request-tracker5 (5.0.5+dfsg-2)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 5.0.7+dfsg-1 > 5.0.5+dfsg-2
- Git: https://salsa.debian.org/request-tracker-team/request-tracker5.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 6881280
- Browser: https://salsa.debian.org/request-tracker-team/request-tracker5
- Last scan: 2024-07-11 07:40:26+00
- Next scan: 2024-07-17 12:55:00+00
- Debian changelog in Git:
request-tracker5 (5.0.7+dfsg-1) UNRELEASED; urgency=medium
* New upstream release (Closes: #1068453).
- [CVE-2024-3262] Information exposure vulnerability due to browser
cache usage. If you have sensitive information enable the
$WebStrictBrowserCache option.
* Refresh d/copyright
-- Andrew Ruthven <andrew@etc.gen.nz> Sat, 06 Apr 2024 12:47:33 +1300
- This branch is 65 commits ahead of tag debian/5.0.5+dfsg-2
- Git log:
commit 61d6bb21aefab65128ec4c5e0c4c2eeed00b4a2c
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 4 23:30:10 2024 +1200
Updates for RT 5.0.7
commit d2ef5fc511dae0f6cc5744e3ad9abf661bb518e6
Merge: 12f4731 a7e1ab9
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 4 23:26:04 2024 +1200
merge patched into master
commit a7e1ab96c4619d8123ae99337f222a745237602b
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:21:35 2024 +1200
Fix spelling in documentation
Patch-Name: fix_spelling.diff
commit b2ef96ac876bfc6e499b0c647a24d93e48031f61
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed Aug 16 23:47:30 2023 +1200
Don't run dirmngr during tests runs
This process is left running after the tests finish and prevents this
package from passing the reproducible builds.
Patch-Name: disable_dirmngr_in_tests.diff
Forwarded: not-needed
commit 4a724bc6f7f4a06036940d4af00de5ea254762dd
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Mon May 8 22:44:11 2023 +1200
Downgrade dependency on GD::Graph to >= 1.54
In Debian, we already have the fix for the XBM failing tests, which
is the only significant change in 1.56.
Once we have GD::Graph, we can remove this patch, although we may
want to keep it to simplify backports to Bookworm or Bullseye.
Forwarded: not-needed
Patch-Name: downgrade_GD::Graph.diff
commit 6e669dcd3d8f2cc30570340e0d32082d6077a6fe
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sun Jul 17 17:07:47 2022 +1200
Remove exclude of Test::WWW::Mechanize 1.58
The Debian maintainers of libtest-www-mechanize-perl have built their
version of 1.58 with the patch that fixes the issue with Text::LongString
breaking the RT tests.
Upstream report of issue (merged for the upcoming 1.59 release):
https://github.com/petdance/test-www-mechanize/pull/79
Forwarded: not-needed
Patch-Name: remove_exclude_Test::WWW::Mechanize.diff
commit 036a0271a7fa5b9c31c67fabcc41ee9cd09258cb
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sun Jun 26 10:54:21 2022 +1200
Skip t/mail/smime/realmail.t for now.
Broken by OpenSSL 3.0 as the test emails use DES which is now disabled.
Forwarded: https://rt.bestpractical.com/Ticket/Display.html?id=37422
Patch-Name: disable-test-smime-realmail.diff
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013730
commit a8695553dd2a6956b99ce592158a72fd24093d0c
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat Feb 13 21:40:00 2021 +1300
Debian provides the Mozilla CAs in the ca-certificates package.
Forwarded: not-needed
Patch-Name: skip_Mozilla::CA_check.diff
commit 04069d525d9811d867df90f75ec4753385748375
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 9 23:03:35 2020 +1200
On Debian there is no need to install the GD modules if GD is desired.
