[bugzilla/f21] - Update to 4.4.8 (fixes regressions in 4.4.7 which itself fixed security flaws) (CVE-2014-1571, C

Emmanuel Seyman eseyman at fedoraproject.org
Sat Jan 31 21:34:37 UTC 2015 

commit c1f895738807b770d9f3ed29b131d7683d1d2d11
Author: Emmanuel Seyman <emmanuel at seyman.fr>
Date:   Sat Jan 31 22:34:12 2015 +0100

    - Update to 4.4.8 (fixes regressions in 4.4.7 which itself
      fixed security flaws) (CVE-2014-1571, CVE-2014-8630)
    - Remove bundled binary files (#1000245)
    - Add webdot directory perms to apache configuration

 bugzilla-httpd-conf |    4 ++++
 bugzilla.spec       |   10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletions(-)
---
diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf
index 45ec051..1ed7679 100644
--- a/bugzilla-httpd-conf
+++ b/bugzilla-httpd-conf
@@ -17,3 +17,7 @@ Alias /bugzilla /usr/share/bugzilla
   AddType application/vnd.mozilla.xul+xml .xul
   AddType application/rdf+xml .rdf
 </Directory>
+
+<Directory /var/lib/bugzilla/data/webdot>
+  Require all granted
+</Directory>
diff --git a/bugzilla.spec b/bugzilla.spec
index f37e0ee..ade8a7f 100644
--- a/bugzilla.spec
+++ b/bugzilla.spec
@@ -4,7 +4,7 @@
 Summary: Bug tracking system
 URL: http://www.bugzilla.org/
 Name: bugzilla
-Version: 4.4.6
+Version: 4.4.8
 Group: Applications/Publishing
 Release: 1%{?dist}
 License: MPLv1.1
@@ -108,6 +108,8 @@ rm -f Bugzilla/Constants.pm.orig
 rm -f Bugzilla/Install/Requirements.pm.orig
 # Remove bundled libs
 rm -rf lib/CGI*
+# Remove bundled binary files
+rm -f js/yui/*/*.swf
 # these files are only used for testing Bugzilla code
 # see https://bugzilla.mozilla.org/show_bug.cgi?id=995209
 rm Build.PL MANIFEST.SKIP
@@ -224,6 +226,12 @@ popd > /dev/null)
 %{bzinstallprefix}/bugzilla/contrib/Bugzilla.pm
 
 %changelog
+* Sat Jan 31 2015 Emmanuel Seyman <emmanuel at seyman.fr> - 4.4.8-1
+- Update to 4.4.8 (fixes regressions in 4.4.7 which itself
+  fixed security flaws) (CVE-2014-1571, CVE-2014-8630)
+- Remove bundled binary files (#1000245)
+- Add webdot directory perms to apache configuration
+
 * Wed Oct 08 2014 Emmanuel Seyman <emmanuel at seyman.fr> - 4.4.6-1
 - Update to 4.4.6

More information about the scm-commits mailing list