Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: [email protected] Control: affects -1 + src:request-tracker5 User: [email protected] Usertags: pu
Disclaimer: this is virtually identical to: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130053 [ Reason ] Firefox v148 has introduced a change to how they handle JavaScript which breaks CKEditor 4, which is used by Request Tracker. Mozilla have introduced a work around that looks for version 4 of CKEditor. Unfortunately how we built CKEditor in the request-tracker5 package we weren't setting the version number, which means that Firefox doesn't apply the workaround. The bug report for Firefox is here: https://bugzilla.mozilla.org/show_bug.cgi?id=2002481 While Firefox v148 isn't in Trixie, many end users of Request Tracker installations are likely to be running the latest version of Firefox. [ Impact ] The impact for users is that they can't add comments to tickets if Request Tracker is installed using our packages from bookworm. [ Tests ] I have not tested the bookworm versions of the package, I have copied the generated ckeditor.min.js into a Trixie test server confirmed it works with Firefox v148. [ Risks ] There is very low risk. It is a two line change in a build script to set the version of CKEditor that is being built. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] There is a two line change to debian/scripts/build-final-ckeditor.sh which sets the --version. When --version isn't provided then it defaults to "DEV". I have also wrapped the lines to 80 characters to make it easier to read. [ Other info ] The bug for updating Trixie is: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130053
diff -Nru request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh --- request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh 2025-10-08 20:40:55.000000000 +1300 +++ request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh 2026-03-08 12:18:18.000000000 +1300 @@ -25,7 +25,8 @@ cp -a $DOCFONTSRC $SRC/plugins/ # --add-exports is from https://github.com/ckeditor/ckbuilder/issues/34 -java --add-exports java.desktop/sun.java2d=ALL-UNNAMED -jar /usr/bin/ckbuilder \ +java --add-exports java.desktop/sun.java2d=ALL-UNNAMED -jar \ + /usr/bin/ckbuilder --version 4.13.0 \ --build $SRC $DEST --skip-omitted-in-build --build-config $BUILD_CONFIG ( diff -Nru request-tracker5-5.0.3+dfsg/debian/changelog request-tracker5-5.0.3+dfsg/debian/changelog --- request-tracker5-5.0.3+dfsg/debian/changelog 2025-10-08 20:40:55.000000000 +1300 +++ request-tracker5-5.0.3+dfsg/debian/changelog 2026-03-08 12:18:18.000000000 +1300 @@ -1,3 +1,12 @@ +request-tracker5 (5.0.3+dfsg-3~deb12u5) bookworm; urgency=medium + + * Set a version for ckeditor when we build it to allow Firefox v148 to + correctly detect that it needs a work around, see: + https://bugzilla.mozilla.org/show_bug.cgi?id=2002481 + (Closes: #1129090) + + -- Andrew Ruthven <[email protected]> Sun, 08 Mar 2026 12:18:18 +1300 + request-tracker5 (5.0.3+dfsg-3~deb12u4) bookworm-security; urgency=medium * Apply upstream patch which fixes a security vulnerability.
