[DRE-commits] r4213 - in trunk/redmine/debian: . patches
Jérémy Lal
kapouer-guest at alioth.debian.org
Sat Oct 3 15:46:50 UTC 2009
Author: kapouer-guest
Date: 2009-10-03 15:46:50 +0000 (Sat, 03 Oct 2009)
New Revision: 4213
Added:
trunk/redmine/debian/patches/02_session_store.patch
Modified:
trunk/redmine/debian/TODO
trunk/redmine/debian/changelog
trunk/redmine/debian/control
trunk/redmine/debian/patches/series
trunk/redmine/debian/postinst
Log:
Fixes #549453, #549442, updates to latest version.
Modified: trunk/redmine/debian/TODO
===================================================================
--- trunk/redmine/debian/TODO 2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/TODO 2009-10-03 15:46:50 UTC (rev 4213)
@@ -1,4 +1,5 @@
Current work to do :
+- session secret must be different for each instance
- besides mendatory redmine "vendor/plugins", pave the way to package
potentially interesting third-party plugins, see redmine web site for this.
- make it easy to run rake test suite.
Modified: trunk/redmine/debian/changelog
===================================================================
--- trunk/redmine/debian/changelog 2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/changelog 2009-10-03 15:46:50 UTC (rev 4213)
@@ -1,3 +1,11 @@
+redmine (0.9.0~svn2903-1) unstable; urgency=low
+
+ * Upstream update.
+ * Removes circular dependencies (Closes: #549442)
+ * Store sessions in database, which is more secure (Closes: #549453)
+
+ -- Jérémy Lal <kapouer at melix.org> Fri, 02 Oct 2009 19:59:34 +0200
+
redmine (0.9.0~svn2902-1) unstable; urgency=low
* Initial release (Closes: #478741)
Modified: trunk/redmine/debian/control
===================================================================
--- trunk/redmine/debian/control 2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/control 2009-10-03 15:46:50 UTC (rev 4213)
@@ -12,8 +12,8 @@
Package: redmine
Architecture: all
Pre-Depends: debconf
-Depends: ruby, ruby1.8 (>= 1.8.7), rake (>=0.8.3), rails (>= 2.2.3), libjs-prototype (>= 1.6.1), libjs-scriptaculous (>= 1.8.2), dbconfig-common, redmine-sqlite (= ${source:Version}) | redmine-mysql (= ${source:Version}) | redmine-pgsql (= ${source:Version}), ${misc:Depends}
-Recommends: libfcgi-ruby, libapache2-mod-fcgid
+Depends: ruby, ruby1.8 (>= 1.8.7), rake (>=0.8.3), rails (>= 2.2.3), libjs-prototype (>= 1.6.1), libjs-scriptaculous (>= 1.8.2), dbconfig-common, ${misc:Depends}
+Recommends: redmine-sqlite | redmine-mysql | redmine-pgsql, libfcgi-ruby, libapache2-mod-fcgid
Suggests: libsvn-ruby (>= 1.3), librmagick-ruby, libopenid-ruby, thin | mongrel | httpd-cgi
Description: flexible project management web application
Redmine is a flexible project management web application. Written using Ruby
@@ -38,7 +38,7 @@
Package: redmine-mysql
Architecture: all
-Depends: redmine, libdbd-mysql-ruby, mysql-client | virtual-mysql-client, ${misc:Depends}
+Depends: redmine (= ${source:Version}), libdbd-mysql-ruby, mysql-client | virtual-mysql-client, ${misc:Depends}
Suggests: mysql-server
Description: metapackage providing MySQL dependencies for Redmine
This package provides MySQL dependencies for Redmine, a
@@ -47,7 +47,7 @@
Package: redmine-pgsql
Architecture: all
-Depends: redmine, libdbd-pg-ruby, postgresql-client, ${misc:Depends}
+Depends: redmine (= ${source:Version}), libdbd-pg-ruby, postgresql-client, ${misc:Depends}
Suggests: postgresql-server
Description: metapackage providing PostgreSQL dependencies for Redmine
This package provides PostgreSQL dependencies for Redmine, a
@@ -56,7 +56,7 @@
Package: redmine-sqlite
Architecture: all
-Depends: redmine, libdbd-sqlite3-ruby, sqlite3, ${misc:Depends}
+Depends: redmine (= ${source:Version}), libdbd-sqlite3-ruby, sqlite3, ${misc:Depends}
Description: metapackage providing sqlite dependencies for Redmine
This package provides sqlite dependencies for Redmine, a
flexible project management web application. Install this
Added: trunk/redmine/debian/patches/02_session_store.patch
===================================================================
--- trunk/redmine/debian/patches/02_session_store.patch (rev 0)
+++ trunk/redmine/debian/patches/02_session_store.patch 2009-10-03 15:46:50 UTC (rev 4213)
@@ -0,0 +1,16 @@
+diff -Nur redmine-0.9.0~svn2902/config/environment.rb redmine-0.9.0~svn2902.new/config/environment.rb
+--- redmine-0.9.0~svn2902/config/environment.rb 2009-10-01 12:16:04.845300651 +0200
++++ redmine-0.9.0~svn2902.new/config/environment.rb 2009-10-03 17:33:13.211312450 +0200
+@@ -40,6 +40,12 @@
+
+ # Make Active Record use UTC-base instead of local time
+ # config.active_record.default_timezone = :utc
++
++ # Use the database for sessions instead of the cookie-based default,
++ # which shouldn't be used to store highly confidential information
++ # (create the session table with "rake db:sessions:create")
++ config.action_controller.session_store = :active_record_store
++
+
+ # Use Active Record's schema dumper instead of SQL when creating the test database
+ # (enables use of different database adapters for development and test environments)
Modified: trunk/redmine/debian/patches/series
===================================================================
--- trunk/redmine/debian/patches/series 2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/patches/series 2009-10-03 15:46:50 UTC (rev 4213)
@@ -1,2 +1,3 @@
changeset_r2886_r2887.diff
01_paths.patch
+02_session_store.patch
Modified: trunk/redmine/debian/postinst
===================================================================
--- trunk/redmine/debian/postinst 2009-10-01 10:17:13 UTC (rev 4212)
+++ trunk/redmine/debian/postinst 2009-10-03 15:46:50 UTC (rev 4213)
@@ -172,6 +172,8 @@
cd /usr/share/redmine
if [ $withdb -eq 1 ]; then
db_get redmine/instances/${lInstance}/default-language && DEFAULT_LANGUAGE="$RET"
+ # store sessions in database, more secure and fixes #549453
+ rake -s db:sessions:create RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
# handle rake install
rake -s db:migrate RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
rake -s redmine:load_default_data RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" REDMINE_LANG=$DEFAULT_LANGUAGE || true
@@ -191,6 +193,8 @@
if [ $withdb -eq 1 ]; then
savedir="`pwd`"
cd /usr/share/redmine
+ # store sessions in database, more secure and fixes #549453
+ rake -s db:sessions:create RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
rake -s db:migrate RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" VERBOSE=$RAKE_VERBOSE || true
rake -s tmp:cache:clear RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" || true
rake -s tmp:sessions:clear RAILS_ENV=$fRailsEnv X_DEBIAN_SITEID="${lInstance}" || true
More information about the Pkg-ruby-extras-commits
mailing list