# COPR Ligenix's spec file for glpi # # Copyright (c) 2021-2024 Jean-Marc Liger # # Forked from: # # Fedora/remirepo spec file for glpi # # Copyright (c) 2007-2020 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # %global with_selinux 1 %if 0%{?fedora} || 0%{?rhel} >= 8 # nginx 1.6 with nginx-filesystem %global with_nginx 1 # httpd 2.4 with httpd-filesystem %global with_httpd 1 %else %global with_nginx 0 %global with_httpd 0 %endif # secure marketplace with systemd mount bind %global marketplace usr-share-glpi-marketplace Name: glpi Version: 10.0.17 Release: 1%{?dist} Summary: Free IT asset management software Summary(fr): Gestion Libre de Parc Informatique License: GPLv2+ and GPLv3+ and MIT URL: https://www.glpi-project.org/ Source0: https://github.com/glpi-project/%{name}/releases/download/%{version}/%{name}-%{version}.tgz Source1: %{name}-downstream.php # override PHP configuration for php-fpm Source2: %{name}-user.ini Source3: %{name}-httpd.conf Source4: %{name}-nginx.conf Source5: %{name}-logrotate Source6: %{name}-marketplace.mount Source7: %{name}-README.Fedora Source8: %{name}-UPGRADE.Fedora # allow to install in /usr/bin Patch0: %{name}-bin.patch # allow to disable marketplace Patch1: %{name}-marketplace.patch BuildArch: noarch BuildRequires: gettext BuildRequires: systemd %if %{with_httpd} Requires: httpd-filesystem %endif %if %{with_nginx} Requires: nginx-filesystem %endif %if %{with_httpd} || %{with_nginx} Requires: webserver Requires: php(httpd) %else Requires: httpd, mod_php %endif Requires: php(language) >= 7.4 Requires: php-ctype Requires: php-curl Requires: php-date Requires: php-fileinfo Requires: php-filter Requires: php-gd Requires: php-intl Requires: php-json Requires: php-mbstring Requires: php-mysqli Requires: php-pcre Requires: php-reflection %if 0%{?with_selinux} Requires: php-selinux %endif Requires: php-session Requires: php-simplexml Requires: php-spl Requires: php-xml Requires: php-zlib %if 0%{?fedora} || 0%{?rhel} >= 8 # optional Recommends: php-apcu Recommends: php-exif Recommends: php-imap Recommends: php-ldap Recommends: php-opcache Recommends: php-sodium Recommends: php-xmlrpc Recommends: php-pear-CAS Recommends: %{name}-marketplace = %{version}-%{release} %else Requires: php-apcu Requires: php-exif Requires: php-imap Requires: php-ldap Requires: php-sodium Requires: php-xmlrpc Requires: php-pear-CAS Requires: %{name}-marketplace = %{version}-%{release} %endif Requires: cronie %if 0%{?fedora} || 0%{?rhel} >= 8 %if 0%{?with_selinux} # This ensures that the *-selinux package and all it’s dependencies are # not pulled into containers and other systems that do not use SELinux Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) %endif %endif Requires: %{_sysconfdir}/logrotate.d Requires(post): %{_bindir}/systemctl Requires(postun): %{_bindir}/systemctl # composer dependencies Provides: bundled(php-assert) Provides: bundled(php-cache) Provides: bundled(php-cache-contracts) Provides: bundled(php-collection) Provides: bundled(php-console) Provides: bundled(php-container) Provides: bundled(php-container-interop) Provides: bundled(php-css-selector) Provides: bundled(php-csv) Provides: bundled(php-dav) Provides: bundled(php-deprecation-contracts) Provides: bundled(php-diff) Provides: bundled(php-dom-crawler) Provides: bundled(php-event) Provides: bundled(php-getallheaders) Provides: bundled(php-guzzle) Provides: bundled(php-html2text) Provides: bundled(php-htmlawed) Provides: bundled(php-http) Provides: bundled(php-http-client) Provides: bundled(php-http-factory) Provides: bundled(php-http-message) Provides: bundled(php-installed-json) Provides: bundled(php-inventory_format) Provides: bundled(php-json-diff) Provides: bundled(php-json-schema) Provides: bundled(php-jsonlint) Provides: bundled(php-jwt) Provides: bundled(php-laminas-i18n) Provides: bundled(php-laminas-loader) Provides: bundled(php-laminas-mail) Provides: bundled(php-laminas-mime) Provides: bundled(php-laminas-servicemanager) Provides: bundled(php-laminas-stdlib) Provides: bundled(php-laminas-validator) Provides: bundled(php-lib_autolink) Provides: bundled(php-litemoji) Provides: bundled(php-log) Provides: bundled(php-markdown) Provides: bundled(php-math) Provides: bundled(php-monolog) Provides: bundled(php-oauth2-azure) Provides: bundled(php-oauth2-client) Provides: bundled(php-oauth2-google) Provides: bundled(php-phpcolors) Provides: bundled(php-phpmailer) Provides: bundled(php-phpuseragentparser) Provides: bundled(php-polyfill-ctype) Provides: bundled(php-polyfill-iconv) Provides: bundled(php-polyfill-mbstring) Provides: bundled(php-promises) Provides: bundled(php-psr7) Provides: bundled(php-punycode) Provides: bundled(php-rrule) Provides: bundled(php-scope-exit) Provides: bundled(php-service-contracts) Provides: bundled(php-simple-cache) Provides: bundled(php-simplepie) Provides: bundled(php-sodium_compat) Provides: bundled(php-string) Provides: bundled(php-string-extra) Provides: bundled(php-tcpdf) Provides: bundled(php-translation-contracts) Provides: bundled(php-twig) Provides: bundled(php-unified-archive) Provides: bundled(php-uri) Provides: bundled(php-uuid) Provides: bundled(php-var-exporter) Provides: bundled(php-vobject) Provides: bundled(php-xml) # node dependencies Provides: bundled(js-base) Provides: bundled(js-chartist) Provides: bundled(js-codemirror) Provides: bundled(js-cytoscape) Provides: bundled(js-flatpickr) Provides: bundled(js-fullcalendar) Provides: bundled(js-fuzzy) Provides: bundled(js-gridstack) Provides: bundled(js-jquery-file-upload) Provides: