From: Arkadiusz Miśkiewicz Date: Sun, 22 May 2011 17:50:41 +0000 (+0000) Subject: - up to 1.4.5; fixes CVE-2011-1928 X-Git-Tag: auto/th/apr-1_4_5-1 X-Git-Url: http://git.pld-linux.org/?p=packages%2Fapr.git;a=commitdiff_plain;h=2a3c9da39894d645089c016023669ce6af4d8d64 - up to 1.4.5; fixes CVE-2011-1928 Changed files: apr-1.4.4-fnmatch.patch -> 1.2 apr.spec -> 1.97 --- diff --git a/apr-1.4.4-fnmatch.patch b/apr-1.4.4-fnmatch.patch deleted file mode 100644 index c4db558..0000000 --- a/apr-1.4.4-fnmatch.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -ur apr-1.4.4-orig/strings/apr_fnmatch.c apr-1.4.4/strings/apr_fnmatch.c ---- apr-1.4.4-orig/strings/apr_fnmatch.c 2011-05-03 06:51:24.000000000 +0200 -+++ apr-1.4.4/strings/apr_fnmatch.c 2011-05-19 20:50:52.042450131 +0200 -@@ -196,8 +196,11 @@ - const char *mismatch = NULL; - int matchlen = 0; - -- while (*pattern) -- { -+ if (*pattern == '*') -+ goto firstsegment; -+ -+ while (*pattern && *string) -+ { - /* Match balanced slashes, starting a new segment pattern - */ - if (slash && escape && (*pattern == '\\') && (pattern[1] == '/')) -@@ -207,6 +210,7 @@ - ++string; - } - -+firstsegment: - /* At the beginning of each segment, validate leading period behavior. - */ - if ((flags & APR_FNM_PERIOD) && (*string == '.')) -@@ -361,9 +365,9 @@ - return APR_FNM_NOMATCH; - } - -- /* pattern is at EOS; if string is also, declare success -+ /* Where both pattern and string are at EOS, declare success - */ -- if (!*string) -+ if (!*string && !*pattern) - return 0; - - /* pattern didn't match to the end of string */ -Tylko w apr-1.4.4/strings: apr_fnmatch.c~ diff --git a/apr.spec b/apr.spec index e83709f..c8d6d03 100644 --- a/apr.spec +++ b/apr.spec @@ -5,18 +5,17 @@ Summary: Apache Portable Runtime Summary(pl.UTF-8): Apache Portable Runtime - przenośna biblioteka uruchomieniowa Name: apr -Version: 1.4.4 -Release: 3 +Version: 1.4.5 +Release: 1 Epoch: 1 License: Apache v2.0 Group: Libraries Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2 -# Source0-md5: daf5487c82dd7bec9c005c96f8cb01b1 +# Source0-md5: 8b53f5a5669d0597f2da889a2f576eb6 Patch0: %{name}-link.patch Patch1: %{name}-libtool.patch # disable some things that require recent kernel Patch2: %{name}-disable-features.patch -Patch3: %{name}-1.4.4-fnmatch.patch URL: http://apr.apache.org/ BuildRequires: autoconf >= 2.59 BuildRequires: automake @@ -102,7 +101,6 @@ Statyczna biblioteka apr. %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 cat >> config.layout <<'EOF'