lp:ubuntu/saucy/request-tracker4

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

20. By Dominic Hargreaves on 2013-06-02

* New upstream release
* Depend on fonts-droid instead of the transitional ttf-droid
  (Closes: #708940)
* Update configuration files to Apache 2.4 host ACL style
  (Closes: #669774)
* Run make testdeps, ignoring errors for now as some dependencies
  aren't needed for the Debian package and aren't packaged
* Add Build-Depends on libterm-readkey-perl, and don't run
  t/web/installer.t (tests functionality not used in the Debian
  package (Closes: #708950)
* Add Build-Depends on libfcgi-perl
* Update Standards-Version (no changes)
* Remove rt-validate-aliases alternative in prerm (Closes: #708101)

19. By Dominic Hargreaves on 2013-03-29

* Change localstatedir from /var/cache/request-tracker4 to
  /var/lib/request-tracker4 as it contains things which aren't caches
* Update other references to /var/cache/request-tracker4 where
  appropriate
* Move /var/cache/request-tracker4/data/gpg to
  /var/lib/request-tracker4/data/gpg in postinst
* Add NEWS item about moves from /var/cache/request-tracker4
* Closes: #704107

18. By Dominic Hargreaves on 2012-12-16

Add extra robustness to hostname handling (Closes: 685502)

17. By Dominic Hargreaves on 2012-12-10

* Cherry-pick fix from 4.0.8 fixing duplicate transaction creation
  bug (Closes: #691701)
* Remove unused code which uses Digest::SHA1 which in turn has been
  removed from Debian (Closes: #694484)

16. By Dominic Hargreaves on 2012-10-23

* Multiple security fixes for:
  - Email header injection attack (CVE-2012-4730)
  - Missing rights checking for Articles (CVE-2012-4731)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)

15. By Dominic Hargreaves on 2012-08-17

* Remove recommendation of libapache2-mod-fastcgi since this is
  non-free (Closes: #682133)
* Remove cron job during package purge (Closes: #682186)

14. By Dominic Hargreaves on 2012-06-21

* Fix broken regex character range that results in failed installs;
  thanks to Carl Fürstenber (Closes: #678239)
* Urgency high due to RC bug fix

13. By Dominic Hargreaves on 2012-06-03

update-rt-siteconfig: Allow inclusion of files with capital letters
and underscores in their name (Closes: #674409)

12. By Dominic Hargreaves on 2012-05-27

* Provide specific instructions for restarting a mod_perl based
  Apache server
* New upstream release
  - update dependencies
  - add NEWS items
  - apply database upgrades
* Update mod_fcgid config to allow large attachments
* Fix debian/copyright syntax (thanks, Lintian)

11. By Dominic Hargreaves on 2012-05-19

[ Dmitry Smirnov ]
* debian/copyright update
* added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
* debian/rt4-fcgi.init: fixed 'status' function

[ Dominic Hargreaves ]
* Multiple security fixes for:
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
  above fixes, and run in postinst