summaryrefslogtreecommitdiffstats
path: root/glpi.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-03-27 16:06:47 +0100
committerRemi Collet <remi@remirepo.net>2019-03-27 16:06:47 +0100
commit6c1dfcb9214ecbf010719a846c8b3b8ea38f2653 (patch)
treeb5ac692ee2b863e32edc58a95f182e78f1114bd7 /glpi.spec
parent87c0348084cb603dd1e03474502c3ab6366e273f (diff)
add security fix backported from 9.4.1:
[security] Bad chevrons rendering on dropdowns [security] Iframe and forms are rendered in rich text contents [security] Type juggling authentication bypass [security] Malicious images upload [security] Password token date was not reset [security] Prevent timed attack and enforce cookie security
Diffstat (limited to 'glpi.spec')
-rw-r--r--glpi.spec22
1 files changed, 20 insertions, 2 deletions
diff --git a/glpi.spec b/glpi.spec
index 618bfd1..f5d2159 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -1,6 +1,6 @@
# Fedora/remirepo spec file for glpi
#
-# Copyright (c) 2007-2018 Remi Collet
+# Copyright (c) 2007-2019 Remi Collet
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
@@ -56,7 +56,7 @@ Name: %{gh_project}
#global upstream_prever RC2
# use 9.3.0~RC2 < 9.3 (for plugin compatibility check)
Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}}
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Free IT asset management software
Summary(fr): Gestion Libre de Parc Informatique
@@ -76,6 +76,12 @@ Source6: %{name}-minify.php
# Override PHP configuration for php-fpm
Source7: %{name}-user.ini
+# Security patches backported from 9.4
+# https://github.com/glpi-project/glpi/pull/5606 merged
+Patch1: glpi-security1.patch
+# Backports
+Patch2: glpi-security2.patch
+
BuildArch: noarch
BuildRequires: gettext
BuildRequires: php-cli
@@ -308,6 +314,9 @@ techniciens grâce à une maintenance plus cohérente.
%prep
%setup -q -n %{name}-%{gh_commit}
+%patch1 -p1 -b .secfix
+%patch2 -p1 -b .secfix
+find . -name \*.secfix -delete -print
grep %{upstream_version} inc/define.php
@@ -595,6 +604,15 @@ fi
%changelog
+* Wed Mar 27 2019 Remi Collet <remi@remirepo.net> - 9.3.3-2
+- add security fix backported from 9.4.1:
+ [security] Bad chevrons rendering on dropdowns
+ [security] Iframe and forms are rendered in rich text contents
+ [security] Type juggling authentication bypass
+ [security] Malicious images upload
+ [security] Password token date was not reset
+ [security] Prevent timed attack and enforce cookie security
+
* Tue Nov 27 2018 Remi Collet <remi@remirepo.net> - 9.3.3-1
- update to 9.3.3