Forwarded: not-needed
Patch-Name: debianize_charts.diff
commit aba8f50901287a37880b7ae05712926a3d850d92
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 9 22:53:09 2020 +1200
Use Debian location of commands and data
Forwarded: not-needed
Patch-Name: debianize_commands.diff
commit 9dbf28d53b759307f485ccd4795243e5f62be2e3
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 9 22:33:55 2020 +1200
Point to Debian location of mason_data.
Forwarded: not-needed
Patch-Name: debianize_extensions.diff
commit 674e458819c99ad7c06816045aad3eeb68cbac94
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Mon Jul 6 21:30:54 2020 +1200
Force use of IPv4 for LDAP test.
Net::LDAP::Server::Test binds to IPv6 by default, but Net::LDAP uses
'localhost' which resolves to an IPv4 address. Even when I switched
the call to Net::LDAP->new() to use ip6-localhost it failed elsewhere
due to RT using 127.0.0.1.
Patch-Name: fix_test_ldap_ipv4.diff
Forwarded: https://github.com/bestpractical/rt/pull/367
commit 42330fbef2f96d777e430506821d36b69368ccfd
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Mar 29 19:37:52 2020 +0100
Fix shebang for Debian policy
Patch-Name: fix_shebang_upgrade_mysql_schema.diff
Forwarded: not-needed
commit d1ac410f58bb30257d21a3c4fe091146194ccdfc
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Sep 9 21:35:08 2018 +0100
Force the use of Cpanel::JSON::XS
JSON::XS breaks RT due to the removed from_json/to_json methods and JSON.pm
prefers JSON::XS to our preferred implementation Cpanel::JSON::XS by
default.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848041
Patch-Name: use_cpanel_json_xs.diff
Forwarded: not-needed
commit 653067154b697fb4a6a1d72665b8dd3424cd45b9
Author: gregor herrmann <gregoa@debian.org>
Date: Tue Oct 11 20:40:39 2016 +0200
set LC_ALL to C
LANG overrides only not set LC_variables, so if LC_CTYPE is set in the
environment, it persists and tons of tests fail.
Origin: vendor
Author: gregor herrmann <gregoa@debian.org>
Last-Update: 2016-10-11
Patch-Name: test_locale.diff
Forwarded: not-needed
commit c47d45e3e20c09d24988b5c5b8415b59296a4788
Author: Dominic Hargreaves <dom@earth.li>
Date: Fri Jan 1 18:23:08 2016 +0000
Use Noto Sans instead of Droid Sans
Droid Sans is deprecated in Debian, and we are using the fonts from
Debian rather than bundled with RT.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804687
Patch-Name: fonts_use_noto_sans.diff
Forwarded: not-needed
commit d7f3d277a8b20d7827278df05d6aeaaf59974300
Author: Dominic Hargreaves <dom@earth.li>
Date: Thu Dec 31 12:17:56 2015 +0000
Extract the correct (Debian) version number in configure.ac
Also make clear in the web interface that this version number is from
Debian.
Patch-Name: debianize_version.diff
Forwarded: not-needed
commit d3c0c211ac65f92c29af97e1d711a254fa95e996
Author: Dominic Hargreaves <dom@earth.li>
Date: Thu May 7 21:37:37 2015 +0000
Allow overriding DatabaseType from the environment in RT::Test
Patch-Name: rt_test_db_type.diff
commit 515effb0b885d6a5fe59e36f9377010924f006d1
Author: Dominic Hargreaves <dom@earth.li>
Date: Wed May 6 22:29:35 2015 +0000
Load RT::Generated directly from @INC
This allows for the possibility of overriding RT::Generated in test
scenarios.
Patch-Name: load_rt_generated.diff
commit cae37e3b496b3708461300fadfcf9d377c711a76
Author: Niko Tyni <ntyni@debian.org>
Date: Sat Dec 27 23:19:03 2014 +0200
Fix upgrade problems caused by an RTx::AssetTracker installation bug
The setup of the wheezy rt4-extension-assettracker package
(RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role
accounts, causing upgrade failures on SQLite backends due to uniqueness
constraint violations.
