| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 1005_no-image-warning.patch | Don't throw warnings in update-gosa on already existing image files | UNKNOWN | no | |||
| 0001_smarty3.patch | More Smarty3 robustness | UNKNOWN | no | |||
| 0002_style-robustness.patch | Make generated image styles more robust | UNKNOWN | no | |||
| 0003_xss-vulnerability-on-login-screen.patch | Escape html entities to fix xss at the login screen | Benjamin Zapiec | no | |||
| 0004_fix-get-post.patch | Fix get_post for non-strings | no | https://oss.gonicus.de/labs/gosa/changeset/21181/trunk | |||
| 0005_fix-password-expiry-status.patch | Fix expiration status when shadowMax is used | no | https://oss.gonicus.de/labs/gosa/changeset/21241 | |||
| 0006_code-injection-in-samba-hash-generation.patch | [PATCH] (See #1221) update samba hash generation due to a possible code injection command line parameter will be passed base64 encoded to avoid complex escaping sequences that may alter the initial passphrase |
bzapiec <bzapiec@594d385d-05f5-0310-b6e9-bd551577e9d8> | no | 2015-10-30 | ||
| 0007_update-sambaHashHook-description.patch | [PATCH] (See #1221) update sambaHashHook description |
bzapiec <bzapiec@594d385d-05f5-0310-b6e9-bd551577e9d8> | no | 2015-10-30 | ||
| 1001_fix-mass-ldapimport.patch | Fix LDAP mass import. Petter Reinholdtsen =================================================================== |
Giorgio Pioda | no | |||
| 1002_trim-decrypt.patch | Decryption of LDAP password fails (encrypted with gosa-encrypt-passwords)Abstract: The decryption of the LDAP password (which has been encrypted by gosa-encrypt-passwords) seems to fail. . When trying to login at the GOsa web interface, an error regarding the LDAP connection happens ('Error while connecting to LDAP: Could not bind to ... '). . After copying gosa.conf.orig to gosa.conf (with read permissions for group www-data), things work again as expected. . So the decryption of the LDAP password which has been encrypted by running gosa-encrypt-passwords does not seem to work. =================================================================== |
Andreas B. Mundt <andi.mundt@web.de> | no | |||
| 1003_RequestHeader-no-underscores-apache24.patch | Don't use underscores in request header variablesAndreas B. Mundt <andi.mundt@web.de> Since Apache2.4: Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. =================================================================== |
no | ||||
| 1004_fix-typos-in-man-pages.patch | Fix typos and hyphen-used-as-minus-sign issues in man pages | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1006_sasl-password-change.patch | Handle SASL password change correctly diff -ur a/gosa-core/include/password-methods/class_password-methods-sasl.inc b/gosa-core/include/password-methods/class_password-methods-sasl.inc |
Michael Banck <mbanck@debian.org> | no | |||
| 1007_gen-uids-like-gosa26.patch | Re-instate GOsa² 2.6 uid-from-fullname generationAbstract: For details, see http://bugs.debian.org/793455 |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1008_enable-csv-import-on-clean-installs.patch | Enable CSV/LDIF Import on clean installs | Philipp Huebner <debalance@debian.org> | no | |||
| 1009_fix-insertDhcp-icon-in-dhcp-section-overview.patch | Fix label extraction from image pathsAbstract: The DHCP service plugin uses image() function calls like this kind: . $editImgIns = image('images/lists/element.png[new]', 'insertDhcp_%s', _("Insert new DHCP section")); . The "[new] part of the image file name is used for referencing the style sheet of the image label. . The upstream version of the image function now does three things: . 1. Check if the image itself has a style sheet (if not, bail out). ^^^^ Here the function bails out, as it cannot find a style sheet for "element.png[new]". The label needs to be subtracted first. 2. Check if a label name has been appended to the image file name. 3. If (2), check if the label style sheet exists (if not, die). 4. If (3), then strip the "[<label>]" part from the file name. . We change this to: 1. Check if a label name has been appended to the image file name. (if so, subtract that label name from the path name of the image). 2. Check if the image itself has a style sheet (if not, bail out). 3. Check if the label style sheet exist (if not, die). |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1010_fix-entry-removal-in-mail-plugin.patch | Fix entry removal in mail pluginAbstract: Without this patch, it is not possible to remove entries from "Alternative addresses" or from "Forward messages to non group members" list in "mail" tab of group objects. One selects an address and press "delete" but nothing happens, the page is refreshed but address entry remains. The same operation succeeds for users. It fails only for group objects. The attached patch fixes the issue. |
eannj <greg@brazcubas.br> | no | |||
