"setting upload_tmp_dir explicit, in case distribution set something else, which is then not included in our open_basedir"

This commit is contained in:
Ralf Becker 2010-04-05 06:53:46 +00:00
parent 35883b5ace
commit 00ad0fbb35
3 changed files with 12 additions and 60 deletions

View File

@ -31,6 +31,7 @@ Alias /egroupware /usr/share/egroupware
php_value include_path .:/usr/share/pear php_value include_path .:/usr/share/pear
php_admin_value open_basedir /usr/share/egroupware:/var/lib/egroupware:/tmp:/usr/share/pear:/usr/bin/zip:/usr/share/jpgraph:/usr/bin/tnef:/usr/bin/aspell php_admin_value open_basedir /usr/share/egroupware:/var/lib/egroupware:/tmp:/usr/share/pear:/usr/bin/zip:/usr/share/jpgraph:/usr/bin/tnef:/usr/bin/aspell
php_value upload_max_filesize 64M php_value upload_max_filesize 64M
php_admin_value upload_tmp_dir /tmp
php_value post_max_size 65M php_value post_max_size 65M
<Files ~ "\.inc\.php$"> <Files ~ "\.inc\.php$">
Order allow,deny Order allow,deny

View File

@ -18,7 +18,7 @@ $verbose = 0;
$config = array( $config = array(
'packagename' => 'eGroupware', 'packagename' => 'eGroupware',
'version' => '1.6', 'version' => '1.6',
'packaging' => '002', 'packaging' => '003-2',
'egwdir' => 'egroupware', 'egwdir' => 'egroupware',
'svndir' => '/tmp/build_root/egw_buildroot-svn', 'svndir' => '/tmp/build_root/egw_buildroot-svn',
'egw_buildroot' => '/tmp/build_root/egw_buildroot_16', 'egw_buildroot' => '/tmp/build_root/egw_buildroot_16',

View File

@ -1,5 +1,6 @@
Name: eGroupware Name: eGroupware
Version: 1.6.003 Version: 1.6.003
%define pack_no -2
Release: 1 Release: 1
Summary: EGroupware is a web-based groupware suite written in php. Summary: EGroupware is a web-based groupware suite written in php.
Group: Web/Database Group: Web/Database
@ -36,7 +37,10 @@ Prefix: /usr/share
%if 0%{?mandriva_version} %if 0%{?mandriva_version}
%define osversion %{?mandriva_version} %define osversion %{?mandriva_version}
%define distribution Mandriva %{?mandriva_version} %define distribution Mandriva %{?mandriva_version}
%define extra_requires apache php-mysql php-dom %define extra_requires apache php-mysql php-dom php-pdo_mysql php-pdo_sqlite
# try to keep build from searching (for wrong) dependencys
%undefine __find_provides
%undefine __find_requires
%endif %endif
%if 0%{?rhel_version} %if 0%{?rhel_version}
%define osversion %{?rhel_version} %define osversion %{?rhel_version}
@ -51,11 +55,11 @@ Prefix: /usr/share
Distribution: %{distribution} Distribution: %{distribution}
Source0: %{name}-%{version}.tar.bz2 Source0: %{name}-%{version}%{pack_no}.tar.gz
Source1: %{name}-egw-pear-%{version}.tar.bz2 Source1: %{name}-egw-pear-%{version}%{pack_no}.tar.bz2
Source2: %{name}-icalsrv-%{version}.tar.bz2 Source2: %{name}-icalsrv-%{version}%{pack_no}.tar.bz2
Source3: %{name}-mydms-%{version}.tar.bz2 Source3: %{name}-mydms-%{version}%{pack_no}.tar.bz2
Source4: %{name}-gallery-%{version}.tar.bz2 Source4: %{name}-gallery-%{version}%{pack_no}.tar.bz2
Source5: %{name}-rpmlintrc Source5: %{name}-rpmlintrc
Patch0: class.uiasyncservice.inc.php.patch Patch0: class.uiasyncservice.inc.php.patch
BuildRoot: /tmp/%{name}-buildroot BuildRoot: /tmp/%{name}-buildroot
@ -595,56 +599,3 @@ ln -s ../../..%{egwdatadir}/header.inc.php
%files wiki %files wiki
%defattr(-,root,root) %defattr(-,root,root)
%{egwdir}/wiki %{egwdir}/wiki
%changelog
* Tue Mar 9 2010 Ralf Becker <rb@stylite.de> 1.6.003
- eGroupware 1.6.003 security and bugfix release
- fixes 2 security problems:
+ one is a serious remote command execution (allowing to run arbitrary
commands on the web server by simply issuing a HTTP request!)
+ the other a reflected cross-site scripting (XSS)
Both require NO valid EGroupware account and work without being logged in!
- SyncML 1.2 support and many SyncML bug fixes
- many bugfixes since 1.6.002 release
* Mon Jul 20 2009 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.002
- eGroupware 1.6.002 security and bugfix release
- fixes 3 security problems:
+ FCKeditor (remote file upload)
+ tracker (XSS problem)
+ knowledgebase (SQL injection)
- added HTML Purifier as preventive measure for FCKeditor content
- tons of bugfixes since initial 1.6.001 release
* Mon Nov 24 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.001
- eGroupware 1.6.001 final 1.6 release
* Sun Nov 16 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.rc5
- eGroupware 1.6.rc5 5. release candidate for 1.6 release
* Sun Nov 9 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.rc4
- eGroupware 1.6.rc4 4. release candidate for 1.6 release
* Wed Oct 29 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.rc3
- eGroupware 1.6.rc3 3. release candidate for 1.6 release
* Wed Oct 22 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.rc2
- eGroupware 1.6.rc2 2. release candidate for 1.6 release
* Fri Oct 10 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.rc1
- eGroupware 1.6.rc1 first release candidate for 1.6 release
* Tue Jul 22 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.6.pre1
- eGroupware 1.6.pre1 first preview of upcomming 1.6 release
* Mon Apr 15 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.4.004
- eGroupware 1.4.004 FCKeditor update (2.6) & security release
* Mon Mar 19 2008 Ralf Becker <RalfBecker@outdoor-training.de> 1.4.003
- eGroupware 1.4.003 security & maintainace release
* Mon Sep 24 2007 Ralf Becker <RalfBecker@outdoor-training.de> 1.4.002
- eGroupware 1.4.002 bugfix & maintainace release
* Mon Jun 4 2007 Ralf Becker <RalfBecker@outdoor-training.de> 1.4.001
- final eGroupware 1.4 release