Bug-Debian: https://bugs.debian.org/773343
Patch-Name: assettracker-sysgroups.diff
Forwarded: not-needed
commit 5780c6214d93d3ea8ebaa1d77b38e37ef9df4a6f
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Feb 23 22:48:50 2014 +0000
Debianize UPGRADING-4.2
Forwarded: not-needed
Patch-Name: debianize_UPGRADING-4.2.diff
commit cfcccbec29911b9b02a33a0e08d1f43680452439
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Feb 16 16:11:43 2014 +0000
Don't include remote image references or redirects in broken install page
This fixes the lintian error privacy-breach-logo
Forwarded: not-needed
Patch-Name: fix_lintian_privacy_break_logo_error.diff
commit 94d54537e585ddbb86c6a8482e586af791e44d31
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:16:42 2024 +1200
Reference correct local directory for Debian
Forwarded: not-needed
Patch-Name: debianize_docs_local.diff
commit 3906c80b98c9202e66e70c1f1f41c80f32bb45fb
Author: Dominic Hargreaves <dom@earth.li>
Date: Wed Mar 27 23:36:30 2013 +0000
Customise backup docs for Debian
Forwarded: not-needed
Patch-Name: debianize_backup_docs.diff
commit 6f4a795b64097254c058dd4e6e2bf569e1b8a354
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Mar 24 18:38:07 2013 +0000
Fix relative references to config path
Forwarded: not-needed
Bug: http://issues.bestpractical.com/Ticket/Display.html?id=13592
Bug-Debian: http://bugs.debian.org/518556
Patch-Name: rt_setup_database_upgrade_basedir.diff
commit b5ed905e054b4375cc71192241dd7208f9682fa4
Author: Stephen Quinney <sjq@debian.org>
Date: Sun Mar 24 18:38:06 2013 +0000
Use RT_SiteModules.pm in lib/RT/Interface/Web/Handler.pm
Forwarded: not-needed
Patch-Name: sitemodules.diff
commit bd30f4f4a762fac5f8ade893272ab281db30ac28
Author: Stephen Quinney <sjq@debian.org>
Date: Sun Mar 24 18:38:05 2013 +0000
Add Debian layout (FHS-compatible)
Forwarded: not-needed
Patch-Name: layout.diff
commit 12f47315dda8597e8bfae8515dcfb9917432dd04
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 4 23:22:30 2024 +1200
record new upstream branch created by importing request-tracker5_5.0.7+dfsg.orig.tar.gz, request-tracker5_5.0.7+dfsg.orig-third-party-source.tar.gz
commit 7ffdc76a3d7dde5bc3954f1c874ec200bdc3310a
Merge: 306ddf9 ab8d076
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 4 23:22:26 2024 +1200
Import request-tracker5_5.0.7+dfsg.orig.tar.gz, request-tracker5_5.0.7+dfsg.orig-third-party-source.tar.gz
commit ab8d076c6bfabd1898140e09cad2532dfa0acec0
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 4 23:19:28 2024 +1200
Import request-tracker5_5.0.7+dfsg.orig.tar.gz
commit b2bc09c4b583694e7b2dfb3e6652218df3a5edbc
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 4 22:36:30 2024 +1200
Updates to RT 5.0.6
commit de850bfe4e593403218ce757b5fd73b45267aac3
Merge: 09c08b2 0b4a539
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 23:10:23 2024 +1200
merge patched into master
commit 0b4a53992de9801f97308f41491725da6ad04b23
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:21:35 2024 +1200
Fix spelling in documentation
Patch-Name: fix_spelling.diff
commit 70e8af8e8b6ab06eea8c59c0f53fdd1b1e72ae9d
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed Aug 16 23:47:30 2023 +1200
Don't run dirmngr during tests runs
This process is left running after the tests finish and prevents this
package from passing the reproducible builds.
