config.layout | 29 29 + 0 - 0 !
1 file changed, 29 insertions(+)

 add debian layout (fhs-compatible)

lib/RT/Interface/Web/Handler.pm | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 use rt_sitemodules.pm in lib/rt/interface/web/handler.pm

sbin/rt-setup-database.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix relative references to config path

docs/system_administration/database.pod | 60 42 + 18 - 0 !
1 file changed, 42 insertions(+), 18 deletions(-)

 customise backup docs for debian

docs/customizing/styling_rt.pod | 13 6 + 7 - 0 !
docs/extending/clickable_links.pod | 4 2 + 2 - 0 !
docs/initialdata.pod | 2 1 + 1 - 0 !
docs/writing_portlets.pod | 8 4 + 4 - 0 !
4 files changed, 13 insertions(+), 14 deletions(-)

 reference correct local directory for debian

share/html/index.html | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 don't include remote image references or redirects in broken install
 page

This fixes the lintian error privacy-breach-logo

docs/UPGRADING-4.2 | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 debianize upgrading-4.2

etc/upgrade/4.1.0/schema.SQLite | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix upgrade problems caused by an rtx::assettracker installation bug

The setup of the wheezy rt4-extension-assettracker package
(RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role
accounts, causing upgrade failures on SQLite backends due to uniqueness
constraint violations.

Bug-Debian: https://bugs.debian.org/773343

lib/RT.pm | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 load rt::generated directly from @inc

This allows for the possibility of overriding RT::Generated in test
scenarios.

lib/RT/Test.pm | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 allow overriding databasetype from the environment in rt::test

configure.ac | 8 4 + 4 - 0 !
share/html/Admin/Tools/Config/Elements/Option | 3 3 + 0 - 0 !
share/html/Elements/Footer | 2 1 + 1 - 0 !
3 files changed, 8 insertions(+), 5 deletions(-)

 extract the correct (debian) version number in configure.ac

Also make clear in the web interface that this version number is from
Debian.

etc/RT_Config.pm.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use noto sans instead of droid sans

Droid Sans is deprecated in Debian, and we are using the fonts from
Debian rather than bundled with RT.

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804687

lib/RT/Test.pm | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 set lc_all to c

LANG overrides only not set LC_variables, so if LC_CTYPE is set in the
environment, it persists and tons of tests fail.

lib/RT/Interface/Web.pm | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 force the use of cpanel::json::xs

JSON::XS breaks RT due to the removed from_json/to_json methods and JSON.pm
prefers JSON::XS to our preferred implementation Cpanel::JSON::XS by
default.

Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848041

sbin/rt-munge-attachments.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix pod for rt-munge-attachments

etc/upgrade/upgrade-mysql-schema.pl | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix shebang for debian policy

t/externalauth/ldap.t | 12 9 + 3 - 0 !
t/externalauth/ldap_email_login.t | 11 9 + 2 - 0 !
t/externalauth/ldap_escaping.t | 11 9 + 2 - 0 !
t/externalauth/ldap_group.t | 11 9 + 2 - 0 !
t/externalauth/ldap_privileged.t | 11 9 + 2 - 0 !
t/ldapimport/group-callbacks.t | 11 9 + 2 - 0 !
t/ldapimport/group-import.t | 11 9 + 2 - 0 !
t/ldapimport/group-member-import.t | 11 9 + 2 - 0 !
t/ldapimport/group-rename.t | 11 9 + 2 - 0 !
t/ldapimport/user-import-cfs.t | 11 9 + 2 - 0 !
t/ldapimport/user-import-privileged.t | 11 9 + 2 - 0 !
t/ldapimport/user-import.t | 11 9 + 2 - 0 !
12 files changed, 108 insertions(+), 25 deletions(-)

 force use of ipv4 for ldap test.

