Hello community, here is the log from the commit of package trytond for openSUSE:Factory checked in at 2017-04-06 11:02:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trytond (Old) and /work/SRC/openSUSE:Factory/.trytond.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trytond" Thu Apr 6 11:02:49 2017 rev:7 rq:485004 version:3.8.11 Changes: -------- --- /work/SRC/openSUSE:Factory/trytond/trytond.changes 2017-03-16 09:51:32.233773209 +0100 +++ /work/SRC/openSUSE:Factory/.trytond.new/trytond.changes 2017-04-06 11:02:53.965230199 +0200 @@ -1,0 +2,5 @@ +Mon Apr 3 20:06:18 UTC 2017 - [email protected] + +- Version 3.8.11 + +------------------------------------------------------------------- Old: ---- trytond-3.8.10.tar.gz New: ---- trytond-3.8.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trytond.spec ++++++ --- /var/tmp/diff_new_pack.RFLRBH/_old 2017-04-06 11:02:54.789113755 +0200 +++ /var/tmp/diff_new_pack.RFLRBH/_new 2017-04-06 11:02:54.789113755 +0200 @@ -20,7 +20,7 @@ %define majorver 3.8 %define base_name tryton Name: trytond -Version: %{majorver}.10 +Version: %{majorver}.11 Release: 0 Summary: An Enterprise Resource Planning system License: GPL-3.0+ ++++++ trytond-3.8.10.tar.gz -> trytond-3.8.11.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trytond-3.8.10/CHANGELOG new/trytond-3.8.11/CHANGELOG --- old/trytond-3.8.10/CHANGELOG 2017-03-10 10:12:38.000000000 +0100 +++ new/trytond-3.8.11/CHANGELOG 2017-04-03 19:22:11.000000000 +0200 @@ -1,3 +1,7 @@ +Version 3.8.11 - 2017-04-03 +* Bug fixes (see mercurial logs for details) +* Sanitize path in file_open against suffix (CVE-2017-0360) + Version 3.8.10 - 2017-03-10 * Bug fixes (see mercurial logs for details) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trytond-3.8.10/PKG-INFO new/trytond-3.8.11/PKG-INFO --- old/trytond-3.8.10/PKG-INFO 2017-03-10 10:13:00.000000000 +0100 +++ new/trytond-3.8.11/PKG-INFO 2017-04-03 19:22:25.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: trytond -Version: 3.8.10 +Version: 3.8.11 Summary: Tryton server Home-page: http://www.tryton.org/ Author: Tryton diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trytond-3.8.10/trytond/__init__.py new/trytond-3.8.11/trytond/__init__.py --- old/trytond-3.8.10/trytond/__init__.py 2017-01-05 13:15:41.000000000 +0100 +++ new/trytond-3.8.11/trytond/__init__.py 2017-03-10 10:13:27.000000000 +0100 @@ -4,7 +4,7 @@ import time from email import charset -__version__ = "3.8.10" +__version__ = "3.8.11" os.environ['TZ'] = 'UTC' if hasattr(time, 'tzset'): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trytond-3.8.10/trytond/tools/misc.py new/trytond-3.8.11/trytond/tools/misc.py --- old/trytond-3.8.10/trytond/tools/misc.py 2016-08-30 14:36:56.000000000 +0200 +++ new/trytond-3.8.11/trytond/tools/misc.py 2017-04-03 18:26:45.000000000 +0200 @@ -60,7 +60,7 @@ "Join paths and ensure it still below root" path = os.path.join(root, *paths) path = os.path.normpath(path) - if not path.startswith(root): + if not path.startswith(os.path.join(root, '')): raise IOError("Permission denied: %s" % name) return path diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trytond-3.8.10/trytond.egg-info/PKG-INFO new/trytond-3.8.11/trytond.egg-info/PKG-INFO --- old/trytond-3.8.10/trytond.egg-info/PKG-INFO 2017-03-10 10:12:53.000000000 +0100 +++ new/trytond-3.8.11/trytond.egg-info/PKG-INFO 2017-04-03 19:22:21.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: trytond -Version: 3.8.10 +Version: 3.8.11 Summary: Tryton server Home-page: http://www.tryton.org/ Author: Tryton
