<div dir="ltr">This isn't a patch, this is a zip file.  Unrolling the zip over top of a pristine vtiger 5.4.0 and moving some files around (ConfigEditor, MailManager and Tooltip modules) reveals that this zip appears to be the most recent two changesets from vtigercrm/branches/5.4.0 [1].  If you download the unified diff [2] from Trac and make some replacements, you should be able to patch [3] an installation.  YMMV; I had several patch errors due to modifications in our fork.<div>

<br></div><div><div>[1] <a href="http://trac.vtiger.com/cgi-bin/trac.cgi/changeset?reponame=&new=13857%40vtigercrm%2Fbranches%2F5.4.0&old=13833%40vtigercrm%2Fbranches%2F5.4.0" target="_blank">http://trac.vtiger.com/cgi-bin/trac.cgi/changeset?reponame=&new=13857%40vtigercrm%2Fbranches%2F5.4.0&old=13833%40vtigercrm%2Fbranches%2F5.4.0</a><br>



</div><div>[2] <a href="http://trac.vtiger.com/cgi-bin/trac.cgi/changeset?format=diff&new=13857&old=13833&new_path=%2Fvtigercrm%2Fbranches%2F5.4.0&old_path=%2Fvtigercrm%2Fbranches%2F5.4.0" target="_blank">http://trac.vtiger.com/cgi-bin/trac.cgi/changeset?format=diff&new=13857&old=13833&new_path=%2Fvtigercrm%2Fbranches%2F5.4.0&old_path=%2Fvtigercrm%2Fbranches%2F5.4.0</a></div>



<div>[3] cat vtiger.patch | sed -f vtiger.sed | patch -p3</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 26, 2013 at 3:41 AM, Appu <span dir="ltr"><<a href="mailto:apparao@vtiger.com" target="_blank">apparao@vtiger.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><font color="#000000"><font face="verdana,sans-serif">Hi All,</font></font><div><font face="verdana, sans-serif"><br>
</font></div><div><font face="verdana, sans-serif">We released a security patch for 5.4.0 that fixes the following security issues.</font></div>


<div><ul><li><font face="verdana, sans-serif">Local File Inclusion</font></li>
                <li><font face="verdana, sans-serif">Local File Deletion</font></li>
                <li><font face="verdana, sans-serif">SQL Injection</font></li>
                <li><font face="verdana, sans-serif">PHP Code Injection</font></li>
                <li><font face="verdana, sans-serif">Cross site scripting</font></li>
                <li><font face="verdana, sans-serif">Arbitrary File Upload</font></li>
                <li><font face="verdana, sans-serif">Authentication Bypass vulnerabilities(SOAP API's)</font></li>
        </ul>


        <p><font face="verdana, sans-serif">We would like to thank </font><strong style="font-family:verdana,sans-serif">Nick Freeman</strong><span style="font-family:verdana,sans-serif"> from <a href="http://security-assessment.com" target="_blank">security-assessment.com</a> and </span><strong style="font-family:verdana,sans-serif">Egidio </strong><font face="verdana, sans-serif">for reporting these vulnerabilities. <br>



<br></font></p>


        <p><font face="verdana, sans-serif"><b>Download Links</b> :</font></p><p><font face="verdana, sans-serif"><a href="https://www.vtiger.com/crm/open-source-downloads/" target="_blank">https://www.vtiger.com/crm/open-source-downloads/</a> or</font></p>



<p><font face="verdana, sans-serif"><a href="http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/VtigerCRM540_Security_Patch.zip" target="_blank">http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/VtigerCRM540_Security_Patch.zip</a></font></p>



<p><br></p><div><div><div dir="ltr"><p><span style="font-family:verdana,sans-serif"><b><i>Note:</i></b> We recommend taking a backup of your source directory before you unpack the patch in the source directory.</span></p>






        <p><b style="font-family:verdana,sans-serif">  </b></p><font face="verdana, sans-serif"><span style="color:rgb(102,102,102)">Thanks,</span><br><font>Apparao G</font><br>
<br><b style="color:rgb(51,51,51)"><font style="color:rgb(102,102,102)"><img height="24" width="96"><font size="1">TEAM</font></font></b><br>
<br><b>Connect with us on: </b><a href="http://vtiger.com/" target="_blank">Website</a><b> </b><b>I</b> <a href="http://twitter.com/#%21/vtigercrm" target="_blank">Twitter</a> <b>I</b> <a href="http://www.facebook.com/pages/vtiger/226866697333578?sk=wall" target="_blank">Facebook</a> <b>I</b> <a href="http://blog.vtiger.com/" target="_blank">Blog</a><b> I</b> <a href="http://wiki.vtiger.com/index.php/Main_Page" target="_blank">Wiki</a> <b>I </b><a href="http://forums.vtiger.com/" target="_blank">Forums </a> </font><br>



<span style="color:rgb(102,102,102)"><span></span><b><span></span></b></span></div></div>
</div></div></div>
<br>_______________________________________________<br>
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br></div></div>