diff options
| author | Remi Collet <remi@remirepo.net> | 2019-03-27 16:06:47 +0100 |
|---|---|---|
| committer | Remi Collet <remi@remirepo.net> | 2019-03-27 16:06:47 +0100 |
| commit | 6c1dfcb9214ecbf010719a846c8b3b8ea38f2653 (patch) | |
| tree | b5ac692ee2b863e32edc58a95f182e78f1114bd7 /glpi.spec | |
| parent | 87c0348084cb603dd1e03474502c3ab6366e273f (diff) | |
add security fix backported from 9.4.1:
[security] Bad chevrons rendering on dropdowns
[security] Iframe and forms are rendered in rich text contents
[security] Type juggling authentication bypass
[security] Malicious images upload
[security] Password token date was not reset
[security] Prevent timed attack and enforce cookie security
Diffstat (limited to 'glpi.spec')
| -rw-r--r-- | glpi.spec | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -1,6 +1,6 @@ # Fedora/remirepo spec file for glpi # -# Copyright (c) 2007-2018 Remi Collet +# Copyright (c) 2007-2019 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # @@ -56,7 +56,7 @@ Name: %{gh_project} #global upstream_prever RC2 # use 9.3.0~RC2 < 9.3 (for plugin compatibility check) Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}} -Release: 1%{?dist} +Release: 2%{?dist} Summary: Free IT asset management software Summary(fr): Gestion Libre de Parc Informatique @@ -76,6 +76,12 @@ Source6: %{name}-minify.php # Override PHP configuration for php-fpm Source7: %{name}-user.ini +# Security patches backported from 9.4 +# https://github.com/glpi-project/glpi/pull/5606 merged +Patch1: glpi-security1.patch +# Backports +Patch2: glpi-security2.patch + BuildArch: noarch BuildRequires: gettext BuildRequires: php-cli @@ -308,6 +314,9 @@ techniciens grâce à une maintenance plus cohérente. %prep %setup -q -n %{name}-%{gh_commit} +%patch1 -p1 -b .secfix +%patch2 -p1 -b .secfix +find . -name \*.secfix -delete -print grep %{upstream_version} inc/define.php @@ -595,6 +604,15 @@ fi %changelog +* Wed Mar 27 2019 Remi Collet <remi@remirepo.net> - 9.3.3-2 +- add security fix backported from 9.4.1: + [security] Bad chevrons rendering on dropdowns + [security] Iframe and forms are rendered in rich text contents + [security] Type juggling authentication bypass + [security] Malicious images upload + [security] Password token date was not reset + [security] Prevent timed attack and enforce cookie security + * Tue Nov 27 2018 Remi Collet <remi@remirepo.net> - 9.3.3-1 - update to 9.3.3 |