[Rt-commit] rt branch, 3.8.9-releng, updated. rt-3.8.9rc1-14-g0805801

Kevin Falcone falcone at bestpractical.com
Wed Jan 19 19:24:37 EST 2011 

The branch, 3.8.9-releng has been updated
       via  08058010f2f2ab16b73e7e5b59b2f47c744c7ce2 (commit)
       via  e01f7de9875f3c96f3fe304d897826b4ab7935d4 (commit)
       via  390a444165c03cbfb7974fcbb8315b3654ca9029 (commit)
       via  404c473d367ebb6219cd4cc2da914b8c42d01a2f (commit)
       via  2ba267bd4f9dbca142e5fd4f20eb4e0a706ed3f9 (commit)
       via  a620b8bb60eee12c0fe6c988417b7090eaabfbd8 (commit)
       via  63abc24227975ec7f31ff103355bb874d7e805b0 (commit)
       via  b4073b3172b0a3165ef5ca07f6aa0a2918a2edfd (commit)
       via  eed01cfa281e4f1afc413949ec74da916cf7b7e6 (commit)
       via  bef216fc7dad54487d43d83954c8a30cd6fb126a (commit)
       via  4069372f8de3563e0a11bd47be722678bd1c01cf (commit)
       via  5d5c2218b8ce4d6053009113fa29fe3af60f1475 (commit)
       via  bbe970f1ef6299eadc5827c182f83aa744809ec9 (commit)
       via  33739de717f4bfd11d0e2067d7f75c6641d95498 (commit)
      from  2dfb3db7675d774721d73ff04f9a131f3af043ac (commit)

Summary of changes:
 .gitignore                          |    1 +
 UPGRADING                           |   10 ++++
 configure.ac                        |    3 +-
 etc/upgrade/vulnerable-passwords.in |   93 +++++++++++++++++++++++++++++++++++
 lib/RT/Config.pm                    |    4 +-
 lib/RT/User_Overlay.pm              |   64 +++++++++++++++---------
 sbin/rt-test-dependencies.in        |    1 +
 share/html/Elements/Logout          |    7 +--
 share/html/NoAuth/Logout.html       |    7 ++-
 t/api/password-types.t              |   31 ++++++++++++
 10 files changed, 189 insertions(+), 32 deletions(-)
 create mode 100755 etc/upgrade/vulnerable-passwords.in
 create mode 100644 t/api/password-types.t

- Log -----------------------------------------------------------------
commit e01f7de9875f3c96f3fe304d897826b4ab7935d4
Merge: 2dfb3db 390a444
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jan 19 16:57:05 2011 -0500

    Merge branch '3.8-trunk' into 3.8.9-releng

diff --cc UPGRADING
index 54bd218,78099f0..6466a36
--- a/UPGRADING
+++ b/UPGRADING
@@@ -20,9 -20,19 +20,19 @@@ well
  *******
  UPGRADING FROM 3.8.8 and earlier - Changes:
  
+ Previous versions of RT used a password hashing scheme which was too
+ easy to reverse, which could allow attackers with read access to the
+ RT database to possibly compromise users' passwords.  Even if RT does
+ no password authentication itself, it may still store these weak
+ password hashes -- using ExternalAuth does not guarantee that you are
+ not vulnerable!  To upgrade stored passwords to a stronger hash, run:
+ 
+     perl etc/upgrade/vulnerable-passwords
+ 
+ 
  We've proved that it's possible to delete set of records
  from Transactions table without losing functionality. To delete
 -record run the following script:
 +records run the following script:
  
      perl -I /opt/rt3/local/lib -I /opt/rt3/lib etc/upgrade/shrink_transactions_table.pl
  

commit 08058010f2f2ab16b73e7e5b59b2f47c744c7ce2
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Jan 19 16:57:24 2011 -0500

    Bump version for 3.8.9rc2

diff --git a/configure.ac b/configure.ac
index 93dfe2c..cf17a7f 100755
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@ AC_REVISION($Revision$)dnl
 
 dnl Setup autoconf
 AC_PREREQ([2.53])
-AC_INIT(RT, 3.8.9rc1, [rt-bugs at bestpractical.com])
+AC_INIT(RT, 3.8.9rc2, [rt-bugs at bestpractical.com])
 AC_CONFIG_SRCDIR([lib/RT.pm.in])
 
 dnl Extract RT version number components

-----------------------------------------------------------------------

More information about the Rt-commit mailing list