Net::LDAP::Server::Test binds to IPv6 by default, but Net::LDAP uses
'localhost' which resolves to an IPv4 address.  Even when I switched
the call to Net::LDAP->new() to use ip6-localhost it failed elsewhere
due to RT using 127.0.0.1.

docs/extensions.pod | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 point to debian locaton of mason_data.

docs/authentication.pod | 2 1 + 1 - 0 !
docs/automating_rt.pod | 16 8 + 8 - 0 !
docs/customizing/assets/tutorial.pod | 6 3 + 3 - 0 !
docs/customizing/scrip_conditions_and_action.pod | 6 3 + 3 - 0 !
docs/customizing/search_result_columns.pod | 8 4 + 4 - 0 !
docs/extending/external_custom_fields.pod | 8 4 + 4 - 0 !
docs/extensions.pod | 7 3 + 4 - 0 !
docs/full_text_indexing.pod | 30 15 + 15 - 0 !
docs/incremental-export/README | 15 9 + 6 - 0 !
docs/initialdata.pod | 2 1 + 1 - 0 !
docs/reminders.pod | 2 1 + 1 - 0 !
docs/system_administration/database.pod | 10 5 + 5 - 0 !
docs/tracking-rt-configuration.pod | 10 5 + 5 - 0 !
13 files changed, 62 insertions(+), 60 deletions(-)

 use debian location of commands and data

docs/charts.pod | 52 10 + 42 - 0 !
1 file changed, 10 insertions(+), 42 deletions(-)

 on debian there is no need to install the gd modules if gd is
 desired.

etc/cpanfile | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 debian provides the mozilla cas in the ca-certificates package.

sbin/rt-server.fcgi | 3 3 + 0 - 0 !
sbin/rt-server.in | 3 3 + 0 - 0 !
2 files changed, 6 insertions(+)

 a client terminating a connection shouldn't kill a fcgi process

When a client disconnects before processing is complete than a SIGPIPE
is sent to the FCGI process. Previously this would cause the process
to exit. Discussed on the forum here:

* https://forum.bestpractical.com/t/rt-4-4-fastcgi-processes-frequently-dying/34812
* https://forum.bestpractical.com/t/why-does-rts-fcgi-server-not-handle-sigpipe/35902

t/mail/smime/realmail.t | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 skip t/mail/smime/realmail.t for now.

Broken by OpenSSL 3.0 as the test emails use DES which is now disabled.

etc/cpanfile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove exclude of test::www::mechanize 1.58

The Debian maintainers of libtest-www-mechanize-perl have built their
version of 1.58 with the patch that fixes the issue with Text::LongString
breaking the RT tests.

Upstream report of issue (merged for the upcoming 1.59 release):
  https://github.com/petdance/test-www-mechanize/pull/79

t/api/date.t | 37 21 + 16 - 0 !
1 file changed, 21 insertions(+), 16 deletions(-)

 update tests for en datetime locale change to space

This patch has been cherry-picked from upstream 5.0-trunk. It can be
dropped once we import 5.0.4 (when it is released).

DateTime::Locale version 1.58 published CLDR 42.0.0 which changed
the space character in times before the AM and PM to be
U+202F NARROW NO-BREAK SPACE (aka NNBSP) from the previous
space (U+0020). This broke tests looking for a space character
for localized datetimes with an AM/PM.

Update to a like test to work for older versions of DateTime::Locale
and for new ones from 1.58 forward.

etc/cpanfile | 1 1 + 0 - 0 !
t/api/date.t | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 support datetime::format::natural >= 0.13_01

Version 0.13_01 switched from using DateTime to DateTime::HiRes for setting
the initial time. This means we in turn need to use Test::MockTime::HiRes.

