[ocsinventory] update to 2.0.5 (security fixes)
Remi Collet
remi at fedoraproject.org
Thu Apr 5 16:32:46 UTC 2012
commit 4f2e96cae7ccef62dc7794fac300e3ac19a86034
Author: remi <fedora at famillecollet.com>
Date: Thu Apr 5 18:31:34 2012 +0200
update to 2.0.5 (security fixes)
.gitignore | 1 +
ocsinventory-reports.conf | 10 ++++--
ocsinventory.spec | 35 +++++++-----------
ocsng-httpd24.patch | 88 +++++++++++++++++++++++++++++++++++++++++++++
ocsng-systemcas.patch | 35 ------------------
sources | 2 +-
6 files changed, 110 insertions(+), 61 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b888171..8211283 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
OCSNG_UNIX_SERVER-1.3.2.tar.gz
/OCSNG_UNIX_SERVER-1.3.3.tar.gz
/OCSNG_UNIX_SERVER-2.0.4.tar.gz
+/OCSNG_UNIX_SERVER-2.0.5.tar.gz
diff --git a/ocsinventory-reports.conf b/ocsinventory-reports.conf
index 2c2b86c..82983e4 100644
--- a/ocsinventory-reports.conf
+++ b/ocsinventory-reports.conf
@@ -28,9 +28,13 @@ Alias OCSREPORTS_ALIAS PATH_TO_OCSREPORTS_DIR
<Directory PATH_TO_OCSREPORTS_DIR>
# By default, users can use console from everywhere
- Order deny,allow
- Allow from all
-
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
Options Indexes FollowSymLinks
DirectoryIndex index.php
diff --git a/ocsinventory.spec b/ocsinventory.spec
index 7366c42..0d46a8f 100644
--- a/ocsinventory.spec
+++ b/ocsinventory.spec
@@ -1,8 +1,4 @@
-%if %{?fedora}%{?rhel} >= 5
%global useselinux 1
-%else
-%global useselinux 0
-%endif
# Remember to change this and Source0 for each release. thanks to launchpad :(
%global tarname OCSNG_UNIX_SERVER
@@ -11,8 +7,8 @@
Name: ocsinventory
Summary: Open Computer and Software Inventory Next Generation
-Version: 2.0.4
-Release: 2%{?dist}
+Version: 2.0.5
+Release: 1%{?dist}
Group: Applications/Internet
License: GPLv2
@@ -23,7 +19,7 @@ Source0: http://launchpad.net/ocsinventory-server/stable-2.0/%{version}/+dow
Source1: ocsinventory-reports.conf
# Use system PHPCAS
-Patch0: ocsng-systemcas.patch
+Patch0: ocsng-httpd24.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -72,10 +68,7 @@ la console d'administration et le serveur de base de données (MySQL).
Group: Applications/Internet
Summary: OCS Inventory NG - Communication server
Requires: mod_perl
-%if 0%{?rhel} != 4
-# when use with mod_perl2
Requires: perl(SOAP::Transport::HTTP2)
-%endif
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
# Required by the original setup script, but not detected automatically :
# Apache::DBI drags in DBI
@@ -168,13 +161,8 @@ find %{buildroot} -type d -depth -exec rmdir {} 2>/dev/null ';'
chmod -R u+rwX,go+rX,go-w %{buildroot}/*
find %{buildroot}%{perl_vendorlib}/Apache -name \*.pm -exec chmod -x {} \;
-%if 0%{?rhel} == 4
-# To avoid bad dependency on perl(mod_perl2)
-rm -f %{buildroot}%{perl_vendorlib}/Apache/Ocsinventory/Server/Modperl2.pm
-%else
# To avoid bad dependency on perl(mod_perl) : RHEL >= 5 && Fedora >= 4
rm -f %{buildroot}%{perl_vendorlib}/Apache/Ocsinventory/Server/Modperl1.pm
-%endif
cd ..
@@ -188,15 +176,11 @@ sed -e 's;PATH_TO_LOG_DIRECTORY;%{_localstatedir}/log/ocsinventory-server;' \
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d
sed -e "s;DATABASE_SERVER;localhost;g" \
-e "s;DATABASE_PORT;3306;g" \
-%if 0%{?rhel} == 4
- -e "s;VERSION_MP;1;g" \
-%else
-e "s;VERSION_MP;2;g" \
-%endif
-e "s;PATH_TO_LOG_DIRECTORY;%{_localstatedir}/log/ocsinventory-server;g" \
-e '/OCS_OPT_EXT_USERAGENTS_FILE_PATH/s;^.*$; PerlSetEnv OCS_OPT_EXT_USERAGENTS_FILE_PATH %{_sysconfdir}/ocsinventory/ocsinventory-server/external-agents.conf;' \
- etc/ocsinventory/ocsinventory-server.conf | \
- grep -v IfModule >%{buildroot}%{_sysconfdir}/httpd/conf.d/ocsinventory-server.conf
+ etc/ocsinventory/ocsinventory-server.conf \
+ >%{buildroot}%{_sysconfdir}/httpd/conf.d/ocsinventory-server.conf
install -Dm 644 external-agents.conf \
%{buildroot}%{_sysconfdir}/ocsinventory/ocsinventory-server/external-agents.conf
@@ -217,7 +201,7 @@ sed -e '/CONF_MYSQL/s;dbconfig.inc.php;%{_sysconfdir}/ocsinventory/ocsinventory-
-e '/PHPCAS/s/^.*$/define("PHPCAS", "CAS.php");/' \
-i %{buildroot}%{_datadir}/ocsinventory-reports/ocsreports/var.php
-mkdir -p %{buildroot}%{_localstatedir}/lib/ocsinventory-reports/{download,ipd,snmp}