| 1011_define-isPluginModified.patch | Define undefined usertabs::$isPluginModified | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1012_allow-one-level-domains-in-email-addresses.patch | Allow one-level domains in email addressesAbstract: Make it possible to use one-level domains in email address (such as <uid>@intern) as commonly used in a Debian Edu default installation. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1013_fix-smarty-gettext-tags-recognition.patch | Correctly recognize smarty-gettext parameters in {t} blocksAbstract: Also make {t} blocks translatable that contain parameters, e.g. {t escape=no}{/t}, {t 1=<phpcode>}Translate %1{/t}, etc. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1014_fix-description-of-new-prim-groups.patch | Fix obtaining givenName and sn when creating primary groups | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1015_allow-iso8601-date-format-in-user-API.patch | Allow writing ISO-8601 conform date strings into dateOfBirthAbstract: Handling LDAP attribute dateOfBirth with GOsa² is a big mess. Why? Nothing has been localized when it comes to date handling in GOsa². GOsa² handles dates the very German way (concerning the date format). . While developing gosa-plugin-schoolmanager for Debian Edu, we require to be able to write the same date format to LDAP (via GOsa² API) as is returned via an LDAP search (via GOsa² API). . The $ldap->search() command in GOsa² returns LDAP's dateOfBirth attribute as-stored-in-LDAP, i.e. in ISO-8601 date format (YYYY-MM-DD). However, when writing back to LDAP, you have to give a "German" date format (D{1,2}.M{1,2}.YYYY). This is all very unhandy when working with dateOfBirth in an import tool for user accounts. . This patch does not affect any dateOfBirth handling in GOsa² WebGUI. However, it allows one to directly store ISO-8601 formatted date strings back into LDAP. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1016_allow-same-user-ids-as-adduser.patch | Use a more modern UID naming rule.Abstract: When strictNamingRules are turned off in gosa.conf, we should allow UID strings as allowed by concurrent versions of adduser. . For defining "concurrent": This patch has been contributed in 2015 (Debian jessie/stretch). |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1017_get-ogroups-ou-fix.patch | Use correct API call to obtain ogroupRDN string | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1018_no-item-multiplication-on-duplicate-search-results.patch | Don't return objects more than once if found by consecutive search queries | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1019_fix-various-typos.patch | Fix systematic mis-spellings in the code | Mike Gabriel <mike.gabriel@das-netzwerkteam.de | no | |||
| 1020_ob-fixes.patch | Only run ob_end_clean if there is something to clean | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1021_disable-sorting-in-DHCP-section-lists.patch | Disable sorting for DHCP section lists (plus fix accessor name in class_sortableList.inc) | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1022_add-b-switch-to-mkntpasswd-script.patch | Support -b option, saying that a password string is provided in base64 encoding | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1023_check-smbhash-creation-for-base64-encoded-pws.patch | Try decode_base64() when attempting a NT/LM hash generation. | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1024_dont-overescape-dollar-signs-in-smb-passwords.patch | Don't over-escape "$" chars with new base64 encoding of passwords in sambaHashHookAbstract: Using base64 encoded password strings in sambaHashHook calls makes it obsolete to double-escape "$" in passwords for the transport from PHP to console-process. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1025_fix-with-smarty-3-1-29.patch | Fix class autoloading under smarty3 3.1.28 | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1026_fix-deprecated-constructor-format.patch | PHP7 deprecation: constructor methods must be named __construct(<opts>).Abstract: Generated by debian/fix-constructors.sh script, provided by Cajus Pollmeier. |
Cajus Pollmeier <pollmeier@gonicus.de> | no | |||
| 1027_fix-sudo-fqdn.patch | Allow IPv4 addresses and FQDNs as sudoHost | Dominik George <nik@naturalnet.de> | no | debian | ||
| 1028_use-mysqli-instead-of-mysql.patch | Migrate from php-mysql to php-mysqli | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1029_better-whitespace-cleanup-in-genuid.patch | Remove all white-spaces from attributes before generating the UIDs.Abstract: During development of the GOsa² SchoolManager Add-On, it was discovered that in some cases the gen_uids() function would return UIDs that contained blanks. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1030_column-header-titles-group-members.patch | Fix column titles in member lists of POSIX groups | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1031_no-context-loose-continues.patch | Avoid stray continue. Fails with PHP7. | Benjamin Zapiec <bzapiec@gonicus.de> | no | |||
