[moodle/f17] 2.2.7, Fix for CVE-2012-6087.

Jon Ciesla limb at fedoraproject.org
Tue Jan 15 17:12:08 UTC 2013 

commit 655ec3080d6e839e9fd55170f0da9959235d8a2d
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Tue Jan 15 11:09:07 2013 -0600

    2.2.7, Fix for CVE-2012-6087.

 moodle-CVE-2012-6087.patch |   11 +++++++++++
 moodle.spec                |    9 +++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)
---
diff --git a/moodle-CVE-2012-6087.patch b/moodle-CVE-2012-6087.patch
new file mode 100644
index 0000000..0a52b9b
--- /dev/null
+++ b/moodle-CVE-2012-6087.patch
@@ -0,0 +1,11 @@
+--- repository/s3/S3.php~	2013-01-11 15:23:29.000000000 -0600
++++ repository/s3/S3.php	2013-01-15 10:44:57.970002263 -0600
+@@ -1809,7 +1809,7 @@
+ 		if (S3::$useSSL)
+ 		{
+ 			// SSL Validation can now be optional for those with broken OpenSSL installations
+-			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, S3::$useSSLValidation ? 1 : 0);
++			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, S3::$useSSLValidation ? 2 : 0);
+ 			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, S3::$useSSLValidation ? 1 : 0);
+ 
+ 			if (S3::$sslKey !== null) curl_setopt($curl, CURLOPT_SSLKEY, S3::$sslKey);
diff --git a/moodle.spec b/moodle.spec
index e6f51a0..0b0ebe4 100644
--- a/moodle.spec
+++ b/moodle.spec
@@ -6,7 +6,7 @@
 %define __perl_provides %{nil}
 
 Name:           moodle
-Version:        2.2.6
+Version:        2.2.7
 Release:       	1%{?dist}
 Summary:        A Course Management System
 
@@ -20,6 +20,7 @@ Source3:        moodle.cron
 Source4:        moodle-cron
 Source5:        moodle.init
 Source6:        moodle-README-rpm
+Patch0:         moodle-CVE-2012-6087.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
 
@@ -54,6 +55,7 @@ effective online learning communities.
 %setup -q -n %{name}
 cp %{SOURCE6} README-rpm
 
+%patch0 -p0
 
 find . -type f \! -name \*.pl -exec chmod a-x {} \;
 find . -name \*.cgi -exec chmod a+x {} \;
@@ -66,7 +68,7 @@ sed -i 's/\r//' lib/adodb/readme.txt
 
 
 %build
-rm config-dist.php install.php tags filter/tex/mimetex.* filter/tex/README.mimetex
+rm config-dist.php install.php filter/tex/mimetex.* filter/tex/README.mimetex
 
 # Get rid of language files in subordinate packages for languages not supported
 # by moodle itself.
@@ -220,6 +222,9 @@ fi
 %exclude %{moodlewebdir}/COPYING.txt
 
 %changelog
+* Tue Jan 15 2013 Jon Ciesla <limburgher at gmail.com> - 2.2.7-1
+- Latest upstream, patch for CVE-2012-6087,
+
 * Mon Nov 19 2012 Jon Ciesla <limburgher at gmail.com> - 2.2.6-1
 - Security update, BZ 878132.

More information about the scm-commits mailing list