Bug#693123: unblock: rt-authen-externalauth/0.10-3

Tue, 13 Nov 2012 03:09:20 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package rt-authen-externalauth in order to ensure compatibility
with request-tracker4/4.0.7-2:

rt-authen-externalauth (0.10-3) unstable; urgency=low

  * Adding patch from Thomas Sibley <t...@bestpractical.com> to redirect
    correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
    (Closes: #691783).
  * Adding postinst script for clearing the mason cache after configuring
    the package.
  * Fixing incorrect line wrap in previous changelog entry.

 -- Tom Jampen <t...@cryptography.ch>  Thu, 08 Nov 2012 07:37:05 +0100

Thanks
Tom


diff -Nru rt-authen-externalauth-0.10/debian/changelog 
rt-authen-externalauth-0.10/debian/changelog
--- rt-authen-externalauth-0.10/debian/changelog        2012-08-20 
10:49:19.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/changelog        2012-11-08 
09:08:49.000000000 +0100
@@ -1,8 +1,19 @@
+rt-authen-externalauth (0.10-3) unstable; urgency=low
+
+  * Adding patch from Thomas Sibley <t...@bestpractical.com> to redirect
+    correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+    (Closes: #691783).
+  * Adding postinst script for clearing the mason cache after configuring
+    the package.
+  * Fixing incorrect line wrap in previous changelog entry.
+
+ -- Tom Jampen <t...@cryptography.ch>  Thu, 08 Nov 2012 07:37:05 +0100
+
 rt-authen-externalauth (0.10-2) unstable; urgency=low
 
   * Fixing typos in README.Debian.
-  * Adding patch from Alex Vandiver <a...@chmrr.net> to fix privilege 
escalation
-    bug (Closes: #683288).
+  * Adding patch from Alex Vandiver <a...@chmrr.net> to fix privilege
+    escalation bug (Closes: #683288).
 
  -- Tom Jampen <t...@cryptography.ch>  Thu, 10 Aug 2012 21:53:49 +0200
 
diff -Nru 
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
 
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
--- 
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
  1970-01-01 01:00:00.000000000 +0100
+++ 
rt-authen-externalauth-0.10/debian/patches/03-rt4-security-fix-compatibility.patch
  2012-11-07 18:45:09.000000000 +0100
@@ -0,0 +1,20 @@
+Author: Thomas Sibley <t...@bestpractical.com>
+Description:
+ Redirect correctly on RT 4.0.8, 3.8.15, and the 2012-10-25 security patches
+ .
+ The NextPage session stash started storing hashrefs instead of strings.
+ This manifested as redirects to /HASH(0xDEADBEEF) instead of the proper
+ destination.  Older and unpatched RTs will continue to work correctly
+ due to the "if ref $next" check.
+
+diff -Naurp a/html/Callbacks/ExternalAuth/autohandler/Session 
b/html/Callbacks/ExternalAuth/autohandler/Session
+--- a/html/Callbacks/ExternalAuth/autohandler/Session  2012-10-30 
13:01:56.611512695 +0100
++++ b/html/Callbacks/ExternalAuth/autohandler/Session  2012-10-30 
18:12:18.663173646 +0100
+@@ -7,6 +7,7 @@ if (   $m->request_comp->path eq '/NoAut
+     && $ARGS{next} )
+ {
+     my $next = delete $session{'NextPage'}->{ $ARGS{'next'} };
++       $next = $next->{'url'} if ref $next;
+     RT::Interface::Web::Redirect( $next || RT->Config->Get('WebURL') );
+ }
+ </%init>
diff -Nru rt-authen-externalauth-0.10/debian/patches/series 
rt-authen-externalauth-0.10/debian/patches/series
--- rt-authen-externalauth-0.10/debian/patches/series   2012-08-20 
10:34:00.000000000 +0200
+++ rt-authen-externalauth-0.10/debian/patches/series   2012-11-07 
18:45:09.000000000 +0100
@@ -1,2 +1,3 @@
 01-fix-plugindir.patch
 02-privilege-escalation.patch
+03-rt4-security-fix-compatibility.patch
diff -Nru 
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst 
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst
--- 
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst    
    1970-01-01 01:00:00.000000000 +0100
+++ 
rt-authen-externalauth-0.10/debian/rt4-extension-authenexternalauth.postinst    
    2012-11-08 09:07:59.000000000 +0100
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+       configure)
+               # clear mason cache
+               rm -rf /var/cache/request-tracker4/mason_data/obj/*
+               ;;
+       abort-upgrade|abort-remove|abort-deconfigure)
+
+               ;;
+       *)
+               echo "postinst called with unknown argument \`${1}'" >&2
+               exit 1
+               ;;
+esac
+
+#DEBHELPER#
+
+exit 0

Reply via email to