[DRE-commits] r4225 - in trunk/redmine/debian: . patches
Jérémy Lal
kapouer-guest at alioth.debian.org
Mon Oct 5 13:39:47 UTC 2009
Author: kapouer-guest
Date: 2009-10-05 13:39:46 +0000 (Mon, 05 Oct 2009)
New Revision: 4225
Added:
trunk/redmine/debian/patches/02_session_path.patch
Removed:
trunk/redmine/debian/patches/02_sessions_store_active_record.patch
trunk/redmine/debian/patches/03_session_path.patch
Modified:
trunk/redmine/debian/changelog
trunk/redmine/debian/patches/series
Log:
Remove use of database for storing sessions, it could really make the db explode, and it does not fix anything regarding to #549453.
Update changelog accordingly.
Modified: trunk/redmine/debian/changelog
===================================================================
--- trunk/redmine/debian/changelog 2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/changelog 2009-10-05 13:39:46 UTC (rev 4225)
@@ -2,7 +2,7 @@
* Upstream update.
* Removes circular dependencies (Closes: #549442)
- * Store sessions in database, which is more secure (Closes: #549453)
+ * Session cookies path should respect RAILS_RELATIVE_URL_ROOT env variable.
-- Jérémy Lal <kapouer at melix.org> Fri, 02 Oct 2009 19:59:34 +0200
Copied: trunk/redmine/debian/patches/02_session_path.patch (from rev 4224, trunk/redmine/debian/patches/03_session_path.patch)
===================================================================
--- trunk/redmine/debian/patches/02_session_path.patch (rev 0)
+++ trunk/redmine/debian/patches/02_session_path.patch 2009-10-05 13:39:46 UTC (rev 4225)
@@ -0,0 +1,14 @@
+By default, _redmine_session cookie path is /
+This patch sets the path to ENV['RAILS_RELATIVE_URL_ROOT'], so that
+multiple instances of redmine have distinct session cookies in any case.
+diff -Nur redmine-0.9.0~svn2903/lib/tasks/initializers.rake redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake
+--- redmine-0.9.0~svn2903/lib/tasks/initializers.rake 2009-02-21 12:04:50.000000000 +0100
++++ redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake 2009-10-04 23:40:41.963650176 +0200
+@@ -17,6 +17,7 @@
+ # you'll be exposed to dictionary attacks.
+ ActionController::Base.session = {
+ :session_key => '_redmine_session',
++ :session_path => ENV['RAILS_RELATIVE_URL_ROOT'],
+ :secret => '#{secret}'
+ }
+ EOF
Deleted: trunk/redmine/debian/patches/02_sessions_store_active_record.patch
===================================================================
--- trunk/redmine/debian/patches/02_sessions_store_active_record.patch 2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/patches/02_sessions_store_active_record.patch 2009-10-05 13:39:46 UTC (rev 4225)
@@ -1,37 +0,0 @@
-By default, sessions are stored in cookies. Make them stored in database, this is more secure
-and it avoids bug #549453
-diff -Nur redmine-0.9.0~svn2903/config/environment.rb redmine-0.9.0~svn2903.new/config/environment.rb
---- redmine-0.9.0~svn2903/config/environment.rb 2009-10-05 12:28:12.956519996 +0200
-+++ redmine-0.9.0~svn2903.new/config/environment.rb 2009-10-05 12:26:06.000000000 +0200
-@@ -56,6 +56,11 @@
-
- # Make Active Record use UTC-base instead of local time
- # config.active_record.default_timezone = :utc
-+
-+ # Use the database for sessions instead of the cookie-based default,
-+ # which shouldn't be used to store highly confidential information
-+ # (create the session table with "rake db:sessions:create")
-+ config.action_controller.session_store = :active_record_store
-
- # Use Active Record's schema dumper instead of SQL when creating the test database
- # (enables use of different database adapters for development and test environments)
-diff -Nur redmine-0.9.0~svn2903/db/migrate/20091003152210_create_sessions.rb redmine-0.9.0~svn2903.new/db/migrate/20091003152210_create_sessions.rb
---- redmine-0.9.0~svn2903/db/migrate/20091003152210_create_sessions.rb 1970-01-01 01:00:00.000000000 +0100
-+++ redmine-0.9.0~svn2903.new/db/migrate/20091003152210_create_sessions.rb 2009-10-05 12:26:06.000000000 +0200
-@@ -0,0 +1,16 @@
-+class CreateSessions < ActiveRecord::Migration
-+ def self.up
-+ create_table :sessions do |t|
-+ t.string :session_id, :null => false
-+ t.text :data
-+ t.timestamps
-+ end
-+
-+ add_index :sessions, :session_id
-+ add_index :sessions, :updated_at
-+ end
-+
-+ def self.down
-+ drop_table :sessions
-+ end
-+end
Deleted: trunk/redmine/debian/patches/03_session_path.patch
===================================================================
--- trunk/redmine/debian/patches/03_session_path.patch 2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/patches/03_session_path.patch 2009-10-05 13:39:46 UTC (rev 4225)
@@ -1,14 +0,0 @@
-By default, _redmine_session cookie path is /
-This patch sets the path to ENV['RAILS_RELATIVE_URL_ROOT'], so that
-multiple instances of redmine have distinct session cookies in any case.
-diff -Nur redmine-0.9.0~svn2903/lib/tasks/initializers.rake redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake
---- redmine-0.9.0~svn2903/lib/tasks/initializers.rake 2009-02-21 12:04:50.000000000 +0100
-+++ redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake 2009-10-04 23:40:41.963650176 +0200
-@@ -17,6 +17,7 @@
- # you'll be exposed to dictionary attacks.
- ActionController::Base.session = {
- :session_key => '_redmine_session',
-+ :session_path => ENV['RAILS_RELATIVE_URL_ROOT'],
- :secret => '#{secret}'
- }
- EOF
Modified: trunk/redmine/debian/patches/series
===================================================================
--- trunk/redmine/debian/patches/series 2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/patches/series 2009-10-05 13:39:46 UTC (rev 4225)
@@ -1,4 +1,3 @@
changeset_r2886_r2887.diff
01_paths.patch
-02_sessions_store_active_record.patch
-03_session_path.patch
+02_session_path.patch
More information about the Pkg-ruby-extras-commits
mailing list