Package: request-tracker4 | Debian Sources

Package: request-tracker4 / 4.4.7+dfsg-4

Metadata

Package	Version	Patches format
request-tracker4	4.4.7+dfsg-4	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
layout.diff \| (download)	config.layout \| 29 29 + 0 - 0 ! 1 file changed, 29 insertions(+)	add debian layout (fhs-compatible)
sitemodules.diff \| (download)	lib/RT/Interface/Web/Handler.pm \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	use rt_sitemodules.pm in lib/rt/interface/web/handler.pm
rt_setup_database_upgrade_basedir.diff \| (download)	sbin/rt-setup-database.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix relative references to config path
debianize_backup_docs.diff \| (download)	docs/system_administration/database.pod \| 43 31 + 12 - 0 ! 1 file changed, 31 insertions(+), 12 deletions(-)	customise backup docs for debian
debianize_docs_local.diff \| (download)	docs/customizing/styling_rt.pod \| 6 3 + 3 - 0 ! docs/extending/clickable_links.pod \| 4 2 + 2 - 0 ! docs/initialdata.pod \| 2 1 + 1 - 0 ! 3 files changed, 6 insertions(+), 6 deletions(-)	reference correct local directory for debian
no_test_web_installer.diff \| (download)	t/web/installer.t \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	don't test the web installer The following undiagnosed test failure in the Debian minimal build environment occurs: # Failed test 'no warnings' # at lib/RT/Test.pm line 1611. # There were 2 warning(s) # Previous test 22 'set admin email' # There is no form with the requested fields at t/web/installer.t line 80 # at /usr/share/perl5/WWW/Mechanize.pm line 2745 # WWW::Mechanize::_warn('There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 2723 # WWW::Mechanize::warn('RT::Test::Web=HASH(0x586d0f0)', 'There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 1371 However the web installer is not used in the Debian package, so don't run the test.
fix_lintian_privacy_break_logo_error.diff \| (download)	share/html/index.html \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	don't include remote image references or redirects in broken install page This fixes the lintian error privacy-breach-logo
debianize_UPGRADING 4.2.diff \| (download)	docs/UPGRADING-4.2 \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	debianize upgrading-4.2
assettracker sysgroups.diff \| (download)	etc/upgrade/4.1.0/schema.SQLite \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	fix upgrade problems caused by an rtx::assettracker installation bug The setup of the wheezy rt4-extension-assettracker package (RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role accounts, causing upgrade failures on SQLite backends due to uniqueness constraint violations. Bug-Debian: https://bugs.debian.org/773343
load_rt_generated.diff \| (download)	lib/RT.pm \| 4 1 + 3 - 0 ! 1 file changed, 1 insertion(+), 3 deletions(-)	load rt::generated directly from @inc This allows for the possibility of overriding RT::Generated in test scenarios.
rt_test_db_type.diff \| (download)	lib/RT/Test.pm \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	allow overriding databasetype from the environment in rt::test
debianize_version.diff \| (download)	configure.ac \| 8 4 + 4 - 0 ! share/html/Elements/Footer \| 2 1 + 1 - 0 ! 2 files changed, 5 insertions(+), 5 deletions(-)	extract the correct (debian) version number in configure.ac Also make clear in the web interface that this version number is from Debian.
fonts_use_noto_sans.diff \| (download)	etc/RT_Config.pm.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	use noto sans instead of droid sans Droid Sans is deprecated in Debian, and we are using the fonts from Debian rather than bundled with RT. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804687
test_locale.diff \| (download)	lib/RT/Test.pm \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	set lc_all to c LANG overrides only not set LC_variables, so if LC_CTYPE is set in the environment, it persists and tons of tests fail.
