From f4dd8cae6b07d186eed1fbd80f1ee8d73944bf2b Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Fri, 21 Jun 2019 11:07:34 +0200
Subject: - [security] Prevent execution of XSS on rich text - [security]
 Prevent XSS attack on user picture

---
 glpi.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'glpi.spec')

diff --git a/glpi.spec b/glpi.spec
index 22aee17..e06b306 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -55,7 +55,7 @@ Name:           %{gh_project}
 %global upstream_version 9.3.4
 #global upstream_prever  RC2
 Version:        %{upstream_version}%{?upstream_prever:~%{upstream_prever}}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -75,6 +75,9 @@ Source6:        %{name}-minify.php
 # Override PHP configuration for php-fpm
 Source7:        %{name}-user.ini
 
+# Security patches
+Patch0:         https://patch-diff.githubusercontent.com/raw/glpi-project/glpi/pull/6054.patch
+
 BuildArch:      noarch
 BuildRequires:  gettext
 BuildRequires:  php-cli
@@ -308,6 +311,7 @@ techniciens grâce à une maintenance plus cohérente.
 
 %prep
 %setup -q -n %{name}-%{gh_commit}
+%patch0 -p1
 
 grep %{upstream_version} inc/define.php
 
@@ -596,6 +600,10 @@ fi
 
 
 %changelog
+* Fri Jun 21 2019 Remi Collet <remi@remirepo.net> - 9.3.4-2
+- [security] Prevent execution of XSS on rich text
+- [security] Prevent XSS attack on user picture
+
 * Thu Apr 11 2019 Remi Collet <remi@remirepo.net> - 9.3.4-1
 - update to 9.3.4
 
-- 
cgit