same-user-ids-as-adduser.patch and
+ 1026_fix-deprecated-constructor-format.patch.
+
+ [ Benjamin Zapiec ]
+ * debian/patches:
+ + Add 1031_no-context-loose-continues.patch.
+ Avoid stray continue expression. (Closes: #879105).
+
+ [ Christian Schwamborn ]
+ * debian/patches:
+ + Add 1032_fix_select_acl_role.patch.
+ Use ACL from role definition: Select the correct role.
+ + Add 1033_fix_unable_to_delete_acl_asignment.patch.
+ Fix removing ACLs from objects (e.g. groups).
+ + Add 1034_remove_superfluous__get_post__call_from__save_object.patch.
+ class_sortableListing: Remove superfluous get_post() call
+ from_ save_object()
+ + Add 1035_acl_override_to_allow_delete_of_group_members.patch.
+ Support member removal from groups, if someone has the right
+ to edit the group.
+ + Add 1036_remove_double_groupList_setEditable_setting.patch.
+ Remove duplicate setEditable() for POSIX group lists.
+ + Add 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch.
+ Propagate shadow expiry from user templates to created user objects.
+ + Add 1038_shadowexpire_in_one_line.patch.
+ Show shadow expiry (esp. the calendar icon) in one line on screen (html
+ template adjustment).
+ + Add 1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_
+ tmplate_setting.patch. Fix date calculations for sambaKickoffTime and
+ propagation from template to created user object.
+ + Add 1040_inactive_pwd_fields_when_using_pwd_proposal.patch.
+ Disable password entry text fields when password proposal is to be used.
+ + Add 1041_ref_param_error_in_My_Parser.patch.
+ Compat fix for PHP > 5.4. Hand over real variable to function.
+
+ -- Mike Gabriel <sunweaver@debian.org> Fri, 19 Apr 2019 19:03:52 +0200
+
gosa (2.7.4+reloaded2-13+deb9u1) stretch-security; urgency=medium
* debian/patches:
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1016_allow-same-user-ids-as-adduser.patch gosa-2.7.4+reloaded2/debian/patches/1016_allow-same-user-ids-as-adduser.patch
--- gosa-2.7.4+reloaded2/debian/patches/1016_allow-same-user-ids-as-adduser.patch 2018-07-04 09:14:21.000000000 +0200
+++ gosa-2.7.4+reloaded2/debian/patches/1016_allow-same-user-ids-as-adduser.patch 2019-04-19 19:03:52.000000000 +0200
@@ -51,18 +51,3 @@
}
if (!tests::is_url($this->labeledURI)){
$message[]= msgPool::invalid(_("Homepage"), "", "", "http://www.your-domain.com/yourname";);
---- a/fai/admin/fai/class_faiTemplateEntry.inc
-+++ b/fai/admin/fai/class_faiTemplateEntry.inc
-@@ -254,11 +254,7 @@
- if($this->group == ""){
- $message[] = msgPool::required(_("Group"));
- }elseif (!tests::is_uid($this->group)){
-- if (strict_uid_mode()){
-- $message[]= msgPool::invalid(_("Group"), $this->group, "/[a-z0-9_-]/");
-- } else {
-- $message[]= msgPool::invalid(_("Group"), $this->group, "/[a-z0-9_-]/i");
-- }
-+ $message[]= msgPool::invalid(_("Group"), $this->group, "/".get_uid_regexp()."/");
- }
-
- return ($message);
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1026_fix-deprecated-constructor-format.patch gosa-2.7.4+reloaded2/debian/patches/1026_fix-deprecated-constructor-format.patch
--- gosa-2.7.4+reloaded2/debian/patches/1026_fix-deprecated-constructor-format.patch 2018-07-04 09:14:21.000000000 +0200
+++ gosa-2.7.4+reloaded2/debian/patches/1026_fix-deprecated-constructor-format.patch 2019-04-19 19:03:52.000000000 +0200
@@ -300,390 +300,6 @@
$this->DisplayName = _("DNS service");
---- a/fai/admin/fai/class_askClassName.inc
-+++ b/fai/admin/fai/class_askClassName.inc
-@@ -13,11 +13,11 @@
- var $ClassAlreadyExists = false;
- var $parent;
-
-- function askClassName (&$config,$dn,$ui,$objectClass)
-+ function __construct(&$config,$dn,$ui,$objectClass)
- {
- $this->ui = $ui;
- $this->objectClass = $objectClass;
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
- }
-
- function execute()
---- a/fai/admin/fai/class_debconfTemplate.inc
-+++ b/fai/admin/fai/class_debconfTemplate.inc
-@@ -8,7 +8,7 @@
- var $template= array();
-
-
-- function debconf($language= "")
-+ function __construct($language= "")
- {
- $this->set_language($language);
- }
---- a/fai/admin/fai/class_faiDiskEntry.inc
-+++ b/fai/admin/fai/class_faiDiskEntry.inc
-@@ -26,9 +26,9 @@
-
- var $lvmDevices = array();
-
-- function faiDiskEntry (&$config, $dn= NULL,$parent,$disk,$type)
-+ function __construct(&$config, $dn= NULL,$parent,$disk,$type)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- // Set default attributes
- $this->parent = $parent;
---- a/fai/admin/fai/class_faiHookEntry.inc
-+++ b/fai/admin/fai/class_faiHookEntry.inc
-@@ -27,9 +27,9 @@
- var $write_protect = FALSE;
-
-
-- function faiHookEntry (&$config, $dn= NULL,$object=false)
-+ function __construct(&$config, $dn= NULL,$object=false)
- {
-- plugin::plugin ($config, NULL);
-+ plugin::__construct ($config, NULL);
- if($dn != "new"){
- $this->orig_cn= $object['cn'];
- $this->dn=$object['dn'];
---- a/fai/admin/fai/class_faiHook.inc
-+++ b/fai/admin/fai/class_faiHook.inc
-@@ -33,10 +33,10 @@
- var $FAIstate = "";
- var $ui;
-
-- function faiHook (&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- /* If "dn==new" we try to create a new entry
- * Else we must read all objects from ldap which belong to this entry.
---- a/fai/admin/fai/class_faiPackageConfiguration.inc
-+++ b/fai/admin/fai/class_faiPackageConfiguration.inc
-@@ -20,9 +20,9 @@
- @param String The release name (e.g. edge)
- @param Array The current package configuration.
