Your message dated Thu, 05 Jun 2008 07:52:22 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#479658: fixed in ikiwiki 1.33.6
has caused the Debian Bug report #479658,
regarding ikiwiki: "Your session has expired" after Saving any edited page
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
479658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479658
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ikiwiki
Version: 1.33.5
Severity: grave
Justification: renders package unusable
I had set up ikiwiki 1.33.3 on an up-to-date Debian Etch system and
working _flawlessly_. It was setup to work under SSL all the time,
with an SVN backend and using HTTP AUTH for logins. I made custom
templates for it, that were also working fine. It has been used
both by offline users working through SVN-commits, and by online
users working through ikiwiki.cgi withouth problems.
After updating to 1.33.5 following DSA-1553 the Edit page functionality
has stopped working. I can get into the Edit Page page, make changes
and Preview the page as many times as I want, but as soon as a
Save is attempted, I get the "Your session has expired" page and
no changes are saved.
I changed editpage.tmpl and added the additional form field as
suggested by the ikiwiki WiKi, namely <tmpl_var field-sid>. After that
I checked the Edit page and the field is included in the appropiate
FORM block and has a value resembling a session id; it did not work
anyway.
I changed /usr/share/perl5/IkiWiki/CGI.pm, line 615, so that the
error message reported the values for $sid and $session->id and
fount out they were DIFFERENT. They were DIFFERENT no matter what
testing scenario I tried: different browsers, after clearing cookies,
after clearing cached data, with or without a proxy, with or without
SSL and with different users.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-m-bs
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages ikiwiki depends on:
ii gcc [c-compiler] 4:4.1.1-15 The GNU C compiler
ii gcc-4.1 [c-compiler] 4.1.1-21 The GNU C compiler
ii libc6-dev [libc-dev] 2.3.6.ds1-13etch5 GNU C Library: Development Librari
ii libcgi-formbuilder-per 3.03.01-1 Easily generate and process statef
ii libcgi-session-perl 4.14-1 Persistent session data in CGI app
ii libhtml-parser-perl 3.55-1 A collection of modules that parse
ii libhtml-scrubber-perl 0.08-3 Perl extension for scrubbing/sanit
ii libhtml-template-perl 2.8-1 HTML::Template : A module for usin
ii libmail-sendmail-perl 0.79-4 Send email from a perl script
ii libtime-duration-perl 1.02-1 Time::Duration -- rounded or exact
ii libtimedate-perl 1.1600-5 Time and date functions for Perl
ii liburi-perl 1.35-2 Manipulates and accesses URI strin
ii libxml-simple-perl 2.14-5 Perl module for reading and writin
ii markdown 1.0.1-3 Text-to-HTML conversion tool
ii perl 5.8.8-7etch3 Larry Wall's Practical Extraction
Versions of packages ikiwiki recommends:
ii hyperestraier 1.4.9-1.1 a full-text search system for comm
ii subversion 1.4.2dfsg1-2 Advanced version control system
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: ikiwiki
Source-Version: 1.33.6
We believe that the bug you reported is fixed in the latest version of
ikiwiki, which is due to be installed in the Debian FTP archive:
ikiwiki_1.33.6.dsc
to pool/main/i/ikiwiki/ikiwiki_1.33.6.dsc
ikiwiki_1.33.6.tar.gz
to pool/main/i/ikiwiki/ikiwiki_1.33.6.tar.gz
ikiwiki_1.33.6_all.deb
to pool/main/i/ikiwiki/ikiwiki_1.33.6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joey Hess <[EMAIL PROTECTED]> (supplier of updated ikiwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 May 2008 23:34:15 -0400
Source: ikiwiki
Binary: ikiwiki
Architecture: source all
Version: 1.33.6
Distribution: stable-security
Urgency: low
Maintainer: Joey Hess <[EMAIL PROTECTED]>
Changed-By: Joey Hess <[EMAIL PROTECTED]>
Description:
ikiwiki - a wiki compiler
Closes: 479658
Changes:
ikiwiki (1.33.6) stable-security; urgency=low
.
* Some error messages in recent backported security fixes used gettext,
but this version of ikiwiki is not localised and display of those error
messages would fail. Remove the gettext use.
* Fix a problem with cookie setting when httpauth is used. Closes: #479658
This bug was always present, but was only exposed by the CSRF fixes.
Files:
f833af1b001adf3ac2bea69dfe2aeead 1015 web optional ikiwiki_1.33.6.dsc
015972590255cf03068b9446c733254f 227416 web optional ikiwiki_1.33.6.tar.gz
f2f82d9f70008b403a952c12e02095b8 278396 web optional ikiwiki_1.33.6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSELT4mz0hbPcukPfAQKxuQf8CeGlnSMS9ICjy7wr/Pe/nsy6Otlr58H3
YE24pb8Df+PbefxMYRFMS1Eqy4Whz9OZcxchZnxEaCcS8XTGG7cDPZyeg3BxlxPo
XWv6Q6kDthJpmgUM6e4Qd1rx2PWJ+7VdSqMqovigSeQ7IpLi1J20LZyQbeYMEOU7
cMunQYxP0maDYSOFEoKNJLDKwJMTZItFYtnRZaxPoBvOcEPlka5GFE9EDX4cd8hy
igLzc2WWGNvcQFd7iBA/nuZgXhJuWPFzNAn359ebhsbW7Hm8fqzdjdOGf/9zT5y7
7bm/nazzse9hmEwMsbUEKCNsRk02cWzMeC2mWDH11+kTzs9fbHEy4A==
=osmC
-----END PGP SIGNATURE-----
--- End Message ---
