Your message dated Tue, 02 Jul 2013 09:33:33 +0000 with message-id <e1utwxp-0003hp...@franck.debian.org> and subject line Bug#699644: fixed in glpi 0.83.91-1 has caused the Debian Bug report #699644, regarding glpi: /usr/share/glpi/lib/extjs is an empty directory after upgrades to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699644 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: glpi Version: 0.83.31-2 Severity: serious Tags: patch Justification: probably breaks functionality Hi, please do not forget that dpkg intentionally does not replace directories with symlinks (or vice versa), so the security fix in -2 will probably break glpi on upgrades since /usr/share/glpi/lib/extjs is an empty directory. I'm attaching a patch that cleans this up in postinst by replacing the empty directory with a proper symlink. Please upload both of these fixes to experimental, too, as currently upgrading glpi from sid to experimental is not aware of /usr/share/glpi/lib/extjs being a symlink and therefore will install its copy of extjs over the existing symlink and overwrite the files from libjs-extjs. Andreas
--- End Message ---
--- Begin Message ---Source: glpi Source-Version: 0.83.91-1 We believe that the bug you reported is fixed in the latest version of glpi, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Chifflier <pol...@debian.org> (supplier of updated glpi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 02 Jul 2013 10:50:58 +0200 Source: glpi Binary: glpi Architecture: source all Version: 0.83.91-1 Distribution: unstable Urgency: medium Maintainer: Pierre Chifflier <pol...@debian.org> Changed-By: Pierre Chifflier <pol...@debian.org> Description: glpi - IT and Asset management software Closes: 669857 683536 699644 714720 Changes: glpi (0.83.91-1) unstable; urgency=medium . [ Pierre Chifflier ] * Upload to unstable * Imported Upstream version 0.83.91 Security bugfixes (Closes: #714720): - CVE-2013-2225 + CVE-2013-2227 (serialize + filter classname for autoload) - CVE-2013-2226 (multiple error-based SQL injections) * glpi.postinst: Convert /usr/share/glpi/lib/extjs to a symlink on upgrades. (Closes: #699644) Thanks to Andreas Beckmann for the patch. * Bump Standards-Version to 3.9.4 * Update configuration for Apache 2.4 transition (Closes: #669857) * Recommends mysql-client and mysql-server (Closes: #683536) . [ Gonéri Le Bouder ] * Add myself in Uploaders: * Remove the dependencies on PHP4. PHP4 is not supported upstream for a long time now. Checksums-Sha1: edebcdab68990e867114da17f58f1424bf1f5d0b 1348 glpi_0.83.91-1.dsc ac093cbd640c3fe444cada9f0134f7dd643e7fe9 4490605 glpi_0.83.91.orig.tar.gz 2ab6bae8ec8a7e6d98078429234af4a349d01db3 16660 glpi_0.83.91-1.debian.tar.gz ddfd35a3366f7e066a7942c032f215225df2ffa2 3784340 glpi_0.83.91-1_all.deb Checksums-Sha256: 756df196bc8c68da5cd9f8072de5a3aedd5536df5486bf58bc5fd3af71d0e5d8 1348 glpi_0.83.91-1.dsc 41f3b612fc0fc7d077ee8b13f406fd47093860065a90db4bf2d8b4397fc45f8e 4490605 glpi_0.83.91.orig.tar.gz 30f455e0b722a40fd9d946b59d6de3a3e791f6727f16936db10741dd4069d8fa 16660 glpi_0.83.91-1.debian.tar.gz c880f98fb38beef3d389fe42bffbf865e69aa1ad519c9930789aec96a4ea0d64 3784340 glpi_0.83.91-1_all.deb Files: 2ec8120b0d2fb91e6ed936c64f92061f 1348 web optional glpi_0.83.91-1.dsc 11190df46de3435832f6120d8e78c57b 4490605 web optional glpi_0.83.91.orig.tar.gz d4598969f41fe32afe2c3adc6ff1dafb 16660 web optional glpi_0.83.91-1.debian.tar.gz c71a75fac6102331efabb82388790530 3784340 web optional glpi_0.83.91-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJR0pZtAAoJEFqCeQfe0MQY5AgH/i7k8CT+JD+dQQwPh+NrYR4F XerFqNW3H+O4nhiJ/BIuhoH0tbipg3LLF6K2i6daabY/iDe+RJbu6hAKItozJDXZ xJyrL4Jpwiglsj/EcqU+o3QM29bEyer1645+n99AVF92QY5hEfjSskfCb1x6+D+v vEbKRXPfcaLVy2o9aiETqzvwqgWZlKW78MSK2yO/IcaCQAHgZnUvjGVME5s4JGEl kYvGH3/WTfOlEgiFsd7ig+oPfXywW0MLVM80j3yaHqQh65Y7kjWGEU1K2mH9egc8 EHuI0ImjV+KpK/rx9JyySdW16Gt3FTRj1TLF2HvnUromIQX0RCPruTMz6zv8zm8= =lOAb -----END PGP SIGNATURE-----
--- End Message ---