- */
-- function faiPackageConfiguration (&$config, $dn= NULL,$obj,$release,$pkg_config)
-+ function __construct(&$config, $dn= NULL,$obj,$release,$pkg_config)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
- $this->obj = $obj;
- $this->release = $release;
- $this->pkg_config = $pkg_config;
---- a/fai/admin/fai/class_faiPackage.inc
-+++ b/fai/admin/fai/class_faiPackage.inc
-@@ -55,10 +55,10 @@
- "pending", "dpkgc" );
-
-
-- function faiPackage (&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- /* If "dn==new" we try to create a new entry
- * Else we must read all objects from ldap which belong to this entry.
---- a/fai/admin/fai/class_faiPartitionTableEntry.inc
-+++ b/fai/admin/fai/class_faiPartitionTableEntry.inc
-@@ -16,9 +16,9 @@
- var $old_cn = "";
- var $parent = null;
-
-- function faiPartitionTableEntry (&$config, $dn= NULL,&$parent,$disk=false)
-+ function __construct(&$config, $dn= NULL,&$parent,$disk=false)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
- $this->UsedAttrs = array("cn","description","FAIpartitionType","FAIpartitionNr","FAIfsType","FAImountPoint","FAIpartitionSize",
- "FAImountOptions","FAIfsOptions","FAIpartitionFlags");
-
---- a/fai/admin/fai/class_faiPartitionTable.inc
-+++ b/fai/admin/fai/class_faiPartitionTable.inc
-@@ -25,10 +25,10 @@
-
- var $view_logged = FALSE;
-
-- function faiPartitionTable (&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- /* If "dn==new" we try to create a new entry
- * Else we must read all objects from ldap which belong to this entry.
---- a/fai/admin/fai/class_faiProfile.inc
-+++ b/fai/admin/fai/class_faiProfile.inc
-@@ -25,10 +25,10 @@
-
- var $classSelect;
-
-- function faiProfile(&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
- $ldap=$this->config->get_ldap_link();
-
- $this->ui = get_userinfo();
---- a/fai/admin/fai/class_faiScriptEntry.inc
-+++ b/fai/admin/fai/class_faiScriptEntry.inc
-@@ -23,9 +23,9 @@
- var $enc_after_edit = "";
- var $write_protect = FALSE;
-
-- function faiScriptEntry (&$config, $dn= NULL,$object=false)
-+ function __construct(&$config, $dn= NULL,$object=false)
- {
-- plugin::plugin ($config, NULL);
-+ plugin::__construct ($config, NULL);
- if($dn != "new"){
- $this->orig_cn= $object['cn'];
- $this->dn=$object['dn'];
---- a/fai/admin/fai/class_faiScript.inc
-+++ b/fai/admin/fai/class_faiScript.inc
-@@ -37,10 +37,10 @@
- var $view_logged = FALSE;
- var $ui;
-
-- function faiScript (&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- /* If "dn==new" we try to create a new entry
- * Else we must read all objects from ldap which belong to this entry.
---- a/fai/admin/fai/class_faiSummaryTab.inc
-+++ b/fai/admin/fai/class_faiSummaryTab.inc
-@@ -33,9 +33,9 @@
- var $parent = NULL;
- var $ui = NULL;
-
-- function faiSummaryTab(&$config,$dn)//,$parent)
-+ function __construct(&$config,$dn)//,$parent)
- {
-- plugin::plugin($config,$dn);//,$parent);
-+ plugin::__construct($config,$dn);//,$parent);
-
- $this->ui = get_userinfo();
-
---- a/fai/admin/fai/class_faiTemplateEdit.inc
-+++ b/fai/admin/fai/class_faiTemplateEdit.inc
-@@ -13,9 +13,9 @@
- var $write_protect = FALSE;
- var $mb_extension = TRUE;
-
-- function faiTemplateEdit (&$config, $dn, $value)
-+ function __construct(&$config, $dn, $value)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
- if(!function_exists("mb_detect_encoding")){
- $this->mb_extension = FALSE;
- }else{
---- a/fai/admin/fai/class_faiTemplateEntry.inc
-+++ b/fai/admin/fai/class_faiTemplateEntry.inc
-@@ -23,9 +23,9 @@
- var $parent = NULL;
- var $FAIstate = "";
-
-- function faiTemplateEntry (&$config, $dn= NULL,$object=false)
-+ function __construct(&$config, $dn= NULL,$object=false)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- if((isset($object['cn'])) && (!empty($object['cn']))){
- $this->orig_cn= $object['cn'];
---- a/fai/admin/fai/class_faiTemplate.inc
-+++ b/fai/admin/fai/class_faiTemplate.inc
-@@ -34,10 +34,10 @@
- var $ui;
- var $view_logged = FALSE;
-
-- function faiTemplate (&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- /* If "dn==new" we try to create a new entry
- * Else we must read all objects from ldap which belong to this entry.
