Your message dated Sat, 16 May 2026 11:07:43 +0000
with message-id <[email protected]>
and subject line Released with 12.14
has caused the Debian Bug report #1130054,
regarding bookworm-pu: package request-tracker5/5.0.3+dfsg-3~deb12u4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1130054: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130054
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:request-tracker5
User: [email protected]
Usertags: pu
Disclaimer: this is virtually identical to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130053
[ Reason ]
Firefox v148 has introduced a change to how they handle JavaScript which
breaks CKEditor 4, which is used by Request Tracker. Mozilla have introduced a
work around that looks for version 4 of CKEditor. Unfortunately how we built
CKEditor in the request-tracker5 package we weren't setting the version number,
which means that Firefox doesn't apply the workaround.
The bug report for Firefox is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=2002481
While Firefox v148 isn't in Trixie, many end users of Request Tracker
installations are likely to be running the latest version of Firefox.
[ Impact ]
The impact for users is that they can't add comments to tickets if Request
Tracker is installed using our packages from bookworm.
[ Tests ]
I have not tested the bookworm versions of the package, I have copied the
generated ckeditor.min.js into a Trixie test server confirmed it works with
Firefox v148.
[ Risks ]
There is very low risk. It is a two line change in a build script to set
the version of CKEditor that is being built.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
There is a two line change to debian/scripts/build-final-ckeditor.sh which sets
the --version. When --version isn't provided then it defaults to "DEV". I have
also wrapped the lines to 80 characters to make it easier to read.
[ Other info ]
The bug for updating Trixie is:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130053
diff -Nru request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh
request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh
--- request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh 2025-10-08
20:40:55.000000000 +1300
+++ request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh 2026-03-08
12:18:18.000000000 +1300
@@ -25,7 +25,8 @@
cp -a $DOCFONTSRC $SRC/plugins/
# --add-exports is from https://github.com/ckeditor/ckbuilder/issues/34
-java --add-exports java.desktop/sun.java2d=ALL-UNNAMED -jar /usr/bin/ckbuilder
\
+java --add-exports java.desktop/sun.java2d=ALL-UNNAMED -jar \
+ /usr/bin/ckbuilder --version 4.13.0 \
--build $SRC $DEST --skip-omitted-in-build --build-config $BUILD_CONFIG
(
diff -Nru request-tracker5-5.0.3+dfsg/debian/changelog
request-tracker5-5.0.3+dfsg/debian/changelog
--- request-tracker5-5.0.3+dfsg/debian/changelog 2025-10-08
20:40:55.000000000 +1300
+++ request-tracker5-5.0.3+dfsg/debian/changelog 2026-03-08
12:18:18.000000000 +1300
@@ -1,3 +1,12 @@
+request-tracker5 (5.0.3+dfsg-3~deb12u5) bookworm; urgency=medium
+
+ * Set a version for ckeditor when we build it to allow Firefox v148 to
+ correctly detect that it needs a work around, see:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=2002481
+ (Closes: #1129090)
+
+ -- Andrew Ruthven <[email protected]> Sun, 08 Mar 2026 12:18:18 +1300
+
request-tracker5 (5.0.3+dfsg-3~deb12u4) bookworm-security; urgency=medium
* Apply upstream patch which fixes a security vulnerability.
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.14
This update has been released as part of Debian 12.14.
--- End Message ---