bundled(js-jquery-prettytextdiff) Provides: bundled(js-jquery-rateit) Provides: bundled(js-leaflet) Provides: bundled(js-masonry) Provides: bundled(js-photoswipe) Provides: bundled(js-prismjs) Provides: bundled(js-sortable) Provides: bundled(js-tinymce) %description GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology. %description -l fr GLPI est une application libre, distribuée sous licence GPL destinée à la gestion de parc informatique et de helpdesk. GLPI est composé d’un ensemble de services web écrits en PHP qui permettent de recenser et de gérer l’intégralité des composantes matérielles ou logicielles d’un parc informatique, et ainsi d’optimiser le travail des techniciens grâce à une maintenance plus cohérente. %package marketplace Summary: Commercial IT asset management software Network Requires: php-bz2 Requires: php-zip Requires: %{name} = %{version}-%{release} Requires(post): %{_bindir}/systemctl Requires(preun): %{_bindir}/systemctl %description marketplace GLPI marketplace can contain commercial addons plugins from GLPI-Network %description marketplace -l fr GLPI marketplace peut contenir des plugins commerciaux additionnels obtenus depuis GLPI-Network %prep %setup -q -n %{name} %autopatch -p1 # check version grep %{version} inc/define.php # remove unused files find vendor -name .git* -delete -print find vendor -name \*.xml* -delete -print find vendor -name \*.yml* -delete -print find vendor -name \*.orig -delete -print find vendor -name composer.json -delete -print find vendor -name bin -type d -exec rm -rf {} + -print find vendor -name \*.bin -delete -print find vendor -name \*.py -delete -print find vendor -name \*.sh -delete -print # disable composer and node dependencies update check sed -i -e 's/if ($needrun) {/if (false) {/g' inc/autoload.function.php # install RPM specific constant values cp %{SOURCE1} inc/downstream.php cp %{SOURCE2} install/.user.ini # rename console command in all files for f in $(grep -r "bin/console" | cut -d":" -f1 | sort -u | grep -v ".mo"); do sed -i -e "s/php bin\/console/glpi-console/g" $f sed -i -e "s/bin\/console/glpi-console/g" $f done cat >cron < %{name}.lang %post %if %{with_selinux} ( # set httpd permissions getsebool httpd_can_network_connect | grep "> on" >/dev/null || setsebool -P httpd_can_network_connect on getsebool httpd_can_sendmail | grep "> on" >/dev/null || setsebool -P httpd_can_sendmail on ) &>/dev/null %endif %{_bindir}/systemctl condrestart httpd > /dev/null 2>&1 || : echo "" echo "New Marketplace for commercial plugins has been relocated in package glpi-marketplace" echo "Feel free to install or uninstall it, according to your communautary or business needs" echo "" %postun %{_bindir}/systemctl condrestart httpd > /dev/null 2>&1 || : %post marketplace if [ $1 == 1 ]; then /bin/systemctl enable %{marketplace}.mount /bin/systemctl start %{marketplace}.mount fi %preun marketplace if [ $1 == 0 ]; then /bin/systemctl stop %{marketplace}.mount /bin/systemctl disable %{marketplace}.mount fi %files -f %{name}.lang %{!?_licensedir:%global license %%doc} %doc *.md *.Fedora %attr(2770,root,apache) %dir %{_sysconfdir}/%{name} %ghost %config(noreplace,missingok) %{_sysconfdir}/%{name}/config_db.php %ghost %config(noreplace,missingok) %{_sysconfdir}/%{name}/local_define.php %config(noreplace) %{_sysconfdir}/httpd/conf.d/glpi.conf %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/cron.d/%{name} %if %{with_nginx} %config(noreplace) %{_sysconfdir}/nginx/default.d/glpi.conf %endif %dir %_localstatedir/lib/%{name} # this folder can contain private information (sessions, docs, ...) %attr(2770,root,apache) %{_localstatedir}/lib/%{name}/files %{_bindir}/%{name}-console %dir %{_datadir}/%{name} %{_datadir}/%{name}/*.php %{_datadir}/%{name}/apirest.md # license file required by installation process %{_datadir}/%{name}/ajax %{_datadir}/%{name}/css %{_datadir}/%{name}/css_compiled %{_datadir}/%{name}/front %{_datadir}/%{name}/inc %{_datadir}/%{name}/install %{_datadir}/%{name}/js %{_datadir}/%{name}/lib %{_datadir}/%{name}/pics %{_datadir}/%{name}/plugins %{_datadir}/%{name}/public %{_datadir}/%{name}/resources %{_datadir}/%{name}/sound %{_datadir}/%{name}/src %{_datadir}/%{name}/templates %{_datadir}/%{name}/vendor %{_datadir}/%{name}/version %attr(770,apache,root) %dir %{_localstatedir}/log/%{name} %dir %{_datadir}/%{name}/locales # we put marketplace in a separate package %exclude %{_datadir}/%{name}/ajax/marketplace.* %exclude %{_datadir}/%{name}/front/marketplace.* %exclude %{_datadir}/%{name}/js/marketplace.* %exclude %{_datadir}/%{name}/src/Marketplace %exclude %{_datadir}/%{name}/src/GLPINetwork.php %files marketplace -f %{name}.lang %{_datadir}/%{name}/ajax/marketplace.* %{_datadir}/%{name}/front/marketplace.* %{_datadir}/%{name}/js/marketplace.