From fc96accb1b87c262be71a9cef5201aed4b9db0d1 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Sat, 17 Mar 2018 08:10:16 +0100
Subject: escape get keys to prevent possible xss CVE-2018-7563

---
 glpi.spec | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'glpi.spec')

diff --git a/glpi.spec b/glpi.spec
index 59406af..6cbbc99 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -1,6 +1,6 @@
 # Fedora/remirepo spec file for glpi
 #
-# Copyright (c) 2007-2017 Remi Collet
+# Copyright (c) 2007-2018 Remi Collet
 # License: CC-BY-SA
 # http://creativecommons.org/licenses/by-sa/4.0/
 #
@@ -42,7 +42,7 @@
 Name:           %{gh_project}
 Version:        9.1.7.1
 %global schema  9.1.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -59,6 +59,8 @@ Source3:        %{name}-logrotate
 Source4:        %{name}-nginx.conf
 Source5:        %{name}-fedora-autoloader.php
 
+Patch0:         https://github.com/glpi-project/glpi/commit/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
+
 BuildArch:      noarch
 BuildRequires:  gettext
 %if %{with_tests}
@@ -198,6 +200,7 @@ techniciens grâce à une maintenance plus cohérente.
 
 %prep
 %setup -q -n %{name}-%{gh_commit}
+%patch0 -p1
 
 grep %{version} config/define.php
 
@@ -454,6 +457,9 @@ fi
 
 
 %changelog
+* Sat Mar 17 2018 Remi Collet <remi@remirepo.net> - 9.1.7.1-2
+- escape get keys to prevent possible xss CVE-2018-7563
+
 * Wed Dec  6 2017 Remi Collet <remi@remirepo.net> - 9.1.7.1-1
 - update to 9.1.7.1
 
-- 
cgit