[DRE-commits] r4213 - in trunk/redmine/debian: . patches

Jérémy Lal kapouer-guest at alioth.debian.org
Sat Oct 3 15:46:50 UTC 2009 

Author: kapouer-guest
Date: 2009-10-03 15:46:50 +0000 (Sat, 03 Oct 2009)
New Revision: 4213

Added:
   trunk/redmine/debian/patches/02_session_store.patch
Modified:
   trunk/redmine/debian/TODO
   trunk/redmine/debian/changelog
   trunk/redmine/debian/control
   trunk/redmine/debian/patches/series
   trunk/redmine/debian/postinst
Log:
Fixes #549453, #549442, updates to latest version.

Modified: trunk/redmine/debian/TODO
===================================================================
--- trunk/redmine/debian/TODO	2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/TODO	2009-10-03 15:46:50 UTC (rev 4213)
@@ -1,4 +1,5 @@
 Current work to do :
+- session secret must be different for each instance
 - besides mendatory redmine "vendor/plugins", pave the way to package
 potentially interesting third-party plugins, see redmine web site for this.
 - make it easy to run rake test suite.

Modified: trunk/redmine/debian/changelog
===================================================================
--- trunk/redmine/debian/changelog	2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/changelog	2009-10-03 15:46:50 UTC (rev 4213)
@@ -1,3 +1,11 @@
+redmine (0.9.0~svn2903-1) unstable; urgency=low
+
+  * Upstream update.
+  * Removes circular dependencies (Closes: #549442)
+  * Store sessions in database, which is more secure (Closes: #549453)
+
+ -- Jérémy Lal <kapouer at melix.org>  Fri, 02 Oct 2009 19:59:34 +0200
+
 redmine (0.9.0~svn2902-1) unstable; urgency=low
 
   * Initial release (Closes: #478741)

Modified: trunk/redmine/debian/control
===================================================================
--- trunk/redmine/debian/control	2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/control	2009-10-03 15:46:50 UTC (rev 4213)
@@ -12,8 +12,8 @@
 Package: redmine
 Architecture: all
 Pre-Depends: debconf
-Depends: ruby, ruby1.8 (>= 1.8.7), rake (>=0.8.3), rails (>= 2.2.3), libjs-prototype (>= 1.6.1), libjs-scriptaculous (>= 1.8.2), dbconfig-common, redmine-sqlite (= ${source:Version}) | redmine-mysql (= ${source:Version}) | redmine-pgsql (= ${source:Version}), ${misc:Depends}
-Recommends: libfcgi-ruby, libapache2-mod-fcgid
+Depends: ruby, ruby1.8 (>= 1.8.7), rake (>=0.8.3), rails (>= 2.2.3), libjs-prototype (>= 1.6.1), libjs-scriptaculous (>= 1.8.2), dbconfig-common, ${misc:Depends}
+Recommends: redmine-sqlite | redmine-mysql | redmine-pgsql, libfcgi-ruby, libapache2-mod-fcgid
 Suggests: libsvn-ruby (>= 1.3), librmagick-ruby, libopenid-ruby, thin | mongrel | httpd-cgi
 Description: flexible project management web application
  Redmine is a flexible project management web application. Written using Ruby
@@ -38,7 +38,7 @@
 
 Package: redmine-mysql
 Architecture: all
-Depends: redmine, libdbd-mysql-ruby, mysql-client | virtual-mysql-client, ${misc:Depends}
+Depends: redmine (= ${source:Version}), libdbd-mysql-ruby, mysql-client | virtual-mysql-client, ${misc:Depends}
 Suggests: mysql-server
 Description: metapackage providing MySQL dependencies for Redmine
  This package provides MySQL dependencies for Redmine, a
@@ -47,7 +47,7 @@
 
 Package: redmine-pgsql
 Architecture: all
-Depends: redmine, libdbd-pg-ruby, postgresql-client, ${misc:Depends}
+Depends: redmine (= ${source:Version}), libdbd-pg-ruby, postgresql-client, ${misc:Depends}
 Suggests: postgresql-server
 Description: metapackage providing PostgreSQL dependencies for Redmine
  This package provides PostgreSQL dependencies for Redmine, a
@@ -56,7 +56,7 @@
 
 Package: redmine-sqlite
 Architecture: all
-Depends: redmine, libdbd-sqlite3-ruby, sqlite3, ${misc:Depends}
+Depends: redmine (= ${source:Version}), libdbd-sqlite3-ruby, sqlite3, ${misc:Depends}
 Description: metapackage providing sqlite dependencies for Redmine
  This package provides sqlite dependencies for Redmine, a
  flexible project management web application. Install this

Added: trunk/redmine/debian/patches/02_session_store.patch
===================================================================
--- trunk/redmine/debian/patches/02_session_store.patch	                        (rev 0)
+++ trunk/redmine/debian/patches/02_session_store.patch	2009-10-03 15:46:50 UTC (rev 4213)
@@ -0,0 +1,16 @@
+diff -Nur redmine-0.9.0~svn2902/config/environment.rb redmine-0.9.0~svn2902.new/config/environment.rb
+--- redmine-0.9.0~svn2902/config/environment.rb	2009-10-01 12:16:04.845300651 +0200
++++ redmine-0.9.0~svn2902.new/config/environment.rb	2009-10-03 17:33:13.211312450 +0200
+@@ -40,6 +40,12 @@
+ 
+   # Make Active Record use UTC-base instead of local time
+   # config.active_record.default_timezone = :utc
++
++  # Use the database for sessions instead of the cookie-based default,
++  # which shouldn't be used to store highly confidential information
++  # (create the session table with "rake db:sessions:create")
++  config.action_controller.session_store = :active_record_store
++
+   
+   # Use Active Record's schema dumper instead of SQL when creating the test database
+   # (enables use of different database adapters for development and test environments)

Modified: trunk/redmine/debian/patches/series
===================================================================
--- trunk/redmine/debian/patches/series	2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/patches/series	2009-10-03 15:46:50 UTC (rev 4213)
@@ -1,2 +1,3 @@
 changeset_r2886_r2887.diff
 01_paths.patch
+02_session_store.patch

Modified: trunk/redmine/debian/postinst
===================================================================
--- trunk/redmine/debian/postinst	2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/postinst	2009-10-03 15:46:50 UTC (rev 4213)
@@ -172,6 +172,8 @@
 			cd /usr/share/redmine
 			if [ $withdb -eq 1 ]; then
 				db_get redmine/instances/${lInstance}/default-language && DEFAULT_LANGUAGE="$RET"
+				# store sessions in database, more secure and fixes #549453
+				rake -s db:sessions:create RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
 				# handle rake install
 				rake -s db:migrate RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
 				rake -s redmine:load_default_data RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" REDMINE_LANG=$DEFAULT_LANGUAGE || true
@@ -191,6 +193,8 @@
 			if [ $withdb -eq 1 ]; then
 				savedir="`pwd`"
 				cd /usr/share/redmine
+				# store sessions in database, more secure and fixes #549453
+				rake -s db:sessions:create RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
 				rake -s db:migrate RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
 				rake -s tmp:cache:clear RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" || true
 				rake -s tmp:sessions:clear RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" || true

More information about the Pkg-ruby-extras-commits mailing list