| 1032_fix_select_acl_role.patch | Use ACL from role definition: Select the correct role. | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1033_fix_unable_to_delete_acl_asignment.patch | Fix removing ACLs from objects (e.g. groups) | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1034_remove_superfluous__get_post__call_from__save_object.patch | class_sortableListing: Remove superfluous get_post() call from_ save_object() | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1035_acl_override_to_allow_delete_of_group_members.patch | Support member removal from groups, if someone has the right to edit the group. | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1036_remove_double_groupList_setEditable_setting.patch | Remove duplicate setEditable() for POSIX group lists. | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch | Propagate shadow expiry from user templates to created user objects. | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1038_shadowexpire_in_one_line.patch | Show shadow expiry (esp. the calendar icon) in one line on screen (html template adjustment). | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_tmplate_setting.patch | Fix date calculations for sambaKickoffTime and propagation from template to created user object. | Christian Schwamborn <cs@imap.architektur.tu-darmstadt.de> | no | |||
| 0008_mcrypt2openssl_gosa-core.patch | Switch from mcrypt to opensslAbstract: This patch includes the following gosa-core upstream commit: . commit 8a57db04f84337903f7de202e3c897d9b76d9b5f Author: bzapiec <benjamin.zapiec@gonicus.de> Date: Tue Feb 27 08:31:47 2018 +0100 . (see #12) add comment so the user know how and if to use the migration script suppress openssl warning execution right is revoked to avoid user to accidentally execute this script . commit 5f946bee9495db49bd718b8430eda2745adf8b3e Author: bzapiec <benjamin.zapiec@gonicus.de> Date: Tue Feb 27 08:25:21 2018 +0100 . (see #12) switch to ecb mode so we don't need to save the iv add migration script . commit 374e19d8c7a915b8580caa1184a76240919f4f0d Author: bzapiec <benjamin.zapiec@gonicus.de> Date: Mon Feb 26 14:48:04 2018 +0100 . remove gosa-si dependencies . commit df92dc9a0d5204825594986f78baf913167ca458 Author: bzapiec <benjamin.zapiec@gonicus.de> Date: Fri Feb 23 15:37:19 2018 +0100 . (see #12) trim decoded value . commit db98333cf2a456d108939402efcffe129740463c Author: bzapiec <benjamin.zapiec@gonicus.de> Date: Fri Feb 23 14:48:05 2018 +0100 . (see #12) updated Socket_Client not to use mcrypt anymore . commit 22ed57eb75b1255f70ac1926824a8dc19edd2431 Author: bzapiec <benjamin.zapiec@gonicus.de> Date: Fri Feb 23 14:09:00 2018 +0100 . refs #12 first patchset to migrate from mcrypt to openssl encryption library . - use openssl library for password encryption in gosa.conf |
Benjamin Zapiec <bzapiec@gonicus.de> | no | |||
| 0009_mcrypt2openssl_systems-no-gosasi.patch | [PATCH] revert initial changes to remove gosa-si DaemonEvents remain available | bzapiec <benjamin.zapiec@gonicus.de> | no | 2018-02-28 | ||
| 0010_mcrypt2openssl_goto-no-gosasi.patch | [PATCH] re-enable goto plugin without gosa-si dependencies | bzapiec <benjamin.zapiec@gonicus.de> | no | 2018-02-28 | ||
| 0011_mcrypt2openssl_mail-no-gosasi.patch | [PATCH] remove dependencies to gosa-si and the client implementation | bzapiec <benjamin.zapiec@gonicus.de> | no | 2018-02-26 | ||
| 0012_using-the-correct-encryption-method.patch | [PATCH] (see #13) using the correct encryption method | bzapiec <benjamin.zapiec@gonicus.de> | no | 2018-04-04 | ||
| 2001_fix-smarty-location.patch | Adapt location for debian packaged smarty | Cajus Pollmeier <cajus@debian.org> | no | |||
| 2002_fix-template-location.patch | Fix location of configuration template. | Cajus Pollmeier <cajus@debian.org> | no | |||
| 2003_fix-class-mapping.patch | Fix location of auto-generated class mapping file | Cajus Pollmeier <cajus@debian.org> | no | |||
| 2004_fix-locale-location.patch | Fixed location of auto-generated locales | Cajus Pollmeier <cajus@debian.org> | no | |||
| 2005_allow-Debian-blends-to-override-gosa-conf.patch | Debian Edu and Debian LAN take care of maintaining its own version of gosa.conf | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 2006_apache2-private-tmp.patch | Hint admin to disable Apache2's PrivateTmp feature during setup | Wolfgang Schweer <w.schweer@gmx.de> | no | |||
| 0013_escape-html-entities-for-uid-to-avoid-code-execution-CVE-2018-1000528.patch | [PATCH] (see #14) escape html entities for uid to avoid code execution | bzapiec <benjamin.zapiec@gonicus.de> | no | 2018-06-04 | ||
| 1040_inactive_pwd_fields_when_using_pwd_proposal.patch | Disable password fields if password proposal gets selected as new password by the user. | Christian Schwamborn <christian.schwamborn@nswit.de> | no | |||
| 1041_ref_param_error_in_My_Parser.patch | Compat fix for PHP > 5.4. Hand over real variable to function. | Christian Schwamborn <christian.schwamborn@nswit.de> | no | |||