---- a/fai/admin/fai/class_faiVariableEntry.inc
-+++ b/fai/admin/fai/class_faiVariableEntry.inc
-@@ -16,9 +16,9 @@
- var $parent = NULL;
- var $FAIstate = "";
-
-- function faiVariableEntry (&$config, $dn= NULL,$object=false)
-+ function __construct(&$config, $dn= NULL,$object=false)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
- if((isset($object['cn'])) && (!empty($object['cn']))){
- $this->orig_cn= $object['cn'];
- $this->dn=$object['dn'];
---- a/fai/admin/fai/class_faiVariable.inc
-+++ b/fai/admin/fai/class_faiVariable.inc
-@@ -33,10 +33,10 @@
- var $ui ;
- var $view_logged = FALSE;
-
-- function faiVariable (&$config, $dn= NULL)
-+ function __construct(&$config, $dn= NULL)
- {
- /* Load Attributes */
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- if($dn != "new"){
- $this->dn =$dn;
---- a/fai/admin/fai/tabsHook.inc
-+++ b/fai/admin/fai/tabsHook.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsHook($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn,$category);
-+ tabs::__construct($config, $data, $dn,$category);
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
- }
---- a/fai/admin/fai/tabsPackage.inc
-+++ b/fai/admin/fai/tabsPackage.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsPackage($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn,$category);
-+ tabs::__construct($config, $data, $dn,$category);
-
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
---- a/fai/admin/fai/tabsPartition.inc
-+++ b/fai/admin/fai/tabsPartition.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsPartition($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn,$category);
-+ tabs::__construct($config, $data, $dn,$category);
-
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
---- a/fai/admin/fai/tabsProfile.inc
-+++ b/fai/admin/fai/tabsProfile.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsProfile($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn,$category);
-+ tabs::__construct($config, $data, $dn,$category);
-
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
---- a/fai/admin/fai/tabsScript.inc
-+++ b/fai/admin/fai/tabsScript.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsScript($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn,$category);
-+ tabs::__construct($config, $data, $dn,$category);
-
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
---- a/fai/admin/fai/tabsTemplate.inc
-+++ b/fai/admin/fai/tabsTemplate.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsTemplate($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn, $category);
-+ tabs::__construct($config, $data, $dn, $category);
-
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
---- a/fai/admin/fai/tabsVariable.inc
-+++ b/fai/admin/fai/tabsVariable.inc
-@@ -5,9 +5,9 @@
- var $base= "";
- var $parent ="";
-
-- function tabsVariable($config, $data, $dn,$category)
-+ function __construct($config, $data, $dn,$category)
- {
-- tabs::tabs($config, $data, $dn, $category);
-+ tabs::__construct($config, $data, $dn, $category);
-
- /* Add references/acls/snapshots */
- # $this->addSpecialTabs();
---- a/fai/admin/systems/services/repository/class_servRepository.inc
-+++ b/fai/admin/systems/services/repository/class_servRepository.inc
-@@ -20,9 +20,9 @@
-
- var $repositoryMangement = NULL;
-
-- function servrepository (&$config, $dn= NULL, $parent= NULL)
-+ function __construct(&$config, $dn= NULL, $parent= NULL)
- {
-- plugin::plugin ($config, $dn,$parent);
-+ plugin::__construct ($config, $dn,$parent);
-
- $this->DisplayName = _("Repository service");
-
---- a/fai/admin/systems/services/repository/class_servRepositorySetup.inc
-+++ b/fai/admin/systems/services/repository/class_servRepositorySetup.inc
-@@ -17,9 +17,9 @@
- var $cn = "";
- var $parent = "";
-
-- function servRepositorySetup (&$config, $dn= NULL,$data = false)
-+ function __construct(&$config, $dn= NULL,$data = false)
- {
-- plugin::plugin ($config, $dn);
-+ plugin::__construct ($config, $dn);
-
- if(isset($this->attrs['cn'][0])){
- $this->cn=$this->attrs['cn'][0];
--- a/gofax/admin/systems/services/gofax/class_goFaxServer.inc
+++ b/gofax/admin/systems/services/gofax/class_goFaxServer.inc
@@ -24,9 +24,9 @@
@@ -1083,23 +699,6 @@
$this->dn= $dn;
--- a/gosa-core/include/class_userFilter.inc
+++ b/gosa-core/include/class_userFilter.inc
-@@ -16,13 +16,13 @@
- */
- static function userFilteringAvailable()
- {
-- if(!session::is_set('userFilter::userFilteringAvailable')){
-+ if(!session::is_set('userFilter::__constructingAvailable')){
- global $config;
- $ldap = $config->get_ldap_link();
- $ocs = $ldap->get_objectclasses();
-- session::set('userFilter::userFilteringAvailable', isset($ocs['gosaProperties']));
-+ session::set('userFilter::__constructingAvailable', isset($ocs['gosaProperties']));
- }
-- return(session::get('userFilter::userFilteringAvailable'));
-+ return(session::get('userFilter::__constructingAvailable'));
- }
-
-
@@ -32,7 +32,7 @@
{
// Initialize this plugin with the users dn to gather user defined filters.
@@ -2267,31 +1866,6 @@
// Get attributes from parent object
if(isset($this->attrs['uid'])){
---- a/heimdal/admin/systems/services/kerberos/class_goKrbServer.inc
-+++ b/heimdal/admin/systems/services/kerberos/class_goKrbServer.inc
-@@ -52,9 +52,9 @@
- @param String The object dn we are currently editing.
- @param Object The parent object.
- */
-- public function goKrbServer(&$config,$dn,$parent)
-+ public function __construct(&$config,$dn,$parent)
- {
-- goService::goService($config,$dn);
-+ goService::__construct($config,$dn);
- $this->DisplayName = _("Kerberos service");
- $this->parent = $parent;
-
---- a/heimdal/admin/systems/services/kerberos/class_password-methods-heimdal.inc
-+++ b/heimdal/admin/systems/services/kerberos/class_password-methods-heimdal.inc
-@@ -57,7 +57,7 @@
- var $attrs = array();
- var $is_account = FALSE;
-
-- function passwordMethodheimdal(&$config,$dn = "new")
-+ function __construct(&$config,$dn = "new")
- {
- $this->config= $config;
- $this->parent_dn = $dn;
--- a/kolab/admin/systems/services/kolab/class_servKolab.inc
+++ b/kolab/admin/systems/services/kolab/class_servKolab.inc
@@ -37,14 +37,14 @@
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1029_better-whitespace-cleanup-in-genuid.patch gosa-2.7.4+reloaded2/debian/patches/1029_better-whitespace-cleanup-in-genuid.patch
--- gosa-2.7.4+reloaded2/debian/patches/1029_better-whitespace-cleanup-in-genuid.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1029_better-whitespace-cleanup-in-genuid.patch 2019-04-19 18:55:25.000000000 +0200
@@ -0,0 +1,16 @@
+Description: Remove all white-spaces from attributes before generating the UIDs.
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+Abstract:
+ During development of the GOsa² SchoolManager Add-On, it was discovered that in
+ some cases the gen_uids() function would return UIDs that contained blanks.