* %{_datadir}/%{name}/src/Marketplace %{_datadir}/%{name}/src/GLPINetwork.php # this folder can contain marketplace commercial addons plugins %attr(2770,root,apache) %{_localstatedir}/lib/%{name}/marketplace %{_datadir}/%{name}/marketplace %{_unitdir}/%{marketplace}.mount %changelog * Thu Nov 07 2024 Jean-Marc Liger - 10.0.17-1 - Update to 10.0.17 see https://github.com/glpi-project/glpi/milestone/68?closed=1 - This is a security release, upgrading is recommended: [SECURITY - critical] Unauthenticated session hijacking (CVE-2024-50339) [SECURITY - high] Account takeover through SQL injection (CVE-2024-40638) [SECURITY - high] Users email enumeration by unauthenticated user (CVE-2024-43416) [SECURITY - high] Account takeover without privilege escalation through the API (CVE-2024-47758) [SECURITY - high] Account takeover via the password reset feature (CVE-2024-47761) [SECURITY - high] Account takeover via API (CVE-2024-47760) [SECURITY - high] Insecure account deletion by authenticated user (CVE-2024-48912) [SECURITY - moderate] Authenticated SQL Injection (CVE-2024-45608) [SECURITY - moderate] Authenticated SQL injection in ticket form (CVE-2024-41679) [SECURITY - moderate] Stored XSS in RSS feeds (CVE-2024-45611) [SECURITY - moderate] Stored XSS via document upload (CVE-2024-47759) [SECURITY - moderate] Multiple reflected XSS (CVE-2024-43417, CVE-2024-43418, CVE-2024-45609, CVE-2024-45610, CVE-2024-41678) * Fri Oct 25 2024 Jean-Marc Liger - 10.0.16-2 - Fix patch for Fedora 41 * Thu Jul 04 2024 Jean-Marc Liger - 10.0.16-1 - Update to 10.0.16 see https://github.com/glpi-project/glpi/milestone/68?closed=1 - This is a security release, upgrading is recommended: [SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148) [SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149) [SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147) - Also, here is a short list of main changes done in this version: [FIX] Freesize database field was not correctly migrated [FIX] Network inventoried stacked switches had all the same name [FIX] Remove monitors from inventory when no monitor is present [FIX] Import location hierarchy from LDAP and Inventory * Fri Apr 26 2024 Jean-Marc Liger - 10.0.15-1 - Update to 10.0.15 see https://github.com/glpi-project/glpi/milestone/67?closed=1 - This is a security release, upgrading is recommended: [SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456) [SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889) - Also, here is a short list of main changes done in this version: [FIX] Fix used right by reservation form. [FIX] Do not rely on input to apply rules rights. [FIX] Always store updated SMTP Oauth refresh token. [TASK] Upgrade tinymce. * Mon Mar 18 2024 Jean-Marc Liger - 10.0.14-1 - Update to 10.0.14 due to a few regressions in 10.0.13, an early release is available see https://github.com/glpi-project/glpi/milestone/65?closed=1 - This is a security release, upgrading is recommended: [SECURITY - high] SQL Injection in through the search engine (CVE-2024-27096) [SECURITY - moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098) [SECURITY - moderate] Stored XSS in dashboards (CVE-2024-27104) [SECURITY - moderate] Reflected XSS in debug mode (CVE-2024-27914) [SECURITY - moderate] Sensitive fields access through dropdowns (CVE-2024-27930) [SECURITY - moderate] Users emails enumeration (CVE-2024-27937) - Also, here is a short list of main changes done: [FIX] Error when creating a Ticket with SLA/OLA [FIX] Weekly recurrent reservations creation does not work. - Here is the list of corrections made in this version: [FIX] Fix assign field when suppliers assign is available [FIX] Switching entities issues * Thu Feb 01 2024 Jean-Marc Liger - 10.0.12-1 - Update to 10.0.12 see https://github.com/glpi-project/glpi/milestone/64?closed=1 - This is a security release, upgrading is recommended: [SECURITY - moderate] Reflected XSS in reports pages (CVE-2024-23645) [SECURITY - moderate] LDAP Injection during authentication (CVE-2023-51446) - Also, here is a short list of main changes done in this version: [FIX] Regression with entity selector missing cache invalidation [FIX] Better handling of connection issues during LDAP synchronization [PERF] The entity selector get significant reduction of load time in some cases * Sat Dec 16 2023 Jean-Marc Liger - 10.0.11-1 - Update to 10.0.11 see https://github.com/glpi-project/glpi/milestone/63?closed=1 - This is a security release, upgrading is recommended: [SECURITY - moderate] Authenticated SQL Injection (CVE-2023-43813) [SECURITY - high] SQL injection through inventory agent request (CVE-2023-46727) [SECURITY - high] Remote code execution from LDAP server configuration form on PHP 7.4 (CVE-2023-46726) - Also, here is a short list of main changes done in this version: [UX] Enhance pending reasons display [FIX] various LDAP fixes (timeout, location import, deletion/restoration scenarios) [FIX] several inventory fixes (unmanaged assets reconciliation, rules for phones, rules logs for discovery, Cisco stacks, removal of remote management) [FIX] several performance enhancements (defer entity tree loading, strong enhancement on actors loading, all assets query execution time, web cron removal, dual ajax call for tab loading) [TASK] highlights of security requirements on install/update page. Some options like PHP versions, web folder setup are suggested with a strong visual. - Add missing rules definitions #Bastien Hermitte * Tue Oct 03 2023 Jean-Marc Liger - 10.0.10-1 - Update to 10.0.10 see https://github.com/glpi-project/glpi/milestone/62?closed=1 - This is a security release, upgrading is recommended: [SECURITY - Critical] Unallowed PHP script execution (CVE-2023-42802). [SECURITY - High] Account takeover via SQL Injection in UI layout preferences (CVE-2023-41320). [SECURITY - High] Account takeover via Kanban feature (CVE-2023-41326). [SECURITY - High] Account takeover through API (CVE-2023-41324). [SECURITY - High] File deletion through document upload process (CVE-2023-42462). [SECURITY - Moderate] Sensitive fields enumeration through API (CVE-2023-41321). [SECURITY - Moderate] Privilege Escalation from technician to super-admin (CVE-2023-41322). [SECURITY - Moderate] Users login enumeration by unauthenticated user (CVE-2023-41323). [SECURITY - Moderate] Phishing through a login