add upstream patch to fix SQL injection CVE-2018-13049v9.1

author: Remi Collet <remi@remirepo.net> 2018-07-03 08:03:42 +0200
committer: Remi Collet <remi@remirepo.net> 2018-07-03 08:03:42 +0200
commit: 0704b08c54ba98a2310e239e1f7cdc5099cf60a4 (patch)
tree: 7b7c9e1ea81de57abb3389cf79335047b1205c83 /glpi.spec
parent: fc96accb1b87c262be71a9cef5201aed4b9db0d1 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/glpi.spec b/glpi.spec
index 6cbbc99..95a1d4c 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -42,7 +42,7 @@
 Name:           %{gh_project}
 Version:        9.1.7.1
 %global schema  9.1.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -60,6 +60,7 @@ Source4:        %{name}-nginx.conf
 Source5:        %{name}-fedora-autoloader.php
 
 Patch0:         https://github.com/glpi-project/glpi/commit/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
+Patch1:         https://github.com/glpi-project/glpi/commit/3391f10eacec880aebcd4297bd2658ae13473947.patch
 
 BuildArch:      noarch
 BuildRequires:  gettext
@@ -201,6 +202,7 @@ techniciens grâce à une maintenance plus cohérente.
 %prep
 %setup -q -n %{name}-%{gh_commit}
 %patch0 -p1
+%patch1 -p1
 
 grep %{version} config/define.php
 
@@ -457,6 +459,9 @@ fi
 
 
 %changelog
+* Tue Jul  3 2018 Remi Collet <remi@remirepo.net> - 9.1.7.1-3
+- add upstream patch to fix SQL injection CVE-2018-13049
+
 * Sat Mar 17 2018 Remi Collet <remi@remirepo.net> - 9.1.7.1-2
 - escape get keys to prevent possible xss CVE-2018-7563
author	Remi Collet <remi@remirepo.net>	2018-07-03 08:03:42 +0200
committer	Remi Collet <remi@remirepo.net>	2018-07-03 08:03:42 +0200
commit	0704b08c54ba98a2310e239e1f7cdc5099cf60a4 (patch)
tree	7b7c9e1ea81de57abb3389cf79335047b1205c83 /glpi.spec
parent	fc96accb1b87c262be71a9cef5201aed4b9db0d1 (diff)