diff options
-rw-r--r-- | glpi-0.84-CVE-2014-9258.patch | 62 | ||||
-rw-r--r-- | glpi-0.84-bug5218.patch | 15 | ||||
-rw-r--r-- | glpi-0.84-cron.patch | 31 | ||||
-rw-r--r-- | glpi-config_path.php | 35 | ||||
-rw-r--r-- | glpi.spec | 83 |
5 files changed, 60 insertions, 166 deletions
diff --git a/glpi-0.84-CVE-2014-9258.patch b/glpi-0.84-CVE-2014-9258.patch deleted file mode 100644 index 97f1966..0000000 --- a/glpi-0.84-CVE-2014-9258.patch +++ /dev/null @@ -1,62 +0,0 @@ -Index: branches/0.84-bugfixes/inc/dropdown.class.php -=================================================================== ---- branches/0.84-bugfixes/inc/dropdown.class.php (révision 23260) -+++ branches/0.84-bugfixes/inc/dropdown.class.php (révision 23261) -@@ -177,6 +177,11 @@ - } - } - -+ // Manage condition -+ if (!empty($params['condition'])) { -+ $params['condition'] = static::addNewCondition($params['condition']); -+ } -+ - $param = array('searchText' => '__VALUE__', - 'value' => $params['value'], - 'itemtype' => $itemtype, -@@ -259,6 +264,11 @@ - } - } - -+ static function addNewCondition($condition) { -+ $sha1=sha1($condition); -+ $_SESSION['glpicondition'][$sha1] = $condition; -+ return $sha1; -+ } - - /** - * Get the value of a dropdown -@@ -1095,7 +1105,7 @@ - 'entity_restrict' => $entity_restrict); - - if ($onlyglobal) { -- $params['condition'] = "`is_global` = '1'"; -+ $params['condition'] = static::addNewCondition("`is_global` = '1'"); - } - Ajax::updateItemOnSelectEvent("itemtype$rand", "show_$myname$rand", - $CFG_GLPI["root_doc"]."/ajax/dropdownAllItems.php", $params); -Index: branches/0.84-bugfixes/ajax/dropdownValue.php -=================================================================== ---- branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23260) -+++ branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23261) -@@ -72,13 +72,17 @@ - $_POST['permit_select_parent'] = false; - } - --// No define rand --if (!isset($_POST['rand'])) { -+ // No define rand -+ if (!isset($_POST['rand'])) { - $_POST['rand'] = mt_rand(); - } - - if (isset($_POST['condition']) && !empty($_POST['condition'])) { -- $_POST['condition'] = rawurldecode(stripslashes($_POST['condition'])); -+ if (isset($_SESSION['glpicondition'][$_POST['condition']])) { -+ $_POST['condition'] = $_SESSION['glpicondition'][$_POST['condition']]; -+ } else { -+ $_POST['condition'] = ''; -+ } - } - - if (!isset($_POST['emptylabel']) || ($_POST['emptylabel'] == '')) { diff --git a/glpi-0.84-bug5218.patch b/glpi-0.84-bug5218.patch deleted file mode 100644 index 062b68d..0000000 --- a/glpi-0.84-bug5218.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: branches/0.84-bugfixes/inc/user.class.php -=================================================================== ---- branches/0.84-bugfixes/inc/user.class.php (révision 23406) -+++ branches/0.84-bugfixes/inc/user.class.php (révision 23407) -@@ -556,7 +556,9 @@ - // Add default profile - if (!$rulesplayed) { - $affectation = array(); -- if (isset($this->input['_profiles_id']) && $this->input['_profiles_id']) { -+ if (isset($this->input['_profiles_id']) && $this->input['_profiles_id'] -+ && Profile::currentUserHaveMoreRightThan(array($this->input['_profiles_id'])) -+ ) { - $profile = $this->input['_profiles_id']; - // Choosen in form, so not dynamic - $affectation['is_dynamic'] = 0; diff --git a/glpi-0.84-cron.patch b/glpi-0.84-cron.patch deleted file mode 100644 index 4ce17d1..0000000 --- a/glpi-0.84-cron.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -up install/install.php.orig install/install.php ---- install/install.php.orig 2013-09-29 17:04:16.326382959 +0200 -+++ install/install.php 2013-09-29 17:08:07.616396210 +0200 -@@ -350,6 +350,13 @@ function step4 ($databasename, $newdatab - $query = "UPDATE `glpi_users` - SET `language` = NULL"; - $DB->queryOrDie($query, "4203"); -+ -+ // RPM provides a good system cron -+ $query = "UPDATE `glpi_crontasks` SET `mode`=2 WHERE `name`!