use_cpanel_json_xs.diff \| (download)	lib/RT/Interface/Web.pm \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	force the use of cpanel::json::xs JSON::XS breaks RT due to the removed from_json/to_json methods and JSON.pm prefers JSON::XS to our preferred implementation Cpanel::JSON::XS by default. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848041
fix_pod_rt_munge_attachments.diff \| (download)	sbin/rt-munge-attachments.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix pod for rt-munge-attachments
fix_shebang_upgrade_mysql_schema.diff \| (download)	etc/upgrade/upgrade-mysql-schema.pl \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix shebang for debian policy
fix_test_ldap_ipv4.diff \| (download)	t/externalauth/ldap.t \| 12 9 + 3 - 0 ! t/externalauth/ldap_email_login.t \| 11 9 + 2 - 0 ! t/externalauth/ldap_escaping.t \| 11 9 + 2 - 0 ! t/externalauth/ldap_group.t \| 11 9 + 2 - 0 ! t/externalauth/ldap_privileged.t \| 11 9 + 2 - 0 ! t/ldapimport/group-callbacks.t \| 11 9 + 2 - 0 ! t/ldapimport/group-import.t \| 11 9 + 2 - 0 ! t/ldapimport/group-member-import.t \| 11 9 + 2 - 0 ! t/ldapimport/group-rename.t \| 11 9 + 2 - 0 ! t/ldapimport/user-import-cfs.t \| 11 9 + 2 - 0 ! t/ldapimport/user-import-privileged.t \| 11 9 + 2 - 0 ! t/ldapimport/user-import.t \| 11 9 + 2 - 0 ! 12 files changed, 108 insertions(+), 25 deletions(-)	force use of ipv4 for ldap test. Net::LDAP::Server::Test binds to IPv6 by default, but Net::LDAP uses 'localhost' which resolves to an IPv4 address. Even when I switched the call to Net::LDAP->new() to use ip6-localhost it failed elsewhere due to RT using 127.0.0.1.
skip_Mozilla::CA_check.diff \| (download)	sbin/rt-test-dependencies.in \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	debian provides the mozilla cas in the ca-certificates package.
disable test smime realmail.diff \| (download)	t/mail/smime/realmail.t \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	skip t/mail/smime/realmail.t for now. Broken by OpenSSL 3.0 as the test emails use DES which is now disabled.
disable_dirmngr_in_tests.diff \| (download)	t/mail/gnupg-reverification.t \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	don't run dirmngr during tests runs This process is left running after the tests finish and prevents this package from passing the reproducible builds.
fix_legacy_timezones.diff \| (download)	etc/RT_Config.pm.in \| 2 1 + 1 - 0 ! t/api/date.t \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	update legacy timezones Standard timezones generally follow the rule of using the geographical region (continent or ocean) and city name. The initial reason of this commit is Debian recently moved all old timezones(like US/Eastern) to another package(tzdata-legacy), and it's good to not introduce an additional, unnecessary dependency. Fixes: I#37666
fix_spelling.diff \| (download)	bin/rt-mailgate \| 2 1 + 1 - 0 ! bin/rt-mailgate.in \| 2 1 + 1 - 0 ! sbin/rt-validator \| 2 1 + 1 - 0 ! sbin/rt-validator.in \| 2 1 + 1 - 0 ! 4 files changed, 4 insertions(+), 4 deletions(-)	fix some spelling mistakes in pod Not forwarding to upstream for RT 4.4, as this series is now only receiving critical fixes.
fix_dbix_searchbuilder_for_perl_5.40.diff \| (download)	lib/RT/SearchBuilder.pm \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	drop unnecessary and outdated version requirement of DBIx::SearchBuilder We depend on the required version in our packaging.
