SPECS: mantis.spec - patch from gentoo (debian): SQL injection and...

glen glen at pld-linux.org
Sat Sep 24 15:29:13 CEST 2005 

Author: glen                         Date: Sat Sep 24 13:29:13 2005 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- patch from gentoo (debian): SQL injection and XSS (CAN-2005-255{6-7})

---- Files affected:
SPECS:
   mantis.spec (1.23 -> 1.24) 

---- Diffs:

================================================================
Index: SPECS/mantis.spec
diff -u SPECS/mantis.spec:1.23 SPECS/mantis.spec:1.24
--- SPECS/mantis.spec:1.23	Sat Sep 24 15:14:26 2005
+++ SPECS/mantis.spec	Sat Sep 24 15:29:07 2005
@@ -4,19 +4,20 @@
 #
 # TODO
 # - security http://security.gentoo.org/glsa/glsa-200509-16.xml
+# - put admin/ dir to separate -setup package which can be installed only at first time install
 
 Summary:	The Mantis bug tracker
 Summary(pl):	Mantis - system kontroli błędów
 Name:		mantis
-# %%define		sub_ver rc1
 Version:	0.19.2
-Release:	1.4
+Release:	1.5
 License:	GPL
 Group:		Development/Tools
 Source0:	http://dl.sourceforge.net/mantisbt/%{name}-%{version}.tar.gz
 # Source0-md5:	042c42c6de3bc536181391c1e9b25db3
 Source1:	%{name}-doc-PLD.tar.gz
 Source2:	%{name}.conf
+Patch0:		%{name}-debian.patch
 URL:		http://mantisbt.sourceforge.net/
 BuildRequires:	rpmbuild(macros) >= 1.226
 Requires(triggerpostun):	sed >= 4.0
@@ -39,9 +40,11 @@
 MySQL oraz PHP.
 
 %prep
-%setup -q -c -a1
+%setup -q -a1
+%patch0 -p1
 find . -type d -name CVS | xargs rm -rf
 find . -type f -name .cvsignore | xargs rm -rf
+find '(' -name '*~' -o -name '*.orig' ')' | xargs -r rm -v
 
 %build
 
@@ -49,10 +52,9 @@
 rm -rf $RPM_BUILD_ROOT
 install -d $RPM_BUILD_ROOT{%{_mantisdir}/doc,%{_sysconfdir}}
 
-cp -af mantis-%{version}/{*.php,admin,core,css,graphs,images,javascript,lang,sql} $RPM_BUILD_ROOT%{_mantisdir}
-# cp -af mantis-%{version}/doc/faq.* $RPM_BUILD_ROOT%{_mantisdir}/doc/
+cp -af {*.php,admin,core,css,graphs,images,javascript,lang,sql} $RPM_BUILD_ROOT%{_mantisdir}
 
-sed -e 's/root/mysql/g' mantis-%{version}/config_inc.php.sample > $RPM_BUILD_ROOT%{_sysconfdir}/config.php
+sed -e 's/root/mysql/g' config_inc.php.sample > $RPM_BUILD_ROOT%{_sysconfdir}/config.php
 ln -s %{_sysconfdir}/config.php $RPM_BUILD_ROOT%{_mantisdir}/config_inc.php
 
 mv $RPM_BUILD_ROOT{%{_mantisdir}/config_defaults_inc.php,%{_sysconfdir}/config_defaults.php}
@@ -123,7 +125,7 @@
 
 %files
 %defattr(644,root,root,755)
-%doc mantis-%{version}/doc/{CREDITS,CUSTOMIZATION,ChangeLog,INSTALL,README,UPGRADING}
+%doc doc/{CREDITS,CUSTOMIZATION,ChangeLog,INSTALL,README,UPGRADING}
 %doc PLD*
 %attr(750,root,http) %dir %{_sysconfdir}
 %attr(640,root,http) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config.php
@@ -171,6 +173,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.24  2005/09/24 13:29:07  glen
+- patch from gentoo (debian): SQL injection and XSS (CAN-2005-255{6-7})
+
 Revision 1.23  2005/09/24 13:14:26  glen
 - removed unneccessary deps
 - use apache config install triggers
@@ -197,7 +202,7 @@
 - SECURITY note (for future upgrade...)
 
 Revision 1.16  2004/08/20 08:15:27  troll
-- s@/etc@%%{_sysconfdir}@g
+- s@/etc@%{_sysconfdir}@g
 - description cosmetics
 
 Revision 1.15  2004/08/20 07:04:51  ciesiel
@@ -240,7 +245,7 @@
 Revision 1.3  2003/06/30 11:34:15  ankry
 - some fixes by Marek Ciesielski <marekc at klub.chip.pl>
 - sync English description with Polish one
-- slightly modified %%post
+- slightly modified %post
 
 Revision 1.2  2003/06/28 14:55:39  qboosh
 - removed preun (customized config file shouldn't be removed!)
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/mantis.spec?r1=1.23&r2=1.24&f=u

More information about the pld-cvs-commit mailing list