rpms/mantis/FC-4 sources,1.4,1.5 mantis.spec,1.7,1.8
Enrico Scholz (ensc)
fedora-extras-commits at redhat.com
Fri Dec 23 15:46:59 UTC 2005
- Previous message (by thread): rpms/mantis/devel mantis-1.0.0rc2-noadmin.patch, NONE, 1.1 sources, 1.4, 1.5 mantis.spec, 1.7, 1.8 mantis-1.0.0a3-nonmysql.patch, 1.1, NONE mantis-0.19.2-noadmin.patch, 1.1, NONE
- Next message (by thread): rpms/kmymoney2/devel kmymoney2.spec,1.5,1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ensc
Update of /cvs/extras/rpms/mantis/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27100/FC-4
Modified Files:
sources mantis.spec
Log Message:
- SECURITY: release 0.19.4
* File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
* Injection Vulnerabilities in Filters (TKADV2005-11-002)
* SQL Injection in manage user page (TKADV2005-11-002)
* HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
* Port XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
- removed x-permission from most files
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/mantis/FC-4/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources 27 Oct 2005 17:26:44 -0000 1.4
+++ sources 23 Dec 2005 15:46:58 -0000 1.5
@@ -1 +1 @@
-b3c1d9f6f66bc5e7e236cc9449aa3ced mantis-0.19.3.tar.gz
+6dd7282469f7be4fb2eeaff92942f448 mantis-0.19.4.tar.gz
Index: mantis.spec
===================================================================
RCS file: /cvs/extras/rpms/mantis/FC-4/mantis.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- mantis.spec 27 Oct 2005 17:26:44 -0000 1.7
+++ mantis.spec 23 Dec 2005 15:46:58 -0000 1.8
@@ -8,7 +8,7 @@
Summary: Web-based bugtracking system
Name: mantis
-Version: 0.19.3
+Version: 0.19.4
Release: %release_func 1
License: GPL
Group: Applications/Internet
@@ -59,7 +59,7 @@
%patch1 -p1 -b .noexamplecom
%patch2 -p1 -b .noadmin
-chmod -x *.php
+chmod -x *.php sql/*
rm -rf packages
sed -e '$s!CONCAT.*!md5(random()*random())||md5(now()));!;
@@ -95,6 +95,22 @@
mv $RPM_BUILD_ROOT%pkgdir/mantis_offline.php.sample $RPM_BUILD_ROOT%cfgdir/
mv $RPM_BUILD_ROOT%pkgdir/config_inc.php.sample $RPM_BUILD_ROOT%cfgdir/config_inc.php
+for i in $(find $RPM_BUILD_ROOT -type f -regex '.*\.\(php\|txt\|gif\|png\|css\|htm\|dtd\|xsl\|sql\|js\|bak\|xml\)$' -perm +0111); do
+ case $i in
+ (*.php)
+ if ! sed '1p;d' "$i" | grep -q '^#!'; then
+ chmod a-x "$i"
+ elif sed '1p;d' "$i" | grep -q '/usr/local/bin/php'; then
+ sed -i -e '1s!/usr/local/bin/php!/usr/bin/php!' "$i"
+ fi
+ ;;
+ (*.bak) rm -f "$i";;
+ (*) chmod a-x "$i";;
+ esac
+done
+
+chmod -x $RPM_BUILD_ROOT%pkgdir/{doc/*,core/phpmailer/{README,LICENSE}}
+
ln -s %cfgdir/config_inc.php $RPM_BUILD_ROOT%pkgdir/config_inc.php
ln -s %cfgdir/mantis_offline.php $RPM_BUILD_ROOT%pkgdir/mantis_offline.php
@@ -138,6 +154,15 @@
%changelog
+* Fri Dec 23 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.19.4-1
+- SECURITY: release 0.19.4
+ * File Upload Vulnerability (TKADV2005-11-002) (thraxisp)
+ * Injection Vulnerabilities in Filters (TKADV2005-11-002)
+ * SQL Injection in manage user page (TKADV2005-11-002)
+ * HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
+ * Port XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
+- removed x-permission from most files
+
* Thu Oct 27 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.19.3-1
- updated to 0.19.3 (SECURITY)
- minor spec file cleanups
- Previous message (by thread): rpms/mantis/devel mantis-1.0.0rc2-noadmin.patch, NONE, 1.1 sources, 1.4, 1.5 mantis.spec, 1.7, 1.8 mantis-1.0.0a3-nonmysql.patch, 1.1, NONE mantis-0.19.2-noadmin.patch, 1.1, NONE
- Next message (by thread): rpms/kmymoney2/devel kmymoney2.spec,1.5,1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list