community/rt4: security upgrade to 4.4.7

- sort dependencies alphabetically - add dependency perl-parallel-forkmanager - please linter
2024-09-20 11:23:16 +00:00 · 2024-09-17 11:47:04 +00:00 · 2024-09-17 11:47:04 +00:00 · 0d4f241f69
commit 0d4f241f69
parent 30b4b4d47d
4 changed files with 87 additions and 82 deletions
--- a/community/rt4/0001-email-allow-envelope-from-overriding-from-templates.patch
+++ b/community/rt4/0001-email-allow-envelope-from-overriding-from-templates.patch
@ -13,7 +13,7 @@ diff --git a/lib/RT/Interface/Email.pm b/lib/RT/Interface/Email.pm
 index 7466c0f78..04a88554c 100644
 --- a/lib/RT/Interface/Email.pm
 +++ b/lib/RT/Interface/Email.pm
-@@ -740,7 +740,14 @@ sub MailError {
+@@ -750,7 +750,14 @@ sub MailError {
 }
 
 sub _OutgoingMailFrom {
@ -29,7 +29,7 @@ index 7466c0f78..04a88554c 100644
 
     my $MailFrom = RT->Config->Get('SetOutgoingMailFrom');
     my $OutgoingMailAddress = $MailFrom =~ /\@/ ? $MailFrom : undef;
-@@ -754,8 +761,9 @@ sub _OutgoingMailFrom {
+@@ -764,8 +771,9 @@ sub _OutgoingMailFrom {
         if ($QueueAddressOverride) {
             $OutgoingMailAddress = $QueueAddressOverride;
         } else {
@ -41,7 +41,7 @@ index 7466c0f78..04a88554c 100644
         }
     }
     elsif ($Overrides->{'Default'}) {
-@@ -823,6 +831,9 @@ sub SendEmail {
+@@ -833,6 +841,9 @@ sub SendEmail {
 
     my $msgid = Encode::decode( "UTF-8", $args{'Entity'}->head->get('Message-ID') || '' );
     chomp $msgid;
@ -51,7 +51,7 @@ index 7466c0f78..04a88554c 100644
     
     # If we don't have any recipients to send to, don't send a message;
     unless ( $args{'Entity'}->head->get('To')
-@@ -901,7 +912,7 @@ sub SendEmail {
+@@ -914,7 +925,7 @@ sub SendEmail {
         if ( $args{'Bounce'} ) {
             push @args, shellwords(RT->Config->Get('SendmailBounceArguments'));
         } elsif ( RT->Config->Get('SetOutgoingMailFrom') ) {
@ -60,6 +60,3 @@ index 7466c0f78..04a88554c 100644
 