Patch-Name: disable_dirmngr_in_tests.diff
Forwarded: not-needed
commit aa80ca84640b41dd227eb4f586111c11b5babd7d
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Mon May 8 22:44:11 2023 +1200
Downgrade dependency on GD::Graph to >= 1.54
In Debian, we already have the fix for the XBM failing tests, which
is the only significant change in 1.56.
Once we have GD::Graph, we can remove this patch, although we may
want to keep it to simplify backports to Bookworm or Bullseye.
Forwarded: not-needed
Patch-Name: downgrade_GD::Graph.diff
commit 0aed78c5dc85183dfc33a3d4903bbd188d096959
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sun Jul 17 17:07:47 2022 +1200
Remove exclude of Test::WWW::Mechanize 1.58
The Debian maintainers of libtest-www-mechanize-perl have built their
version of 1.58 with the patch that fixes the issue with Text::LongString
breaking the RT tests.
Upstream report of issue (merged for the upcoming 1.59 release):
https://github.com/petdance/test-www-mechanize/pull/79
Forwarded: not-needed
Patch-Name: remove_exclude_Test::WWW::Mechanize.diff
commit 3a0c5ab96dda7e48a470cde37494a37344b13380
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sun Jun 26 10:54:21 2022 +1200
Skip t/mail/smime/realmail.t for now.
Broken by OpenSSL 3.0 as the test emails use DES which is now disabled.
Forwarded: https://rt.bestpractical.com/Ticket/Display.html?id=37422
Patch-Name: disable-test-smime-realmail.diff
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013730
commit ee00e31f3b58162702f85143ee3ce66c16122013
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat Feb 13 21:40:00 2021 +1300
Debian provides the Mozilla CAs in the ca-certificates package.
Forwarded: not-needed
Patch-Name: skip_Mozilla::CA_check.diff
commit 3cd19315a28794e1d86e5b6075ef9e1f66e23ef3
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 9 23:03:35 2020 +1200
On Debian there is no need to install the GD modules if GD is desired.
Forwarded: not-needed
Patch-Name: debianize_charts.diff
commit 0c13bda4edac93ede7ace12a9c1bd86bae3ba1da
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 9 22:53:09 2020 +1200
Use Debian location of commands and data
Forwarded: not-needed
Patch-Name: debianize_commands.diff
commit 1b4f1f4076c2df45fd9916d868bd8a1d0289c505
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Thu Jul 9 22:33:55 2020 +1200
Point to Debian location of mason_data.
Forwarded: not-needed
Patch-Name: debianize_extensions.diff
commit 1e01b60844c8951604861d2b99f47682cf0671a6
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Mon Jul 6 21:30:54 2020 +1200
Force use of IPv4 for LDAP test.
Net::LDAP::Server::Test binds to IPv6 by default, but Net::LDAP uses
'localhost' which resolves to an IPv4 address. Even when I switched
the call to Net::LDAP->new() to use ip6-localhost it failed elsewhere
due to RT using 127.0.0.1.
Patch-Name: fix_test_ldap_ipv4.diff
Forwarded: https://github.com/bestpractical/rt/pull/367
commit 1174a06cb2a56f7182337ab94c710fb63630ea05
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Mar 29 19:37:52 2020 +0100
Fix shebang for Debian policy
Patch-Name: fix_shebang_upgrade_mysql_schema.diff
Forwarded: not-needed
commit e898b06e3beb10f6c17173a25a5ca6623e6c190a
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Sep 9 21:35:08 2018 +0100
Force the use of Cpanel::JSON::XS
JSON::XS breaks RT due to the removed from_json/to_json methods and JSON.pm
prefers JSON::XS to our preferred implementation Cpanel::JSON::XS by
default.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848041
Patch-Name: use_cpanel_json_xs.diff
Forwarded: not-needed
commit 96fd32996fda64a75f0ac884ec2b291923272943
Author: gregor herrmann <gregoa@debian.org>
Date: Tue Oct 11 20:40:39 2016 +0200
set LC_ALL to C
LANG overrides only not set LC_variables, so if LC_CTYPE is set in the
environment, it persists and tons of tests fail.
