From 7dc59c34b0ef86d6ef229d10ffc314cbc1c8ccb9 Mon Sep 17 00:00:00 2001
From: jorton <jorton@fedoraproject.org>
Date: Dec 08 2009 17:08:18 +0000
Subject: - add security fix for CVE-2009-0796 (#544455)


---

diff --git a/mod_perl-2.0.4-CVE-2009-0796.patch b/mod_perl-2.0.4-CVE-2009-0796.patch
new file mode 100644
index 0000000..1a5f958
--- /dev/null
+++ b/mod_perl-2.0.4-CVE-2009-0796.patch
@@ -0,0 +1,47 @@
+--- mod_perl-2.0.4/lib/Apache2/Status.pm.cve0796
++++ mod_perl-2.0.4/lib/Apache2/Status.pm
+@@ -29,7 +29,7 @@ use File::Spec ();
+ 
+ use Apache2::Const -compile => qw(OK);
+ 
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+ 
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+ 
+@@ -126,7 +126,7 @@ sub handler {
+         $r->print(symdump($r, $qs));
+     }
+     else {
+-        my $uri = $r->uri;
++        my $uri = $r->location;
+         $r->print('<p>');
+         $r->print(
+             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@ sub status_section_config {
+ sub status_inc {
+     my ($r) = @_;
+ 
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my @retval = (
+         '<table border="1">',
+         "<tr>",
+@@ -289,7 +289,7 @@ sub status_rgysubs {
+     my ($r) = @_;
+ 
+     local $_;
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $cache = __PACKAGE__->registry_cache;
+ 
+     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@ sub as_HTML {
+     my ($self, $package, $r) = @_;
+ 
+     my @m = qw(<table>);
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $is_main = $package eq "main";
+ 
+     my $do_dump = has($r, "dumper");
diff --git a/mod_perl.spec b/mod_perl.spec
index f26e138..d2a9da8 100644
--- a/mod_perl.spec
+++ b/mod_perl.spec
@@ -2,7 +2,7 @@
 
 Name:           mod_perl
 Version:        2.0.4
-Release:        9
+Release:        10%{?dist}
 Summary:        An embedded Perl interpreter for the Apache HTTP Server
 
 Group:          System Environment/Daemons
@@ -14,6 +14,7 @@ Source2:        filter-requires.sh
 Source3:        filter-provides.sh
 Patch0:         mod_perl-2.0.4-multilib.patch
 Patch1:         mod_perl-2.0.4-inline.patch
+Patch2:         mod_perl-2.0.4-CVE-2009-0796.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  perl-devel, perl(ExtUtils::Embed)
@@ -51,6 +52,7 @@ modules that use mod_perl.
 %setup -q -n %{name}-%{version}
 %patch0 -p1
 %patch1 -p1 -b .inline
+%patch2 -p1
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -fpic" %{__perl} Makefile.PL </dev/null \
@@ -129,6 +131,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/httpd/*
 
 %changelog
+* Tue Dec  8 2009 Joe Orton <jorton@redhat.com> - 2.0.4-10
+- add security fix for CVE-2009-0796 (#544455)
+
 * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.4-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild