Hello community, here is the log from the commit of package otrs for openSUSE:Factory checked in at 2018-10-01 08:17:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otrs (Old) and /work/SRC/openSUSE:Factory/.otrs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "otrs" Mon Oct 1 08:17:16 2018 rev:61 rq:638524 version:5.0.30 Changes: -------- --- /work/SRC/openSUSE:Factory/otrs/otrs.changes 2018-07-18 22:54:28.874853195 +0200 +++ /work/SRC/openSUSE:Factory/.otrs.new/otrs.changes 2018-10-01 08:17:30.209964568 +0200 @@ -1,0 +2,24 @@ +Wed Sep 26 13:33:59 UTC 2018 - chris@computersalat.de + +- Update to 5.0.30 + * https://community.otrs.com/release-notes-otrs-5s-patch-level-30/ + * https://community.otrs.com/release-notes-otrs-5s-patch-level-29/ +- fix for boo#1109822 (CVE-2018-16586, OSA-2018-05) + * Loading External Image or CSS Resources + An attacker could send a malicious email to an OTRS system. If a + logged in user opens it, the email could cause the browser to + load external image or CSS resources. +- fix for boo#1109823 (CVE-2018-16587, OSA-2018-04) + * Remote File Deletion + An attacker could send a malicious email to an OTRS system. If a user + with admin permissions opens it, it causes deletions of arbitrary + files that the OTRS web server user has write access to. +- fix for boo#1103800 (CVE-2018-14593, OSA-2018-03) + * Privilege Escalation + An attacker who is logged into OTRS as a user may escalate their + privileges by accessing a specially crafted URL. +- improve itsm-update.sh +- fix permissions file + * @OTRS_ROOT@/var/tmp -> @OTRS_ROOT@/var/tmp/ + +------------------------------------------------------------------- Old: ---- itsm-5.0.28.tar.bz2 otrs-5.0.28.tar.bz2 New: ---- itsm-5.0.30.tar.bz2 otrs-5.0.30.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otrs.spec ++++++ --- /var/tmp/diff_new_pack.rpSRPp/_old 2018-10-01 08:17:31.745963585 +0200 +++ /var/tmp/diff_new_pack.rpSRPp/_new 2018-10-01 08:17:31.745963585 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,8 +23,8 @@ Name: otrs -%define otrs_ver 5.0.28 -%define itsm_ver 5.0.28 +%define otrs_ver 5.0.30 +%define itsm_ver 5.0.30 %define itsm_min 5 %define otrs_root /srv/%{name} %define otrsdoc_dir_files AUTHORS* CHANGES* COPYING* CREDITS README* UPGRADING.SUSE doc ++++++ itsm-5.0.28.tar.bz2 -> itsm-5.0.30.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/itsm-5.0.28.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/itsm-5.0.30.tar.bz2 differ: char 11, line 1 ++++++ itsm-update.sh ++++++ --- /var/tmp/diff_new_pack.rpSRPp/_old 2018-10-01 08:17:31.805963547 +0200 +++ /var/tmp/diff_new_pack.rpSRPp/_new 2018-10-01 08:17:31.805963547 +0200 @@ -33,9 +33,11 @@ else mkdir -p itsm-${VERSION} fi + else + mv itsm-${MAJOR}.${MINOR}.${PPATCH} itsm-${VERSION} fi fi -cd itsm-${VERSION}/ +cd itsm-${VERSION}/ || exit 1 # get INSTALL file wget -nH --cut-dirs=3 -m \ ++++++ otrs-5.0.28.tar.bz2 -> otrs-5.0.30.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/otrs-5.0.28.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/otrs-5.0.30.tar.bz2 differ: char 11, line 1 ++++++ otrs.permissions ++++++ --- /var/tmp/diff_new_pack.rpSRPp/_old 2018-10-01 08:17:31.885963496 +0200 +++ /var/tmp/diff_new_pack.rpSRPp/_new 2018-10-01 08:17:31.885963496 +0200 @@ -1,4 +1,4 @@ ### DBUpdate-to-y.pl is going to write there #@OTRS_ROOT@/Kernel/Config/Files wwwrun:www 2775 #@OTRS_ROOT@/var/log otrs:www 2775 -@OTRS_ROOT@/var/tmp wwwrun:www 2770 +@OTRS_ROOT@/var/tmp/ wwwrun:www 2770