[moodle/f17] 2.2.7, Fix for CVE-2012-6087.
Jon Ciesla
limb at fedoraproject.org
Tue Jan 15 17:12:08 UTC 2013
commit 655ec3080d6e839e9fd55170f0da9959235d8a2d
Author: Jon Ciesla <limburgher at gmail.com>
Date: Tue Jan 15 11:09:07 2013 -0600
2.2.7, Fix for CVE-2012-6087.
moodle-CVE-2012-6087.patch | 11 +++++++++++
moodle.spec | 9 +++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
---
diff --git a/moodle-CVE-2012-6087.patch b/moodle-CVE-2012-6087.patch
new file mode 100644
index 0000000..0a52b9b
--- /dev/null
+++ b/moodle-CVE-2012-6087.patch
@@ -0,0 +1,11 @@
+--- repository/s3/S3.php~ 2013-01-11 15:23:29.000000000 -0600
++++ repository/s3/S3.php 2013-01-15 10:44:57.970002263 -0600
+@@ -1809,7 +1809,7 @@
+ if (S3::$useSSL)
+ {
+ // SSL Validation can now be optional for those with broken OpenSSL installations
+- curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, S3::$useSSLValidation ? 1 : 0);
++ curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, S3::$useSSLValidation ? 2 : 0);
+ curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, S3::$useSSLValidation ? 1 : 0);
+
+ if (S3::$sslKey !== null) curl_setopt($curl, CURLOPT_SSLKEY, S3::$sslKey);
diff --git a/moodle.spec b/moodle.spec
index e6f51a0..0b0ebe4 100644
--- a/moodle.spec
+++ b/moodle.spec
@@ -6,7 +6,7 @@
%define __perl_provides %{nil}
Name: moodle
-Version: 2.2.6
+Version: 2.2.7
Release: 1%{?dist}
Summary: A Course Management System
@@ -20,6 +20,7 @@ Source3: moodle.cron
Source4: moodle-cron
Source5: moodle.init
Source6: moodle-README-rpm
+Patch0: moodle-CVE-2012-6087.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -54,6 +55,7 @@ effective online learning communities.
%setup -q -n %{name}
cp %{SOURCE6} README-rpm
+%patch0 -p0
find . -type f \! -name \*.pl -exec chmod a-x {} \;
find . -name \*.cgi -exec chmod a+x {} \;
@@ -66,7 +68,7 @@ sed -i 's/\r//' lib/adodb/readme.txt
%build
-rm config-dist.php install.php tags filter/tex/mimetex.* filter/tex/README.mimetex
+rm config-dist.php install.php filter/tex/mimetex.* filter/tex/README.mimetex
# Get rid of language files in subordinate packages for languages not supported
# by moodle itself.
@@ -220,6 +222,9 @@ fi
%exclude %{moodlewebdir}/COPYING.txt
%changelog
+* Tue Jan 15 2013 Jon Ciesla <limburgher at gmail.com> - 2.2.7-1
+- Latest upstream, patch for CVE-2012-6087,
+
* Mon Nov 19 2012 Jon Ciesla <limburgher at gmail.com> - 2.2.6-1
- Security update, BZ 878132.
More information about the scm-commits
mailing list