Please unblock gforge 4.5.14-21

To: debian-release@lists.debian.org
Subject: Please unblock gforge 4.5.14-21
From: Roland Mas <lolando@debian.org>
Date: Wed, 07 Mar 2007 13:16:04 +0100
Message-id: <[🔎] 87mz2puu4b.fsf@mirexpress.internal.placard.fr.eu.org>

Hi,

I just uploaded a new version of gforge, with the following changes:

   * More input sanitisation, fixing more cross-site scripting
     vulnerabilities.  Again, security implications cause the high urgency.
   * Also, make sure that the registration procedure happens over SSL.
   * New debconf templates translations, thanks to Jacobo Tarrio
     <jtarrio@trasno.net> for Galician (closes: #412917), Miroslav Kure
     <kurem@upcase.inf.upol.cz> for Czech (closes: #409655), and Ricardo
     Silva <ardoric@gmail.com> for Portuguese (closes: #413750).
   * Stopped enabling pgsql.so and gd.so in php.ini, since they're enabled
     in separate files by the respective packages.

  I guess the last item warrants some explanation: php4 modules are
now enabled by default (each package ships a .ini file with the
appropriate "extension=foo.so" magic); gforge previously contained
code to add that magic line to php.ini (with the user's permission, of
course).  In the case of the pgsql extension at least, loading the
module twice made it cease to work, with a confusing error message.
Removing the extra invocation fixes the problem.

  I'd like to request a freeze exception for that package.

  Thanks,

Roland.
-- 
Roland Mas

Qu'est-ce qui est jaune, qui pèse deux cents kilos et qui chante ?
Un canari.  Belle bête, pas vrai ?

Reply to:

Follow-Ups:
- Re: Please unblock gforge 4.5.14-21
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: RC-ness of this bug
Next by Date: Re: Bug#389881: RC-ness of this bug
Previous by thread: Re: please allow libgksu 2.0.3-7 to go into Etch
Next by thread: Re: Please unblock gforge 4.5.14-21
Index(es):
- Date
- Thread