[moodle/f16] 2.1.10, CVE-2012-6087 fix.
Jon Ciesla
limb at fedoraproject.org
Tue Jan 15 17:26:12 UTC 2013
commit 1c0e9bf450de05a324936c76a7a525157f9dd0bb
Author: Jon Ciesla <limburgher at gmail.com>
Date: Tue Jan 15 11:23:28 2013 -0600
2.1.10, CVE-2012-6087 fix.
.gitignore | 1 +
moodle-CVE-2012-6087.patch | 11 +++++++++++
moodle.spec | 9 +++++++--
sources | 2 +-
4 files changed, 20 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5888cc2..d277c7a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -265,3 +265,4 @@ zh_tw_utf8.zip
/moodle-2.0.10.tgz
/moodle-2.1.8.tgz
/moodle-2.1.9.tgz
+/moodle-2.1.10.tgz
diff --git a/moodle-CVE-2012-6087.patch b/moodle-CVE-2012-6087.patch
new file mode 100644
index 0000000..f5ebaef
--- /dev/null
+++ b/moodle-CVE-2012-6087.patch
@@ -0,0 +1,11 @@
+--- repository/s3/S3.php~ 2013-01-11 15:18:31.000000000 -0600
++++ repository/s3/S3.php 2013-01-15 11:17:53.538958183 -0600
+@@ -1140,7 +1140,7 @@
+ curl_setopt($curl, CURLOPT_USERAGENT, 'S3/php');
+
+ if (S3::$useSSL) {
+- curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
++ curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
+ curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
+ }
+
diff --git a/moodle.spec b/moodle.spec
index 7c2c481..85ff744 100644
--- a/moodle.spec
+++ b/moodle.spec
@@ -6,7 +6,7 @@
%define __perl_provides %{nil}
Name: moodle
-Version: 2.1.9
+Version: 2.1.10
Release: 1%{?dist}
Summary: A Course Management System
@@ -20,6 +20,7 @@ Source3: moodle.cron
Source4: moodle-cron
Source5: moodle.init
Source6: moodle-README-rpm
+Patch0: moodle-CVE-2012-6087.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -48,6 +49,7 @@ effective online learning communities.
%setup -q -n %{name}
cp %{SOURCE6} README-rpm
+%patch0 -p0
find . -type f \! -name \*.pl -exec chmod a-x {} \;
find . -name \*.cgi -exec chmod a+x {} \;
@@ -60,7 +62,7 @@ sed -i 's/\r//' lib/mp3player/readme.txt
%build
-rm config-dist.php install.php tags filter/tex/mimetex.* filter/tex/README.mimetex
+rm config-dist.php install.php filter/tex/mimetex.* filter/tex/README.mimetex
# Get rid of language files in subordinate packages for languages not supported
# by moodle itself.
@@ -178,6 +180,9 @@ fi
%exclude %{moodlewebdir}/COPYING.txt
%changelog
+* Tue Jan 15 2013 Jon Ciesla <limburgher at gmail.com> - 2.1.10-1
+- Latest upstream, patch for CVE-2012-6087.
+
* Mon Nov 19 2012 Jon Ciesla <limburgher at gmail.com> - 2.1.9-1
- Security update, BZ 878132.
diff --git a/sources b/sources
index a4ede3d..59da527 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-8256f08f4f56096e12762a9084f64602 moodle-2.1.9.tgz
+bdb967398ab9e5bd04e46f3b2b91c2f1 moodle-2.1.10.tgz
More information about the scm-commits
mailing list