Origin: vendor
Author: gregor herrmann <gregoa@debian.org>
Last-Update: 2016-10-11
Patch-Name: test_locale.diff
Forwarded: not-needed
commit a97ed5c9e9ecf2370265e08684762eedb789bf6a
Author: Dominic Hargreaves <dom@earth.li>
Date: Fri Jan 1 18:23:08 2016 +0000
Use Noto Sans instead of Droid Sans
Droid Sans is deprecated in Debian, and we are using the fonts from
Debian rather than bundled with RT.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804687
Patch-Name: fonts_use_noto_sans.diff
Forwarded: not-needed
commit 03c529c35afc0a5886cf4044ddf011c4e4acd1d9
Author: Dominic Hargreaves <dom@earth.li>
Date: Thu Dec 31 12:17:56 2015 +0000
Extract the correct (Debian) version number in configure.ac
Also make clear in the web interface that this version number is from
Debian.
Patch-Name: debianize_version.diff
Forwarded: not-needed
commit 16e9e16de68df4afc59137919697895d16803bdc
Author: Dominic Hargreaves <dom@earth.li>
Date: Thu May 7 21:37:37 2015 +0000
Allow overriding DatabaseType from the environment in RT::Test
Patch-Name: rt_test_db_type.diff
commit 6e3336a87eb5ca7e56c9b65f84fa08c51f6d619f
Author: Dominic Hargreaves <dom@earth.li>
Date: Wed May 6 22:29:35 2015 +0000
Load RT::Generated directly from @INC
This allows for the possibility of overriding RT::Generated in test
scenarios.
Patch-Name: load_rt_generated.diff
commit c3487dee7eeb92359f66e5a3aea5e581cb29cb2a
Author: Niko Tyni <ntyni@debian.org>
Date: Sat Dec 27 23:19:03 2014 +0200
Fix upgrade problems caused by an RTx::AssetTracker installation bug
The setup of the wheezy rt4-extension-assettracker package
(RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role
accounts, causing upgrade failures on SQLite backends due to uniqueness
constraint violations.
Bug-Debian: https://bugs.debian.org/773343
Patch-Name: assettracker-sysgroups.diff
Forwarded: not-needed
commit 693e0c3ebce93baf6fa6bba76923d2c5387cc31d
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Feb 23 22:48:50 2014 +0000
Debianize UPGRADING-4.2
Forwarded: not-needed
Patch-Name: debianize_UPGRADING-4.2.diff
commit b6a16841615d01bc7db7e151ccb6b5b7d5232f3a
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Feb 16 16:11:43 2014 +0000
Don't include remote image references or redirects in broken install page
This fixes the lintian error privacy-breach-logo
Forwarded: not-needed
Patch-Name: fix_lintian_privacy_break_logo_error.diff
commit 1f61c8bd40c949ec326aa76a4481819a4705b30d
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:16:42 2024 +1200
Reference correct local directory for Debian
Forwarded: not-needed
Patch-Name: debianize_docs_local.diff
commit fdcf24bc2906473749c0a3507c74443011b20dfc
Author: Dominic Hargreaves <dom@earth.li>
Date: Wed Mar 27 23:36:30 2013 +0000
Customise backup docs for Debian
Forwarded: not-needed
Patch-Name: debianize_backup_docs.diff
commit 519d1512ab3fff76367136c00eeb83f1cedcac21
Author: Dominic Hargreaves <dom@earth.li>
Date: Sun Mar 24 18:38:07 2013 +0000
Fix relative references to config path
Forwarded: not-needed
Bug: http://issues.bestpractical.com/Ticket/Display.html?id=13592
Bug-Debian: http://bugs.debian.org/518556
Patch-Name: rt_setup_database_upgrade_basedir.diff
commit 43422d8c5cbd98204ee5590e9c7a79bf893778fe
Author: Stephen Quinney <sjq@debian.org>
Date: Sun Mar 24 18:38:06 2013 +0000
Use RT_SiteModules.pm in lib/RT/Interface/Web/Handler.pm
Forwarded: not-needed
