[SCM] Debian packaging of libfcgi-perl branch, master, updated. debian/0.73-2-5-g2ebf795

Alessandro Ghedini al3xbio at gmail.com
Sun Sep 25 12:39:21 UTC 2011


The following commit has been merged in the master branch:
commit 97b49facb603b44e6c108fac496b35c9551116f9
Author: Alessandro Ghedini <al3xbio at gmail.com>
Date:   Sat Sep 24 20:17:08 2011 +0200

    Drop cve-2011-2766.patch (merged upstream)

diff --git a/debian/patches/cve-2011-2766.patch b/debian/patches/cve-2011-2766.patch
deleted file mode 100644
index a63694e..0000000
--- a/debian/patches/cve-2011-2766.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Description: replace testing of hash value with hash reference
- %hash is false if the hash hasn't been assigned to, *or* if the hash is simply
- empty. This causes the environment from the *second* request (that is, the
- environment produced by the first request) to be saved as default if the first
- request had empty environment. This way, request after the first can get
- access to credentials set up by the first request. badbadbad
- This is CVE-2011-2766.
-Author: chansen at cpan.org
-Bug: https://rt.cpan.org/Public/Bug/Display.html?id=68380
-Bug-Debian: http://bugs.debian.org/607479
-
---- a/FCGI.PL
-+++ b/FCGI.PL
-@@ -295,14 +295,14 @@ sub Request(;***$*$) {
- 
- sub accept() {
-     warn "accept called as a method; you probably wanted to call Accept" if @_;
--    if (%FCGI::ENV) {
--        %ENV = %FCGI::ENV;
-+    if ( defined($FCGI::ENV) ) {
-+        %ENV = %$FCGI::ENV;
-     } else {
--        %FCGI::ENV = %ENV;
-+        $FCGI::ENV = {%ENV};
-     }
-     my $rc = Accept($global_request);
--    for (keys %FCGI::ENV) {
--        $ENV{$_} = $FCGI::ENV{$_} unless exists $ENV{$_};
-+    for (keys %$FCGI::ENV) {
-+        $ENV{$_} = $FCGI::ENV->{$_} unless exists $ENV{$_};
-     }
- 
-     # not SFIO
-@@ -314,7 +314,7 @@ sub accept() {
- 
- sub finish() {
-     warn "finish called as a method; you probably wanted to call Finish" if @_;
--    %ENV = %FCGI::ENV if %FCGI::ENV;
-+    %ENV = %$FCGI::ENV if defined($FCGI::ENV);
- 
-     # not SFIO
-     if (tied (*STDIN)) {
diff --git a/debian/patches/series b/debian/patches/series
index 016c835..a6b8568 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
-cve-2011-2766.patch
 fix-pod-error.patch

-- 
Debian packaging of libfcgi-perl



More information about the Pkg-perl-cvs-commits mailing list