fix_CVE 2024 3262.diff \| (download)	etc/RT_Config.pm.in \| 14 14 + 0 - 0 ! share/html/Elements/Header \| 3 1 + 2 - 0 ! share/html/Elements/HttpResponseHeaders \| 99 99 + 0 - 0 ! share/html/m/_elements/header \| 3 1 + 2 - 0 ! 4 files changed, 115 insertions(+), 4 deletions(-)	add $webstrictbrowsercache option to disable browser cache Cherry-picked from 5.0-trunk RT systems that store sensitive data may want to disable all browser cache and back button behavior. This option enables that and moves these headers to a separate Mason template for easy override. See: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
fix_CVE 2024 3262_2.diff \| (download)	share/html/Helpers/Autocomplete/autohandler \| 6 2 + 4 - 0 ! share/html/Helpers/autohandler \| 5 2 + 3 - 0 ! t/web/helpers-http-cache-headers.t \| 4 2 + 2 - 0 ! 3 files changed, 6 insertions(+), 9 deletions(-)	convert other mason templates to new headers template Cherry-picked from 5.0-trunk as a continuation of the fix for CVE-2024-3262. 27bd738eaf created a single method in Web.pm, CacheControlExpiresHeaders to generate HTTP response headers, specifically those related to caching instructions for browsers. That was applied to Helpers, but wasn't used for regular RT pages. Later, 915eb4b7d0 sought to fix a regression that resulted in cache headers not being sent for static files returned via Plack::Middleware::Static. That fix went to great lengths to try to re-use functionality from CacheControlExpiresHeaders, including moving all of the code to GetStaticHeaders. This probably wasn't really needed since it's reasonable to allow the special case static handler to send it's own one or two headers. It also made the code confusing since dynamic pages in Mason called CacheControlExpiresHeaders, which then called GetStaticHeaders to get headers for responses that were not static. This update gets all of the Mason web pages using the same code for these headers. It leaves the current methods in place to continue handling static files. That can likely be simplified and cleaned up in a future commit.
use io socket inet in tests.diff \| (download)	lib/RT/Test.pm \| 16 10 + 6 - 0 ! 1 file changed, 10 insertions(+), 6 deletions(-)	change free port detection to how psgi binds to a port The previous method using socket/connect would allow us to bind to a port that PSGI then couldn't bind to. If a port is connected on a specific IP, then using connect with 0.0.0.0 would still connect okay. Using IO::Socket::INET this will fail, which is reasonable for 0.0.0.0, and then PSGI wouldn't be able to start and the test would fail. This may resolve the intermittant test failures.

Patch	File delta	Description
layout.diff \| (download)	config.layout \| 29 29 + 0 - 0 ! 1 file changed, 29 insertions(+)	add debian layout (fhs-compatible)
sitemodules.diff \| (download)	lib/RT/Interface/Web/Handler.pm \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	use rt_sitemodules.pm in lib/rt/interface/web/handler.pm
rt_setup_database_upgrade_basedir.diff \| (download)	sbin/rt-setup-database.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix relative references to config path
debianize_backup_docs.diff \| (download)	docs/system_administration/database.pod \| 43 31 + 12 - 0 ! 1 file changed, 31 insertions(+), 12 deletions(-)	customise backup docs for debian
debianize_docs_local.diff \| (download)	docs/customizing/styling_rt.pod \| 6 3 + 3 - 0 ! docs/extending/clickable_links.pod \| 4 2 + 2 - 0 ! docs/initialdata.pod \| 2 1 + 1 - 0 ! 3 files changed, 6 insertions(+), 6 deletions(-)	reference correct local directory for debian
no_test_web_installer.diff \| (download)	t/web/installer.t \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	don't test the web installer The following undiagnosed test failure in the Debian minimal build environment occurs: # Failed test 'no warnings' # at lib/RT/Test.pm line 1611. # There were 2 warning(s) # Previous test 22 'set admin email' # There is no form with the requested fields at t/web/installer.t line 80 # at /usr/share/perl5/WWW/Mechanize.pm line 2745 # WWW::Mechanize::_warn('There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 2723 # WWW::Mechanize::warn('RT::Test::Web=HASH(0x586d0f0)', 'There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 1371 However the web installer is not used in the Debian package, so don't run the test.
