packages: apache-mod_perl/apache-mod_perl.spec, apache-mod_perl/apache-mod_...

Thu Oct 29 13:19:52 CET 2009

Author: arekm                        Date: Thu Oct 29 12:19:52 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 5; fix CVE-2009-0796; drop patches that weren't applied

---- Files affected:
packages/apache-mod_perl:
   apache-mod_perl.spec (1.175 -> 1.176) , apache-mod_perl-CVE-2009-0796.patch (NONE -> 1.1)  (NEW), apache-mod_perl-magic.patch (1.1 -> NONE)  (REMOVED), apache-mod_perl-path_info_secfix.patch (1.1 -> NONE)  (REMOVED)

---- Diffs:

================================================================
Index: packages/apache-mod_perl/apache-mod_perl.spec
diff -u packages/apache-mod_perl/apache-mod_perl.spec:1.175 packages/apache-mod_perl/apache-mod_perl.spec:1.176

--- packages/apache-mod_perl/apache-mod_perl.spec:1.175	Thu Oct 29 13:12:43 2009
+++ packages/apache-mod_perl/apache-mod_perl.spec	Thu Oct 29 13:19:46 2009
@@ -32,7 +32,7 @@
 Name:		apache-mod_perl
 %define	ver	2.0.4
 Version:	%{ver}
-Release:	4
+Release:	5
 Epoch:		1
 License:	Apache
 Group:		Networking/Daemons/HTTP
@@ -40,12 +40,8 @@
 # Source0-md5:	1a05625ae6843085f985f5da8214502a
 Source1:	%{name}.conf
 Patch0:		%{name}-Makefile_PL.patch
-Patch1:		%{name}-path_info_secfix.patch
-Patch2:		%{name}-magic.patch
+Patch1:		%{name}-CVE-2009-0796.patch
 URL:		http://perl.apache.org/
-# Fix in svn:
-# http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?view=log
-BuildRequires:	security(CVE-2009-0796)
 BuildRequires:	apache-devel >= 2.0.55-1
 BuildRequires:	apr-util-devel >= 1:1.0.0
 BuildRequires:	expat-devel
@@ -254,6 +250,7 @@
 %prep
 %setup -q -n mod_%{mod_name}-%{ver}
 %patch0 -p1
+%patch1 -p3
 
 %build
 %{__perl} Makefile.PL \
@@ -345,6 +342,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.176  2009/10/29 12:19:46  arekm
+- rel 5; fix CVE-2009-0796; drop patches that weren't applied
+
 Revision 1.175  2009/10/29 12:12:43  arekm
 - release 4
 

================================================================
Index: packages/apache-mod_perl/apache-mod_perl-CVE-2009-0796.patch
diff -u /dev/null packages/apache-mod_perl/apache-mod_perl-CVE-2009-0796.patch:1.1
--- /dev/null	Thu Oct 29 13:19:52 2009
+++ packages/apache-mod_perl/apache-mod_perl-CVE-2009-0796.patch	Thu Oct 29 13:19:46 2009
@@ -0,0 +1,47 @@
+--- perl/modperl/trunk/lib/Apache2/Status.pm	2007/12/31 08:05:11	607697
++++ perl/modperl/trunk/lib/Apache2/Status.pm	2009/04/01 15:39:56	760926
+@@ -29,7 +29,7 @@
+ 
+ use Apache2::Const -compile => qw(OK);
+ 
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+ 
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+ 
+@@ -126,7 +126,7 @@
+         $r->print(symdump($r, $qs));
+     }
+     else {
+-        my $uri = $r->uri;
++        my $uri = $r->location;
+         $r->print('<p>');
+         $r->print(
+             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@
+ sub status_inc {
+     my ($r) = @_;
+ 
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my @retval = (
+         '<table border="1">',
+         "<tr>",
+@@ -289,7 +289,7 @@
+     my ($r) = @_;
+ 
+     local $_;
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $cache = __PACKAGE__->registry_cache;
+ 
+     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@
+     my ($self, $package, $r) = @_;
+ 
+     my @m = qw(<table>);
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $is_main = $package eq "main";
+ 
+     my $do_dump = has($r, "dumper");
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/apache-mod_perl/apache-mod_perl.spec?r1=1.175&r2=1.176&f=u

