[Pkg-owncloud-maintainers] Bug#781274: (pre-approval) unblock: owncloud/7.0.4+dfsg-3
David Prévot
taffit at debian.org
Thu Mar 26 19:26:37 UTC 2015
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Please pre-approve an unblock for the owncloud package
It cherry-picks three security fixes from the recently released 7.0.5
version (already in experimental):
owncloud (7.0.4+dfsg-3) unstable; urgency=medium
* Add gbp config file to follow the jessie branch
* Backport security fixes from 7.0.5:
- Multiple stored XSS in "contacts" application [OC-SA-2015-001]
- Multiple stored XSS in "documents" application [OC-SA-2015-002]
- Bypass of file blacklist [OC-SA-2015-004]
* Run upgrade script with sudo as www-data user
* Depend on php5-cli (it is actually used in postinst)
-- David Prévot <taffit at debian.org> Wed, 25 Mar 2015 16:20:32 -0400
I’d also like to shim in two other small changes:
- the upgrade script should be run as the same user as the installed
data, i.e., www-data by default, instead of root: this recommendation
has recently been enforced upstream since the upgrade process may
touch data files on top of the potential database changes;
- since the php CLI is called during postinst, php5-cli should be a
dependency instead of a recommendation (the README.Debian change just
drops the now useless explanation why php5-cli was recommended).
The attached debdiff stripes away the webodf.js changes from the
cherry-picked commit from upstream: this minified JavaScript files is
anyway regenerated at build time and is thus not the file included in
the actual binary package.
unblock owncloud/7.0.4+dfsg-3
Thanks in advance
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oc.diff
Type: text/x-diff
Size: 12987 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-owncloud-maintainers/attachments/20150326/16e44689/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-owncloud-maintainers/attachments/20150326/16e44689/attachment.sig>
More information about the Pkg-owncloud-maintainers
mailing list