fix_lintian_privacy_break_logo_error.diff \| (download)	share/html/index.html \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	don't include remote image references or redirects in broken install page This fixes the lintian error privacy-breach-logo
debianize_UPGRADING 4.2.diff \| (download)	docs/UPGRADING-4.2 \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	debianize upgrading-4.2
assettracker sysgroups.diff \| (download)	etc/upgrade/4.1.0/schema.SQLite \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	fix upgrade problems caused by an rtx::assettracker installation bug The setup of the wheezy rt4-extension-assettracker package (RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role accounts, causing upgrade failures on SQLite backends due to uniqueness constraint violations. Bug-Debian: https://bugs.debian.org/773343
load_rt_generated.diff \| (download)	lib/RT.pm \| 4 1 + 3 - 0 ! 1 file changed, 1 insertion(+), 3 deletions(-)	load rt::generated directly from @inc This allows for the possibility of overriding RT::Generated in test scenarios.
rt_test_db_type.diff \| (download)	lib/RT/Test.pm \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	allow overriding databasetype from the environment in rt::test
debianize_version.diff \| (download)	configure.ac \| 8 4 + 4 - 0 ! share/html/Elements/Footer \| 2 1 + 1 - 0 ! 2 files changed, 5 insertions(+), 5 deletions(-)	extract the correct (debian) version number in configure.ac Also make clear in the web interface that this version number is from Debian.
fonts_use_noto_sans.diff \| (download)	etc/RT_Config.pm.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	use noto sans instead of droid sans Droid Sans is deprecated in Debian, and we are using the fonts from Debian rather than bundled with RT. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804687
test_locale.diff \| (download)	lib/RT/Test.pm \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	set lc_all to c LANG overrides only not set LC_variables, so if LC_CTYPE is set in the environment, it persists and tons of tests fail.
use_cpanel_json_xs.diff \| (download)	lib/RT/Interface/Web.pm \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	force the use of cpanel::json::xs JSON::XS breaks RT due to the removed from_json/to_json methods and JSON.pm prefers JSON::XS to our preferred implementation Cpanel::JSON::XS by default. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848041
fix_pod_rt_munge_attachments.diff \| (download)	sbin/rt-munge-attachments.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix pod for rt-munge-attachments
fix_shebang_upgrade_mysql_schema.diff \| (download)	etc/upgrade/upgrade-mysql-schema.pl \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix shebang for debian policy
fix_test_ldap_ipv4.diff \| (download)	t/externalauth/ldap.t \| 12 9 + 3 - 0 ! t/externalauth/ldap_email_login.t \| 11 9 + 2 - 0 ! t/externalauth/ldap_escaping.t \| 11 9 + 2 - 0 ! t/externalauth/ldap_group.t \| 11 9 + 2 - 0 ! t/externalauth/ldap_privileged.t \| 11 9 + 2 - 0 ! t/ldapimport/group-callbacks.t \| 11 9 + 2 - 0 ! t/ldapimport/group-import.t \| 11 9 + 2 - 0 ! t/ldapimport/group-member-import.t \| 11 9 + 2 - 0 ! t/ldapimport/group-rename.t \| 11 9 + 2 - 0 ! t/ldapimport/user-import-cfs.t \| 11 9 + 2 - 0 ! t/ldapimport/user-import-privileged.t \| 11 9 + 2 - 0 ! t/ldapimport/user-import.t \| 11 9 + 2 - 0 ! 12 files changed, 108 insertions(+), 25 deletions(-)	force use of ipv4 for ldap test. Net::LDAP::Server::Test binds to IPv6 by default, but Net::LDAP uses 'localhost' which resolves to an IPv4 address. Even when I switched the call to Net::LDAP->new() to use ip6-localhost it failed elsewhere due to RT using 127.0.0.1.
skip_Mozilla::CA_check.diff \| (download)	sbin/rt-test-dependencies.in \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	debian provides the mozilla cas in the ca-certificates package.
disable test smime realmail.diff \| (download)	t/mail/smime/realmail.t \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	skip t/mail/smime/realmail.t for now. Broken by OpenSSL 3.0 as the test emails use DES which is now disabled.
