Hello community, here is the log from the commit of package otrs for openSUSE:Factory checked in at 2018-01-06 18:48:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otrs (Old) and /work/SRC/openSUSE:Factory/.otrs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "otrs" Sat Jan 6 18:48:05 2018 rev:58 rq:561505 version:4.0.28 Changes: -------- --- /work/SRC/openSUSE:Factory/otrs/otrs.changes 2017-12-15 14:06:37.781012378 +0100 +++ /work/SRC/openSUSE:Factory/.otrs.new/otrs.changes 2018-01-06 18:48:07.966193521 +0100 @@ -1,0 +2,14 @@ +Thu Dec 28 01:24:19 UTC 2017 - chris@computersalat.de + +- fix for boo#1073747 (CVE-2017-17476, OSA-2017-10) + * Session hijacking + An attacker can send a specially prepared email to an OTRS system. + If this system has cookie support disabled, and a logged in agent + clicks a link in this email, the session information could be + leaked to external systems, allowing the attacker to take over + the agent’s session. +- Update to 4.0.28 + * https://github.com/OTRS/otrs/blob/rel-4_0_28/CHANGES.md +- improve itsm-update.sh + +------------------------------------------------------------------- Old: ---- itsm-4.0.27.tar.bz2 otrs-4.0.27.tar.bz2 New: ---- itsm-4.0.28.tar.bz2 otrs-4.0.28.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otrs.spec ++++++ --- /var/tmp/diff_new_pack.YTDAa6/_old 2018-01-06 18:48:09.974099700 +0100 +++ /var/tmp/diff_new_pack.YTDAa6/_new 2018-01-06 18:48:09.974099700 +0100 @@ -23,8 +23,8 @@ Name: otrs -%define otrs_ver 4.0.27 -%define itsm_ver 4.0.27 +%define otrs_ver 4.0.28 +%define itsm_ver 4.0.28 %define itsm_min 4 %define otrs_root /srv/%{name} %define otrsdoc_dir_files AUTHORS* CHANGES* COPYING* CREDITS README* UPGRADING.SUSE doc ++++++ itsm-4.0.27.tar.bz2 -> itsm-4.0.28.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/itsm-4.0.27.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/itsm-4.0.28.tar.bz2 differ: char 11, line 1 ++++++ itsm-update.sh ++++++ --- /var/tmp/diff_new_pack.YTDAa6/_old 2018-01-06 18:48:10.062095590 +0100 +++ /var/tmp/diff_new_pack.YTDAa6/_new 2018-01-06 18:48:10.066095403 +0100 @@ -4,6 +4,9 @@ URL='ftp://ftp.otrs.org/pub/otrs/itsm' VERSION=$(grep "%define itsm_ver" otrs.spec | cut -d' ' -f3) MAJOR=$(echo ${VERSION} | cut -d'.' -f1) +MINOR=$(echo ${VERSION} | cut -d'.' -f2) +PATCH=$(echo ${VERSION} | cut -d'.' -f3) +PPATCH=$((${PATCH} - 1)) if [[ ${MAJOR} -eq 4 ]]; then PMINOR='3.3' @@ -13,16 +16,21 @@ elif [[ ${MAJOR} -eq 5 ]]; then PMINOR=$((${MAJOR} - 1)) PMINOR_PKG=${PMINOR} - PREJECT="*${PMINOR}.?.opm,*${PMINOR}.1?.opm,*${PMINOR}.0.9?.opm" + PREJECT="*3.3.9?.opm,*${PMINOR}.0.?.opm,*${PMINOR}.0.1?.opm,*${PMINOR}.0.9?.opm" REJECT="*${PMINOR}.0.9?.opm,*${MAJOR}.0.?.opm,*${MAJOR}.0.1?.opm" elif [[ ${MAJOR} -ge 6 ]]; then PMINOR=$((${MAJOR} - 1)) PMINOR_PKG=${PMINOR} - PREJECT="*((${PMINOR}-1)).0.9?.opm,*((${MAJOR}-1)).0.9?.opm" + PREJECT="*((${PMINOR}-1)).0.9?.opm,*((${MAJOR}-1)).0.?.opm,*((${MAJOR}-1)).0.1?.opm,*((${MAJOR}-1)).0.9?.opm" REJECT="*${PMINOR}.0.9?.opm,*${MAJOR}.0.9?.opm" fi -[[ ! -d itsm-${VERSION} ]] && mkdir itsm-${VERSION} +if [[ ! -d itsm-${VERSION} ]]; then + if [[ ! -d itsm-${MAJOR}.${MINOR}.${PPATCH} ]]; then + tar xvfpj itsm-${MAJOR}.${MINOR}.${PPATCH}.tar.bz2 + mv itsm-${MAJOR}.${MINOR}.${PPATCH} itsm-${VERSION} + fi +fi cd itsm-${VERSION}/ # get INSTALL file ++++++ otrs-4.0.27.tar.bz2 -> otrs-4.0.28.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/otrs-4.0.27.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/otrs-4.0.28.tar.bz2 differ: char 11, line 1