='watcher' AND (`allowmode` & 2)"; -+ $DB->queryOrDie($query, "4203"); -+ -+ $query = "UPDATE `glpi_configs` SET `cron_limit` = '3'"; -+ $DB->queryOrDie($query, "4203"); - } - - $link = new mysqli($host, $user, $password); -diff -up install/update.php.orig install/update.php ---- install/update.php.orig 2013-09-12 21:17:15.000000000 +0200 -+++ install/update.php 2013-09-29 17:07:53.124390070 +0200 -@@ -790,6 +790,10 @@ function updateDbUpTo031() { - $plugin = new Plugin(); - $plugin->unactivateAll(); - -+ // RPM provides a good system cron -+ $query = "UPDATE `glpi_crontasks` SET `mode`=2 WHERE `name`!='watcher' AND (`allowmode` & 2)"; -+ $DB->queryOrDie($query); -+ - DBmysql::optimize_tables($migration); - - return $ret; diff --git a/glpi-config_path.php b/glpi-config_path.php deleted file mode 100644 index 7293422..0000000 --- a/glpi-config_path.php +++ /dev/null @@ -1,35 +0,0 @@ -<?php -// for Redhat/Fedora RPM defaults - -// Config -define('GLPI_CONFIG_DIR', '/etc/glpi'); - -// Runtime Data -define('GLPI_DOC_DIR', '/var/lib/glpi/files'); -define('GLPI_DUMP_DIR', '/var/lib/glpi/files/_dumps'); -define('GLPI_CACHE_DIR', '/var/lib/glpi/files/_cache/'); -define('GLPI_CRON_DIR', '/var/lib/glpi/files/_cron'); -define('GLPI_SESSION_DIR', '/var/lib/glpi/files/_sessions'); -define('GLPI_PLUGIN_DOC_DIR', '/var/lib/glpi/files/_plugins'); -define('GLPI_LOCK_DIR', '/var/lib/glpi/files/_lock/'); -define('GLPI_GRAPH_DIR', '/var/lib/glpi/files/_graphs/'); -define('GLPI_TMP_DIR', '/var/lib/glpi/files/_tmp/'); -define('GLPI_RSS_DIR', '/var/lib/glpi/files/_rss/'); -define('GLPI_UPLOAD_DIR', '/var/lib/glpi/files/_uploads/'); -//define('GLPI_SCRIPT_DIR', - -// Log -define('GLPI_LOG_DIR', '/var/log/glpi'); - -// System libraries -define('GLPI_CACHE_LITE_DIR', 'Cache'); -define('GLPI_PHPMAILER_DIR', 'PHPMailer'); -define('GLPI_EZC_BASE', 'ezc/Base/base.php'); -define('GLPI_PHPCAS', 'CAS.php'); -define('GLPI_HTMLAWED', 'htmLawed/htmLawed.php'); -define('GLPI_ZEND_PATH', '/usr/share/php/Zend'); -define("GLPI_SIMPLEPIE_PATH", '/usr/share/php/php-simplepie'); - -// Fonts -define('GLPI_FONT_FREESANS', '/usr/share/fonts/gnu-free/FreeSans.ttf'); -?> @@ -1,4 +1,4 @@ -# spec file for glpi +# Fedora/remirepo spec file for glpi # # Copyright (c) 2007-2015 Remi Collet # License: CC-BY-SA @@ -27,26 +27,24 @@ %endif Name: glpi -Version: 0.84.8 -Release: 4%{?dist} +Version: 0.85.5 +Release: 1%{?dist} Summary: Free IT asset management software Summary(fr): Gestion Libre de Parc Informatique Group: Applications/Internet License: GPLv2+ and GPLv3+ URL: http://www.glpi-project.org/ -Source0: https://forge.indepnet.net/attachments/download/1873/glpi-0.84.8.tar.gz +# Upstream sources (not the github auto-generated archive) +Source0: https://github.com/glpi-project/%{name}/releases/download/%{version}/glpi-%{version}.tar.gz Source1: glpi-httpd.conf -Source2: glpi-config_path.php +Source2: glpi-0.85-config_path.php Source3: glpi-logrotate Source4: glpi-nginx.conf # Switch all internal cron tasks to system -Patch0: glpi-0.84-cron.patch -# Upstream security patch -Patch1: glpi-0.84-CVE-2014-9258.patch -Patch2: glpi-0.84-bug5218.patch +Patch0: glpi-0.85-cron.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch @@ -76,8 +74,8 @@ Requires: php-mysqli Requires: php-pcre Requires: php-session Requires: php-xml -Requires: php-pear(Cache_Lite) >= 1.7.4 Requires: php-PHPMailer +Requires: php-tcpdf Requires: php-pear-CAS >= 1.2.0 Requires: php-htmLawed Requires: php-simplepie @@ -88,8 +86,9 @@ Requires: php-ZendFramework2-Loader Requires: php-ZendFramework2-ServiceManager Requires: php-ZendFramework2-Stdlib Requires: php-ZendFramework2-Version +Requires: php-composer(ircmaxell/password-compat) %if 0%{?fedora} >= 11 || 0%{?rhel} >= 6 -Requires: php-pear(components.ez.no/Graph) >= 