rpms/rt3/F-12 rt-3.8.4-rh-bz543962.diff, NONE, 1.1 rt3.spec, 1.45, 1.46
corsepiu
corsepiu at fedoraproject.org
Fri Dec 4 11:23:35 UTC 2009
Author: corsepiu
Update of /cvs/pkgs/rpms/rt3/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30104
Modified Files:
rt3.spec
Added Files:
rt-3.8.4-rh-bz543962.diff
Log Message:
* Fri Dec 04 2009 Ralf Corsépius <corsepiu at fedoraproject.org> - 3.8.4-7
- Add rt-3.8.4-rh-bz543962.diff (BZ #543962).
rt-3.8.4-rh-bz543962.diff:
SetupSessionCookie | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- NEW FILE rt-3.8.4-rh-bz543962.diff ---
diff -Naur rt-3.8.4.orig/share/html/Elements/SetupSessionCookie rt-3.8.4/share/html/Elements/SetupSessionCookie
--- rt-3.8.4.orig/share/html/Elements/SetupSessionCookie 2009-06-10 20:40:27.000000000 +0200
+++ rt-3.8.4/share/html/Elements/SetupSessionCookie 2009-12-04 11:56:31.000000000 +0100
@@ -53,11 +53,17 @@
my %cookies = CGI::Cookie->fetch;
my $cookiename = "RT_SID_". RT->Config->Get('rtname');
$cookiename .= ".". $ENV{'SERVER_PORT'} if $ENV{'SERVER_PORT'};
-$SessionCookie ||= ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef ),
+$SessionCookie = ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef );
tie %session, 'RT::Interface::Web::Session', $SessionCookie;
undef $cookies{$cookiename} unless $SessionCookie && $session{'_session_id'} eq $SessionCookie;
+unless ($session{'CurrentUser'} && $session{CurrentUser}->id) {
+ tied(%session)->delete;
+ undef $cookies{$cookiename};
+ tie %session, 'RT::Interface::Web::Session', undef;
+}
+
if ( int RT->Config->Get('AutoLogoff') ) {
my $now = int(time/60);
my $last_update = $session{'_session_last_update'} || 0;
Index: rt3.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rt3/F-12/rt3.spec,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -p -r1.45 -r1.46
--- rt3.spec 13 Oct 2009 01:55:10 -0000 1.45
+++ rt3.spec 4 Dec 2009 11:23:35 -0000 1.46
@@ -40,7 +40,7 @@
Name: rt3
Version: 3.8.4
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: Request tracker 3
Group: Applications/Internet
@@ -60,6 +60,11 @@ Patch3: rt-3.8.4-test-dependencies.diff
# Fixed in rt >= 3.8.5
Patch5: rt-3.8.4-rh-bz526870.diff
+# http://bugzilla.redhat.com/show_bug.cgi?id=543962
+# Patch from http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch
+# Fixed in rt >= 3.8.6
+Patch6: rt-3.8.4-rh-bz543962.diff
+
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -238,6 +243,7 @@ find etc -type f -exec chmod a-x {} \;
%patch2 -p1
%patch3 -p1
%patch5 -p1
+%patch6 -p1
# Patch backups added by rpm disturb
find -name '*.orig' -exec rm -f {} \;
@@ -437,6 +443,9 @@ fi
%{RT3_LIBDIR}/RT/Test*
%changelog
+* Fri Dec 04 2009 Ralf Corsépius <corsepiu at fedoraproject.org> - 3.8.4-7
+- Add rt-3.8.4-rh-bz543962.diff (BZ #543962).
+
* Tue Oct 13 2009 Ralf Corsépius <corsepiu at fedoraproject.org> - 3.8.4-6
- Update rt-3.8.4-rh-bz526870.diff.
More information about the Fedora-perl-devel-list
mailing list