page malicious URL (CVE-2023-41888). [SECURITY - Moderate] SQL injection in ITIL actors (CVE-2023-42461). - Also, here is a short list of main changes done in this version: [FEATURE] PHP 8.3 and MySQL 8.1 support. [FEATURE] Enable usage of images in rich text of followups/tasks/solution templates. [PERFORMANCES] Improve ticket timeline rendering performances. [FIX] Fix issues with usage of LDAP bind options. [FIX] Fix some issues on SLA/OLA escalation levels computation. [FIX] Fix some issues on search on numeric and dates fields. Several minor fixes - Add SELinux post instructions for GLPI * Tue Jul 11 2023 Jean-Marc Liger - 10.0.9-1 - Update to 10.0.9 see https://github.com/glpi-project/glpi/milestone/61?closed=1 - This is a security release, upgrading is recommended: [SECURITY - Moderate] SQL injection in dashboard administration (CVE-2023-37278). - Also, here is a short list of main changes done in this version: Update script uses a SQL function incompatible with MySQL 5.7 (#15141) Private follow-ups and tasks are invisible to users with appropriate rights (#15128) Several minor fixes * Fri Jul 07 2023 Jean-Marc Liger - 10.0.8-1 - Update to 10.0.8 see https://github.com/glpi-project/glpi/milestone/60?closed=1 - This is a security release, upgrading is recommended: [SECURITY - High] SQL injection via inventory agent request (CVE-2023-35924). [SECURITY - High] SQL injection through Computer Virtual Machine information (CVE-2023-36808). [SECURITY - High] Unauthorized access to Dashboard data (CVE-2023-35939). [SECURITY - High] Unauthenticated access to Dashboard data (CVE-2023-35940). [SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-34244). [SECURITY - Moderate] Unauthorized access to knowledge base items (CVE-2023-34107). [SECURITY - Moderate] Unauthorized access to user data (CVE-2023-34106). - Also, here is a short list of main changes done in this version: [FEATURE] Improve mail grouping (#14296) [FEATURE] Add deleted status in item's header (#14382) [FEATURE] Add option to control the display of dropdowns labels (#14472) [FEATURE] Permits to check DB schema from GLPI versions >= 0.80 (#14666) [FIX] Improve performance of plugins init (#14511) [FIX] Improve performance of kanban views (#14525, #14599, #14764) [FIX] Ldap issues with PHP versions >= 8.1 (#14561) [FIX] SLA waiting time duration (#14937) [FIX] Notification encoding for MS Outlook (#14959) A lot of fixes in native inventory * Tue May 02 2023 Jean-Marc Liger - 10.0.7-1 - Update to 10.0.7 see https://github.com/glpi-project/glpi/milestone/59?closed=1 - This is a security release, upgrading is recommended : [SECURITY - High] SQL injection and Stored XSS via inventory agent request (CVE-2023-28849). [SECURITY - High] Account takeover by authenticated user (CVE-2023-28632). [SECURITY - High] SQL injection through dynamic reports (CVE-2023-28838). [SECURITY - Moderate] Stored XSS through dashboard administration (CVE-2023-28852). [SECURITY - Moderate] Stored XSS on external links (CVE-2023-28636). [SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-28639). [SECURITY - Moderate] Privilege Escalation from technician to super-admin (CVE-2023-28634). [SECURITY - Low] Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633). - Also, here is a short list of main changes done in this version: [SECURITY] Optional GLPI router to be able to use a safer web server root directory. [FEATURE] Support of SMTP OAuth authentication. [FEATURE] Improved inventory file upload feature. [FIX] Many fixes and improvements on native inventory. [FIX] Some bugs on PHP 8.2. [FIX] Caching issues on entities. [FIX] Boolean FullText operator not working on knowledge base search. [FIX] Unexpected search results when using negative condition on ticket actors. [FIX] Issues with LDAP filters/DN. [FIX] Unexpected results when searching on knowledge base categories * Mon May 01 2023 Jean-Marc Liger - 10.0.6-1 - Update to 10.0.6 see https://github.com/glpi-project/glpi/milestone/58?closed=1 - This is a security release, upgrading is recommended : [SECURITY - High] Unauthorized access to inventory files (CVE-2023-22500) [SECURITY - Moderate] XSS on browse views (CVE-2023-22722) [SECURITY - Moderate] XSS on external links (CVE-2023-22725) [SECURITY - Moderate] XSS in RSS Description Link (CVE-2023-22724) [SECURITY - Moderate] Unauthorized access to data export (CVE-2023-23610) [SECURITY - Low] Stored XSS inside Standard Interface Help Link href attribute (CVE-2022-41941) - Also, here is a short list of main changes done in this version: [FEATURE] Unmanaged devices can be handled like a real asset. [FEATURE] Handle more actions for stale inventory agents. [FEATURE] Added new dictionnary rules for OS. [CHANGED] Removed glpi: prefix on console commands. [FIX] PHP 8.2 support. [FIX] Many fixes and improvements on native inventory. [FIX] Reservation display on self-service profile. [FIX] Mail collector issues with emails sent from Outlook. [FIX] Dashboard issues on "All" tab. [FIX] Ticket input is restored when submitted form is not complete. [FIX] Notification was not sent when ticket status was set to "pending". * Fri Nov 04 2022 Jean-Marc Liger - 10.0.5-1 - Update to 10.0.5 see https://github.com/glpi-project/glpi/milestone/55?closed=1 - Fix an annoying issue has been detected in one of the security fixes provided. - The user is logged out when he tries to switch to another entity. * Fri Nov 04 2022 Jean-Marc Liger - 10.0.4-1 - Update to 10.0.4 see https://github.com/glpi-project/glpi/milestone/54?closed=1 - This is a security release, upgrading