Hello community, here is the log from the commit of package matomo for openSUSE:Factory checked in at 2019-10-30 14:49:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/matomo (Old) and /work/SRC/openSUSE:Factory/.matomo.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matomo" Wed Oct 30 14:49:12 2019 rev:17 rq:744178 version:3.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/matomo/matomo.changes 2019-07-26 12:42:29.861852341 +0200 +++ /work/SRC/openSUSE:Factory/.matomo.new.2990/matomo.changes 2019-10-30 14:49:24.318283502 +0100 @@ -1,0 +2,39 @@ +Wed Oct 30 11:42:55 UTC 2019 - ec...@opensuse.org + +- Fix wrong permission for directory js. +- Use original source file. + +------------------------------------------------------------------- +Wed Oct 30 09:37:33 UTC 2019 - Mathias Homann <mathias.hom...@opensuse.org> + +- piwik.js needs to be writable, too + +------------------------------------------------------------------- +Wed Oct 30 09:34:03 UTC 2019 - Mathias Homann <mathias.hom...@opensuse.org> + +- more permission fixes + * matomo.js needs to be owned by the apache user so that plugins can + rewrite it if required + * new md5sum for global.ini.php + +------------------------------------------------------------------- +Wed Oct 30 07:59:19 UTC 2019 - Mathias Homann <mathias.hom...@opensuse.org> + +- disabled the auto updater, doesn't work with this set of permissions + + +------------------------------------------------------------------- +Wed Oct 30 07:45:02 UTC 2019 - Mathias Homann <mathias.hom...@opensuse.org> + +- Update to 3.12.0 + * new comarison feature for date ranges and visitor segments + * several significant performance improvements, usability improvements and fixes to security issues + * full changelog is at https://matomo.org/changelog/matomo-3-12-0/ + +------------------------------------------------------------------- +Mon Oct 21 18:39:50 UTC 2019 - Mathias Homann <mathias.hom...@opensuse.org> + +- Security fix: BSC#1154324 + * Have as little as possible owned by, and writable for, the apache user + +------------------------------------------------------------------- Old: ---- matomo-3.11.0.tar.gz New: ---- matomo-3.12.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ matomo.spec ++++++ --- /var/tmp/diff_new_pack.HktkHz/_old 2019-10-30 14:49:26.518285841 +0100 +++ /var/tmp/diff_new_pack.HktkHz/_new 2019-10-30 14:49:26.522285845 +0100 @@ -31,7 +31,7 @@ %endif Name: matomo -Version: 3.11.0 +Version: 3.12.0 Release: 0 Summary: Web analytics platform License: GPL-3.0-or-later @@ -94,6 +94,12 @@ find . -type f "(" -name "*.c" -o -name "*.h" -o -name "*.js.orig" ")" -delete # env-script-interpreter find . -type f -exec sed -i -e 's|\/usr\/bin\/env php|\/usr\/bin\/php|g' {} + + +# +# disable the auto updater, it can't work properly with the new, more secure permissions and is a bad idea on a RPM based setup anyways. +# +sed -i '/enable_auto_update/s/1$/0/' config/global.ini.php + # # Fix integrity check triggered from fix of rpmlint errors. # Drop moved files @@ -102,7 +108,7 @@ sed -i "/\W\"${i}\"\W/d" config/manifest.inc.php done # Insert new hashes for chanded files -for file in console 'vendor/leafo/lessphp/plessc' 'vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.php' +for file in console 'vendor/leafo/lessphp/plessc' 'vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.php' 'config/global.ini.php' do size=$(ls -l $file | awk '{ print $5 }') checksum=$(md5sum $file | awk '{ print $1 }') @@ -116,6 +122,7 @@ %install # make directories install -d -m0755 %{buildroot}/%{ap_serverroot}/%{name} +install -d -m0755 %{buildroot}/%{ap_serverroot}/%{name}/tmp install -d -m0755 %{buildroot}/%{_sysconfdir}/%{name} install -d -m0755 %{buildroot}/%{_defaultdocdir}/%{name} # copy src from build to buildroot @@ -152,7 +159,8 @@ %service_add_pre matomo-archive.timer matomo-archive.service %post -chown -R %{ap_usr}:%{ap_grp} %{ap_serverroot}/%{name} +# BSC#1154324 +# # # chown -R %{ap_usr}:%{ap_grp} %{ap_serverroot}/%{name} %service_add_post matomo-archive.timer matomo-archive.service apache2.service # Update matomo if this is an upgrade $1 == 2 echo "matomo: Update matomo:core..." @@ -184,11 +192,19 @@ %{_unitdir}/%{name}-archive.timer %dir %attr(0750,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name} %dir %attr(0750,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/environment -%defattr(640,%{ap_usr},%{ap_grp},750) +%attr(0640,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/*.php +%attr(0640,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/environment/*.php +%defattr(644,root,root,755) %dir %{ap_serverroot}/%{name} -%dir /var/log/%{name} +%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/js +%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc +%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/plugins +%dir %attr(0750,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/tmp +%dir %attr(0750,%{ap_usr},%{ap_grp}) /var/log/%{name} %config(noreplace) %attr(600,%{ap_usr},%{ap_grp}) %{_sysconfdir}/%{name}/*php %{_sysconfdir}/%{name}/environment/*php +%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/matomo.js +%attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/piwik.js %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/console %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/cron/archive.sh %attr(0770,%{ap_usr},%{ap_grp}) %{ap_serverroot}/%{name}/misc/log-analytics/import_logs.py ++++++ matomo-3.11.0.tar.gz -> matomo-3.12.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/matomo/matomo-3.11.0.tar.gz /work/SRC/openSUSE:Factory/.matomo.new.2990/matomo-3.12.0.tar.gz differ: char 5, line 1