Error I was getting in Debian with libdatetime-format-natural-perl v0.14 and
v0.15:

  t/api/date.t .. 4/?
  #   Failed test 'April in the past'
  #   at t/api/date.t line 650.
  #          got: '2023-03-31 16:00:00'
  #     expected: '2015-03-31 16:00:00'

  #   Failed test 'Monday in the past'
  #   at t/api/date.t line 655.
  #          got: '2023-01-29 16:00:00'
  #     expected: '2015-11-22 16:00:00'

  #   Failed test 'April in the future'
  #   at t/api/date.t line 661.
  #          got: '2023-03-31 16:00:00'
  #     expected: '2016-03-31 16:00:00'
  # Some tests failed or we bailed out, tmp directory '/home/puck/personal/RT/debian/rt/request-tracker5/t/tmp/api-date.t-qhyuAiqU' is not cleaned
  # Looks like you failed 3 tests of 231.

docs/web_deployment.pod | 25 25 + 0 - 0 !
lib/RT/Articles.pm | 5 5 + 0 - 0 !
lib/RT/Assets.pm | 5 5 + 0 - 0 !
lib/RT/Attachment.pm | 11 11 + 0 - 0 !
lib/RT/Catalog.pm | 22 22 + 0 - 0 !
lib/RT/Catalogs.pm | 5 5 + 0 - 0 !
lib/RT/Class.pm | 33 33 + 0 - 0 !
lib/RT/Classes.pm | 5 5 + 0 - 0 !
lib/RT/CustomField.pm | 22 22 + 0 - 0 !
lib/RT/CustomFields.pm | 5 5 + 0 - 0 !
lib/RT/CustomRole.pm | 22 22 + 0 - 0 !
lib/RT/CustomRoles.pm | 6 6 + 0 - 0 !
lib/RT/Group.pm | 34 30 + 4 - 0 !
lib/RT/Groups.pm | 5 5 + 0 - 0 !
lib/RT/Interface/Email.pm | 4 4 + 0 - 0 !
lib/RT/Interface/Email/Crypt.pm | 5 3 + 2 - 0 !
lib/RT/Interface/Web.pm | 22 22 + 0 - 0 !
lib/RT/ObjectCustomFieldValue.pm | 1 1 + 0 - 0 !
lib/RT/Queue.pm | 23 23 + 0 - 0 !
lib/RT/Queues.pm | 5 5 + 0 - 0 !
lib/RT/REST2/Resource/Article.pm | 10 2 + 8 - 0 !
lib/RT/REST2/Resource/Asset.pm | 6 2 + 4 - 0 !
lib/RT/REST2/Resource/Collection.pm | 28 15 + 13 - 0 !
lib/RT/REST2/Resource/CustomField.pm | 15 0 + 15 - 0 !
lib/RT/REST2/Resource/Group.pm | 39 12 + 27 - 0 !
lib/RT/REST2/Resource/GroupMembers.pm | 2 0 + 2 - 0 !
lib/RT/REST2/Resource/ObjectCustomFieldValue.pm | 6 0 + 6 - 0 !
lib/RT/REST2/Resource/RT.pm | 4 3 + 1 - 0 !
lib/RT/REST2/Resource/Record.pm | 17 14 + 3 - 0 !
lib/RT/REST2/Resource/Ticket.pm | 11 3 + 8 - 0 !
lib/RT/REST2/Resource/User.pm | 3 1 + 2 - 0 !
lib/RT/SearchBuilder.pm | 5 5 + 0 - 0 !
lib/RT/SearchBuilder/Role/Roles.pm | 4 2 + 2 - 0 !
lib/RT/Ticket.pm | 4 4 + 0 - 0 !
lib/RT/Tickets.pm | 11 10 + 1 - 0 !
lib/RT/Transactions.pm | 98 97 + 1 - 0 !
lib/RT/Users.pm | 5 5 + 0 - 0 !
share/html/Elements/CollectionList | 6 1 + 5 - 0 !
share/html/REST/1.0/NoAuth/mail-gateway | 13 12 + 1 - 0 !
share/html/Search/Results.html | 10 2 + 8 - 0 !
share/html/Search/Results.tsv | 10 2 + 8 - 0 !
41 files changed, 451 insertions(+), 121 deletions(-)

 fix a number of security issues in rt.

