lp:ubuntu/trusty/request-tracker4
- Get this branch:
- bzr branch lp:ubuntu/trusty/request-tracker4
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 27. By Dominic Hargreaves
-
* Pass "-s /bin/sh" to "su www-data" to cope with the change of www-data's
shell in base-passwd 3.5.30. Thanks to Colin Watson for the bug report
and patch (Closes: #734728)
* New upstream release
* Include database upgrade scripts/NEWS
* Don't fetch logo from bestpractical.com from 'broken install'
page (fixes Lintian privacy error) - 26. By Colin Watson
-
Pass "-s /bin/sh" to "su www-data" to cope with the change of www-data's
shell in base-passwd 3.5.30. - 25. By Dominic Hargreaves
-
* New upstream release (Closes: #732013)
- Add Build-Depends on liblocale-po-perl
* Remove Depends/Suggests on version-specific PostgreSQL packages
(Closes: #732497) - 24. By Dominic Hargreaves
-
* New upstream release
* Depend on fonts-droid instead of the transitional ttf-droid
(Closes: #708940)
* Update configuration files to Apache 2.4 host ACL style
(Closes: #669774)
* Run make testdeps, ignoring errors for now as some dependencies
aren't needed for the Debian package and aren't packaged
* Add Build-Depends on libterm-readkey- perl, and don't run
t/web/installer.t (tests functionality not used in the Debian
package (Closes: #708950)
* Add Build-Depends on libfcgi-perl
* Update Standards-Version (no changes)
* Remove rt-validate-aliases alternative in prerm (Closes: #708101) - 23. By Dominic Hargreaves
-
* Multiple security fixes for:
- Privileged user escalation (CVE-2012-4733)
- Semi-predictable temporary file names (CVE-2013-3368)
- Arbitrary Mason component execution (CVE-2013-3369)
- Direct execution of private callback components (CVE-2013-3370)
- XSS via attachment filenames and URLs in messages (CVE-2013-3371)
- XSS via Content-Disposition header (CVE-2013-3372)
- MIME header injection (CVE-2013-3373)
- Limited session reuse when using Apache::Session: :File (CVE-2013-3374)
* Include database upgrade (dbconfig-common and NEWS) - 22. By Dominic Hargreaves
-
* New upstream release
- include database update for consistently lower-case ticket types - 21. By Dominic Hargreaves
-
* Change localstatedir from /var/cache/
request- tracker4 to
/var/lib/request- tracker4 as it contains things which aren't caches
* Update other references to /var/cache/request- tracker4 where
appropriate
* Move /var/cache/request- tracker4/ data/gpg to
/var/lib/request- tracker4/ data/gpg in postinst
* Add NEWS item about moves from /var/cache/request- tracker4
* Closes: #704107 - 19. By Dominic Hargreaves
-
* Cherry-pick fix from 4.0.8 fixing duplicate transaction creation
bug (Closes: #691701)
* Remove unused code which uses Digest::SHA1 which in turn has been
removed from Debian (Closes: #694484) - 18. By Dominic Hargreaves
-
* Multiple security fixes for:
- Email header injection attack (CVE-2012-4730)
- Missing rights checking for Articles (CVE-2012-4731)
- CSRF protection allows attack on bookmarks (CVE-2012-4732)
- Confused deputy attack for non-logged-in users (CVE-2012-4734)
- Multiple message signing/encryption attacks related to GnuPG
(CVE-2012-4735)
- Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/saucy/request-tracker4