[med-svn] r2540 - trunk/packages/agdbnet/trunk/debian/patches

tille at alioth.debian.org tille at alioth.debian.org
Fri Sep 26 07:31:42 UTC 2008 

Author: tille
Date: 2008-09-26 07:31:40 +0000 (Fri, 26 Sep 2008)
New Revision: 2540

Added:
   trunk/packages/agdbnet/trunk/debian/patches/30_fix_empty_status_bug_in_curator_authentication.patch
Modified:
   trunk/packages/agdbnet/trunk/debian/patches/10_bioperl.patch
   trunk/packages/agdbnet/trunk/debian/patches/10_config_location.patch
   trunk/packages/agdbnet/trunk/debian/patches/10_preconf.patch
   trunk/packages/agdbnet/trunk/debian/patches/11_moreinfo.patch
   trunk/packages/agdbnet/trunk/debian/patches/12_apache_is_web-data.patch
   trunk/packages/agdbnet/trunk/debian/patches/13_ident_authentication.patch
   trunk/packages/agdbnet/trunk/debian/patches/20_metainfo.patch
   trunk/packages/agdbnet/trunk/debian/patches/series
Log:
Commenting the patches and adding a fix for a problem in user authentication.


Modified: trunk/packages/agdbnet/trunk/debian/patches/10_bioperl.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/10_bioperl.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/10_bioperl.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,3 +1,5 @@
+The Debian package depends from bioperl - so we can be sure that this
+feature is available and enable it inside the cgi script.
 --- agdbnet_v1.0.0.orig/cgi-bin/agdbnet.pl
 +++ agdbnet_v1.0.0/cgi-bin/agdbnet.pl
 @@ -31,6 +31,7 @@

Modified: trunk/packages/agdbnet/trunk/debian/patches/10_config_location.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/10_config_location.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/10_config_location.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,3 +1,5 @@
+In Debian configuration files have to be located in /etc and not in
+the same directory as the cgi script as upstream suggests.
 --- agdbnet_v1.0.0.orig/cgi-bin/agdbnet.pl
 +++ agdbnet_v1.0.0/cgi-bin/agdbnet.pl
 @@ -35,7 +35,7 @@

Modified: trunk/packages/agdbnet/trunk/debian/patches/10_preconf.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/10_preconf.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/10_preconf.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,3 +1,5 @@
+This patch adjust some pathes in the upstream suggestion for a
+configuration file to the locations in Debian.
 --- agdbnet_v1.0.0.orig/conf/agdbnet.conf
 +++ agdbnet_v1.0.0/conf/agdbnet.conf
 @@ -1,17 +1,17 @@

Modified: trunk/packages/agdbnet/trunk/debian/patches/11_moreinfo.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/11_moreinfo.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/11_moreinfo.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,3 +1,6 @@
+Provide some more information to the user if the initialisation of
+the web page fails by pointing to README.Debian which might contain
+hints about things to do next.
 --- agdbnet_v1.0.0.orig/cgi-bin/agcurate.pl
 +++ agdbnet_v1.0.0/cgi-bin/agcurate.pl
 @@ -129,7 +129,7 @@

Modified: trunk/packages/agdbnet/trunk/debian/patches/12_apache_is_web-data.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/12_apache_is_web-data.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/12_apache_is_web-data.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,5 +1,8 @@
 Apache runs as user www-data on Debian systems - so replace any
-occurence of system user apache by www-data
+occurence of system user apache by www-data.
+Attention: The '"' around www-data in the GRANT SQL statement
+are important to make sure the '-' in the name will not be
+interpreted by the SQL parser.
 --- agdbnet_v1.0.0.orig/cgi-bin/agcurate.pl
 +++ agdbnet_v1.0.0/cgi-bin/agcurate.pl
 @@ -80,7 +80,7 @@

Modified: trunk/packages/agdbnet/trunk/debian/patches/13_ident_authentication.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/13_ident_authentication.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/13_ident_authentication.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,3 +1,9 @@
+On Debian GNU Linux systems the suggested way to authenticate to
+a PostgreSQL server on local host is ident authentication.  This
+authentication method requires that the host parameter is left out,
+i.e. if you specify the host localhost password authentication
+is automatically used.  This patch removes host and port from
+the connection string if $host == 'localhost'.
 --- agdbnet_v1.0.0.orig/cgi-bin/agdbnet.pl
 +++ agdbnet_v1.0.0/cgi-bin/agdbnet.pl
 @@ -167,10 +167,19 @@

Modified: trunk/packages/agdbnet/trunk/debian/patches/20_metainfo.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/20_metainfo.patch	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/20_metainfo.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -1,3 +1,14 @@
+This patch is a feature addition which might be incorporated upstream.
+
+A web page should feature some meta information for search engines etc.
+If your institution really asks you for inclusion of this information if
+you want to publish a web page you can use this patch which adds the
+feature of reading an additional configuration file "meta.html".
+The following syntax has to be used in this file:
+  <meta name="name_of_metatag" content="content of meta tag" />
+and you can also add a favicon by using
+  <link rel="shortcut icon" href="/agdbnet/dbname/imgs/favicon.gif" type="image/gif" />
+This is documented in README.Debian.
 --- agdbnet_v1.0.0.orig/cgi-bin/agdbnet.pl
 +++ agdbnet_v1.0.0/cgi-bin/agdbnet.pl
 @@ -196,6 +196,25 @@

Added: trunk/packages/agdbnet/trunk/debian/patches/30_fix_empty_status_bug_in_curator_authentication.patch
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/30_fix_empty_status_bug_in_curator_authentication.patch	                        (rev 0)
+++ trunk/packages/agdbnet/trunk/debian/patches/30_fix_empty_status_bug_in_curator_authentication.patch	2008-09-26 07:31:40 UTC (rev 2540)
@@ -0,0 +1,19 @@
+This is a security fix which should be applied upstream.
+A user with status == '' should not be able to log in as curator.
+--- agdbnet_v1.0.0.orig/cgi-bin/agcurate.pl
++++ agdbnet_v1.0.0/cgi-bin/agcurate.pl
+@@ -326,7 +326,13 @@
+ 		my $sql = $db->prepare($qry) or die "cannot prepare";
+ 		$sql->execute($username);
+ 		my ( $id, $status ) = $sql->fetchrow_array;
+-		if ( $status && $status ne 'curator' ) {
++		# The original line
++		# 	if ( $status && $status ne 'curator' ) {
++		# enables successfull authentication if status == ''
++		# because $status is false and the second term
++		# will not be evaluated any more because && would
++		# be false in any way.
++		if ( ! $status || $status ne 'curator' ) {
+ 			return 0;
+ 		}
+ 		return $id;

Modified: trunk/packages/agdbnet/trunk/debian/patches/series
===================================================================
--- trunk/packages/agdbnet/trunk/debian/patches/series	2008-09-25 20:28:36 UTC (rev 2539)
+++ trunk/packages/agdbnet/trunk/debian/patches/series	2008-09-26 07:31:40 UTC (rev 2540)
@@ -5,3 +5,4 @@
 12_apache_is_web-data.patch
 13_ident_authentication.patch
 20_metainfo.patch
+30_fix_empty_status_bug_in_curator_authentication.patch

More information about the debian-med-commit mailing list