1.5 +Requires: php-composer(zetacomponents/graph) Requires: gnu-free-sans-fonts %else Requires: freefont @@ -128,8 +127,6 @@ techniciens grâce à une maintenance plus cohérente. %setup -q -n glpi %patch0 -p0 -%patch1 -p2 -%patch2 -p2 find . -name \*.orig -exec rm {} \; -print @@ -137,13 +134,19 @@ find . -name \*.orig -exec rm {} \; -print find lib -name \*.swf -exec rm {} \; -print # Use system lib -rm -rf lib/cache_lite rm -rf lib/phpmailer rm -rf lib/phpcas rm -rf lib/htmlawed rm -rf lib/Zend rm -rf lib/simplepie -rm -rf lib/ezcomponents +rm -rf lib/tcpdf +rm -rf lib/password_compat +%if 0%{?fedora} >= 11 || 0%{?rhel} >= 6 +rm -rf lib/zeta +%endif +rm -rf lib/FreeSans.ttf +: bundled JS libraries +ls lib %if 0%{?fedora} < 9 && 0%{?rhel} < 6 # fix font path on old version @@ -154,7 +157,6 @@ cp %{SOURCE2} config/config_path.php %endif mv lib/tiny_mce/license.txt LICENSE.tiny_mce -mv lib/extjs/gpl-3.0.txt LICENSE.extjs mv lib/icalcreator/lgpl.txt LICENSE.icalcreator rm scripts/glpi_cron_*.sh @@ -166,8 +168,8 @@ done cat >cron <<EOF # GLPI core -# Run cron from to execute task even when no user connected -*/3 * * * * apache %{_bindir}/php %{_datadir}/%{name}/front/cron.php +# Run cron to execute task even when no user connected +* * * * * apache %{_bindir}/php %{_datadir}/%{name}/front/cron.php EOF @@ -247,10 +249,15 @@ rm -rf %{buildroot} %if %{useselinux} ( # New File context +%if 0%{?rhel} == 5 +semanage fcontext -a -s system_u -t httpd_sys_script_rw_t -r s0 "%{_sysconfdir}/%{name}(/.*)?" +semanage fcontext -a -s system_u -t httpd_sys_script_rw_t -r s0 "%{_localstatedir}/lib/%{name}(/.*)?" +%else semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_sysconfdir}/%{name}(/.*)?" +semanage fcontext -a -s system_u -t httpd_var_lib_t -r s0 "%{_localstatedir}/lib/%{name}(/.*)?" +%endif semanage fcontext -a -s system_u -t httpd_sys_content_t -r s0 "%{_datadir}/%{name}(/.*)?" semanage fcontext -a -s system_u -t httpd_log_t -r s0 "%{_localstatedir}/log/%{name}(/.*)?" -semanage fcontext -a -s system_u -t httpd_var_lib_t -r s0 "%{_localstatedir}/lib/%{name}(/.*)?" # files created by app restorecon -R %{_sysconfdir}/%{name} restorecon -R %{_datadir}/%{name} @@ -313,11 +320,41 @@ fi %changelog -* Tue Mar 24 2015 Remi Collet <remi@fedoraproject.org> - 0.84.8-4 -- add security fix https://forge.indepnet.net/issues/5218 +* Wed Sep 16 2015 Remi Collet <remi@fedoraproject.org> - 0.85.5-1 +- update to 0.85.5 + https://github.com/glpi-project/glpi/issues?q=milestone:0.85.5 +- use system ircmaxell/password-compat + +* Wed Jun 3 2015 Remi Collet <remi@fedoraproject.org> - 0.85.4-2 +- switch from eZ component to Zeta component + +* Mon May 4 2015 Remi Collet <remi@fedoraproject.org> - 0.85.4-1 +- update to 0.85.4 + https://forge.indepnet.net/versions/1136 +- fix SELinux context on EL-5 -* Mon Dec 22 2014 Remi Collet <remi@fedoraproject.org> - 0.84.8-3 -- fix SQL Injection CVE-2014-9258 +* Fri Apr 17 2015 Remi Collet <remi@fedoraproject.org> - 0.85.3-1 +- update to 0.85.3 + https://forge.indepnet.net/versions/1118 + +* Fri Feb 27 2015 Remi Collet <remi@fedoraproject.org> - 0.85.2-2 +- add security fix https://forge.indepnet.net/issues/5218 +- add fix for temporary directory relocation + +* Wed Jan 21 2015 Remi Collet <remi@fedoraproject.org> - 0.85.2-1 +- update to 0.85.2 + https://forge.indepnet.net/versions/1110 + +* Mon Dec 22 2014 Remi Collet <remi@fedoraproject.org> - 0.85.1-2 +- increase system cron frequency and limit +- cleanup patched files + +* Wed Dec 17 2014 Remi Collet <remi@fedoraproject.org> - 0.85.1-1 +- update to 0.85.1 + 0.85 https://forge.indepnet.net/versions/539 + 0.85.1 https://forge.indepnet.net/versions/1071 +- drop dependency on pear/Cache_Lite +- add dependency on php-tcpdf * Fri Nov 7 2014 Remi Collet <remi@fedoraproject.org> - 0.84.8-2 - use httpd_var_lib_t selinux context for /var/lib/glpi |