[SCM] Debian packaging of libfcgi-perl branch, master, updated. debian/0.73-2-5-g2ebf795
Alessandro Ghedini
al3xbio at gmail.com
Sun Sep 25 12:39:21 UTC 2011
The following commit has been merged in the master branch:
commit 97b49facb603b44e6c108fac496b35c9551116f9
Author: Alessandro Ghedini <al3xbio at gmail.com>
Date: Sat Sep 24 20:17:08 2011 +0200
Drop cve-2011-2766.patch (merged upstream)
diff --git a/debian/patches/cve-2011-2766.patch b/debian/patches/cve-2011-2766.patch
deleted file mode 100644
index a63694e..0000000
--- a/debian/patches/cve-2011-2766.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Description: replace testing of hash value with hash reference
- %hash is false if the hash hasn't been assigned to, *or* if the hash is simply
- empty. This causes the environment from the *second* request (that is, the
- environment produced by the first request) to be saved as default if the first
- request had empty environment. This way, request after the first can get
- access to credentials set up by the first request. badbadbad
- This is CVE-2011-2766.
-Author: chansen at cpan.org
-Bug: https://rt.cpan.org/Public/Bug/Display.html?id=68380
-Bug-Debian: http://bugs.debian.org/607479
-
---- a/FCGI.PL
-+++ b/FCGI.PL
-@@ -295,14 +295,14 @@ sub Request(;***$*$) {
-
- sub accept() {
- warn "accept called as a method; you probably wanted to call Accept" if @_;
-- if (%FCGI::ENV) {
-- %ENV = %FCGI::ENV;
-+ if ( defined($FCGI::ENV) ) {
-+ %ENV = %$FCGI::ENV;
- } else {
-- %FCGI::ENV = %ENV;
-+ $FCGI::ENV = {%ENV};
- }
- my $rc = Accept($global_request);
-- for (keys %FCGI::ENV) {
-- $ENV{$_} = $FCGI::ENV{$_} unless exists $ENV{$_};
-+ for (keys %$FCGI::ENV) {
-+ $ENV{$_} = $FCGI::ENV->{$_} unless exists $ENV{$_};
- }
-
- # not SFIO
-@@ -314,7 +314,7 @@ sub accept() {
-
- sub finish() {
- warn "finish called as a method; you probably wanted to call Finish" if @_;
-- %ENV = %FCGI::ENV if %FCGI::ENV;
-+ %ENV = %$FCGI::ENV if defined($FCGI::ENV);
-
- # not SFIO
- if (tied (*STDIN)) {
diff --git a/debian/patches/series b/debian/patches/series
index 016c835..a6b8568 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
-cve-2011-2766.patch
fix-pod-error.patch
--
Debian packaging of libfcgi-perl
More information about the Pkg-perl-cvs-commits
mailing list