[pkg-horde] Bug#445406: Bug#445406: login to horde3 fails due to wrong cookie path

Gregory Colpart reg at evolix.fr
Sun Oct 14 11:47:48 UTC 2007


On Sat, Oct 13, 2007 at 08:13:40PM +0200, tom wrote:
> > horde3/etch won't be fixed (it is not a security bug and it is
> ?? So you mean that the common debian user (who wants stable) will not
> be able to use horde because he will not find this info?

I say that horde3/etch is concerned by the bug #391493 (fixed in sid).
It's a "minor" bug and won't be fixed in horde3/etch. Yes, I say
that horde3/etch will be partially broken for users who don't read
original conf.php or Debian BTS or upstream FAQ. Note that it
will partially broken *only* during first web configuration...

> [...]
> I did not remove it, I added it. But I totally messed-up the patch.
> Sorry about that. I could send you a correct one. Just tell me if you
> want to fix this bug.
> [snipped...]

Ok then send us a valid patch for README.Debian in horde3/sid.

> >> +   Make sure to use a fqdn as HOSTNAME (eg localhost.localdomain instead of
> >> +   just localhost) or you might not be able to log into horde.
> > 
> > Is it related to this bug? I don't think so, then you should open
> > a new bug for this with more explanation (I don't known what you
> > want to say here).
> Yes it is. If you use firefox to connect to "localhost/horde3", it still
> doesn't work. You have to connect to "localhost.localdomain/horde3".
> Otherwise, the session cookie is not presented to the server. And
> session cookies are the issue of this bug report.

Ok, it's for $conf['cookie']['domain'] parameter, not for
$conf['cookie']['path']. Add it in your valid patch.

> >> --- conf.php.old	2007-10-05 15:56:41.000000000 +0200
> >> +++ conf.php	2007-10-05 15:56:30.000000000 +0200
> > 
> > There is no conf.php file in horde3 package.
> borg:~# dpkg-query -S /etc/horde/horde3/conf.php
> horde3: /etc/horde/horde3/conf.php

I speak of *source* package (a patch is for source package, not
for binary one). And there is no conf.php in source package :-)

/tmp/horde3-3.1.4% find ./ -name conf.php

Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/

More information about the pkg-horde-hackers mailing list