is recommended : [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276) [SECURITY - Low] Stored XSS in user information (CVE-2022-39372) [SECURITY - Low] Stored XSS in entity name (CVE-2022-39373) [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376) [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370) [SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234) [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262) [SECURITY - Moderate] XSS in external links (CVE-2022-39277) [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375) [SECURITY - High] SQL Injection on REST API (CVE-2022-39323) [SECURITY - High] Stored XSS through asset inventory (CVE-2022-39371) - Also, here is a short list of main changes done in this version: [FIX] Increase significantly dashboards performance [FIX] Several bugs on images pasting [FIX] Fixed and improved inventory locks management [FIX] Display of printer cartridges [FIX] Display and hide actors tooltips in tickets [FIX] Improve display of headers above forms [FIX] Move breakpoints on responsive displays [SECURITY] Inventory API is now disabled by default [FEATURE] Dedicated rights has been added for inventory * Tue Oct 11 2022 Jean-Marc Liger - 10.0.3-2 - Fix apache write permissions for /var/log/glpi * Thu Sep 15 2022 Jean-Marc Liger - 10.0.3-1 - Update to 10.0.3 see https://github.com/glpi-project/glpi/milestone/53?closed=1 - This is a security release, upgrading is recommended : [SECURITY] XSS through registration API (CVE-2022-35945) [SECURITY] Leak of sensitive information through login page error (CVE-2022-31143) [SECURITY] Stored XSS through global search (CVE-2022-31187) [SECURITY] [critical] Command injection using a third-party library script (CVE-2022-35914) [SECURITY] SQL injection through plugin controller (CVE-2022-35946) [SECURITY] [critical] Authentication via SQL injection (CVE-2022-35947) [SECURITY] Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112) - Also, here is a short list of main changes done in this version: [FEATURE] More precise rights checks on inventory (#12610) [FEATURE] Display of last inventoried value for locked fields (#12602) [FEATURE] Permit to use rules to add computers as virtual machines (#12572) [SECURITY] Delegate session cookies security to sysadmin (#12302) [FIX] Prevent collector failure on invalid mail header (#12232) [FIX] Many fixes on network inventory * Thu Jul 28 2022 Jean-Marc Liger - 10.0.2-1 - Update to 10.0.2 see https://github.com/glpi-project/glpi/milestone/52?closed=1 - This is a security release, upgrading is recommended A lot of issues have been fixed since GLPI 10.0.1 - Security fixes: + CVE-2022-31061: Unauthenticated SQL injection on login page + CVE-2022-31056: SQL injection on actor part in assistance forms + CVE-2022-31068: Unauthenticated Sensitive Data Exposure on Refused Inventory Files - Fix adding actors to ITIL Objects (#11796, #11957) - Fix unwanted "promote to ticket" feature on self-service interface (#11834) - Fix native inventory do not inject switch information (#11864) - Fix entity for software creation (#11887, #11837) - Feat permits global lock on entity (#11853) * Mon Jul 18 2022 Jean-Marc Liger - 9.5.8-1 - update to 9.5.8 see https://github.com/glpi-project/glpi/milestone/51?closed=1 - This is a security and bugs fix release, upgrading is recommended - Security fixes: + CVE-2022-31061: SQL injection on login page + CVE-2022-24868: XSS / open redirect via SVG file upload + CVE-2022-24869: Cross Site CSS Injection * Mon Apr 04 2022 Jean-Marc Liger - 9.5.7-2 - fix some patch issues * Sun Apr 03 2022 Jean-Marc Liger - 9.5.7-1 - update to 9.5.7 see https://github.com/glpi-project/glpi/milestone/48?closed=1 - This is a security and bugs fix release, upgrading is recommended - Security fixes: + CVE-2022-21720: SQL injection using custom CSS administration form + CVE-2022-21719: Reflected XSS using reload button - fix missing mail headers in mail collector rules engine - fix infinite loop when collecting mail attachments with the same name - fix zero height images in mail collector - fix duplicate ranking when rules are ordered - fix anonymous ticket creation - fix project cloning * Sat Sep 25 2021 Jean-Marc Liger - 9.5.6-1 - update to 9.5.6 see https://github.com/glpi-project/glpi/milestone/47?closed=1 - This is a security and bugs fix release, upgrading is recommended - Security fixes: + CVE-2021-39211: Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210: Autologin cookie accessible by scripts + CVE-2021-39209: Bypassable CSRF protection on ajax endpoints + CVE-2021-39213: Bypassable IP restriction on GLPI API using custom header injection - fix Mailgate “Missing type for Ticket template” warning - fix Display of images in tickets from collected mails - fix Encoding issue with emails in GB2312 containing special characters - fix Emails rules not working after upgrading to 9.5.5 - fix Incorrect KPIs Dashboards compared to the GLPI filter - fix marking LDAP user as deleted after a failed password - fix Prevent usage of date filters on full LDAP sync * Fri May 21 2021 Jean-Marc Liger - 9.5.5-9 - add missing systemd BuildRequires for Fedora * Mon May 17 2021 Jean-Marc Liger - 9.5.5-8 - update spec file's copyright, thanks again to Remy Collet! * Sat May 15 2021 Jean-Marc Liger - 9.5.5-7 - move marketplace in a subpackage to allow disabling it * Thu May 13 2021 Jean-Marc Liger - 9.5.5-6 - systemd bind mount /usr/share/glpi/marketplace fix to more secure /var/lib/glpi/marketplace revert GLPI_MARKETPLACE_DIR override, it's broken by