packages: apache-mod_perl/apache-mod_perl.spec, apache-mod_perl/apache-mod_...
arekm
arekm at pld-linux.org
Thu Oct 29 13:19:52 CET 2009
Author: arekm Date: Thu Oct 29 12:19:52 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 5; fix CVE-2009-0796; drop patches that weren't applied
---- Files affected:
packages/apache-mod_perl:
apache-mod_perl.spec (1.175 -> 1.176) , apache-mod_perl-CVE-2009-0796.patch (NONE -> 1.1) (NEW), apache-mod_perl-magic.patch (1.1 -> NONE) (REMOVED), apache-mod_perl-path_info_secfix.patch (1.1 -> NONE) (REMOVED)
---- Diffs:
================================================================
Index: packages/apache-mod_perl/apache-mod_perl.spec
diff -u packages/apache-mod_perl/apache-mod_perl.spec:1.175 packages/apache-mod_perl/apache-mod_perl.spec:1.176
--- packages/apache-mod_perl/apache-mod_perl.spec:1.175 Thu Oct 29 13:12:43 2009
+++ packages/apache-mod_perl/apache-mod_perl.spec Thu Oct 29 13:19:46 2009
@@ -32,7 +32,7 @@
Name: apache-mod_perl
%define ver 2.0.4
Version: %{ver}
-Release: 4
+Release: 5
Epoch: 1
License: Apache
Group: Networking/Daemons/HTTP
@@ -40,12 +40,8 @@
# Source0-md5: 1a05625ae6843085f985f5da8214502a
Source1: %{name}.conf
Patch0: %{name}-Makefile_PL.patch
-Patch1: %{name}-path_info_secfix.patch
-Patch2: %{name}-magic.patch
+Patch1: %{name}-CVE-2009-0796.patch
URL: http://perl.apache.org/
-# Fix in svn:
-# http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?view=log
-BuildRequires: security(CVE-2009-0796)
BuildRequires: apache-devel >= 2.0.55-1
BuildRequires: apr-util-devel >= 1:1.0.0
BuildRequires: expat-devel
@@ -254,6 +250,7 @@
%prep
%setup -q -n mod_%{mod_name}-%{ver}
%patch0 -p1
+%patch1 -p3
%build
%{__perl} Makefile.PL \
@@ -345,6 +342,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.176 2009/10/29 12:19:46 arekm
+- rel 5; fix CVE-2009-0796; drop patches that weren't applied
+
Revision 1.175 2009/10/29 12:12:43 arekm
- release 4
================================================================
Index: packages/apache-mod_perl/apache-mod_perl-CVE-2009-0796.patch
diff -u /dev/null packages/apache-mod_perl/apache-mod_perl-CVE-2009-0796.patch:1.1
--- /dev/null Thu Oct 29 13:19:52 2009
+++ packages/apache-mod_perl/apache-mod_perl-CVE-2009-0796.patch Thu Oct 29 13:19:46 2009
@@ -0,0 +1,47 @@
+--- perl/modperl/trunk/lib/Apache2/Status.pm 2007/12/31 08:05:11 607697
++++ perl/modperl/trunk/lib/Apache2/Status.pm 2009/04/01 15:39:56 760926
+@@ -29,7 +29,7 @@
+
+ use Apache2::Const -compile => qw(OK);
+
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+
+@@ -126,7 +126,7 @@
+ $r->print(symdump($r, $qs));
+ }
+ else {
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ $r->print('<p>');
+ $r->print(
+ map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@
+ sub status_inc {
+ my ($r) = @_;
+
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ my @retval = (
+ '<table border="1">',
+ "<tr>",
+@@ -289,7 +289,7 @@
+ my ($r) = @_;
+
+ local $_;
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ my $cache = __PACKAGE__->registry_cache;
+
+ my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@
+ my ($self, $package, $r) = @_;
+
+ my @m = qw(<table>);
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ my $is_main = $package eq "main";
+
+ my $do_dump = has($r, "dumper");
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/apache-mod_perl/apache-mod_perl.spec?r1=1.175&r2=1.176&f=u
More information about the pld-cvs-commit
mailing list