             push @args, "-f", $OutgoingMailAddress
                 if $OutgoingMailAddress;
-- 
-2.15.1
-
--- a/community/rt4/APKBUILD
+++ b/community/rt4/APKBUILD
@ -2,8 +2,8 @@
 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=rt4
-pkgver=4.4.4
-pkgrel=6
+pkgver=4.4.7
+pkgrel=0
 pkgdesc="Request Tracker - issue and bug tracker"
 pkgusers="rt4"
 pkggroups="rt4"
@ -13,100 +13,108 @@ license="GPL-2.0-or-later"
 options="!check" # need to install the RT_Config module
 depends="perl
 	font-droid
-	perl-term-readkey
+	perl-apache-session
+	perl-business-hours
 	perl-cache-simple-timedexpiry
+	perl-cgi
+	perl-cgi-emulate-psgi
+	perl-cgi-psgi
 	perl-class-accessor
-	perl-dbi
-	perl-dbd-pg
+	perl-convert-color
+	perl-crypt-eksblowfish
+	perl-crypt-ssleay
+	perl-crypt-x509
+	perl-css-minifier-xs
+	perl-css-squish
+	perl-data-guid
+	perl-data-ical
+	perl-data-page-pageset
+	perl-date-extract
+	perl-date-manip
+	perl-datetime
+	perl-datetime-format-natural
+	perl-datetime-locale
 	perl-dbd-mysql
+	perl-dbd-pg
+	perl-dbi
+	perl-dbix-searchbuilder
 	perl-devel-globaldestruction
 	perl-devel-stacktrace
 	perl-digest-sha1
 	perl-email-address
+	perl-email-address-list
+	perl-fcgi
+	perl-fcgi-procmanager
+	perl-file-sharedir
+	perl-file-which
 	perl-getopt-long
+	perl-html-formatter
+	perl-html-formattext-withlinks
+	perl-html-formattext-withlinks-andtables
+	perl-html-mason
+	perl-html-mason-psgihandler
+	perl-html-parser
+	perl-html-quoted
+	perl-html-rewriteattributes>=0.05
+	perl-html-scrubber
+	perl-html-tree
+	perl-ipc-run3
+	perl-javascript-minifier
+	perl-javascript-minifier-xs
+	perl-json
+	perl-list-moreutils
 	perl-locale-maketext-fuzzy
 	perl-locale-maketext-lexicon
 	perl-log-dispatch
+	perl-lwp-protocol-https
+	perl-mailtools
 	perl-mime-tools
+	perl-mime-types
+	perl-module-refresh
+	perl-module-versions-report
+	perl-mozilla-ca
 	perl-net-cidr
+	perl-net-ip
+	perl-parallel-forkmanager
+	perl-plack
+	perl-pod-parser
 	perl-regexp-common-net-cidr
+	perl-regexp-ipv6
+	perl-role-basic
+	perl-scope-upper
+	perl-starlet
+	perl-string-shellquote
 	perl-sub-exporter
+	perl-symbol-global-name
+	perl-term-readkey
 	perl-text-password-pronounceable
+	perl-text-quoted
 	perl-text-template
+	perl-text-wikiformat
 	perl-text-wrapper
 	perl-time-hires
 	perl-time-parsedate
 	perl-tree-simple
 	perl-universal-require
 	perl-xml-rss
-	perl-text-wikiformat
-	perl-convert-color
-	perl-data-ical
-	perl-mime-types
-	perl-html-formatter
-	perl-html-rewriteattributes>=0.05
-	perl-html-tree
-	perl-html-mason
-	perl-javascript-minifier
-	perl-cgi
-	perl-cgi-psgi
-	perl-cgi-emulate-psgi
-	perl-html-mason-psgihandler
-	perl-apache-session
-	perl-starlet
-	perl-html-parser
-	perl-file-sharedir
-	perl-module-versions-report
-	perl-list-moreutils
-	perl-css-squish
-	perl-regexp-ipv6
-	perl-html-scrubber
-	perl-html-quoted
-	perl-datetime-locale
-	perl-fcgi
-	perl-fcgi-procmanager
-	perl-datetime
-	perl-json
-	perl-ipc-run3
-	perl-plack
-	perl-dbix-searchbuilder
-	perl-mailtools
-	perl-crypt-eksblowfish
-	perl-datetime-format-natural
-	perl-data-guid
-	perl-role-basic
-	perl-module-refresh
-	perl-date-extract
-	perl-html-formattext-withlinks
-	perl-email-address-list
-	perl-text-quoted
-	perl-date-manip
-	perl-symbol-global-name
-	perl-pod-parser
-	perl-mozilla-ca
-	perl-crypt-ssleay
-	perl-crypt-x509
-	perl-file-which
-	perl-string-shellquote
-	perl-lwp-protocol-https
-	perl-data-page-pageset
-	perl-business-hours
-	perl-scope-upper
-	perl-html-formattext-withlinks-andtables
-	perl-css-minifier-xs
-	perl-net-ip
-	perl-javascript-minifier-xs
 	"

 makedepends="autoconf"
 install="$pkgname.pre-install $pkgname.pre-upgrade"
 source="https://download.bestpractical.com/pub/rt/release/rt-$pkgver.tar.gz
 	0001-email-allow-envelope-from-overriding-from-templates.patch
-	rt-varpath.patch
 	rt-autoconf-version.patch
+	rt-varpath.patch
 	"
 builddir="$srcdir"/rt-$pkgver

+# secfixes:
+#   4.4.7-r0:
+#     - CVE-2021-38562
+#     - CVE-2022-25802
+#     - CVE-2023-41259
+#     - CVE-2023-41260
+
 prepare() {
 	default_prepare

