[DRE-commits] r4225 - in trunk/redmine/debian: . patches

Mon Oct 5 13:39:47 UTC 2009

Author: kapouer-guest
Date: 2009-10-05 13:39:46 +0000 (Mon, 05 Oct 2009)
New Revision: 4225

Added:
   trunk/redmine/debian/patches/02_session_path.patch
Removed:
   trunk/redmine/debian/patches/02_sessions_store_active_record.patch
   trunk/redmine/debian/patches/03_session_path.patch
Modified:
   trunk/redmine/debian/changelog
   trunk/redmine/debian/patches/series
Log:
Remove use of database for storing sessions, it could really make the db explode, and it does not fix anything regarding to #549453.
Update changelog accordingly.

Modified: trunk/redmine/debian/changelog
===================================================================

--- trunk/redmine/debian/changelog	2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/changelog	2009-10-05 13:39:46 UTC (rev 4225)
@@ -2,7 +2,7 @@
 
   * Upstream update.
   * Removes circular dependencies (Closes: #549442)
-  * Store sessions in database, which is more secure (Closes: #549453)
+  * Session cookies path should respect RAILS_RELATIVE_URL_ROOT env variable.
 
  -- Jérémy Lal <kapouer at melix.org>  Fri, 02 Oct 2009 19:59:34 +0200
 

Copied: trunk/redmine/debian/patches/02_session_path.patch (from rev 4224, trunk/redmine/debian/patches/03_session_path.patch)
===================================================================
--- trunk/redmine/debian/patches/02_session_path.patch	                        (rev 0)
+++ trunk/redmine/debian/patches/02_session_path.patch	2009-10-05 13:39:46 UTC (rev 4225)
@@ -0,0 +1,14 @@
+By default, _redmine_session cookie path is /
+This patch sets the path to ENV['RAILS_RELATIVE_URL_ROOT'], so that
+multiple instances of redmine have distinct session cookies in any case.
+diff -Nur redmine-0.9.0~svn2903/lib/tasks/initializers.rake redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake
+--- redmine-0.9.0~svn2903/lib/tasks/initializers.rake	2009-02-21 12:04:50.000000000 +0100
++++ redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake	2009-10-04 23:40:41.963650176 +0200
+@@ -17,6 +17,7 @@
+ # you'll be exposed to dictionary attacks.
+ ActionController::Base.session = {
+   :session_key => '_redmine_session',
++  :session_path => ENV['RAILS_RELATIVE_URL_ROOT'],
+   :secret => '#{secret}'
+ }
+ EOF

Deleted: trunk/redmine/debian/patches/02_sessions_store_active_record.patch
===================================================================
--- trunk/redmine/debian/patches/02_sessions_store_active_record.patch	2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/patches/02_sessions_store_active_record.patch	2009-10-05 13:39:46 UTC (rev 4225)
@@ -1,37 +0,0 @@
-By default, sessions are stored in cookies. Make them stored in database, this is more secure
-and it avoids bug #549453
-diff -Nur redmine-0.9.0~svn2903/config/environment.rb redmine-0.9.0~svn2903.new/config/environment.rb
---- redmine-0.9.0~svn2903/config/environment.rb	2009-10-05 12:28:12.956519996 +0200
-+++ redmine-0.9.0~svn2903.new/config/environment.rb	2009-10-05 12:26:06.000000000 +0200
-@@ -56,6 +56,11 @@
- 
-   # Make Active Record use UTC-base instead of local time
-   # config.active_record.default_timezone = :utc
-+
-+  # Use the database for sessions instead of the cookie-based default,
-+  # which shouldn't be used to store highly confidential information
-+  # (create the session table with "rake db:sessions:create")
-+  config.action_controller.session_store = :active_record_store
-   
-   # Use Active Record's schema dumper instead of SQL when creating the test database
-   # (enables use of different database adapters for development and test environments)
-diff -Nur redmine-0.9.0~svn2903/db/migrate/20091003152210_create_sessions.rb redmine-0.9.0~svn2903.new/db/migrate/20091003152210_create_sessions.rb
---- redmine-0.9.0~svn2903/db/migrate/20091003152210_create_sessions.rb	1970-01-01 01:00:00.000000000 +0100
-+++ redmine-0.9.0~svn2903.new/db/migrate/20091003152210_create_sessions.rb	2009-10-05 12:26:06.000000000 +0200
-@@ -0,0 +1,16 @@
-+class CreateSessions < ActiveRecord::Migration
-+  def self.up
-+    create_table :sessions do |t|
-+      t.string :session_id, :null => false
-+      t.text :data
-+      t.timestamps
-+    end
-+
-+    add_index :sessions, :session_id
-+    add_index :sessions, :updated_at
-+  end
-+
-+  def self.down
-+    drop_table :sessions
-+  end
-+end

Deleted: trunk/redmine/debian/patches/03_session_path.patch
===================================================================
--- trunk/redmine/debian/patches/03_session_path.patch	2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/patches/03_session_path.patch	2009-10-05 13:39:46 UTC (rev 4225)
@@ -1,14 +0,0 @@
-By default, _redmine_session cookie path is /
-This patch sets the path to ENV['RAILS_RELATIVE_URL_ROOT'], so that
-multiple instances of redmine have distinct session cookies in any case.
-diff -Nur redmine-0.9.0~svn2903/lib/tasks/initializers.rake redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake
---- redmine-0.9.0~svn2903/lib/tasks/initializers.rake	2009-02-21 12:04:50.000000000 +0100
-+++ redmine-0.9.0~svn2903.new/lib/tasks/initializers.rake	2009-10-04 23:40:41.963650176 +0200
-@@ -17,6 +17,7 @@
- # you'll be exposed to dictionary attacks.
- ActionController::Base.session = {
-   :session_key => '_redmine_session',
-+  :session_path => ENV['RAILS_RELATIVE_URL_ROOT'],
-   :secret => '#{secret}'
- }
- EOF

Modified: trunk/redmine/debian/patches/series
===================================================================
--- trunk/redmine/debian/patches/series	2009-10-05 13:39:40 UTC (rev 4224)
+++ trunk/redmine/debian/patches/series	2009-10-05 13:39:46 UTC (rev 4225)
@@ -1,4 +1,3 @@
 changeset_r2886_r2887.diff
 01_paths.patch
-02_sessions_store_active_record.patch
-03_session_path.patch
+02_session_path.patch


