lp:ubuntu/saucy/request-tracker4
- Get this branch:
- bzr branch lp:ubuntu/saucy/request-tracker4
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 20. By Dominic Hargreaves
-
* New upstream release
* Depend on fonts-droid instead of the transitional ttf-droid
(Closes: #708940)
* Update configuration files to Apache 2.4 host ACL style
(Closes: #669774)
* Run make testdeps, ignoring errors for now as some dependencies
aren't needed for the Debian package and aren't packaged
* Add Build-Depends on libterm-readkey- perl, and don't run
t/web/installer.t (tests functionality not used in the Debian
package (Closes: #708950)
* Add Build-Depends on libfcgi-perl
* Update Standards-Version (no changes)
* Remove rt-validate-aliases alternative in prerm (Closes: #708101) - 19. By Dominic Hargreaves
-
* Change localstatedir from /var/cache/
request- tracker4 to
/var/lib/request- tracker4 as it contains things which aren't caches
* Update other references to /var/cache/request- tracker4 where
appropriate
* Move /var/cache/request- tracker4/ data/gpg to
/var/lib/request- tracker4/ data/gpg in postinst
* Add NEWS item about moves from /var/cache/request- tracker4
* Closes: #704107 - 17. By Dominic Hargreaves
-
* Cherry-pick fix from 4.0.8 fixing duplicate transaction creation
bug (Closes: #691701)
* Remove unused code which uses Digest::SHA1 which in turn has been
removed from Debian (Closes: #694484) - 16. By Dominic Hargreaves
-
* Multiple security fixes for:
- Email header injection attack (CVE-2012-4730)
- Missing rights checking for Articles (CVE-2012-4731)
- CSRF protection allows attack on bookmarks (CVE-2012-4732)
- Confused deputy attack for non-logged-in users (CVE-2012-4734)
- Multiple message signing/encryption attacks related to GnuPG
(CVE-2012-4735)
- Arbitrary command-line argument injection to GnuPG (CVE-2012-4884) - 15. By Dominic Hargreaves
-
* Remove recommendation of libapache2-
mod-fastcgi since this is
non-free (Closes: #682133)
* Remove cron job during package purge (Closes: #682186) - 14. By Dominic Hargreaves
-
* Fix broken regex character range that results in failed installs;
thanks to Carl Fürstenber (Closes: #678239)
* Urgency high due to RC bug fix - 13. By Dominic Hargreaves
-
update-
rt-siteconfig: Allow inclusion of files with capital letters
and underscores in their name (Closes: #674409) - 12. By Dominic Hargreaves
-
* Provide specific instructions for restarting a mod_perl based
Apache server
* New upstream release
- update dependencies
- add NEWS items
- apply database upgrades
* Update mod_fcgid config to allow large attachments
* Fix debian/copyright syntax (thanks, Lintian) - 11. By Dominic Hargreaves
-
[ Dmitry Smirnov ]
* debian/copyright update
* added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
* debian/rt4-fcgi. init: fixed 'status' function [ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)