| 1042_add_option_to_disable_autocomplete.patch | Support disabling autocompletion in search boxes via config option.Abstract: Gives the site admin a work-around for the following issue: . Some browsers (e.g. Safari) create a 2sec delay for each character typed into a search box. . Other browsers (e.g. Firefox) interpret the ENTER key badly when autocompletion is enabled. Search results become borked by a combined search result of autocompletion result and what you actually typed into the search box. . Furthermore, with disabled autocompletion, user lists in group objects don't become flawed (empty) after some usage steps. (The relation to the above phenomena is unclear, though). |
Christian Schwamborn <christian.schwamborn@nswit.de> | no | |||
| 0014_latest-gosa-conf.patch | Enable netgroup, pwreset and school-manager plugins by default | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | |||
| 1043_smarty-add-on-function-param-types.patch | Use correct smarty3 API.Abstract. For the {render} add-on block, drop the &$smarty reference parameter entirely. . Drop the complete {tr} add-on block. Not registered as a plugin, not used. . For the add-on image and add-on factory functions, switch from reference &$smarty to value $smarty. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | yes | |||
| 1044_crypto-transition-without-mcrypt.patch | No need to let this script depend on php-mcrypt | Dominik George <natureshadow@debian.org> | yes | |||
| 1045_dont_use_filter_caching.patch | Disable flawed filter caching (which works via storing unserialized objects in $_SESSION)Abstract: All required information is in the above upstream bug report. . This patch has work-around status. It is no proper solution. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | yes | |||
| 1046_CVE-2019-11187_stricter-ldap-error-check.patch | [PATCH] Merge branch 'stricter-ldap-error-check' into '1.4-dev' :ambulance: fix(ldap) Use a stricter error check in ldap::success() See merge request fusiondirectory/fd!648 (cherry picked from commit 29ca9876df28e45bb8f4f8960f3760c336936dfc) [sunweaver (Debian)] Ported over from FD to GOsa². 23936352 :ambulance: fix(ldap) Use a stricter error check in ldap::success() |
=?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be> | no | 2019-07-29 | ||
| 1047_CVE-2019-14466-1_replace_unserialize_with_json_encode+json_decode.patch | [PATCH] Replace (un)serialize with json_encode/json_decode | Fabian Henneke <fabian@henneke.me> | no | 2019-07-29 | ||
| 1047_CVE-2019-14466-2_replace_unserialize_with_json_encode+json_decode.patch | [PATCH] Fix the decoding of filter settings cookie Previously, the use of json_decode without a second paramter meant that an stdClass was returned, which does not allow access to properties via the index operator. Instead, we now use json_decode(..., true) to return an associative array. In order to prevent any type shenanigans, we also ensure whether the returned value is an array and if not, replace it with an empty one. |
Fabian Henneke <fabian@henneke.me> | no | 2019-08-16 | ||
| 1048_gosa-cred-encrypt-decrypt-php-7.4.patch | diff -u a/gosa-core/functions.inc b/gosa-core/functions.inc | no | ||||
| 1049_gosa-fix-filterlocklabelimage.patch | Use NULL as default for $userPassword in filterLockImage() and filterLockLabel(). | Frederik Himpe <fhimpe@ai.vub.ac.be> | no | |||
| 1050_implode-syntax-php74.patch | Use PHP 7.4 compliant implode() syntax. diff -ur a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc |
Wolfgang Schweer <w.schweer@gmx.de> | no | |||
| 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch | [PATCH] openldap/gosa-samba3.*: Provide 'alias' attribute description by objectClass 'gosaMailAccount'. A very common use case in LDAP stored mail accounts is the definition of a primary mail address and mail address aliases. The add-on module gosa-plugin-mailaddress provides a field for adding e-mail aliases to user mail accounts. Up to now, the 'alias' attribute has only been provided to user accounts that were set up as kolabInetOrgPerson based accounts. With this change, the 'alias' attribute description gets provided for usual gosaMailAccount based accounts. This change comes together with a schema change in GOsa²'s kolab2.schema (where we comment out the 'alias' attribute description). Normally, Kolab Users maintained via GOsa² have the 'gosaMailAccount' objectClass already set, so 'alias' gets provided via gosa-samba3.schema all fine. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | 2021-05-25 | ||
| 1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch | [PATCH] contrib/kolab2.*: Comment out 'alias' attribute type. There has been filed a proposal to move the 'alias' attribute type over to gosa-samba3.schema (in gosa-core) to support the 'alias' attribute type for simple gosaMailAccount based user accounts. For more information, see https://github.com/gosa-project/gosa-core/pull/36. |
Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | no | 2021-05-25 | ||
| 1053_check-countable-before-using-count-on-variable.patch | Only count what's countable. | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | yes |