Your message dated Sun, 16 Dec 2012 20:17:32 +0000
with message-id <[email protected]>
and subject line Re: Bug#693123: [request-tracker-maintainers] Bug#693123:
unblock: rt-authen-externalauth/0.10-3
has caused the Debian Bug report #693123,
regarding unblock: rt-authen-externalauth/0.10-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
693123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693123
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package rt-authen-externalauth in order to ensure compatibility
with request-tracker4/4.0.7-2:
rt-authen-externalauth (0.10-3) unstable; urgency=low
* Adding patch from Thomas Sibley <[email protected]> to redirect
correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
(Closes: #691783).
* Adding postinst script for clearing the mason cache after configuring
the package.
* Fixing incorrect line wrap in previous changelog entry.
-- Tom Jampen <[email protected]> Thu, 08 Nov 2012 07:37:05 +0100
Thanks
Tom
diff -Nru rt-authen-externalauth-0.10/debian/changelog
rt-authen-externalauth-0.10/debian/changelog
--- rt-authen-externalauth-0.10/debian/changelog 2012-08-20
10:49:19.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/changelog 2012-11-08
09:08:49.000000000 +0100
@@ -1,8 +1,19 @@
+rt-authen-externalauth (0.10-3) unstable; urgency=low
+
+ * Adding patch from Thomas Sibley <[email protected]> to redirect
+ correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+ (Closes: #691783).
+ * Adding postinst script for clearing the mason cache after configuring
+ the package.
+ * Fixing incorrect line wrap in previous changelog entry.
+
+ -- Tom Jampen <[email protected]> Thu, 08 Nov 2012 07:37:05 +0100
+
rt-authen-externalauth (0.10-2) unstable; urgency=low
* Fixing typos in README.Debian.
- * Adding patch from Alex Vandiver <[email protected]> to fix privilege
escalation
- bug (Closes: #683288).
+ * Adding patch from Alex Vandiver <[email protected]> to fix privilege
+ escalation bug (Closes: #683288).
-- Tom Jampen <[email protected]> Thu, 10 Aug 2012 21:53:49 +0200
diff -Nru
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
---
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
1970-01-01 01:00:00.000000000 +0100
+++
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
2012-11-07 18:45:09.000000000 +0100
@@ -0,0 +1,20 @@
+Author: Thomas Sibley <[email protected]>
+Description:
+ Redirect correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+ .
+ The NextPage session stash started storing hashrefs instead of strings.
+ This manifested as redirects to /HASH(0xDEADBEEF) instead of the proper
+ destination. Older and unpatched RTs will continue to work correctly
+ due to the "if ref $next" check.
+
+diff -Naurp a/html/Callbacks/ExternalAuth/autohandler/Session
b/html/Callbacks/ExternalAuth/autohandler/Session
+--- a/html/Callbacks/ExternalAuth/autohandler/Session 2012-10-30
13:01:56.611512695 +0100
++++ b/html/Callbacks/ExternalAuth/autohandler/Session 2012-10-30
18:12:18.663173646 +0100
+@@ -7,6 +7,7 @@ if ( $m->request_comp->path eq '/NoAut
+ && $ARGS{next} )
+ {
+ my $next = delete $session{'NextPage'}->{ $ARGS{'next'} };
++ $next = $next->{'url'} if ref $next;
+ RT::Interface::Web::Redirect( $next || RT->Config->Get('WebURL') );
+ }
+ </%init>
diff -Nru rt-authen-externalauth-0.10/debian/patches/series
rt-authen-externalauth-0.10/debian/patches/series
--- rt-authen-externalauth-0.10/debian/patches/series 2012-08-20
10:34:00.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/patches/series 2012-11-07
18:45:09.000000000 +0100
@@ -1,2 +1,3 @@
01-fix-plugindir.patch
02-privilege-escalation.patch
+03-rt4-security-fix-compatibility.patch
diff -Nru
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
---
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
1970-01-01 01:00:00.000000000 +0100
+++
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
2012-11-08 09:07:59.000000000 +0100
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+ configure)
+ # clear mason cache
+ rm -rf /var/cache/request-tracker4/mason_data/obj/*
+ ;;
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+ *)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
--- End Message ---
--- Begin Message ---
On Thu, 2012-12-06 at 20:07 +0000, Adam D. Barratt wrote:
> On Thu, 2012-12-06 at 10:01 +0100, Tom Jampen wrote:
> > So I assume, Adam, that you are ok with unblocking the next
> > rt-authen-externalauth version if I use the same solution as
> > request-tracker4
> > does for clearing the mason cache and indicating that apache needs to be
> > restarted?
>
> Well, there's always the alternative of not clearing the cache, which
> presumably works okay for the only other packaged extension I can see.
> Anyway... yes, it sounds okay. If you're at all worried about specifics,
> feel free to send a debdiff first.
-4 unblocked.
Regards,
Adam
--- End Message ---
