78cfa9cc40
Changelog: This release is a security release which addresses the following vulnerabilities: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin KopeÄ at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected.
17 lines
316 B
Text
17 lines
316 B
Text
#!@SH@
|
|
#
|
|
# $NetBSD: INSTALL,v 1.2 2016/01/30 23:54:20 ryoon Exp $
|
|
|
|
WWWGRP="@WWWGRP@"
|
|
WWWOWN="@WWWOWN@"
|
|
RT4DIR="@RT4DIR@"
|
|
RT4ETCDIR="@RT4ETCDIR@"
|
|
|
|
case "${STAGE}" in
|
|
POST-INSTALL)
|
|
cd ${RT4DIR} &&
|
|
${CHOWN} -R ${WWWOWN} ${RT4DIR} &&
|
|
${CHOWN} -R ${WWWOWN} ${RT4ETCDIR} &&
|
|
${CHGRP} -R ${WWWGRP} ${RT4DIR}
|
|
;;
|
|
esac
|