design https://mail.ow2.org/wws/arc/glpi-dev/2021-05/msg00004.html * Sun May 09 2021 Jean-Marc Liger - 9.5.5-5 - fix GLPI_MARKETPLACE_DIR in /var/lib/glpi/marketplace again * Mon Apr 19 2021 Jean-Marc Liger - 9.5.5-4 - fix GLPI_MARKETPLACE_DIR in /var/lib/glpi/marketplace * Sat Apr 17 2021 Jean-Marc Liger - 9.5.5-3 - fix "Constant GLPI_CONFIG_DIR already defined in /usr/share/glpi/inc/downstream.php" cron error - fix some Requires and Recommand php dependencies - update all messages in files to replace "php bin/console" with "glpi-console" * Fri Apr 16 2021 Jean-Marc Liger - 9.5.5-2 - add missing css_compiled and public directories * Wed Apr 14 2021 Jean-Marc Liger - 9.5.5-1 - update to 9.5.5 see https://github.com/glpi-project/glpi/milestone/46?closed=1 - This is a security and bugs fix release, upgrading is recommended - Security fixes: + CVE-2021-3486 : Stored XSS in plugins information - fix entity creation - removal of raw html in massive actions list - fix issue with date_creation fields updated with older instances of MySQL servers - fix wrong count of software counts in assets - fix Core API errors on deprecation checks - add new marketplace directory - disable composer and node dependencies check message * Mon Apr 12 2021 Jean-Marc Liger - 9.5.4-1 - update to 9.5.4 see https://github.com/glpi-project/glpi/milestone/45?closed=1 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS injection on ticket update + CVE-2021-21312 : Stored XSS on documents + CVE-2021-21313 : XSS on tabs + CVE-2021-21325 : Stored XSS in budget type + CVE-2021-21327 : Unsafe Reflection in getItemForItemtype() + CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions" - remove conditionnals for EOL fedora and rhel versions - remove unmaintained fedora/autoloader and tests * Tue May 05 2020 Johan Cwiklinski - 9.4.6-1 - update to 9.4.6 - drop patches applied upstream * Mon Feb 10 2020 Remi Collet - 9.4.5-3 - switch test suite on UDS using patch from https://github.com/glpi-project/glpi/pull/6921 fix FTBFS with mariadb 10.4 #1799419 * Thu Jan 9 2020 Remi Collet - 9.4.5-2 - add upstream patches for PHP 7.4 - re-enable test suite * Wed Dec 18 2019 Remi Collet - 9.4.5-1 - update to 9.4.5 - disable test suite with PHP 7.4 * Tue Sep 24 2019 Remi Collet - 9.4.4-1 - update to 9.4.4 * Fri Jul 19 2019 Remi Collet - 9.4.3-2 - allow elvanto/litemoji 2.0 see https://github.com/glpi-project/glpi/pull/6141 and https://github.com/glpi-project/glpi/pull/6147 * Thu Jun 20 2019 Remi Collet - 9.4.3-1 - update to 9.4.3 * Thu Apr 11 2019 Remi Collet - 9.4.2-1 - update to 9.4.2 * Fri Mar 15 2019 Remi Collet - 9.4.1.1-1 - update to 9.4.1.1 * Thu Mar 14 2019 Remi Collet - 9.4.1-1 - update to 9.4.1 * Mon Feb 11 2019 Remi Collet - 9.4.0-1 - update to 9.4.0 * Tue Jan 15 2019 Remi Collet - 9.4.0~RC2-1 - update to 9.4.0 RC2 * Fri Jan 4 2019 Remi Collet - 9.4.0~RC1-3 - open https://github.com/glpi-project/glpi/pull/5200 fix tests - re-enable test suite * Fri Dec 21 2018 Remi Collet - 9.4.0~RC1-2 - fix typo in dependency name * Fri Dec 21 2018 Remi Collet - 9.4.0~RC1-1 - update to 9.4.0 RC1 - add dependency on symfony/console 3.4 - add dependency on leafo/scssphp 0.7.7 - add build dependency on mikey179/vfsStream 1.6 - drop dependency on fontawesome-fonts - temporarily disable test suite - add weak dependency on selinux extension * Tue Nov 27 2018 Remi Collet - 9.3.3-1 - update to 9.3.3 * Tue Nov 6 2018 Remi Collet - 9.3.2-3 - add missing dependency on elvanto/litemoji * Fri Nov 2 2018 Remi Collet - 9.3.2-2 - version 9.3.2 conflicts with glpi-fusioninventory < 1:9.3+1.2 see https://github.com/glpi-project/glpi/issues/4837 * Fri Oct 26 2018 Remi Collet - 9.3.2-1 - update to 9.3.2 - open https://github.com/glpi-project/glpi/issues/4837 BC break * Wed Sep 12 2018 Remi Collet - 9.3.1-1 - update to 9.3.1 * Tue Jul 3 2018 Remi Collet - 9.3.0-2 - add upstream patch to fix SQL injection CVE-2018-13049 * Thu Jun 28 2018 Remi Collet - 9.3.0-1 - update to 9.3.0 GA - add dependency on zend-console * Wed Jun 20 2018 Remi Collet - 9.3.0~RC2-4 - drop dependency on initscripts #1592356 * Wed Jun 20 2018 Remi Collet - 9.3.0~RC2-3 - improve configuration to simply multi-glpi installation * Thu Jun 14 2018 Remi Collet - 9.3.0~RC2-2 - test build * Tue Jun 12 2018 Remi Collet - 9.3.0~RC2-1 - update to 9.3-RC2 - drop dependency on jasig/phpcas - raise dependency on phpmailer/phpmailer 6.0 - raise dependency on zendframework 2.8 - allow sebastian/diff 2.0 and 3.0 - add dependency on monolog/monolog * Fri Apr 27 2018 Remi Collet - 9.2.3-2 - use range dependencies on F27+ * Fri Apr 27 2018 Remi Collet - 9.2.3-1 - update to 9.2.3 - add dependency on sebastian/diff 1.4 * Fri Mar 16 2018 Remi Collet - 9.2.2-2 - run test with --use-dot-report from atoum 3.3 * Thu Mar 1 2018 Remi Collet - 9.2.2-1 - update to 9.2.2 * Thu Mar 1 2018 Remi Collet - 9.2.2-0 - test build for upcomming 9.2.2 * Wed Dec 13 2017 Remi Collet - 9.2.1-6 - add upstream patch to allow upgrade from 9.1.7.1 * Fri Nov 24 2017 Remi Collet - 9.2.1-5 - switch to fedora/autoloader * Sat Nov 18 2017 Remi Collet - 9.2.1-4 - EL7: remove SELinux rules as default policy includes them * Fri Nov 17 2017 Remi Collet - 9.2.1-3 - properly override PHP configuration for install page * Thu Nov 16 2017 Remi Collet - 9.2.1-2 - add dependency on zendframework/zend-serializer * Thu Nov 16 2017 Remi Collet - 9.2.1-1 - update to 9.2.1 * Wed Oct 11 2017 Remi Collet - 9.2-4 - move config/config_path.php to inc/downstream.php - use /etc/glpi/local_define.php to allow local path change * Wed Sep 27 2017 Remi Collet - 9.2-3 - add missing minified JS and CSS files * Tue Sep 26 2017 Remi Collet - 9.2-2 - missing js and sound files * Tue Sep 26 2017 Remi Collet - 9.2-1 - update to 9.2 * Thu Sep 21 2017 Remi Collet - 9.2-0.1.RC2 - update to 9.2RC1 - drop dependency on zetacomponents/graph - raise dependency on zend-cache, zend-i18n 2.7 - raise dependency on sabre/vobject 4.1 - add dependency on paragonie/random_compat - switch from phpunit to atoum for test suite * Sat Jul 22 2017 Johan Cwiklinski - 9.1.6-1 - update to 9.1.6 * Thu Jul 13 2017 Johan Cwiklinski - 9.1.5-1 - update to 9.1.5 * Wed Jun 14 2017 Remi Collet - 9.1.4-1 - update to 9.1.4 * Fri Apr 28 2017 Remi Collet - 9.1.3-1 - update to 9.1.3 - use phpunit6 on F26+ - raise dependency on simplepie/simplepie 1.5 * Sun Jan 29 2017 Remi Collet - 9.1.2-2 - fix autoloader to allow sabre/vobject version 4 * Mon Jan 23 2017 Johan Cwiklinski - 9.1.2-1 - update to 9.1.2 - add missing hostname BR from MariaDB package * Mon Jan 9 2017 Remi Collet - 9.1.1-3 - use new tcpdf classmap autoloader * Tue Nov 15 2016 Remi Collet - 9.1.1-2 - update to 9.1.1 - drop runtime dependency on guzzlehttp/guzzle * Wed Sep 28 2016 Remi Collet - 9.1-2 - missing API documentation * Mon Sep 26 2016 Remi Collet - 9.1-1 - update to 9.1 https://github.com/glpi-project/glpi/milestone/2?closed=1 - add patch to ensure correct autolading open https://github.com/glpi-project/glpi/pull/1056 - add patch to ensure test suite use local server open https://github.com/glpi-project/glpi/pull/1058 * Fri Sep 23 2016 Johan Cwiklinski - 9.1-0.1.20160922gitf4143e3 - First pre-build for 9.1 series - Drop upstream patches - Add unit tests * Wed Jul 27 2016 Remi Collet - 0.90.5-1 - update to 0.90.5 https://github.com/glpi-project/glpi/issues?q=milestone:0.90.5 * Sat Jul 23 2016 Remi Collet - 0.90.4-2 - fix regression in document form, adding upstream patch * Tue Jul 19 2016 Remi Collet - 0.90.4-1 - update to 0.90.4 https://github.com/glpi-project/glpi/issues?q=milestone:0.90.4 * Wed Jun 22 2016 Remi Collet - 0.90.3-2 - add upstream patch, drop dependency on zend-version * Tue Apr 12 2016 Remi Collet - 0.90.3-1 - update to 0.90.3 https://github.com/glpi-project/glpi/issues?q=milestone:0.90.3 * Tue Apr 5 2016 Remi Collet - 0.90.2-2 - fix logrotate configuration for recent version * Fri Apr 1 2016 Remi Collet - 0.90.2-1 - update to 0.90.2 * Thu Mar 24 2016 Remi Collet - 0.90.1-4 - add upstream patch to fix compatibility with ZF 2.5 - recommend APCu * Thu Feb 18 2016 Remi Collet - 0.90.1-3 - fix Zend autoloader (to allow ZF 2.5) * Fri Nov 27 2015 Remi Collet - 0.90.1-1 - update to 0.90.1 * Thu Oct 8 2015 Remi Collet - 0.90-1 - update to 0.90 * Tue Oct 6 2015 Remi Collet - 0.90-0.1.RC2 - update to 0.90-RC2 * Wed Sep 16 2015 Remi Collet - 0.85.5-1 - update to 0.85.5 https://github.com/glpi-project/glpi/issues?q=milestone:0.85.5 - use system ircmaxell/password-compat * Wed Jun 3 2015 Remi Collet - 0.85.4-2 - switch from eZ component to Zeta component * Mon May 4 2015 Remi Collet - 0.85.4-1 - update to 0.85.4 https://forge.indepnet.net/versions/1136 - fix SELinux context on EL-5 * Fri Apr 17 2015 Remi Collet - 0.85.3-1 - update to 0.85.3 https://forge.indepnet.net/versions/1118 * Fri Feb 27 2015 Remi Collet - 0.85.2-2 - add security fix https://forge.indepnet.net/issues/5218 - add fix for temporary directory relocation * Wed Jan 21 2015 Remi Collet - 0.85.2-1 - update to 0.85.2 https://forge.indepnet.net/versions/1110 * Mon Dec 22 2014 Remi Collet - 0.85.1-2 - increase system cron frequency and limit - cleanup patched files * Wed Dec 17 2014 Remi Collet - 0.85.1-1 - update to 0.85.1 0.85 https://forge.indepnet.net/versions/539 0.85.1 https://forge.indepnet.net/versions/1071 - drop dependency on pear/Cache_Lite - add dependency on php-tcpdf * Fri Nov 7 2014 Remi Collet - 0.84.8-2 - use httpd_var_lib_t selinux context for /var/lib/glpi - don't rely on system selinux policy in EPEL-7 - fix apache configuration when mod_php not enabled * Fri Oct 17 2014 Remi Collet - 0.84.8-1 - update to 0.84.8 https://forge.indepnet.net/versions/1072 * Sun Oct 5 2014 Remi Collet - 0.84.7-2 - provide nginx configuration (Fedora >= 21) - rely on system SELinux policy (Fedora >= 20, EPEL-7) * Fri Jul 11 2014 Remi Collet - 0.84.7-1 - update to 0.84.7 https://forge.indepnet.net/versions/1068 * Wed Jun 18 2014 Remi Collet - 0.84.6-1 - update to 0.84.6 https://forge.indepnet.net/versions/1028 * Wed Feb 26 2014 Remi Collet - 0.84.5-1 - update to 0.84.5 https://forge.indepnet.net/projects/glpi/versions/1011 * Wed Jan 22 2014 Remi Collet - 0.84.4-1 - update to 0.84.4 https://forge.indepnet.net/projects/glpi/versions/993 * Thu Nov 21 2013 Remi Collet - 0.84.3-2 - fix SELinux context #1032995 use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t * Sun Nov 3 2013 Remi Collet - 0.84.3-1 - update to 0.84.3 https://forge.indepnet.net/projects/glpi/versions/973 * Wed Oct 2 2013 Remi Collet - 0.84.2-1 - update to 0.84.2 - add upstream patch for Zend autoload - use system ZendFramework2 and SimplePie * Thu Sep 12 2013 Remi Collet - 0.83.9.1-4 - restrict access for install to local for security * Fri Aug 23 2013 Remi Collet - 0.83.9.1-3 - drop bundled Flash files files, #1000251 * Sat Jul 27 2013 Jóhann B. Guðmundsson - 0.83.9.1-2 - Add a missing requirement on crontabs to spec file * Tue Jun 25 2013 Remi Collet - 0.83.9.1-1 - version 0.83.91 released (security) https://forge.indepnet.net/versions/show/928 * Thu Jun 20 2013 Remi Collet - 0.83.9-1 - version 0.83.9 released (security and bugfix) https://forge.indepnet.net/projects/glpi/versions/915 * Tue Apr 2 2013 Remi Collet - 0.83.8-1 - version 0.83.8 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/866 * Wed Feb 13 2013 Fedora Release Engineering - 0.83.