Пакет typo3_src: Specfile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 | # Speed-up build process %define _verify_elf_method skip %define _strip_method none %define t3branch 4.3 %define beta %nil Name: typo3_src Version: 4.3.13 Release: alt0.M51.1 Summary: A free, feature rich, Content Management Framework/System License: GPL Group: Networking/Other Url: http://www.typo3.org Source: %name-%version%beta.tar.gz Packager: Michael Shigorin <mike@altlinux.org> BuildArch: noarch AutoReqProv: no #Requires: php-engine Requires: typo3-webserver Requires: ImageMagick Requires: freetype2 %define installdir %_datadir/%name-%version %description TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets. It offers full flexibility and extendability while featuring an accomplished set of ready-made interfaces, functions and modules. To find out more, see http://www.typo3.org | http://www.typo3.ru. You should install MySQL-server package or care of DBAL setup yourself. It's also highly recommended to install some sort of PHP accelerator, like php-mmcache, php5-eaccelerator or php5-xcache. %package -n typo3-apache Summary: apache 1.3 dependency package Group: Networking/Other Provides: typo3-webserver Requires: apache Requires: apache-mod_php5 Requires: php5-mysql Requires: php5-gd2 Requires: php5-curl Requires: php5-mbstring Requires: php5-eaccelerator %description -n typo3-apache apache 1.3/php 5.x dependency package %package -n typo3-apache2 Summary: apache 2.x dependency package Group: Networking/Other Provides: typo3-webserver Requires: apache2 Requires: apache2-mod_php5 Requires: php5-mysql Requires: php5-gd2 Requires: php5-curl Requires: php5-mbstring # Recommends: php5-eaccelerator || php5-xcache %description -n typo3-apache2 apache 2.x/php 5.x dependency package %prep %setup -n %name-%version%beta gzip -9nf ChangeLog %install mkdir -p %buildroot%installdir # no need to copy the engine mv */ index.php %buildroot%installdir/ ln -s %name-%version %buildroot%_datadir/%name-%t3branch %files %installdir/ %_datadir/%name-%t3branch %doc ChangeLog* *.txt %files -n typo3-apache %files -n typo3-apache2 %changelog * Tue Aug 16 2011 Michael Shigorin <mike@altlinux.org> 4.3.13-alt0.M51.1 - 4.3.13: bugfixes for 4.3.12 regression fixes, see http://wiki.typo3.org/wiki/TYPO3_4.3.13 * Fri Aug 05 2011 Michael Shigorin <mike@altlinux.org> 4.3.12-alt0.M51.1 - 4.3.12: major security fixes, see http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-001/ + XSS in frontend (can be mitigated with realurl) + information disclosure in css_styled_content (headlines) + unserialize() vulnerability in backend + several more mid/low-severity problems * Wed Feb 23 2011 Michael Shigorin <mike@altlinux.org> 4.3.11-alt0.M51.1 - 4.3.11: bugfixes, see http://wiki.typo3.org/wiki/TYPO3_4.3.11 * Tue Dec 28 2010 Michael Shigorin <mike@altlinux.org> 4.3.10-alt1 - 4.3.10: regression fixes, see http://wiki.typo3.org/wiki/TYPO3_4.3.10 * Thu Dec 16 2010 Michael Shigorin <mike@altlinux.org> 4.3.9-alt1 - 4.3.9: major security fixes, see http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/ + XSS in click-enlarge FE functionality if caching is enabled + arbitrary code execution due to insufficient input validation in PHP file inclusion protection API + a few more less severe problems, see the link above * Tue Oct 12 2010 Michael Shigorin <mike@altlinux.org> 4.3.8-alt1 - 4.3.8: a regression fix, see http://wiki.typo3.org/wiki/TYPO3_4.3.8 * Wed Oct 06 2010 Michael Shigorin <mike@altlinux.org> 4.3.7-alt1 - 4.3.7: critical security fixes, see http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ + remote file disclosure (no auth required) + several XSS in backend (valid backend login required) + remote file disclosure in EM (valid backend admin login required) + privilege escalation possible for backend user having permission to create other backend users due to improper user input validation + DoS with php crash in t3lib_div::validEmail() + XSS protection incomplete in RemoveXSS() * Tue Sep 28 2010 Michael Shigorin <mike@altlinux.org> 4.3.6-alt1 - 4.3.6: bugfixes, see http://wiki.typo3.org/wiki/TYPO3_4.3.6 * Fri Aug 06 2010 Michael Shigorin <mike@altlinux.org> 4.3.5-alt1 - 4.3.5: regression fixes, see also: + http://news.typo3.org/news/article/regressions-in-latest-security-release/ + http://wiki.typo3.org/index.php/TYPO3_4.3.5 * Sun Aug 01 2010 Michael Shigorin <mike@altlinux.org> 4.3.4-alt1 - 4.3.4: major/medium security fixes: + several XSS in backend (valid backend login required) + open redirection in backend (valid backend login required) + SQL injection in some backend record editing forms (special backend login/configuration required) + arbitrary code execution depending on