rpms/mantis/FC-4 sources,1.4,1.5 mantis.spec,1.7,1.8

[Enrico Scholz (ensc)]

Author: ensc

Update of /cvs/extras/rpms/mantis/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27100/FC-4

Modified Files:
	sources mantis.spec 
Log Message:
- SECURITY: release 0.19.4
  * File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
  * Injection Vulnerabilities in Filters (TKADV2005-11-002)
  * SQL Injection in manage user page (TKADV2005-11-002)
  * HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
  * Port XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
- removed x-permission from most files



Index: sources
===================================================================
RCS file: /cvs/extras/rpms/mantis/FC-4/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources	27 Oct 2005 17:26:44 -0000	1.4
+++ sources	23 Dec 2005 15:46:58 -0000	1.5
@@ -1 +1 @@
-b3c1d9f6f66bc5e7e236cc9449aa3ced  mantis-0.19.3.tar.gz
+6dd7282469f7be4fb2eeaff92942f448  mantis-0.19.4.tar.gz


Index: mantis.spec
===================================================================
RCS file: /cvs/extras/rpms/mantis/FC-4/mantis.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- mantis.spec	27 Oct 2005 17:26:44 -0000	1.7
+++ mantis.spec	23 Dec 2005 15:46:58 -0000	1.8
@@ -8,7 +8,7 @@
 
 Summary:	Web-based bugtracking system
 Name:		mantis
-Version:	0.19.3
+Version:	0.19.4
 Release:	%release_func 1
 License:	GPL
 Group:		Applications/Internet
@@ -59,7 +59,7 @@
 %patch1 -p1 -b .noexamplecom
 %patch2 -p1 -b .noadmin
 
-chmod -x *.php
+chmod -x *.php sql/*
 rm -rf packages
 
 sed -e '$s!CONCAT.*!md5(random()*random())||md5(now()));!;
@@ -95,6 +95,22 @@
 mv $RPM_BUILD_ROOT%pkgdir/mantis_offline.php.sample $RPM_BUILD_ROOT%cfgdir/
 mv $RPM_BUILD_ROOT%pkgdir/config_inc.php.sample     $RPM_BUILD_ROOT%cfgdir/config_inc.php
 
+for i in $(find $RPM_BUILD_ROOT -type f -regex '.*\.\(php\|txt\|gif\|png\|css\|htm\|dtd\|xsl\|sql\|js\|bak\|xml\)$' -perm +0111); do
+	case $i in
+		(*.php)
+			if ! sed '1p;d' "$i" | grep -q '^#!'; then
+			   chmod a-x "$i"
+			elif sed '1p;d' "$i" | grep -q '/usr/local/bin/php'; then
+			   sed -i -e '1s!/usr/local/bin/php!/usr/bin/php!' "$i"
+			fi
+			;;
+		(*.bak)		rm -f "$i";;
+		(*)		chmod a-x "$i";;
+	esac
+done
+
+chmod -x $RPM_BUILD_ROOT%pkgdir/{doc/*,core/phpmailer/{README,LICENSE}}
+
 ln -s %cfgdir/config_inc.php	   $RPM_BUILD_ROOT%pkgdir/config_inc.php
 ln -s %cfgdir/mantis_offline.php $RPM_BUILD_ROOT%pkgdir/mantis_offline.php
 
@@ -138,6 +154,15 @@
 
 
 %changelog
+* Fri Dec 23 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.19.4-1
+- SECURITY: release 0.19.4
+  * File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
+  * Injection Vulnerabilities in Filters (TKADV2005-11-002)
+  * SQL Injection in manage user page (TKADV2005-11-002)
+  * HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
+  * Port XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
+- removed x-permission from most files
+
 * Thu Oct 27 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.19.3-1
 - updated to 0.19.3 (SECURITY)
 - minor spec file cleanups