Please unblock gforge 4.5.14-21
Hi,
I just uploaded a new version of gforge, with the following changes:
* More input sanitisation, fixing more cross-site scripting
vulnerabilities. Again, security implications cause the high urgency.
* Also, make sure that the registration procedure happens over SSL.
* New debconf templates translations, thanks to Jacobo Tarrio
<jtarrio@trasno.net> for Galician (closes: #412917), Miroslav Kure
<kurem@upcase.inf.upol.cz> for Czech (closes: #409655), and Ricardo
Silva <ardoric@gmail.com> for Portuguese (closes: #413750).
* Stopped enabling pgsql.so and gd.so in php.ini, since they're enabled
in separate files by the respective packages.
I guess the last item warrants some explanation: php4 modules are
now enabled by default (each package ships a .ini file with the
appropriate "extension=foo.so" magic); gforge previously contained
code to add that magic line to php.ini (with the user's permission, of
course). In the case of the pgsql extension at least, loading the
module twice made it cease to work, with a confusing error message.
Removing the extra invocation fixes the problem.
I'd like to request a freeze exception for that package.
Thanks,
Roland.
--
Roland Mas
Qu'est-ce qui est jaune, qui pèse deux cents kilos et qui chante ?
Un canari. Belle bête, pas vrai ?
Reply to: