From bc593af1310990d58ed0ec3327e2eef1d2088057 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 3 Jul 2018 07:57:46 +0200
Subject: add upstream patch to fix SQL injection CVE-2018-13049

---
 3391f10eacec880aebcd4297bd2658ae13473947.patch | 22 ++++++++++++++++++++++
 glpi.spec                                      |  8 +++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 3391f10eacec880aebcd4297bd2658ae13473947.patch

diff --git a/3391f10eacec880aebcd4297bd2658ae13473947.patch b/3391f10eacec880aebcd4297bd2658ae13473947.patch
new file mode 100644
index 0000000..85ab682
--- /dev/null
+++ b/3391f10eacec880aebcd4297bd2658ae13473947.patch
@@ -0,0 +1,22 @@
+From 3391f10eacec880aebcd4297bd2658ae13473947 Mon Sep 17 00:00:00 2001
+From: Johan Cwiklinski <jcwiklinski@teclib.com>
+Date: Mon, 2 Jul 2018 08:12:32 +0200
+Subject: [PATCH] Cast limits to integer; fixes #4270
+
+---
+ inc/search.class.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/inc/search.class.php b/inc/search.class.php
+index 79c32856bd..b6f684be26 100644
+--- a/inc/search.class.php
++++ b/inc/search.class.php
+@@ -890,7 +890,7 @@ static function constructSQL(array &$data) {
+       $numrows = 0;
+       //No search : count number of items using a simple count(ID) request and LIMIT search
+       if ($data['search']['no_search']) {
+-         $LIMIT = " LIMIT ".$data['search']['start'].", ".$data['search']['list_limit'];
++         $LIMIT = " LIMIT ".(int)$data['search']['start'].", ".(int)$data['search']['list_limit'];
+ 
+          // Force group by for all the type -> need to count only on table ID
+          if (!isset($searchopt[1]['forcegroupby'])) {
diff --git a/glpi.spec b/glpi.spec
index 70bd590..49f16e8 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -48,7 +48,7 @@
 
 Name:           %{gh_project}
 Version:        9.2.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -68,6 +68,8 @@ Source6:        %{name}-minify.php
 # Override PHP configuration for php-fpm
 Source7:        %{name}-user.ini
 
+Patch0:         https://github.com/glpi-project/glpi/commit/3391f10eacec880aebcd4297bd2658ae13473947.patch
+
 BuildArch:      noarch
 BuildRequires:  gettext
 BuildRequires:  php-cli
@@ -283,6 +285,7 @@ techniciens grâce à une maintenance plus cohérente.
 
 %prep
 %setup -q -n %{name}-%{gh_commit}
+%patch0 -p1
 
 grep %{version} inc/define.php
 
@@ -573,6 +576,9 @@ fi
 
 
 %changelog
+* Tue Jul  3 2018 Remi Collet <remi@remirepo.net> - 9.2.4-2
+- add upstream patch to fix SQL injection CVE-2018-13049
+
 * Thu Jun 21 2018 Remi Collet <remi@remirepo.net> - 9.2.4-1
 - update to 9.2.4
 
-- 
cgit