* RT is vulnerable to unvalidated email headers in incoming email and the
  mail-gateway REST interface. This vulnerability is assigned CVE-2023-41259.
* RT is vulnerable to information leakage via response messages returned from
  requests sent via the mail-gateway REST interface. This vulnerability is
  assigned CVE-2023-41260.
* RT 5.0 is vulnerable to information leakage via transaction searches made
  by authenticated users in the transaction query builder. This vulnerability
  is assigned CVE-2023-45024.
* RT 5.0 can reveal information about data on various RT objects in errors
  and other response messages to REST 2 requests.

t/data/smime/keys/demoCA/cacert.pem | 68 35 + 33 - 0 !
t/data/smime/keys/otherCA/cacert.pem | 93 47 + 46 - 0 !
t/data/smime/keys/root@example.com.crt | 104 73 + 31 - 0 !
t/data/smime/keys/root@example.com.csr | 33 26 + 7 - 0 !
t/data/smime/keys/root@example.com.key | 64 52 + 12 - 0 !
t/data/smime/keys/root@example.com.pem | 168 125 + 43 - 0 !
t/data/smime/keys/sender@example.com.crt | 104 73 + 31 - 0 !
t/data/smime/keys/sender@example.com.csr | 33 26 + 7 - 0 !
t/data/smime/keys/sender@example.com.key | 64 52 + 12 - 0 !
t/data/smime/keys/sender@example.com.pem | 168 125 + 43 - 0 !
t/data/smime/mails/1-signed.eml | 151 77 + 74 - 0 !
t/data/smime/mails/2-signed-attachment.eml | 179 89 + 90 - 0 !
t/data/smime/mails/3-signed-binary.eml | 189 94 + 95 - 0 !
t/data/smime/mails/4-encrypted-plain.eml | 81 49 + 32 - 0 !
t/data/smime/mails/5-encrypted-attachment.eml | 100 58 + 42 - 0 !
t/data/smime/mails/6-encrypted-binary.eml | 112 64 + 48 - 0 !
t/data/smime/mails/7-signed-encrypted-plain.eml | 215 118 + 97 - 0 !
t/data/smime/mails/8-signed-encrypted-attachment.eml | 234 127 + 107 - 0 !
t/data/smime/mails/9-signed-encrypted-binary.eml | 246 133 + 113 - 0 !
t/web/smime/outgoing.t | 2 1 + 1 - 0 !
20 files changed, 1444 insertions(+), 964 deletions(-)

 update expired certificates and related tests

S/MIME certs in tests expired in August 2023. This is the upstream fix
that'll be in release 5.0.5 of RT.

t/mail/gateway.t | 2 1 + 1 - 0 !
t/mail/han-encodings.t | 2 1 + 1 - 0 !
t/mail/sendmail-plaintext.t | 2 1 + 1 - 0 !
t/mail/sendmail.t | 2 1 + 1 - 0 !
t/rest2/articles.t | 2 1 + 1 - 0 !
t/rest2/assets.t | 2 1 + 1 - 0 !
t/rest2/attachments.t | 4 2 + 2 - 0 !
t/rest2/cf-image.t | 2 1 + 1 - 0 !
t/rest2/customfields.t | 2 1 + 1 - 0 !
t/rest2/group-members.t | 24 5 + 19 - 0 !
t/rest2/searches.t | 2 1 + 1 - 0 !
t/rest2/tickets.t | 4 1 + 3 - 0 !
t/rest2/transactions.t | 4 2 + 2 - 0 !
t/ticket/interface.t | 2 1 + 1 - 0 !
14 files changed, 20 insertions(+), 36 deletions(-)

 patches to tests for cve-2023-41259, cve-2023-41260, and cve-45024