+
+--- a/gosa-core/include/functions.inc
++++ b/gosa-core/include/functions.inc
+@@ -3804,6 +3804,7 @@
+ $value = iconv('UTF-8', 'US-ASCII//TRANSLIT', $value);
+ }
+ $value = preg_replace('/[^(\x20-\x7F)]*/','',$value);
++ $value = preg_replace('/\s/', '', $value);
+ $attributes[$name] = strtolower($value);
+ }
+
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1030_column-header-titles-group-members.patch gosa-2.7.4+reloaded2/debian/patches/1030_column-header-titles-group-members.patch
--- gosa-2.7.4+reloaded2/debian/patches/1030_column-header-titles-group-members.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1030_column-header-titles-group-members.patch 2019-04-19 18:56:42.000000000 +0200
@@ -0,0 +1,14 @@
+Description: Fix column titles in member lists of POSIX groups
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/gosa-core/plugins/admin/groups/class_group.inc
++++ b/gosa-core/plugins/admin/groups/class_group.inc
+@@ -207,7 +207,7 @@
+ $this->memberList->setEditable(false);
+ $this->memberList->setWidth("100%");
+ $this->memberList->setHeight("300px");
+- $this->memberList->setHeader(array('~',_("Given name"),_("Surname"),_("UID")));
++ $this->memberList->setHeader(array('~',_("Surname"),_("Given name"),_("UID")));
+ $this->memberList->setColspecs(array('20px','*','*','*','20px'));
+ $this->memberList->setDefaultSortColumn(1);
+
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1031_no-context-loose-continues.patch gosa-2.7.4+reloaded2/debian/patches/1031_no-context-loose-continues.patch
--- gosa-2.7.4+reloaded2/debian/patches/1031_no-context-loose-continues.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1031_no-context-loose-continues.patch 2019-04-19 18:57:06.000000000 +0200
@@ -0,0 +1,17 @@
+Description: Avoid stray continue. Fails with PHP7.
+Author: Benjamin Zapiec <bzapiec@gonicus.de>
+
+--- a/mail/admin/groups/mail/class_groupMail.inc
++++ b/mail/admin/groups/mail/class_groupMail.inc
+@@ -1164,7 +1164,10 @@
+ */
+ function addAlternate($address)
+ {
+- if(empty($address)) continue;
++ if(empty($address)) {
++ return "";
++ }
++
+ $ldap= $this->config->get_ldap_link();
+
+ $address= strtolower($address);
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1032_fix_select_acl_role.patch gosa-2.7.4+reloaded2/debian/patches/1032_fix_select_acl_role.patch
--- gosa-2.7.4+reloaded2/debian/patches/1032_fix_select_acl_role.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1032_fix_select_acl_role.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,14 @@
+Description: Use ACL from role definition: Select the correct role.
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/include/class_acl.inc 2017-10-17 15:59:31.000000000 +0000
++++ gosa-2.7.4+reloaded2.b/gosa-core/include/class_acl.inc 2018-01-23 07:46:01.234550732 +0000
+@@ -423,7 +423,7 @@
+ if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
+ $this->aclContents = "";
+ $this->aclContents = base64_decode(get_post('selected_role'));
+- }else{
++ } elseif (isset($_POST['cancel_new_acl'])) {
+ if(is_string($this->aclContents))
+ $this->aclContents = array();
+ }
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1033_fix_unable_to_delete_acl_asignment.patch gosa-2.7.4+reloaded2/debian/patches/1033_fix_unable_to_delete_acl_asignment.patch
--- gosa-2.7.4+reloaded2/debian/patches/1033_fix_unable_to_delete_acl_asignment.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1033_fix_unable_to_delete_acl_asignment.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,13 @@
+Description: Fix removing ACLs from objects (e.g. groups)
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/include/class_acl.inc 2017-10-17 15:59:31.000000000 +0000
++++ gosa-2.7.4+reloaded2.b/gosa-core/include/class_acl.inc 2018-01-23 07:48:34.985241374 +0000
+@@ -285,6 +285,7 @@
+ if(!$this->list){
+ $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
+ $this->list->setDeleteable(true);
++ $this->list->setInstantDelete(true);
+ $this->list->setEditable(true);
+ $this->list->setColspecs(array('*'));
+ $this->list->setWidth("100%");
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1034_remove_superfluous__get_post__call_from__save_object.patch gosa-2.7.4+reloaded2/debian/patches/1034_remove_superfluous__get_post__call_from__save_object.patch
--- gosa-2.7.4+reloaded2/debian/patches/1034_remove_superfluous__get_post__call_from__save_object.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1034_remove_superfluous__get_post__call_from__save_object.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,16 @@
+Description: class_sortableListing: Remove superfluous get_post() call from_ save_object()
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/include/class_sortableListing.inc 2017-10-17 15:59:31.000000000 +0000
++++ gosa-2.7.4+reloaded2.b/gosa-core/include/class_sortableListing.inc 2018-01-23 07:50:54.616057235 +0000
+@@ -425,10 +425,8 @@
+ $this->action = "";
+ if (strpos($this->acl, 'd') !== false){
+ foreach ($_POST as $key => $value) {
+- $value = get_post($key);
+ if (preg_match('/^del_'.$this->id.'_([0-9]+)$/', $key, $matches)) {
+
+-
+ if(!isset($this->mapping[$matches[1]])) return;
+
+ $this->active_index= $this->mapping[$matches[1]];
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1035_acl_override_to_allow_delete_of_group_members.patch gosa-2.7.4+reloaded2/debian/patches/1035_acl_override_to_allow_delete_of_group_members.patch
--- gosa-2.7.4+reloaded2/debian/patches/1035_acl_override_to_allow_delete_of_group_members.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1035_acl_override_to_allow_delete_of_group_members.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,18 @@
+Description: Support member removal from groups, if someone has the right to edit the group.
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/plugins/admin/groups/class_group.inc 2017-10-17 15:59:31.000000000 +0000
++++ gosa-2.7.4+reloaded2.b/gosa-core/plugins/admin/groups/class_group.inc 2018-01-23 07:54:13.150381395 +0000
+@@ -236,6 +236,12 @@
+
+ // Check if list is available, depends on multi- or sinlge- group editing.
+ if($this->$list){
++ // ensure we can delete group members if we have
++ // write permission to the memberUid attribute
++ $mu_acl = $this->getacl("memberUid");
++ if (preg_match("/w/",$mu_acl) && !preg_match("/d/",$mu_acl)) {
++ $this->$list->setAcl($mu_acl.'d');
++ }
+ $this->$list->save_object();
+ $action = $this->$list->getAction();
+ if($action['action'] == 'delete' && preg_match("/w/",$this->getacl("memberUid"))){
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1036_remove_double_groupList_setEditable_setting.patch gosa-2.7.4+reloaded2/debian/patches/1036_remove_double_groupList_setEditable_setting.patch
--- gosa-2.7.4+reloaded2/debian/patches/1036_remove_double_groupList_setEditable_setting.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1036_remove_double_groupList_setEditable_setting.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,13 @@
+Description: Remove duplicate setEditable() for POSIX group lists.
