[mongoose/f16] Add upstream patch to fix CVE-2011-2900 (729146)

Rafael Azenha Aquini aquini at fedoraproject.org
Sat Aug 27 22:03:24 UTC 2011 

commit 2f8e36ede0d08a18e327f3b8399ba56d39c02089
Author: Rafael Aquini <aquini at redhat.com>
Date:   Sat Aug 27 18:57:51 2011 -0300

    Add upstream patch to fix CVE-2011-2900 (729146)

 mongoose.spec |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/mongoose.spec b/mongoose.spec
index 7288f14..9d2f586 100644
--- a/mongoose.spec
+++ b/mongoose.spec
@@ -2,13 +2,17 @@ Name:      mongoose
 Group:     Applications/System 
 Summary:   An easy-to-use self-sufficient web server
 Version:   3.0
-Release:   1%{?dist}
+Release:   2%{?dist}
 License:   MIT
 URL:       http://code.google.com/p/mongoose
 Source0:   http://mongoose.googlecode.com/files/mongoose-%{version}.tgz
 Source1:   mongoose.conf
 BuildRequires: openssl-devel
 
+# FIX CVE-2011-2900
+# https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0#
+Patch0:    mongoose-fix-buffer-overflow-put_dir.patch
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -23,6 +27,7 @@ of demos, quick tests, file sharing, and Web programming.
 
 %prep
 %setup -q -n %{name}
+%patch0 -p1 -b .fixcve
 %{__install} -p -m 0644  %{SOURCE1} .
 
 %build
@@ -46,12 +51,18 @@ LIBV=$(find '%{_libdir}' | grep -E '/libssl.so.[0-9]?[0-9]?$' | sed -e 's!%{_lib
 %{_mandir}/man1/%{name}.1*
 
 %changelog
+* Sat Aug 27 2011 Rafael Azenha Aquini <aquini at linux dot com> - 3.0-2
+- Add upstream patch to fix CVE-2011-2900 (729146)
+
 * Mon Jul 25 2011 Rafael Azenha Aquini <aquini at linux dot com> - 3.0-1
 - Rebuilt for Fedora's inclusion, after scracth-build successful tests. 
 
 * Mon Jul 25 2011 Rafael Azenha Aquini <aquini at linux dot com> - 3.0-0
 - Packaged mongoose's upstream 3.0 release. 
 
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.11-1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
 * Tue Sep 28 2010 Rafael Azenha Aquini <aquini at linux dot com> - 2.11-0
 - Packaged the mongoose's upstream 2.11 release.

More information about the scm-commits mailing list