[bugzilla/f20] - Update to 4.2.13 (fixes regressions in 4.2.12 which itself fixed security flaws) (CVE-2014-1571,

Emmanuel Seyman eseyman at fedoraproject.org
Sat Jan 31 21:49:05 UTC 2015 

commit 2149a6b13a9e961f2387f226b38182fae94f6b9d
Author: Emmanuel Seyman <emmanuel at seyman.fr>
Date:   Sat Jan 31 22:48:25 2015 +0100

    - Update to 4.2.13 (fixes regressions in 4.2.12 which itself
      fixed security flaws) (CVE-2014-1571, CVE-2014-8630)
    - Remove bundled binary files (#1000245)
    - Add webdot directory perms to apache configuration

 .gitignore          |    1 +
 bugzilla-httpd-conf |    4 ++++
 bugzilla.spec       |   10 +++++++++-
 sources             |    2 +-
 4 files changed, 15 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 149269c..86b8390 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ bugzilla-3.6.1.tar.gz
 /bugzilla-4.2.9.tar.gz
 /bugzilla-4.2.10.tar.gz
 /bugzilla-4.2.11.tar.gz
+/bugzilla-4.2.13.tar.gz
diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf
index 45ec051..1ed7679 100644
--- a/bugzilla-httpd-conf
+++ b/bugzilla-httpd-conf
@@ -17,3 +17,7 @@ Alias /bugzilla /usr/share/bugzilla
   AddType application/vnd.mozilla.xul+xml .xul
   AddType application/rdf+xml .rdf
 </Directory>
+
+<Directory /var/lib/bugzilla/data/webdot>
+  Require all granted
+</Directory>
diff --git a/bugzilla.spec b/bugzilla.spec
index a80a219..cbc4bd3 100644
--- a/bugzilla.spec
+++ b/bugzilla.spec
@@ -4,7 +4,7 @@
 Summary: Bug tracking system
 URL: http://www.bugzilla.org/
 Name: bugzilla
-Version: 4.2.11
+Version: 4.2.13
 Group: Applications/Publishing
 Release: 1%{?dist}
 License: MPLv1.1
@@ -108,6 +108,9 @@ rm -f Bugzilla/Constants.pm.orig
 rm -f Bugzilla/Install/Requirements.pm.orig
 # Remove bundled libs
 rm -rf lib/CGI*
+# Remove bundled binary files
+rm -f js/yui/*/*.swf
+
 # these files are only used for testing Bugzilla code
 # see https://bugzilla.mozilla.org/show_bug.cgi?id=995209
 rm Build.PL MANIFEST.SKIP
@@ -218,6 +221,11 @@ popd > /dev/null)
 %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl
 
 %changelog
+- Update to 4.2.13 (fixes regressions in 4.2.12 which itself
+  fixed security flaws) (CVE-2014-1571, CVE-2014-8630)
+- Remove bundled binary files (#1000245)
+- Add webdot directory perms to apache configuration
+
 * Wed Oct 08 2014 Emmanuel Seyman <emmanuel at seyman.fr> - 4.2.11-1
 - Update to 4.2.11 (CVE-2014-157, CVE-2014-1573 and CVE-2014-1571)
 
diff --git a/sources b/sources
index 293fd92..bc9dd67 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6d25ea79951984d60639f23ffe20b4ec  bugzilla-4.2.11.tar.gz
+634f12a9a899cbe2a28f9b83d214a520  bugzilla-4.2.13.tar.gz

More information about the perl-devel mailing list