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Dec 4 2012 Remi Collet - 0.83.7-1 - version 0.83.7 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/843 * Tue Oct 16 2012 Remi Collet - 0.83.6-1 - version 0.83.6 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/841 * Tue Oct 9 2012 Remi Collet - 0.83.5-1 - version 0.83.5 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/800 * Fri Jul 27 2012 Remi Collet - 0.83.4-1 - version 0.83.4 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/777 * Thu Jul 19 2012 Fedora Release Engineering - 0.83.3.1-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jul 12 2012 Remi Collet - 0.83.3.1-1 - version 0.83.3 released (bugfix + security) https://forge.indepnet.net/projects/glpi/versions/771 - new dependency on htmLawed * Thu May 31 2012 Remi Collet - 0.83.2-1 - version 0.83.2 released https://forge.indepnet.net/projects/glpi/versions/750 * Thu Apr 19 2012 Remi Collet - 0.83.1-2 - fix cron patch * Wed Apr 18 2012 Remi Collet - 0.83.1-1 - version 0.83.1 released 0.83.1 https://forge.indepnet.net/projects/glpi/versions/696 0.83 https://forge.indepnet.net/projects/glpi/versions/538 - adapt config for httpd 2.4 * Thu Feb 09 2012 Remi Collet - 0.80.7-1 - version 0.80.7 released (security) https://forge.indepnet.net/projects/glpi/versions/685 * Thu Jan 05 2012 Remi Collet - 0.80.6.1-1 - version 0.80.61 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/677 * Thu Jan 05 2012 Remi Collet - 0.80.6-1 - version 0.80.6 released (bugfix) https://forge.indepnet.net/projects/glpi/versions/657 - add patch for https://forge.indepnet.net/issues/3299 * Wed Nov 30 2011 Remi Collet - 0.80.5-1 - version 0.80.5 released (bugfix) 0.80.5 https://forge.indepnet.net/projects/glpi/versions/643 0.80.4 https://forge.indepnet.net/projects/glpi/versions/632 0.80.3 https://forge.indepnet.net/projects/glpi/versions/621 0.80.2 https://forge.indepnet.net/projects/glpi/versions/605 0.80.1 https://forge.indepnet.net/projects/glpi/versions/575 0.80 https://forge.indepnet.net/projects/glpi/versions/466 - increase cron run frequency (3 tasks each 3 minutes) * Sun Jul 24 2011 Remi Collet - 0.78.5-3.svn14966 - use system EZC only if available (not in EL-5) * Fri Jul 22 2011 Remi Collet - 0.78.5-2.svn14966 - bug and security fix from SVN. * Sat Jun 11 2011 Remi Collet - 0.78.5-1 - version 0.78.5 released * Tue Feb 08 2011 Fedora Release Engineering - 0.72.4-4.svn11497 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu May 20 2010 Remi Collet - 0.72.4-3.svn11497 - use system phpCAS instead of bundled copy - minor bug fixes from SVN * Mon Mar 22 2010 Remi Collet - 0.72.4-2.svn11035 - update embedded phpCAS to 1.1.0RC7 (security fix - #575906) * Tue Mar 2 2010 Remi Collet - 0.72.4-1 - update to 0.72.4 * Tue Oct 27 2009 Remi Collet - 0.72.3-1 - update to 0.72.3 * Wed Sep 09 2009 Remi Collet - 0.72.2.1-1 - update to 0.72.21 * Tue Aug 18 2009 Remi Collet - 0.72.1-1.svn8743 - update to 0.72.1 svn revision 8743 - use system PHPMailer - now requires php > 5 * Fri Jul 24 2009 Fedora Release Engineering - 0.71.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue Jun 02 2009 Remi Collet - 0.71.6-1 - update to 0.71.6 (Bugfix Release) * Fri May 22 2009 Remi Collet - 0.71.5-4 - post 0.71.5 patches (7910=>8321) * Sun Apr 26 2009 Remi Collet - 0.71.5-3 - post 0.71.5 patches (7910=>8236) * Tue Feb 24 2009 Fedora Release Engineering - 0.71.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Jan 26 2009 Remi Collet - 0.71.5-1 - update to 0.71.5 (Fix regression in 0.71.4) * Mon Jan 26 2009 Remi Collet - 0.71.4-1 - update to 0.71.4 (Security Release) * Sun Nov 30 2008 Remi Collet - 0.71.3-1 - update to 0.71.3 (bugfix release) * Sun Sep 28 2008 Remi Collet - 0.71.2-1.el4.1 - Fix MySQL 4.1 compatibility issue * Mon Sep 15 2008 Remi Collet - 0.71.2-1 - update to 0.71.2 bugfix * Sat Aug 09 2008 Remi Collet - 0.71.1-2 - fix SElinux bug on install test (glpi-check.patch) - add create option on logrotate conf * Fri Aug 01 2008 Remi Collet - 0.71.1-1 - update to 0.71.1 bugfix - use system cron - increase memory_limit / max_execution_time for upgrade * Fri Jul 11 2008 Remi Collet - 0.71-1 - update to 0.71 stable - fix bug #452353 (selinux) * Fri Apr 25 2008 Remi Collet - 0.70.2-3 - remplace module policy by simple semanage (#442706) * Mon Jan 28 2008 Remi Collet - 0.70.2-2 - rebuild (fix sources tarball) * Sun Jan 27 2008 Remi Collet - 0.70.2-1 - bugfixes update * Tue Jan 15 2008 Remi Collet - 0.70.1a-1 - update * Sun Jan 13 2008 Remi Collet - 0.70.1-2 - fix typo in lang files * Sun Jan 13 2008 Remi Collet - 0.70.1-1 - update to 0.70.1 (0.70 + bugfixes) * Thu Jan 03 2008 Remi Collet - 0.70-4 - Changeset 6226 + 6228 - disable SELinux in EL-5 * Sat Dec 29 2007 Remi Collet - 0.70-3 - Changeset 6191 + 6194 + 6196 * Fri Dec 28 2007 Remi Collet - 0.70-2 - Changeset 6190 * Fri Dec 21 2007 Remi Collet - 0.70-1 - 0.70 final * Fri Nov 16 2007 Remi Collet - 0.70-0.4.rc3 - Release Candidate 3 * Thu Nov 01 2007 Remi Collet - 0.70-0.3.rc2 - correct source * Thu Nov 01 2007 Remi Collet - 0.70-0.2.rc2 - Release Candidate 2 * Mon Oct 08 2007 Remi Collet - 0.70-0.2.rc1 - From review #322781 : fix Source0 and macros - Requires php-domxml for EL4 * Sun Sep 30 2007 Remi Collet - 0.70-0.1.rc1 - GLPI Version 0.7-RC1 - initial SPEC for Fedora Review * Thu May 03 2007 Remi Collet - 0.70-0.beta.20070503 - initial RPM