Security Fix (CVE-2007-1349)

apache-php4/apache-php4.patch.modperl

@@ -0,0 +1,17 @@
+Security Fix (CVE-2007-1349)
+Fix unescaped variable interpolation in regular expression
+http://svn.apache.org/viewvc?view=rev&revision=521582
+http://secunia.com/advisories/24678/
+
+Index: lib/Apache/PerlRun.pm
+--- lib/Apache/PerlRun.pm.orig	2003-03-08 05:11:09 +0100
++++ lib/Apache/PerlRun.pm	2007-03-29 16:23:47 +0200
+@@ -168,7 +168,7 @@
+ 		  $uri) if $Debug && $Debug & 4;
+ 
+     my $path_info = $r->path_info;
+-    my $script_name = $path_info && $uri =~ /$path_info$/ ?
++    my $script_name = $path_info && $uri =~ /\Q$path_info\E$/ ?
+ 	substr($uri, 0, length($uri)-length($path_info)) :
+ 	$uri;
+ 

apache-php4/apache-php4.spec

@@ -68,7 +68,7 @@ Class:        PLUS
 Group:        Web
 License:      ASF
 Version:      %{V_apache}
-Release:      20070324
+Release:      20070329
 
 #   package options (suexec related)
 %option       with_suexec               yes
@@ -235,6 +235,7 @@ Patch5:       apache-php4.patch.php
 Patch6:       apache-php4.patch.modauthkerb
 Patch7:       apache-php4.patch.modauthradius
 Patch8:       apache-php4.patch.modssl
+Patch9:       apache-php4.patch.modperl
 
 #   build information
 Prefix:       %{l_prefix}
@@ -561,6 +562,7 @@ Provides:     apache = %{version}-%{release}
 %endif
 %if "%{with_mod_perl}" == "yes"
     %setup -q -T -D -a 2
+    %patch -p0 -d mod_perl-%{V_mod_perl} -P 9
 %endif
 %if "%{with_mod_php}" == "yes"
     %setup -q -T -D -a 3

apache/apache.patch.modperl

@@ -0,0 +1,17 @@
+Security Fix (CVE-2007-1349)
+Fix unescaped variable interpolation in regular expression
+http://svn.apache.org/viewvc?view=rev&revision=521582
+http://secunia.com/advisories/24678/
+
+Index: lib/Apache/PerlRun.pm
+--- lib/Apache/PerlRun.pm.orig	2003-03-08 05:11:09 +0100
++++ lib/Apache/PerlRun.pm	2007-03-29 16:23:47 +0200
+@@ -168,7 +168,7 @@
+ 		  $uri) if $Debug && $Debug & 4;
+ 
+     my $path_info = $r->path_info;
+-    my $script_name = $path_info && $uri =~ /$path_info$/ ?
++    my $script_name = $path_info && $uri =~ /\Q$path_info\E$/ ?
+ 	substr($uri, 0, length($uri)-length($path_info)) :
+ 	$uri;
+ 

apache/apache.spec

@@ -68,7 +68,7 @@ Class:        BASE
 Group:        Web
 License:      ASF
 Version:      %{V_apache}
-Release:      20070324
+Release:      20070329
 
 #   package options (suexec related)
 %option       with_suexec               yes
@@ -238,6 +238,7 @@ Patch4:       apache.patch.suphp
 Patch5:       apache.patch.modauthkerb
 Patch6:       apache.patch.modauthradius
 Patch7:       apache.patch.modssl
+Patch8:       apache.patch.modperl
 
 #   build information
 Prefix:       %{l_prefix}
@@ -562,6 +563,7 @@ AutoReqProv:  no
 %endif
 %if "%{with_mod_perl}" == "yes"
     %setup -q -T -D -a 2
+    %patch -p0 -d mod_perl-%{V_mod_perl} -P 8
 %endif
 %if "%{with_mod_php}" == "yes"
     %setup -q -T -D -a 3