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/plugins/personal/posix/class_posixAccount.inc 2018-01-23 07:58:31.308215370 +0000
++++ gosa-2.7.4+reloaded2.b/gosa-core/plugins/personal/posix/class_posixAccount.inc 2018-01-23 07:58:45.676095237 +0000
+@@ -254,7 +254,6 @@
+ $this->groupList->setEditable(false);
+ $this->groupList->setDeleteable(true);
+ $this->groupList->setInstantDelete(false);
+- $this->groupList->setEditable(false);
+ $this->groupList->setReorderable(false);
+ $this->groupList->setDefaultSortColumn(1);
+ $this->groupList->setHeight("150px");
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch gosa-2.7.4+reloaded2/debian/patches/1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch
--- gosa-2.7.4+reloaded2/debian/patches/1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,15 @@
+Description: Propagate shadow expiry from user templates to created user objects.
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- a/gosa-core/plugins/personal/posix/class_posixAccount.inc
++++ b/gosa-core/plugins/personal/posix/class_posixAccount.inc
+@@ -1147,7 +1147,8 @@
+ }
+
+ /* Adjust shadow checkboxes */
+- foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive") as $val){
++ foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
++ "shadowExpire") as $val){
+ if ($this->$val != 0){
+ $oval= "activate_".$val;
+ $this->$oval= "1";
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1038_shadowexpire_in_one_line.patch gosa-2.7.4+reloaded2/debian/patches/1038_shadowexpire_in_one_line.patch
--- gosa-2.7.4+reloaded2/debian/patches/1038_shadowexpire_in_one_line.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1038_shadowexpire_in_one_line.patch 2019-04-19 18:59:02.000000000 +0200
@@ -0,0 +1,18 @@
+Description: Show shadow expiry (esp. the calendar icon) in one line on screen (html template adjustment).
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/plugins/personal/posix/posix_shadow.tpl 2010-04-13 13:15:15.000000000 +0000
++++ gosa-2.7.4+reloaded2.b/gosa-core/plugins/personal/posix/posix_shadow.tpl 2018-02-12 13:36:07.283901219 +0000
+@@ -58,10 +58,10 @@
+
+ <table summary="{t}Password expiration settings{/t}" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+- <td>
++ <td style="vertical-align:middle">
+ {t}Password expires on{/t}
+ </td>
+- <td style='width:125px'>
++ <td style='width:200px'>
+
+ {render acl=$shadowExpireACL}
+ <input type="text" id="shadowExpire" name="shadowExpire" class="date" style='width:100px' value="{$shadowExpire}">
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_tmplate_setting.patch gosa-2.7.4+reloaded2/debian/patches/1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_tmplate_setting.patch
--- gosa-2.7.4+reloaded2/debian/patches/1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_tmplate_setting.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_tmplate_setting.patch 2019-04-19 19:01:04.000000000 +0200
@@ -0,0 +1,64 @@
+Description: Fix date calculations for sambaKickoffTime and propagation from template to created user object.
+Author: Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de>
+
+--- gosa-2.7.4+reloaded2.a/samba/personal/samba/class_sambaAccount.inc 2017-10-17 15:59:31.000000000 +0000
++++ gosa-2.7.4+reloaded2.b/samba/personal/samba/class_sambaAccount.inc 2018-02-12 13:43:03.437594823 +0000
+@@ -144,9 +144,13 @@
+ $this->loadFlagsFromSource($this->attrs);
+
+ // Set kickOffTime to date
+- if(isset($this->attrs['sambaKickoffTime'][0])){
+- $this->sambaKickoffTime = date("d.m.Y", $this->sambaKickoffTime);
+- $this->flag_sambaKickoffTime = TRUE;
++ if (isset($this->attrs['sambaKickoffTime'][0])){
++ if ($this->sambaKickoffTime == 2147483647){
++ $this->sambaKickoffTime = "";
++ } elseif (!$this->sambaKickoffTime == ""){
++ $this->sambaKickoffTime = date("d.m.Y", $this->sambaKickoffTime);
++ $this->flag_sambaKickoffTime = TRUE;
++ }
+ }
+ }
+
+@@ -859,10 +863,10 @@
+ /* Call common method to give check the hook */
+ $message= plugin::check();
+
+- if($this->flag_sambaKickoffTime){
+- if(!preg_match("/^[0-3][0-9]\.[0-1][0-9]\.([0-9]){4}$/",$this->sambaKickoffTime)){
++ if ($this->flag_sambaKickoffTime){
++ if (!preg_match("/^[0-3][0-9]\.[0-1][0-9]\.([0-9]){4}$/",$this->sambaKickoffTime)){
+ $message[] = msgPool::invalid(_("Account expires after"));
+- }elseif(!strtotime($this->sambaKickoffTime) || strtotime($this->sambaKickoffTime) >= 2147483647){
++ } elseif (!strtotime($this->sambaKickoffTime) || strtotime($this->sambaKickoffTime) > 2147483647){
+ $message[] = msgPool::invalid(_("Account expires after"));
+ }
+ }
+@@ -1165,6 +1169,18 @@
+
+ // Load flags from source.
