[request-tracker-maintainers] Bug#1130054: bookworm-pu: package request-tracker5/5.0.3+dfsg-3~deb12u4
Andrew Ruthven
andrew at etc.gen.nz
Sun Mar 8 00:21:57 GMT 2026
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: request-tracker5 at packages.debian.org
Control: affects -1 + src:request-tracker5
User: release.debian.org at packages.debian.org
Usertags: pu
Disclaimer: this is virtually identical to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130053
[ Reason ]
Firefox v148 has introduced a change to how they handle JavaScript which
breaks CKEditor 4, which is used by Request Tracker. Mozilla have introduced a
work around that looks for version 4 of CKEditor. Unfortunately how we built
CKEditor in the request-tracker5 package we weren't setting the version number,
which means that Firefox doesn't apply the workaround.
The bug report for Firefox is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=2002481
While Firefox v148 isn't in Trixie, many end users of Request Tracker
installations are likely to be running the latest version of Firefox.
[ Impact ]
The impact for users is that they can't add comments to tickets if Request
Tracker is installed using our packages from bookworm.
[ Tests ]
I have not tested the bookworm versions of the package, I have copied the
generated ckeditor.min.js into a Trixie test server confirmed it works with
Firefox v148.
[ Risks ]
There is very low risk. It is a two line change in a build script to set
the version of CKEditor that is being built.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
There is a two line change to debian/scripts/build-final-ckeditor.sh which sets
the --version. When --version isn't provided then it defaults to "DEV". I have
also wrapped the lines to 80 characters to make it easier to read.
[ Other info ]
The bug for updating Trixie is:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130053
-------------- next part --------------
diff -Nru request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh
--- request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh 2025-10-08 20:40:55.000000000 +1300
+++ request-tracker5-5.0.3+dfsg/debian/build-final-ckeditor.sh 2026-03-08 12:18:18.000000000 +1300
@@ -25,7 +25,8 @@
cp -a $DOCFONTSRC $SRC/plugins/
# --add-exports is from https://github.com/ckeditor/ckbuilder/issues/34
-java --add-exports java.desktop/sun.java2d=ALL-UNNAMED -jar /usr/bin/ckbuilder \
+java --add-exports java.desktop/sun.java2d=ALL-UNNAMED -jar \
+ /usr/bin/ckbuilder --version 4.13.0 \
--build $SRC $DEST --skip-omitted-in-build --build-config $BUILD_CONFIG
(
diff -Nru request-tracker5-5.0.3+dfsg/debian/changelog request-tracker5-5.0.3+dfsg/debian/changelog
--- request-tracker5-5.0.3+dfsg/debian/changelog 2025-10-08 20:40:55.000000000 +1300
+++ request-tracker5-5.0.3+dfsg/debian/changelog 2026-03-08 12:18:18.000000000 +1300
@@ -1,3 +1,12 @@
+request-tracker5 (5.0.3+dfsg-3~deb12u5) bookworm; urgency=medium
+
+ * Set a version for ckeditor when we build it to allow Firefox v148 to
+ correctly detect that it needs a work around, see:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=2002481
+ (Closes: #1129090)
+
+ -- Andrew Ruthven <andrew at etc.gen.nz> Sun, 08 Mar 2026 12:18:18 +1300
+
request-tracker5 (5.0.3+dfsg-3~deb12u4) bookworm-security; urgency=medium
* Apply upstream patch which fixes a security vulnerability.
More information about the pkg-request-tracker-maintainers
mailing list