+mkdir -p %{buildroot}%{_localstatedir}/lib/ocsinventory-reports/{download,ipd,snmp,logs}
mkdir -p %{buildroot}%{_bindir}
install -pm 644 etc/ocsinventory/snmp_com.txt %{buildroot}%{_localstatedir}/lib/ocsinventory-reports/snmp/snmp_com.txt
@@ -314,10 +298,17 @@ fi
%attr(755,apache,root) %dir %{_localstatedir}/lib/ocsinventory-reports/ipd
%attr(755,apache,root) %dir %{_localstatedir}/lib/ocsinventory-reports/download
%attr(755,apache,root) %dir %{_localstatedir}/lib/ocsinventory-reports/snmp
+%attr(755,apache,root) %dir %{_localstatedir}/lib/ocsinventory-reports/logs
%attr(644,apache,root) %config(noreplace) %{_localstatedir}/lib/ocsinventory-reports/snmp/snmp_com.txt
%changelog
+* Thu Apr 05 2012 Remi Collet <remi at fedoraproject.org> - 2.0.5-1
+- update to 2.0.5 (security fixes)
+- add missing /var/lib/ocsinventory-reports/logs
+- fix config for httpd 2.4
+- clean EL-4 stuff
+
* Sat Feb 25 2012 Remi Collet <remi at fedoraproject.org> - 2.0.4-2
- unbundled phpcas
diff --git a/ocsng-httpd24.patch b/ocsng-httpd24.patch
new file mode 100644
index 0000000..cadd711
--- /dev/null
+++ b/ocsng-httpd24.patch
@@ -0,0 +1,88 @@
+diff -up etc/ocsinventory/ocsinventory-reports.conf.orig etc/ocsinventory/ocsinventory-reports.conf
+--- etc/ocsinventory/ocsinventory-reports.conf.orig 2012-04-05 16:41:01.000000000 +0200
++++ etc/ocsinventory/ocsinventory-reports.conf 2012-04-05 16:41:18.000000000 +0200
+@@ -24,8 +24,14 @@ Alias OCSREPORTS_ALIAS PATH_TO_OCSREPORT
+
+ <Directory PATH_TO_OCSREPORTS_DIR>
+ # By default, users can use console from everywhere
+- Order deny,allow
+- Allow from all
++ <IfModule mod_authz_core.c>
++ Require all granted
++ </IfModule>
++ <IfModule !mod_authz_core.c>
++ Order deny,allow
++ Allow from all
++ </IfModule>
++
+ Options Indexes FollowSymLinks
+ DirectoryIndex index.php
+ AllowOverride Options
+diff -up etc/ocsinventory/ocsinventory-server.conf.orig etc/ocsinventory/ocsinventory-server.conf
+--- etc/ocsinventory/ocsinventory-server.conf.orig 2012-04-05 16:41:39.000000000 +0200
++++ etc/ocsinventory/ocsinventory-server.conf 2012-04-05 17:43:31.000000000 +0200
+@@ -10,8 +10,6 @@
+ # Please refer to the General Public Licence http://www.gnu.org/ or Licence.txt
+ ################################################################################
+
+-<IfModule mod_perl.c>
+-
+ # Which version of mod_perl we are using
+ # For mod_perl <= 1.999_21, replace VERSION_MP by 1
+ # For mod_perl > 1.999_21, replace VERSION_MP by 2
+@@ -285,13 +283,24 @@
+ # "Virtual" directory for handling OCS Inventory NG agents communications
+ # Be careful, do not create such directory into your web server root document !
+ <Location /ocsinventory>
+- order deny,allow
+- allow from all
+ # If you protect this area you have to deal with http_auth_* agent's parameters
+ # AuthType Basic
+ # AuthName "OCS Inventory agent area"
+ # AuthUserFile "APACHE_AUTH_USER_FILE"
+- # require valid-user
++
++ <IfModule mod_authz_core.c>
++ <RequireAll>
++ Require all granted
++ # Require valid-user
++ </RequireAll>
++ </IfModule>
++ <IfModule !mod_authz_core.c>
++ Order deny,allow
++ Allow from all
++ # Require valid-user
++ </IfModule>
++
++
+ SetHandler perl-script
+ PerlHandler Apache::Ocsinventory
+ </Location>
+@@ -303,14 +312,22 @@
+ SetHandler perl-script
+ PerlHandler "Apache::Ocsinventory::SOAP"
+
+- # By default, you can query web service from everywhere with a valid user
+- Order deny,allow
+- Allow from all
+ AuthType Basic
+ AuthName "OCS Inventory SOAP Area"
+ # Use htpasswd to create/update soap-user (or another granted user)
+ AuthUserFile "APACHE_AUTH_USER_FILE"
+- require "SOAP_USER"
++
++ # By default, you can query web service from everywhere with a valid user
++ <IfModule mod_authz_core.c>
++ <RequireAll>
++ Require all granted
++ Require "SOAP_USER"
++ </RequireAll>
++ </IfModule>
++ <IfModule !mod_authz_core.c>
++ Order deny,allow
++ Allow from all
++ Require "SOAP_USER"
++ </IfModule>
+ </location>
+-</IfModule>
+
diff --git a/sources b/sources
index ce6e00b..75f9f94 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-791d656b455b712e60aeb9c292f380a6 OCSNG_UNIX_SERVER-2.0.4.tar.gz
+349904d03494b8fd9fc4eea1d6859729 OCSNG_UNIX_SERVER-2.0.5.tar.gz
More information about the scm-commits
mailing list