[glpi/epel7] add security fix https://forge.indepnet.net/issues/5218
Remi Collet
remi at fedoraproject.org
Tue Mar 24 09:49:36 UTC 2015
commit 875ad3db8eb9dbb447666ac5ce8d6021ce6239c2
Author: Remi Collet <remi at fedoraproject.org>
Date: Tue Mar 24 10:44:47 2015 +0100
add security fix https://forge.indepnet.net/issues/5218
(cherry picked from commit facea57d576dda9f4f2e01ec5065f38301b957b5)
.gitignore | 20 ++------------------
glpi-0.84-bug5218.patch | 15 +++++++++++++++
glpi.spec | 11 ++++++++---
3 files changed, 25 insertions(+), 21 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 554734d..3072915 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,22 +1,6 @@
-*~
clog
-glpi-0.72.4-11497.tar.gz
-/glpi-0.78.5.tar.gz
-/glpi-0.78-14966.tar.gz
-/glpi-0.80.5.tar.gz
-/glpi-0.80.6.tar.gz
-/glpi-0.80.61.tar.gz
-/glpi-0.80.7.tar.gz
-/glpi-0.83.1.tar.gz
-/glpi-0.83.2.tar.gz
-/glpi-0.83.31.tar.gz
-/glpi-0.83.4.tar.gz
-/glpi-0.83.5.tar.gz
-/glpi-0.83.6.tar.gz
-/glpi-0.83.7.tar.gz
-/glpi-0.83.8.tar.gz
-/glpi-0.83.9.tar.gz
-/glpi-0.83.91.tar.gz
+glpi-0.83*.tar.gz
+glpi-0.85*.tar.gz
/glpi-0.84.2.tar.gz
/glpi-0.84.3.tar.gz
/glpi-0.84.4.tar.gz
diff --git a/glpi-0.84-bug5218.patch b/glpi-0.84-bug5218.patch
new file mode 100644
index 0000000..062b68d
--- /dev/null
+++ b/glpi-0.84-bug5218.patch
@@ -0,0 +1,15 @@
+Index: branches/0.84-bugfixes/inc/user.class.php
+===================================================================
+--- branches/0.84-bugfixes/inc/user.class.php (révision 23406)
++++ branches/0.84-bugfixes/inc/user.class.php (révision 23407)
+@@ -556,7 +556,9 @@
+ // Add default profile
+ if (!$rulesplayed) {
+ $affectation = array();
+- if (isset($this->input['_profiles_id']) && $this->input['_profiles_id']) {
++ if (isset($this->input['_profiles_id']) && $this->input['_profiles_id']
++ && Profile::currentUserHaveMoreRightThan(array($this->input['_profiles_id']))
++ ) {
+ $profile = $this->input['_profiles_id'];
+ // Choosen in form, so not dynamic
+ $affectation['is_dynamic'] = 0;
diff --git a/glpi.spec b/glpi.spec
index f432762..042a3dc 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -1,8 +1,8 @@
# spec file for glpi
#
-# Copyright (c) 2007-2014 Remi Collet
+# Copyright (c) 2007-2015 Remi Collet
# License: CC-BY-SA
-# http://creativecommons.org/licenses/by-sa/3.0/
+# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
@@ -28,7 +28,7 @@
Name: glpi
Version: 0.84.8
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Free IT asset management software
Summary(fr): Gestion Libre de Parc Informatique
@@ -46,6 +46,7 @@ Source4: glpi-nginx.conf
Patch0: glpi-0.84-cron.patch
# Upstream security patch
Patch1: glpi-0.84-CVE-2014-9258.patch
+Patch2: glpi-0.84-bug5218.patch
BuildArch: noarch
BuildRequires: gettext
@@ -123,6 +124,7 @@ techniciens grâce à une maintenance plus cohérente.
%patch0 -p0
%patch1 -p2
+%patch2 -p2
find . -name \*.orig -exec rm {} \; -print
@@ -293,6 +295,9 @@ fi
%changelog
+* Tue Mar 24 2015 Remi Collet <remi at fedoraproject.org> - 0.84.8-4
+- add security fix https://forge.indepnet.net/issues/5218
+
* Mon Dec 22 2014 Remi Collet <remi at fedoraproject.org> - 0.84.8-3
- fix SQL Injection CVE-2014-9258
More information about the scm-commits
mailing list