+ $this->loadFlagsFromSource($this->attrs);
++
++ /* Convert sambaKickoffTime for usage */
++ if ($this->sambaKickoffTime == 2147483647){
++ $this->sambaKickoffTime = "";
++ } elseif (!$this->sambaKickoffTime == "") {
++ $this->sambaKickoffTime = date("d.m.Y", $this->sambaKickoffTime);
++ }
++
++ /* Adjust sambaKickoffTime checkbox */
++ if (!$this->sambaKickoffTime == ""){
++ $this->flag_sambaKickoffTime = TRUE;
++ }
+ }
+
+
+@@ -1262,7 +1278,7 @@
+ if(in_array_strict("sambaKickoffTime", $this->multi_boxes) && $this->flag_sambaKickoffTime){
+ if(!preg_match("/^[0-3][0-9]\.[0-1][0-9]\.([0-9]){4}$/",$this->sambaKickoffTime)){
+ $message[] = msgPool::invalid(_("Account expires after"));
+- }elseif(!strtotime($this->sambaKickoffTime) || strtotime($this->sambaKickoffTime) >= 2147483647){
++ } elseif (!strtotime($this->sambaKickoffTime) || strtotime($this->sambaKickoffTime) > 2147483647){
+ $message[] = msgPool::invalid(_("Account expires after"));
+ }
+ }
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1040_inactive_pwd_fields_when_using_pwd_proposal.patch gosa-2.7.4+reloaded2/debian/patches/1040_inactive_pwd_fields_when_using_pwd_proposal.patch
--- gosa-2.7.4+reloaded2/debian/patches/1040_inactive_pwd_fields_when_using_pwd_proposal.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1040_inactive_pwd_fields_when_using_pwd_proposal.patch 2019-04-19 19:01:27.000000000 +0200
@@ -0,0 +1,205 @@
+Description: Disable password fields if password proposal gets selected as new password by the user.
+Author: Christian Schwamborn <christian.schwamborn@nswit.de>
+
+--- gosa-2.7.4+reloaded2.a/gosa-core/plugins/admin/users/password.tpl 2010-10-14 18:07:10.000000000 +0200
++++ gosa-2.7.4+reloaded2.b/gosa-core/plugins/admin/users/password.tpl 2018-06-27 11:42:01.895777889 +0200
+@@ -39,7 +39,8 @@
+ <table summary="{t}Password input dialog{/t}" cellpadding=4 border=0>
+ <tr>
+ <td>
+- <input type='radio' value='1' name='proposalSelected' id='proposalSelected_true' onClick='updateFields();'
++ <input type='radio' value='1' name='proposalSelected' id='proposalSelected_true'
++ onClick="changeState('new_password'); changeState('repeated_password');"
+ {if $proposalSelected} checked {/if}> <b><LABEL for="proposalSelected_true">{t}Use proposal{/t}</LABEL></b>
+ </td>
+ <td>
+@@ -57,7 +58,8 @@
+ </tr>
+ <tr>
+ <td>
+- <input type='radio' value='0' name='proposalSelected' id='proposalSelected_false' onClick='updateFields();'
++ <input type='radio' value='0' name='proposalSelected' id='proposalSelected_false'
++ onClick="changeState('new_password'); changeState('repeated_password'); nextfield='new_password'; focus_field('new_password');"
+ {if !$proposalSelected} checked {/if}> <b><LABEL for="proposalSelected_false">{t}Manually specify a password{/t}</LABEL></b>
+ </td>
+ </tr>
+@@ -65,14 +67,14 @@
+ <td style='padding-left:40px;'><b><LABEL for="new_password">{t}New password{/t}</LABEL></b></td>
+ <td>
+ {factory type='password' id='new_password' name='new_password'
+- onfocus="nextfield='repeated_password';" onkeyup="testPasswordCss(\$('new_password').value);"}
++ onfocus="nextfield='repeated_password';" onkeyup="testPasswordCss(\$('new_password').value);" disabled=1}
+ </td>
+ </tr>
+ <tr>
+ <td style='padding-left:40px;'><b><LABEL for="repeated_password">{t}Repeat new password{/t}</LABEL></b></td>
+ <td>
+ {factory type='password' id='repeated_password' name='repeated_password'
+- onfocus="nextfield='password_finish';"}
++ onfocus="nextfield='password_finish';" disabled=1}
+ </td>
+ </tr>
+ <tr>
+@@ -106,36 +108,7 @@
+
+ <!-- Place cursor -->
+ <script language="JavaScript" type="text/javascript">
+- nextfield= "new_password";
+- focus_field('new_password');
+-
+- function updateFields()
+- {
+- if($('proposalSelected').checked){
+- $('new_password').disable();
+- $('repeated_password').disable();
+- $('proposalText').setStyle(
+- 'background-color:#FFF;' +
+- 'color:#000;' +
+- 'width:180px;' +
+- 'border:1px solid #CCC;' +
+- 'padding:3px;' +
+- 'padding-top:5px;' +
+- 'padding-bottom:4px;');
+- }else{
+- $('new_password').enable();
+- $('repeated_password').enable();
+- $('proposalText').setStyle(
+- 'background-color:#F0F0F0;' +
+- 'color:#666;' +
+- 'width:180px;' +
+- 'border:1px solid #CCC;' +
+- 'padding:3px;' +
+- 'padding-top:5px;' +
+- 'padding-bottom:4px;');
+- }
+- }
+- updateFields();
++ nextfield='new_password';
++ focus_field('new_password');
+ </script>
+
+-
+--- gosa-2.7.4+reloaded2.a/gosa-core/plugins/personal/password/password.tpl 2012-05-02 11:49:01.000000000 +0200
++++ gosa-2.7.4+reloaded2.b/gosa-core/plugins/personal/password/password.tpl 2018-06-27 11:52:42.344283813 +0200
+@@ -60,7 +60,8 @@
+ </tr>
+ <tr>
+ <td>
+- <input type='radio' value='1' id='proposalSelected_true' name='proposalSelected' onClick='updateFields();'
++ <input type='radio' value='1' id='proposalSelected_true' name='proposalSelected'
++ onClick="changeState('new_password'); changeState('repeated_password');"
+ {if $proposalSelected} checked {/if}> <b><LABEL for="proposalSelected_true">{t}Use proposal{/t}</LABEL></b>
+ </td>
+ <td>
+@@ -79,7 +80,8 @@
+ </tr>
+ <tr>
+ <td>
+- <input type='radio' value='0' name='proposalSelected' id='proposalSelected_false' onClick='updateFields();'
++ <input type='radio' value='0' name='proposalSelected' id='proposalSelected_false'
++ onClick="changeState('new_password'); changeState('repeated_password'); nextfield='new_password'; focus_field('new_password');"
+ {if !$proposalSelected} checked {/if}> <b><LABEL for="proposalSelected_false">{t}Manually specify a password{/t}</LABEL></b>