@ -163,13 +171,13 @@ package() {
 	make -j1 DESTDIR="$pkgdir" install

 	# delete the droid fonts as we get them from ttf-droid
-	rm -rf "$pkgdir"/usr/share/rt4/fonts/ \
-		"$pkgdir"/usr/local
+	rm -rf "${pkgdir:?}"/usr/share/rt4/fonts/ \
+		"${pkgdir:?}"/usr/local
 }

 sha512sums="
-95335cfa9e7107300670a5e8631ffb6f402895dae051201d051ac01885b0cb185f838a666acaec773e0f670e1b9d16b7cede72f37ce9832fd83a9da8514e6972  rt-4.4.4.tar.gz
-b88f6a6c42510c6e95f4d206b93d5dcea001622619edc212018edd7f36c20a24acf812acf8f09dcb3413fcb1733b53ce3072c2097cdc18812e3a978ea04218d0  0001-email-allow-envelope-from-overriding-from-templates.patch
-62308220d00e11059491533e87fb7378226609fcef332c31b2db75ba32bbbf3343cd0eb7fd53288f62700ee456669f216bd78550fb1cd7e5d4fe85ef41976c0c  rt-varpath.patch
-cac79f231e1b1915962de8e4a86812fcaa0f1f64384a34557fac860c0fb0ae33d5dfd2371c30c07310391735e7348022e62bd5d453674a41ac7e77865d79dab9  rt-autoconf-version.patch
+c4824d2345c8eb628506d7e147fef7be26b834f188a8a45e1c8b204b3d3de0b09002d703cc61717b67a1f447219b1b08351082dee4222e2fb25f78b217838415  rt-4.4.7.tar.gz
+165be009e0babc128441e2931ecdc8928abcd0eca457e0d711e1073062a17647c2065d1930f4eb86f2288b984e202c8e78f8f508f22d3fcf997360481e63fe5e  0001-email-allow-envelope-from-overriding-from-templates.patch
+f80fcc91b4df6091bc988b2ce613220d6d6a49b81f86ad31a81de4a965c9b032082d367345c4e8e32ed747bca36d95640018c5e0c414251b85b314f88f5a471a  rt-autoconf-version.patch
+42d41f0c185f190476f8707ce70e0085513d95d7dd3da816e9e1e966994c5e108fe6107379e6017dccbfc2d32cdd0bad0a839b514da3184e84f30e7ecc2f44b8  rt-varpath.patch
 "
--- a/community/rt4/rt-autoconf-version.patch
+++ b/community/rt4/rt-autoconf-version.patch
@ -1,9 +1,9 @@
--- rt-4.2.2/configure.ac.orig	2014-05-06 19:01:59.784199966 -0300
-+++ rt-4.2.2/configure.ac	2014-05-06 19:02:21.004085165 -0300
-@@ -7,7 +7,7 @@
+--- rt-4.4.7/configure.ac.orig	2024-09-17
+++ rt-4.4.7/configure.ac	2024-09-17
+@@ -4,7 +4,7 @@ dnl Process this file with autoconf to p
 
 dnl Setup autoconf
- AC_PREREQ([2.53])
+ AC_PREREQ([2.59])
 -AC_INIT(RT, m4_esyscmd([( git describe --tags || cat ./.tag 2> /dev/null || echo "rt-3.9.EXPORTED" )| tr -d "\n"]), [rt-bugs@bestpractical.com])
 +AC_INIT(RT, m4_esyscmd([( cat ./.tag 2> /dev/null || echo "rt-3.9.EXPORTED" )| tr -d "\n"]), [rt-bugs@bestpractical.com])
 AC_CONFIG_SRCDIR([lib/RT.pm])
--- a/community/rt4/rt-varpath.patch
+++ b/community/rt4/rt-varpath.patch
@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -379,7 +379,7 @@
+@@ -376,7 +376,7 @@ AC_SUBST([RT_ETC_PATH],			${exp_sysconfd
 AC_SUBST([CONFIG_FILE_PATH],		${exp_sysconfdir})
 AC_SUBST([RT_BIN_PATH],			${exp_bindir})
 AC_SUBST([RT_SBIN_PATH],		${exp_sbindir})
@ -9,7 +9,7 @@
 AC_SUBST([RT_MAN_PATH],			${exp_mandir})
 AC_SUBST([RT_FONT_PATH],			${exp_fontdir})
 AC_SUBST([RT_PLUGIN_PATH],			${exp_plugindir})
-@@ -431,7 +431,7 @@
+@@ -428,7 +428,7 @@ AC_SUBST([RT_PLUGIN_PATH_R],		${exp_plug
 AC_SUBST([CONFIG_FILE_PATH_R],		${exp_sysconfdir})
 AC_SUBST([RT_BIN_PATH_R],			${exp_bindir})
 AC_SUBST([RT_SBIN_PATH_R],		${exp_sbindir})