Hello community, here is the log from the commit of package otrs for openSUSE:Factory checked in at 2017-11-23 09:44:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otrs (Old) and /work/SRC/openSUSE:Factory/.otrs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "otrs" Thu Nov 23 09:44:30 2017 rev:55 rq:544413 version:4.0.26 Changes: -------- --- /work/SRC/openSUSE:Factory/otrs/otrs.changes 2017-10-02 16:54:29.012035121 +0200 +++ /work/SRC/openSUSE:Factory/.otrs.new/otrs.changes 2017-11-23 09:44:38.468017092 +0100 @@ -1,0 +2,18 @@ +Wed Nov 22 12:49:38 UTC 2017 - ch...@computersalat.de + +- fix for boo#1069391 (CVE-2017-16664, OSA-2017-07) + * vulnerabilities discovered in the OTRS framework: + An attacker who is logged into OTRS as an agent can request special + URLs from OTRS which can lead to the execution of shell commands + with the permissions of the web server user. +- Update to 4.0.26 + * Improved handling of spell checker. + * https://github.com/OTRS/otrs/blob/rel-4_0_26/CHANGES.md +- improve itsm-update.sh + * only package latest packages (<10) +- rebase patches + * otrs-httpd_conf.patch + * otrs-perm_test.patch +- fix permissions (SLE 11) + +------------------------------------------------------------------- Old: ---- itsm-4.0.25.tar.bz2 otrs-4.0.25.tar.bz2 New: ---- itsm-4.0.26.tar.bz2 otrs-4.0.26.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otrs.spec ++++++ --- /var/tmp/diff_new_pack.F7LPWM/_old 2017-11-23 09:44:41.755897110 +0100 +++ /var/tmp/diff_new_pack.F7LPWM/_new 2017-11-23 09:44:41.759896964 +0100 @@ -18,8 +18,8 @@ Name: otrs -%define otrs_ver 4.0.25 -%define itsm_ver 4.0.25 +%define otrs_ver 4.0.26 +%define itsm_ver 4.0.26 %define itsm_min 4 %define otrs_root /srv/%{name} %define otrsdoc_dir_files AUTHORS* CHANGES* COPYING* CREDITS README* UPGRADING.SUSE doc @@ -546,7 +546,7 @@ # var/tmp %if 0%{?suse_version} < 1140 -%dir %{otrs_root}/var/tmp +%dir %attr(2770,wwwrun,www) %{otrs_root}/var/tmp %else %verify(not user group mode) %attr(2770,wwwrun,www) %dir %{otrs_root}/var/tmp %endif ++++++ itsm-4.0.25.tar.bz2 -> itsm-4.0.26.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/itsm-4.0.25.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/itsm-4.0.26.tar.bz2 differ: char 11, line 1 ++++++ itsm-update.sh ++++++ --- /var/tmp/diff_new_pack.F7LPWM/_old 2017-11-23 09:44:41.847893752 +0100 +++ /var/tmp/diff_new_pack.F7LPWM/_new 2017-11-23 09:44:41.847893752 +0100 @@ -8,13 +8,13 @@ if [[ ${MAJOR} -eq 4 ]]; then PMINOR='3.3' PMINOR_PKG=33 - PREJECT="*3.2.9?.opm,*${PMINOR}.9?.opm" - REJECT="*${PMINOR}.9?.opm,*${MAJOR}.0.9?.opm" + PREJECT="*3.2.9?.opm,*${PMINOR}.?.opm,*${PMINOR}.9?.opm" + REJECT="*${PMINOR}.9?.opm,*${MAJOR}.0.?.opm,*${MAJOR}.0.1?.opm" elif [[ ${MAJOR} -eq 5 ]]; then PMINOR=$((${MAJOR} - 1)) PMINOR_PKG=${PMINOR} - PREJECT="*3.3.9?.opm,*${PMINOR}.0.9?.opm" - REJECT="*${PMINOR}.0.9?.opm,*${MAJOR}.0.9?.opm" + PREJECT="*${PMINOR}.?.opm,*${PMINOR}.1?.opm,*${PMINOR}.0.9?.opm" + REJECT="*${PMINOR}.0.9?.opm,*${MAJOR}.0.?.opm,*${MAJOR}.0.1?.opm" elif [[ ${MAJOR} -ge 6 ]]; then PMINOR=$((${MAJOR} - 1)) PMINOR_PKG=${PMINOR} @@ -29,6 +29,10 @@ wget -nH --cut-dirs=3 -m \ ${URL}/INSTALL-${MAJOR}.ITSM +# convert "ASCII English text, with CRLF line terminators" +# into "ASCII English text" +perl -p -i -e 's|\r\n|\n|' INSTALL-* + # get packages of current version, exclude RC's wget -nH --cut-dirs=3 -m \ -R ${REJECT} \ ++++++ otrs-4.0.25.tar.bz2 -> otrs-4.0.26.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/otrs-4.0.25.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/otrs-4.0.26.tar.bz2 differ: char 11, line 1 ++++++ otrs-perm_test.patch ++++++ --- /var/tmp/diff_new_pack.F7LPWM/_old 2017-11-23 09:44:41.911891417 +0100 +++ /var/tmp/diff_new_pack.F7LPWM/_new 2017-11-23 09:44:41.911891417 +0100 @@ -2,7 +2,7 @@ =================================================================== --- Kernel/System/Package.pm.orig +++ Kernel/System/Package.pm -@@ -3651,7 +3651,7 @@ sub _FileSystemCheck { +@@ -3654,7 +3654,7 @@ sub _FileSystemCheck { # create test files in following directories for my $Filepath (