+ </td>
+ </tr>
+@@ -87,13 +89,13 @@
+ <td style='padding-left:40px;'><b><LABEL for="new_password">{t}New password{/t}</LABEL></b></td>
+ <td>
+ {factory type='password' name='new_password' id='new_password'
+- onkeyup="testPasswordCss(\$('new_password').value)" onfocus="nextfield= 'repeated_password';"}
++ onkeyup="testPasswordCss(\$('new_password').value)" onfocus="nextfield= 'repeated_password';" disabled=1}
+ </td>
+ </tr>
+ <tr>
+ <td style='padding-left:40px;'><b><LABEL for="repeated_password">{t}Repeat new password{/t}</LABEL></b></td>
+ <td>
+- {factory type='password' name='repeated_password' id='repeated_password' onfocus="nextfield= 'password_finish';"}
++ {factory type='password' name='repeated_password' id='repeated_password' onfocus="nextfield= 'password_finish';" disabled=1}
+ </td>
+ </tr>
+ <tr>
+@@ -119,37 +121,8 @@
+
+ <!-- Place cursor -->
+ <script language="JavaScript" type="text/javascript">
+- nextfield= 'current_password';
+- focus_field('current_password');
+-
+-
+- function updateFields()
+- {
+- if($('proposalSelected').checked){
+- $('new_password').disable();
+- $('repeated_password').disable();
+- $('proposalText').setStyle(
+- 'background-color:#FFF;' +
+- 'color:#000;' +
+- 'width:180px;' +
+- 'border:1px solid #CCC;' +
+- 'padding:3px;' +
+- 'padding-top:5px;' +
+- 'padding-bottom:4px;');
+- }else{
+- $('new_password').enable();
+- $('repeated_password').enable();
+- $('proposalText').setStyle(
+- 'background-color:#F0F0F0;' +
+- 'color:#666;' +
+- 'width:180px;' +
+- 'border:1px solid #CCC;' +
+- 'padding:3px;' +
+- 'padding-top:5px;' +
+- 'padding-bottom:4px;');
+- }
+- }
+- updateFields();
++ nextfield='current_password';
++ focus_field('current_password');
+ </script>
+
+ {/if}
+--- gosa-2.7.4+reloaded2.a/gosa-core/plugins/personal/myaccount/password.tpl 2010-10-14 18:07:10.000000000 +0200
++++ gosa-2.7.4+reloaded2.b/gosa-core/plugins/personal/myaccount/password.tpl 2018-06-27 11:51:59.768514041 +0200
+@@ -46,6 +46,7 @@
+ <tr>
+ <td>
+ <input type='radio' value='1' name='proposalSelected' id='proposalSelected_true'
++ onClick="changeState('new_password'); changeState('repeated_password');"
+ {if $proposalSelected} checked {/if}> <b><LABEL for="proposalSelected_true">{t}Use proposal{/t}</LABEL></b>
+ </td>
+ <td>
+@@ -64,6 +65,7 @@
+ <tr>
+ <td>
+ <input type='radio' value='0' name='proposalSelected' id='proposalSelected_false'
++ onClick="changeState('new_password'); changeState('repeated_password'); nextfield='new_password'; focus_field('new_password');"
+ {if !$proposalSelected} checked {/if}> <b><LABEL for="proposalSelected_false">{t}Manually specify a password{/t}</LABEL></b>
+ </td>
+ </tr>
+@@ -71,13 +73,13 @@
+ <td style='padding-left:40px;'><b><LABEL for="new_password">{t}New password{/t}</LABEL></b></td>
+ <td>
+ {factory type='password' name='new_password' id='new_password'
+- onkeyup="testPasswordCss(\$('new_password').value)" onfocus="nextfield= 'repeated_password';"}
++ onkeyup="testPasswordCss(\$('new_password').value)" onfocus="nextfield= 'repeated_password';" disabled=1}
+ </td>
+ </tr>
+ <tr>
+ <td style='padding-left:40px;'><b><LABEL for="repeated_password">{t}Repeat new password{/t}</LABEL></b></td>
+ <td>
+- {factory type='password' name='repeated_password' id='repeated_password' onfocus="nextfield= 'password_finish';"}
++ {factory type='password' name='repeated_password' id='repeated_password' onfocus="nextfield= 'password_finish';" disabled=1}
+ </td>
+ </tr>
+ <tr>
+@@ -103,9 +105,7 @@
+
+ <!-- Place cursor -->
+ <script language="JavaScript" type="text/javascript">
+- <!-- // First input field on page
+ nextfield= 'current_password';
+- focus_field('current_password');
+- -->
++ focus_field('current_password');
+ </script>
+
+
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1041_ref_param_error_in_My_Parser.patch gosa-2.7.4+reloaded2/debian/patches/1041_ref_param_error_in_My_Parser.patch
--- gosa-2.7.4+reloaded2/debian/patches/1041_ref_param_error_in_My_Parser.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1041_ref_param_error_in_My_Parser.patch 2019-04-19 19:01:39.000000000 +0200
@@ -0,0 +1,15 @@
+Description: Compat fix for PHP > 5.4. Hand over real variable to function.
+Author: Christian Schwamborn <christian.schwamborn@nswit.de>
+
+--- a/mail/personal/mail/sieve/class_My_Parser.inc
++++ b/mail/personal/mail/sieve/class_My_Parser.inc
+@@ -42,7 +42,8 @@
+ $this->registeredExtensions_ = array();
+ $this->status_text = "incomplete";
+ $this->script_ = $script;
+- $this->tree_ = new My_Tree(@Scanner::scriptStart(),$this);
++ $scanner_start = @Scanner::scriptStart();
++ $this->tree_ = new My_Tree($scanner_start,$this);
+ $this->tree_->setDumpFunc(array(&$this, 'dumpToken_'));
+ $this->scanner_ = new My_Scanner($this->script_);
+ $this->scanner_->setCommentFunc(array($this, 'comment_'));
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1043_smarty-add-on-function-param-types.patch gosa-2.7.4+reloaded2/debian/patches/1043_smarty-add-on-function-param-types.patch
--- gosa-2.7.4+reloaded2/debian/patches/1043_smarty-add-on-function-param-types.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1043_smarty-add-on-function-param-types.patch 2019-04-19 19:03:52.000000000 +0200
@@ -0,0 +1,91 @@
+Description: Use correct smarty3 API.
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+Forwarded: https://github.com/gosa-project/gosa-core/pull/25
+Abstract.
+ For the {render} add-on block, drop the &$smarty reference parameter
+ entirely.
+ .
