[moodle/f16] 2.1.10, CVE-2012-6087 fix.

Jon Ciesla limb at fedoraproject.org
Tue Jan 15 17:26:12 UTC 2013 

commit 1c0e9bf450de05a324936c76a7a525157f9dd0bb
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Tue Jan 15 11:23:28 2013 -0600

    2.1.10, CVE-2012-6087 fix.

 .gitignore                 |    1 +
 moodle-CVE-2012-6087.patch |   11 +++++++++++
 moodle.spec                |    9 +++++++--
 sources                    |    2 +-
 4 files changed, 20 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5888cc2..d277c7a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -265,3 +265,4 @@ zh_tw_utf8.zip
 /moodle-2.0.10.tgz
 /moodle-2.1.8.tgz
 /moodle-2.1.9.tgz
+/moodle-2.1.10.tgz
diff --git a/moodle-CVE-2012-6087.patch b/moodle-CVE-2012-6087.patch
new file mode 100644
index 0000000..f5ebaef
--- /dev/null
+++ b/moodle-CVE-2012-6087.patch
@@ -0,0 +1,11 @@
+--- repository/s3/S3.php~	2013-01-11 15:18:31.000000000 -0600
++++ repository/s3/S3.php	2013-01-15 11:17:53.538958183 -0600
+@@ -1140,7 +1140,7 @@
+ 		curl_setopt($curl, CURLOPT_USERAGENT, 'S3/php');
+ 
+ 		if (S3::$useSSL) {
+-			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
++			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
+ 			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
+ 		}
+ 
diff --git a/moodle.spec b/moodle.spec
index 7c2c481..85ff744 100644
--- a/moodle.spec
+++ b/moodle.spec
@@ -6,7 +6,7 @@
 %define __perl_provides %{nil}
 
 Name:           moodle
-Version:        2.1.9
+Version:        2.1.10
 Release:       	1%{?dist}
 Summary:        A Course Management System
 
@@ -20,6 +20,7 @@ Source3:        moodle.cron
 Source4:        moodle-cron
 Source5:        moodle.init
 Source6:        moodle-README-rpm
+Patch0:         moodle-CVE-2012-6087.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
 
@@ -48,6 +49,7 @@ effective online learning communities.
 %setup -q -n %{name}
 cp %{SOURCE6} README-rpm
 
+%patch0 -p0
 
 find . -type f \! -name \*.pl -exec chmod a-x {} \;
 find . -name \*.cgi -exec chmod a+x {} \;
@@ -60,7 +62,7 @@ sed -i 's/\r//' lib/mp3player/readme.txt
 
 
 %build
-rm config-dist.php install.php tags filter/tex/mimetex.* filter/tex/README.mimetex
+rm config-dist.php install.php filter/tex/mimetex.* filter/tex/README.mimetex
 
 # Get rid of language files in subordinate packages for languages not supported
 # by moodle itself.
@@ -178,6 +180,9 @@ fi
 %exclude %{moodlewebdir}/COPYING.txt
 
 %changelog
+* Tue Jan 15 2013 Jon Ciesla <limburgher at gmail.com> - 2.1.10-1
+- Latest upstream, patch for CVE-2012-6087.
+
 * Mon Nov 19 2012 Jon Ciesla <limburgher at gmail.com> - 2.1.9-1
 - Security update, BZ 878132.
 
diff --git a/sources b/sources
index a4ede3d..59da527 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-8256f08f4f56096e12762a9084f64602  moodle-2.1.9.tgz
+bdb967398ab9e5bd04e46f3b2b91c2f1  moodle-2.1.10.tgz

More information about the scm-commits mailing list