disable_dirmngr_in_tests.diff \| (download)	t/mail/gnupg-reverification.t \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	don't run dirmngr during tests runs This process is left running after the tests finish and prevents this package from passing the reproducible builds.
fix_legacy_timezones.diff \| (download)	etc/RT_Config.pm.in \| 2 1 + 1 - 0 ! t/api/date.t \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	update legacy timezones Standard timezones generally follow the rule of using the geographical region (continent or ocean) and city name. The initial reason of this commit is Debian recently moved all old timezones(like US/Eastern) to another package(tzdata-legacy), and it's good to not introduce an additional, unnecessary dependency. Fixes: I#37666
fix_spelling.diff \| (download)	bin/rt-mailgate \| 2 1 + 1 - 0 ! bin/rt-mailgate.in \| 2 1 + 1 - 0 ! sbin/rt-validator \| 2 1 + 1 - 0 ! sbin/rt-validator.in \| 2 1 + 1 - 0 ! 4 files changed, 4 insertions(+), 4 deletions(-)	fix some spelling mistakes in pod Not forwarding to upstream for RT 4.4, as this series is now only receiving critical fixes.
fix_dbix_searchbuilder_for_perl_5.40.diff \| (download)	lib/RT/SearchBuilder.pm \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	drop unnecessary and outdated version requirement of DBIx::SearchBuilder We depend on the required version in our packaging.
fix_CVE 2024 3262.diff \| (download)	etc/RT_Config.pm.in \| 14 14 + 0 - 0 ! share/html/Elements/Header \| 3 1 + 2 - 0 ! share/html/Elements/HttpResponseHeaders \| 99 99 + 0 - 0 ! share/html/m/_elements/header \| 3 1 + 2 - 0 ! 4 files changed, 115 insertions(+), 4 deletions(-)	add $webstrictbrowsercache option to disable browser cache Cherry-picked from 5.0-trunk RT systems that store sensitive data may want to disable all browser cache and back button behavior. This option enables that and moves these headers to a separate Mason template for easy override. See: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
fix_CVE 2024 3262_2.diff \| (download)	share/html/Helpers/Autocomplete/autohandler \| 6 2 + 4 - 0 ! share/html/Helpers/autohandler \| 5 2 + 3 - 0 ! t/web/helpers-http-cache-headers.t \| 4 2 + 2 - 0 ! 3 files changed, 6 insertions(+), 9 deletions(-)	convert other mason templates to new headers template Cherry-picked from 5.0-trunk as a continuation of the fix for CVE-2024-3262. 27bd738eaf created a single method in Web.pm, CacheControlExpiresHeaders to generate HTTP response headers, specifically those related to caching instructions for browsers. That was applied to Helpers, but wasn't used for regular RT pages. Later, 915eb4b7d0 sought to fix a regression that resulted in cache headers not being sent for static files returned via Plack::Middleware::Static. That fix went to great lengths to try to re-use functionality from CacheControlExpiresHeaders, including moving all of the code to GetStaticHeaders. This probably wasn't really needed since it's reasonable to allow the special case static handler to send it's own one or two headers. It also made the code confusing since dynamic pages in Mason called CacheControlExpiresHeaders, which then called GetStaticHeaders to get headers for responses that were not static. This update gets all of the Mason web pages using the same code for these headers. It leaves the current methods in place to continue handling static files. That can likely be simplified and cleaned up in a future commit.
use io socket inet in tests.diff \| (download)	lib/RT/Test.pm \| 16 10 + 6 - 0 ! 1 file changed, 10 insertions(+), 6 deletions(-)	change free port detection to how psgi binds to a port The previous method using socket/connect would allow us to bind to a port that PSGI then couldn't bind to. If a port is connected on a specific IP, then using connect with 0.0.0.0 would still connect okay. Using IO::Socket::INET this will fail, which is reasonable for 0.0.0.0, and then PSGI wouldn't be able to start and the test would fail. This may resolve the intermittant test failures.