Package: request-tracker4 | Debian Sources

Package: request-tracker4 / 4.0.19-1~bpo70+2

Metadata

Package	Version	Patches format
request-tracker4	4.0.19-1~bpo70+2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
layout.diff \| (download)	config.layout \| 27 27 + 0 - 0 ! 1 file changed, 27 insertions(+)	add debian layout (fhs-compatible)
sitemodules.diff \| (download)	lib/RT/Interface/Web/Handler.pm \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	use rt_sitemodules.pm in lib/rt/interface/web/handler.pm
rt_setup_database_upgrade_basedir.diff \| (download)	sbin/rt-setup-database.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix relative references to config path
versioned_use_webmux.diff \| (download)	sbin/rt-server.in \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	require the correct major version of rt to provide more helpful errors when the wrong version of RT is in @LIB (for example in a mod_perl context)
no_testdeps.diff \| (download)	Makefile.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	don't run the testdeps portion of configuration
rt_setup_fulltext_index_no_dba_preset.diff \| (download)	sbin/rt-setup-fulltext-index.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	revert "pull default dba from autoconf" Bug-Debian: http://bugs.debian.org/644093 This reverts commit e7f378895ec06e64bd056e1c966277aeee2ef6bd.
sanity check stylesheets_shebang.diff \| (download)	etc/upgrade/sanity-check-stylesheets.pl \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add missing interpreter to etc/upgrade/sanity-check-stylesheets.pl We install these scripts executable, so they need to have a valid interpreter. Bug: http://issues.bestpractical.com/Ticket/Display.html?id=18856
remove_unused_authenticate_method.diff \| (download)	lib/RT/CurrentUser.pm \| 40 0 + 40 - 0 ! 1 file changed, 40 deletions(-)	remove the unused authenticate method This method was added as part of an Atom feature, the functionality of which was removed from core in ec3af9f and made into RTx-Atom, which rolls its own version of this method.
debianize_backup_docs.diff \| (download)	docs/backups.pod \| 43 31 + 12 - 0 ! 1 file changed, 31 insertions(+), 12 deletions(-)	customise backup docs for debian
debianize_docs_local.diff \| (download)	docs/customizing/styling_rt.pod \| 10 5 + 5 - 0 ! docs/extending/clickable_links.pod \| 4 2 + 2 - 0 ! docs/initialdata.pod \| 2 1 + 1 - 0 ! 3 files changed, 8 insertions(+), 8 deletions(-)	reference correct local directory for debian
rt validate aliases_pod.diff \| (download)	sbin/rt-validate-aliases.in \| 29 29 + 0 - 0 ! 1 file changed, 29 insertions(+)	add pod for rt-validate-aliases
no_test_web_installer.diff \| (download)	t/web/installer.t \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	don't test the web installer The following undiagnosed test failure in the Debian minimal build environment occurs: # Failed test 'no warnings' # at lib/RT/Test.pm line 1611. # There were 2 warning(s) # Previous test 22 'set admin email' # There is no form with the requested fields at t/web/installer.t line 80 # at /usr/share/perl5/WWW/Mechanize.pm line 2745 # WWW::Mechanize::_warn('There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 2723 # WWW::Mechanize::warn('RT::Test::Web=HASH(0x586d0f0)', 'There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 1371 However the web installer is not used in the Debian package, so don't run the test.
rt_setup_database_no_dba_preset.diff \| (download)	sbin/rt-setup-database.in \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	revert "default to the configure-time dba in rt-setup-database" Bug-Debian: http://bugs.debian.org/637215 This reverts commit 2370ad8c83696fb51a54adff665c4cf947b44e49.
fix_lintian_privacy_break_logo_error.diff \| (download)	share/html/index.html \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	don't include remote image references or redirects in broken install page This fixes the lintian error privacy-breach-logo
sec 2015 02 05 1.diff \| (download)	lib/RT.pm \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	hide utf8 warnings during attempted decoding EncodeFromToWithCroak is used to exploratorily attempt to decode unknown byte strings. This operation, under Encode::FB_DEFAULT, may generate warnings -- lots of warnings. This can lead to denial of service in some situations. This vulnerability has been assigned CVE-2014-9472. Unfortunately, "no warnings 'utf8'" does not work to quiet them until Encode 2.64; simply skip warnings of this type in the logging handler.
sec 2015 02 05 2.diff \| (download)	share/html/Search/Elements/ResultsRSSView \| 9 8 + 1 - 0 ! 1 file changed, 8 insertions(+), 1 deletion(-)	prevent text content from being interpreted as html by rss clients The ->Content method is used to obtain the data to use in the RSS <description> tag. However, most RSS feed readers display the contents of the <description> tag using a HTML rendering engine; this allows textual content to be mistakenly rendered as HTML. This specifically includes links, which RSS readers may not hide the "Referer" header of, exposing the RSS feed URL and thus allowing for information disclosure. This vulnerability has been assigned CVE-2015-1165. Escape the textual content so that it is not interpreted as HTML by RSS readers. This is suprior to requesting ->Content( Type => "text/html" ) because it is guaranteed to not contain links, and thus not suffer from the above Referer disclosure.
sec 2015 02 05 3.diff \| (download)	share/html/Search/Elements/ResultsRSSView \| 11 4 + 7 - 0 ! 1 file changed, 4 insertions(+), 7 deletions(-)	never place the temporary current user in the session

1