+ Drop the complete {tr} add-on block. Not registered as a plugin, not
+ used.
+ .
+ For the add-on image and add-on factory functions, switch from
+ reference &$smarty to value $smarty.
+
+--- a/gosa-core/include/smartyAddons/block.render.php
++++ b/gosa-core/include/smartyAddons/block.render.php
+@@ -1,6 +1,6 @@
+ <?php
+
+-function smarty_block_render($params, $text, &$smarty)
++function smarty_block_render($params, $text)
+ {
+ /* Skip closing tag </render> */
+ if(empty($text)) {
+--- a/gosa-core/include/smartyAddons/block.tr.php
++++ /dev/null
+@@ -1,25 +0,0 @@
+-<?php
+-function smarty_block_tr($params, $text, &$smarty)
+-{
+- $plugin = "";
+- if(!isset($params['domain'])){
+- if(strlen($text) != 0){
+- $trace = debug_backtrace();
+- $base = preg_replace("/\/html/","",getcwd());
+- foreach($trace as $t_entry){
+- if(preg_match("/^".preg_quote($base,'/')."\/plugins\//", $t_entry['file'])){
+- $plugin = preg_replace("/^".preg_quote($base,'/')."\/plugins\/([^\/]*).*$/", "\\1", $t_entry['file']);
+- break;
+- }
+- }
+- }
+- }
+-
+-
+- if($plugin != ""){
+- return(dgettext($plugin, $text));
+- }
+- return(gettext($text));
+-}
+-
+-?>
+--- a/gosa-core/include/smartyAddons/function.factory.php
++++ b/gosa-core/include/smartyAddons/function.factory.php
+@@ -1,6 +1,6 @@
+ <?php
+
+-function smarty_function_factory($params, &$smarty)
++function smarty_function_factory($params, $smarty)
+ {
+
+ // Capture params
+--- a/gosa-core/include/smartyAddons/function.image.php
++++ b/gosa-core/include/smartyAddons/function.image.php
+@@ -1,6 +1,6 @@
+ <?php
+
+-function smarty_function_image($params, &$smarty)
++function smarty_function_image($params, $smarty)
+ {
+ $path = (isset($params['path']))? $params['path'] :"";
+ $action = (isset($params['action']))? $params['action'] :"";
+--- a/gosa-core/include/smartyAddons/function.msgPool.php
++++ b/gosa-core/include/smartyAddons/function.msgPool.php
+@@ -1,6 +1,6 @@
+ <?php
+
+-function smarty_function_msgPool($params, &$smarty)
++function smarty_function_msgPool($params, $smarty)
+ {
+ if(class_available("msgPool") && isset($params['type'])){
+ $parameter = array();
+--- a/gosa-core/include/php_setup.inc
++++ b/gosa-core/include/php_setup.inc
+@@ -317,7 +317,6 @@
+ if(preg_match("/\.php$/", $file)) require_once("$BASE_DIR/include/smartyAddons/{$file}");
+ }
+
+-#$smarty->registerPlugin("block", "tr", "smarty_block_tr");
+ $smarty->registerPlugin("block", "t", "smarty_block_t");
+ $smarty->registerPlugin("block", "render", "smarty_block_render");
+ $smarty->registerPlugin("function", "msgPool", "smarty_function_msgPool");
diff -Nru gosa-2.7.4+reloaded2/debian/patches/1045_dont_use_filter_caching.patch gosa-2.7.4+reloaded2/debian/patches/1045_dont_use_filter_caching.patch
--- gosa-2.7.4+reloaded2/debian/patches/1045_dont_use_filter_caching.patch 1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded2/debian/patches/1045_dont_use_filter_caching.patch 2019-04-19 19:03:52.000000000 +0200
@@ -0,0 +1,27 @@
+Description: Disable flawed filter caching (which works via storing unserialized objects in $_SESSION)
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+Forwarded: https://github.com/gosa-project/gosa-core/issues/28
+Abstract:
+ All required information is in the above upstream bug report.
+ .
+ This patch has work-around status. It is no proper solution.
+
+--- a/gosa-core/include/class_management.inc
++++ b/gosa-core/include/class_management.inc
+@@ -131,7 +131,15 @@
+ $this->registerAction("cancelFilter","cancelFilter");
+
+ // To temporay disable the filter caching UNcomment this line.
+- #session::global_un_set(get_class($this)."_filter");
++
++ /*
++ * As a work-around for flawed object storage in the PHP $_SESSION array
++ * the filter caching has been deactivated since gosa 2.7.4+reloaded3-8.
++ *
++ * See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907815#31 for
++ * details.
++ */
++ session::global_un_set(get_class($this)."_filter");
+ }
+
+
diff -Nru gosa-2.7.4+reloaded2/debian/patches/series gosa-2.7.4+reloaded2/debian/patches/series
--- gosa-2.7.4+reloaded2/debian/patches/series 2018-07-04 09:14:36.000000000 +0200
+++ gosa-2.7.4+reloaded2/debian/patches/series 2019-04-19 19:03:52.000000000 +0200
@@ -33,9 +33,24 @@
1026_fix-deprecated-constructor-format.patch
1027_fix-sudo-fqdn.patch
1028_use-mysqli-instead-of-mysql.patch
+1029_better-whitespace-cleanup-in-genuid.patch
+1030_column-header-titles-group-members.patch
+1031_no-context-loose-continues.patch
+1032_fix_select_acl_role.patch
+1033_fix_unable_to_delete_acl_asignment.patch
+1034_remove_superfluous__get_post__call_from__save_object.patch
+1035_acl_override_to_allow_delete_of_group_members.patch
+1036_remove_double_groupList_setEditable_setting.patch
+1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch
+1038_shadowexpire_in_one_line.patch
+1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_tmplate_setting.patch
2001_fix-smarty-location.patch
2002_fix-template-location.patch
2003_fix-class-mapping.patch
2004_fix-locale-location.patch
2005_allow-Debian-blends-to-override-gosa-conf.patch
0013_escape-html-entities-for-uid-to-avoid-code-execution-CVE-2018-1000528.patch
+1040_inactive_pwd_fields_when_using_pwd_proposal.patch
+1041_ref_param_error_in_My_Parser.patch
+1043_smarty-add-on-function-param-types.patch
+1045_dont_use_filter_caching.patch
Reply to: