[mantis] Update to 1.2.4

Gianluca Sforna giallu at fedoraproject.org
Fri Dec 17 23:40:02 UTC 2010 

commit 13b4d5383b8cf5628d2365abc7174276e753e9dc
Author: Gianluca Sforna <giallu at gmail.com>
Date:   Sat Dec 18 00:39:02 2010 +0100

    Update to 1.2.4

 .gitignore                                        |    1 +
 mantis-1.2.1-do_not_warn_on_admin_directory.patch |   14 --------------
 mantis-1.2.4-do_not_warn_on_admin_directory.patch |   18 ++++++++++++++++++
 mantis.spec                                       |    8 ++++++--
 sources                                           |    2 +-
 5 files changed, 26 insertions(+), 17 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 806de12..3154b3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 mantisbt-1.1.8.tar.gz
 /mantisbt-1.2.3.tar.gz
+/mantisbt-1.2.4.tar.gz
diff --git a/mantis-1.2.4-do_not_warn_on_admin_directory.patch b/mantis-1.2.4-do_not_warn_on_admin_directory.patch
new file mode 100644
index 0000000..cbfc651
--- /dev/null
+++ b/mantis-1.2.4-do_not_warn_on_admin_directory.patch
@@ -0,0 +1,18 @@
+diff -u -r mantisbt-1.2.4.orig/login_page.php mantisbt-1.2.4/login_page.php
+--- mantisbt-1.2.4.orig/login_page.php	2010-12-15 03:26:31.000000000 +0100
++++ mantisbt-1.2.4/login_page.php	2010-12-18 00:10:50.625614162 +0100
+@@ -186,11 +186,6 @@
+ 
+ 		# Check if the admin directory is available and is readable.
+ 		$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
+-		if ( is_dir( $t_admin_dir ) ) {
+-			echo '<div class="warning" align="center">', "\n";
+-			echo '<p><font color="red">', lang_get( 'warning_admin_directory_present' ), '</font></p>', "\n";
+-			echo '</div>', "\n";
+-		}
+ 		if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) && is_executable( $t_admin_dir ) && @file_exists( "$t_admin_dir/." ) ) {
+ 			# since admin directory and db_upgrade lists are available check for missing db upgrades
+ 			# Check for db upgrade for versions < 1.0.0 using old upgrader
+Only in mantisbt-1.2.4: login_page.php.orig
+Only in mantisbt-1.2.4: login_page.php.rej
+Only in mantisbt-1.2.4: .login_page.php.swp
diff --git a/mantis.spec b/mantis.spec
index 335e1cd..d361266 100644
--- a/mantis.spec
+++ b/mantis.spec
@@ -5,7 +5,7 @@
 
 Summary:    Web-based issue tracking system
 Name:       mantis
-Version:    1.2.3
+Version:    1.2.4
 Release:    1%{?dist}
 License:    GPLv2+
 Group:      Applications/Internet
@@ -18,7 +18,7 @@ Source1:    mantis-README.Fedora
 Patch0:     mantis-1.2.0-install_no_write_config.patch
 Patch1:     mantis-1.2.0-no_example_com.patch
 # We secure admin/ with httpd directives
-Patch2:     mantis-1.2.1-do_not_warn_on_admin_directory.patch
+Patch2:     mantis-1.2.4-do_not_warn_on_admin_directory.patch
 
 Patch3:     mantis-1.2.3-use_systems_nusoap.patch
 Patch4:     mantis-1.2.3-use_systems_phpmailer.patch
@@ -152,6 +152,10 @@ rm -rf "${RPM_BUILD_ROOT}"
 
 
 %changelog
+* Wed Dec 14 2010 Gianluca Sforna <giallu at gmail.com> - 1.2.4-1
+- New upstream release
+- Fix CVE-2010-4348, CVE-2010-4349, CVE-2010-4350 (#663299, #663230)
+
 * Fri Oct  1 2010 Gianluca Sforna <giallu at gmail.com> - 1.2.3-1
 - New upstream release
 - Fix CVE-2010-3763 (#640746)
diff --git a/sources b/sources
index 5b2907a..46a0695 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2bdefcf858643d1a212b7d8dd3d3d10b  mantisbt-1.2.3.tar.gz
+17cf76d2b343aa23500638405209f125  mantisbt-1.2.4.tar.gz

More information about the scm-commits mailing list