Package: gosa / 2.7.4+reloaded2-1+deb8u2

Metadata

Package Version Patches format
gosa 2.7.4+reloaded2-1+deb8u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001_smarty3.patch | (download)

gosa-core/html/index.php | 1 1 + 0 - 0 !
gosa-core/html/main.php | 1 1 + 0 - 0 !
gosa-core/plugins/personal/posix/trustModeDialog/class_trustModeDialog.inc | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 1 deletion(-)

 more smarty3 robustness
0002_style robustness.patch | (download)

gosa-core/include/functions.inc | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 make generated image styles more robust
0003_xss vulnerability on login screen.patch | (download)

gosa-core/html/index.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 escape html entities to fix xss at the login screen
0004_fix get post.patch | (download)

gosa-core/include/functions.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix get_post for non-strings
0005_fix password expiry status.patch | (download)

gosa-core/plugins/personal/posix/class_posixAccount.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix expiration status when shadowmax is used
0006_code injection in samba hash generation.patch | (download)

gosa-core/include/class_core.inc | 2 1 + 1 - 0 !
gosa-core/include/functions.inc | 4 2 + 2 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 [patch] (see #1221) udpate samba hash generation due to a possible
 code injection

command line parameter will be passed base64 encoded to avoid
complex escaping sequences that may alter the initial passphrase



git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21280 594d385d-05f5-0310-b6e9-bd551577e9d8

0007_update sambaHashHook description.patch | (download)

gosa-core/contrib/gosa.conf.5 | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] (see #1221)

update sambaHashHook description



git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21281 594d385d-05f5-0310-b6e9-bd551577e9d8

1001_fix mass ldapimport.patch | (download)

ldapmanager/addons/ldapmanager/class_csvimport.inc (arbeidskopi) | 14 11 + 3 - 0 !
ldapmanager/addons/ldapmanager/contentcsv.tpl | 3 0 + 3 - 0 !
2 files changed, 11 insertions(+), 6 deletions(-)

 fix ldap mass import.
1002_trim decrypt.patch | (download)

gosa-core/include/functions.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 decryption of ldap password fails (encrypted with gosa-encrypt-passwords)
Abstract:
 The decryption of the LDAP password (which has been encrypted by
 gosa-encrypt-passwords) seems to fail.
 .
 When trying to login at the GOsa web interface, an error regarding the
 LDAP connection happens ('Error while connecting to LDAP: Could not
 bind to ... ').
 .
 After copying gosa.conf.orig to gosa.conf (with read permissions for
 group www-data), things work again as expected.
 .
 So the decryption of the LDAP password which has been encrypted by
 running gosa-encrypt-passwords does not seem to work.

1003_RequestHeader no underscores apache24.patch | (download)

gosa-core/bin/gosa-encrypt-passwords | 2 1 + 1 - 0 !
gosa-core/include/class_config.inc | 12 6 + 6 - 0 !
2 files changed, 7 insertions(+), 7 deletions(-)

 don't use underscores in request header variables
Andreas B. Mundt <andi.mundt@web.de>
 Since Apache2.4: Translation of headers to environment variables is more
 strict than before to mitigate some possible cross-site-scripting attacks
 via header injection. Headers containing invalid characters (including
 underscores) are now silently dropped.

1004_fix typos in man pages.patch | (download)

gosa-core/contrib/gosa.conf.5 | 16 8 + 8 - 0 !
gosa-core/dh-make-gosa.1 | 8 4 + 4 - 0 !
2 files changed, 12 insertions(+), 12 deletions(-)

 fix typos and hyphen-used-as-minus-sign issues in man pages
1009_fix insertDhcp icon in dhcp section overview.patch | (download)

gosa-core/include/functions.inc | 15 8 + 7 - 0 !
1 file changed, 8 insertions(+), 7 deletions(-)

 fix label extraction from image paths
1010_fix entry removal in mail plugin.patch | (download)

mail/admin/groups/mail/class_groupMail.inc | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix entry removal in mail plugin
1011_define isPluginModified.patch | (download)

gosa-core/include/class_tabs.inc | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 define undefined usertabs::$ispluginmodified
1012_allow one level domains in email addresses.patch | (download)

gosa-core/include/utils/class_tests.inc | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 allow one-level domains in email addresses
2001_fix smarty location.patch | (download)

gosa-core/include/php_setup.inc | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 adapt location for debian packaged smarty


2002_fix template location.patch | (download)

gosa-core/include/functions.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix location of configuration template.


2003_fix class mapping.patch | (download)

gosa-core/include/class_config.inc | 4 2 + 2 - 0 !
gosa-core/include/functions.inc | 2 1 + 1 - 0 !
gosa-core/update-gosa | 6 3 + 3 - 0 !
3 files changed, 6 insertions(+), 6 deletions(-)

 fix location of auto-generated class mapping file


2004_fix locale location.patch | (download)

gosa-core/include/php_setup.inc | 2 1 + 1 - 0 !
gosa-core/update-gosa | 10 5 + 5 - 0 !
2 files changed, 6 insertions(+), 6 deletions(-)

 fixed location of auto-generated locales


2005_no image warning.patch | (download)

gosa-core/update-gosa | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 don't throw warnings in update-gosa on already existing image files
2006_sasl password change.patch | (download)

gosa-core/include/password-methods/class_password-methods-sasl.inc | 2 0 + 2 - 0 !
gosa-core/plugins/admin/users/class_userManagement.inc | 12 0 + 12 - 0 !
2 files changed, 14 deletions(-)

 handle sasl password change correctly
2007_gen uids like gosa26.patch | (download)

gosa-core/include/functions.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 re-instate gosa 2.6 uid-from-fullname generation
2008_enable csv import on clean installs.patch | (download)

gosa-core/contrib/gosa.conf | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 enable csv/ldif import on clean installs
2009_allow Debian blends to override gosa conf.patch | (download)

gosa-core/include/class_config.inc | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 debian edu and debian lan take care of maintaining its own version of gosa.conf