Patch-Name: sitemodules.diff
commit 043a2179076b4fe4a23535fa75acf67fa8490b9d
Author: Stephen Quinney <sjq@debian.org>
Date: Sun Mar 24 18:38:05 2013 +0000
Add Debian layout (FHS-compatible)
Forwarded: not-needed
Patch-Name: layout.diff
commit 09c08b2a412e221924d8d7101ffb2355d67ab807
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:43:30 2024 +1200
record new upstream branch created by importing request-tracker5_5.0.6+dfsg.orig.tar.gz, request-tracker5_5.0.6+dfsg.orig-third-party-source.tar.gz
commit 306ddf96c85b5d78e2d175ea376fca5b3d4bf0ac
Merge: a0048e4 655c5cc
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:43:26 2024 +1200
Import request-tracker5_5.0.6+dfsg.orig.tar.gz, request-tracker5_5.0.6+dfsg.orig-third-party-source.tar.gz
commit 655c5cca42c327e0e0a57e3e46b0c31b63915f16
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed May 15 22:42:20 2024 +1200
Import request-tracker5_5.0.6+dfsg.orig.tar.gz
commit 4b82a0b582796d517d5a061520d886e348c73c0a
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat Apr 6 12:52:20 2024 +1300
Bump my copyright
commit 6e36a52d13d5255b8476e9e4fdb8c83c3056cf4c
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat Apr 6 12:51:55 2024 +1300
Bump changelog
commit 33e13089883b054a6e8e7a5c8c3c215c0415fb06
Merge: ce2fbf6 20e8ead
Author: Andrew Ruthven <andrew@etc.gen.nz>
Date: Sat Apr 6 12:46:15 2024 +1300
merge patched into master
commit 20e8ead837d57110c95f47e2d702b0c0c0f79bcd
Author: Jim Brandt <jbrandt@bestpractical.com>
Date: Fri Dec 22 13:57:15 2023 -0500
Convert other Mason templates to new headers template
27bd738eaf created a single method in Web.pm, CacheControlExpiresHeaders
to generate HTTP response headers, specifically those related to
caching instructions for browsers. That was applied to Helpers, but
wasn't used for regular RT pages.
Later, 915eb4b7d0 sought to fix a regression that resulted in
cache headers not being sent for static files returned via
Plack::Middleware::Static. That fix went to great lengths to
try to re-use functionality from CacheControlExpiresHeaders,
including moving all of the code to GetStaticHeaders. This
probably wasn't really needed since it's reasonable to allow
the special case static handler to send it's own one or two headers.
It also made the code confusing since dynamic pages in Mason
called CacheControlExpiresHeaders, which then called GetStaticHeaders
to get headers for responses that were not static.
This update gets all of the Mason web pages using the same code
for these headers. It leaves the current methods in place to continue
handling static files. That can likely be simplified and cleaned up
in a future commit.
Patch-Name: fix_browser_cache2.diff
Applied-Upstream: 5.0.6, commit:468f86bd3e82c3b5b5ef7087d416a7509d4b1abe
Origin: vendor
Forwarded: not-needed
commit 39de89570b11cd74e8c76bd767956f035f148827
Author: Jim Brandt <jbrandt@bestpractical.com>
Date: Mon Dec 18 16:01:06 2023 -0500
Add $WebStrictBrowserCache option to disable browser cache
RT systems that store sensitive data may want to disable all
browser cache and back button behavior. This option enables
that and moves these headers to a separate Mason template
for easy override.
See: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
Patch-Name: fix_browser_cache.diff
Applied-Upstream: 5.0.6, commit:ea07e767eaef5b202e8883051616d09806b8b48a
Origin: vendor
Forwarded: not-needed