server configuration (valid backend login required to upload .phtml) + webroot path disclosure possible with defective extensions + Extension Manager: XSS and arbitrary file access (valid backend admin login required) + user auth, "forgot password": PHP insecure randomness + form content element data check failure (spam abuse) + header injection with jumpurl feature + frontend login box: open redirection, XSS + install tool: session fixation + extbase XSS possible with FLUID Templating Engine + t3lib_htmlmail includes the exact CMS version in headers * Tue Feb 23 2010 Michael Shigorin <mike@altlinux.org> 4.3.2-alt1 - 4.3.2: major/medium security fixes (no CVE so far) + frontend login: possible auth bypass using a hash *if* "saltedpasswords" is enabled *and* several auth services are configured + frontend: possible CSS if running on php-cgi + backend: possible XSSes (valid backend login required) + backend: information disclosure with specific sys_action setup (valid backend login required) + https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/ * Thu Jan 14 2010 Michael Shigorin <mike@altlinux.org> 4.3.1-alt1 - 4.3.1: major security fix for "openid" system extension (possible backend user authentication bypass if it's enabled): http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/ * Sun Dec 13 2009 Michael Shigorin <mike@altlinux.org> 4.3.0-alt2 - gzip ChangeLog (repocop) * Mon Nov 30 2009 Michael Shigorin <mike@altlinux.org> 4.3.0-alt1 - 4.3.0: new and improved series, see also https://typo3.org/download/release-notes/typo3-43/ - %_datadir/%name-$major.$minor symlink to ease deployment and upgrade throughout patchlevel series * Sun Oct 25 2009 Michael Shigorin <mike@altlinux.org> 4.2.10-alt1 - 4.2.10: multiple vulnerabilities in TYPO3 core: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ * Mon Sep 28 2009 Michael Shigorin <mike@altlinux.org> 4.2.9-alt1 - 4.2.9: current bugfixes * Sat Jul 04 2009 Michael Shigorin <mike@altlinux.org> 4.2.8-alt1 - 4.2.8: maintenance release (bugfixes and minor security improvements) + 4.2.7 contained a glitch so was effectively skipped * Tue Feb 10 2009 Michael Shigorin <mike@altlinux.org> 4.2.6-alt1 - 4.2.6: [critical] information disclosure and XSS fixes: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ * Tue Jan 20 2009 Michael Shigorin <mike@altlinux.org> 4.2.4-alt1 - 4.2.4: multiple important security fixes in TYPO3 core: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ * Thu Nov 13 2008 Michael Shigorin <mike@altlinux.org> 4.2.3-alt1 - 4.2.3: fixes for two XSS issues in TYPO3 core + "file" backend module: http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/ + "felogin" sysext: http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/ * Sat Oct 18 2008 Michael Shigorin <mike@altlinux.org> 4.2.2-alt1 - 4.2.2: current bugfixes/updates * Wed Jun 11 2008 Michael Shigorin <mike@altlinux.org> 4.2.1-alt1 - 4.2.1: security fixes: + default fileDenyPattern update to bar .htaccess uploads (backend/frontend users might be able to execute arbitrary code depending on some conditions); + fixed fe_adminlib.inc XSS issue (used in direct_mail_subscription, feuser_admin, kb_md5fepw) + for more information and a workaround, see http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/ * Wed Apr 23 2008 Michael Shigorin <mike@altlinux.org> 4.2.0-alt1 - 4.2.0 * Sat Apr 19 2008 Michael Shigorin <mike@altlinux.org> 4.2.0-alt0.2 - 4.2.0RC2: php5 required * Tue Mar 04 2008 Michael Shigorin <mike@altlinux.org> 4.1.6-alt1 - 4.1.6: minor bugfixes (including windows-only) * Sun Mar 02 2008 Michael Shigorin <mike@altlinux.org> 4.1.5-alt3 - moved apache/php-version dependent requires into subpackages + NB: I only care for typo3-apache right now, please correct me on typo3-apache2 if something's wrong + 4.2 will be php5 only, so -apache will go php5 too (I'm just too lazy at the moment) * Tue Jan 01 2008 Michael Shigorin <mike@altlinux.org> 4.1.5-alt2 - fix requires by moving back to php4: maybe it's some local problem but both php 5.2.2/5.2.3 builds are severely broken for me (would randomly bail out on different require_once calls with comparable php.ini) * Mon Dec 31 2007 Michael Shigorin <mike@altlinux.org> 4.1.5-alt1 - 4.1.5: minor bugfix (for regression introduced in 4.1.4) - 4.1.4: minor security fixes - 4.1.3: lots of bugfixes * Tue Jul 17 2007 Michael Shigorin <mike@altlinux.org> 4.1.2-alt1 - 4.1.2 (minor bugfixes) - minor spec cleanup * Tue Jun 05 2007 Michael Shigorin <mike@altlinux.org> 4.1.1-alt1 - built for ALT Linux - partially based on seiroswiki.spec (0.0.1-alt4) by vvk@ and typo3.spec.m4 (3.6.2-0.6) by Dimitri Tarassenko <mitka mitka us> - for now, rather hardwired for apache+mod_php |