Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package haserl.16942 for openSUSE:Leap:15.2:Update checked in at 2021-09-16 18:06:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/haserl.16942 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.haserl.16942.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haserl.16942" Thu Sep 16 18:06:26 2021 rev:1 rq:918736 version:0.9.36 Changes: -------- New Changes file: --- /dev/null 2021-09-02 09:14:41.336741815 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.haserl.16942.new.1899/haserl.changes 2021-09-16 18:06:27.312902226 +0200 @@ -0,0 +1,76 @@ +------------------------------------------------------------------- +Wed Apr 14 00:52:23 UTC 2021 - Ferdinand Thiessen <[email protected]> + +- Update to version 0.9.36: + * Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. + Assume an octet-stream in that case. + This is CVE-2021-29133 and boo#1187671 + * Change the Prefix for variables to be the REQUEST_METHOD + (PUT/DELETE/GET/POST) THIS IS A BREAKING CHANGE + * Mitigations vs running haserl to get access to files not + available to the user. + +------------------------------------------------------------------- +Thu Jul 30 10:45:11 UTC 2015 - [email protected] + +- Update to version 0.9.35: + + Fixed a possible segfault if CONTENT_TYPE is not specified. +- Changes from version 0.9.34: + + Haserl is now compatible with Lua 5.3 (in addition to 5.1, and + 5.2). + + Fix processing of headers in rfc2388.c. + +------------------------------------------------------------------- +Sat Jan 17 18:40:37 UTC 2015 - [email protected] + +- Update to version 0.9.33 + * Fix various security vulnerabilities - most serious is a + Heap Overflow Vulnerability in sliding_buffer.c + * Allow PUT and DELETE method (But prefix is still POST/GET) + * On POST/PUT, Content-Type is not x-www-urlencoded, then + the body of the message is stored verbatim in POST_body= +- Remove obsolete fix-make.diff +- Remove autoreconf calling; not needed anymore +- Use %configure instead of./configure + +------------------------------------------------------------------- +Fri Dec 2 16:34:08 UTC 2011 - [email protected] + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Oct 12 09:08:35 UTC 2010 - [email protected] + +- add patch to fix makefile syntax + +------------------------------------------------------------------- +Mon Sep 27 01:15:43 CEST 2010 - [email protected] + +- add pkg-config to buildrequires + +------------------------------------------------------------------- +Tue Aug 19 22:44:03 CEST 2008 - [email protected] + +- Update to haserl-0.9.24: + * bash extensions + * regression tests (make check) + * docu updates + * myputenv enhancements + * observe CONTENT_LENGTH + +------------------------------------------------------------------- +Thu Nov 29 10:55:25 CET 2007 - [email protected] + +- Update to haserl-0.9.21: + * Command line option handling reworked + * major refactoring + * various little bugs killed + * lua support + * custom handler for uploading large files + * new comment tag + +------------------------------------------------------------------- +Tue Jul 10 19:16:30 CEST 2007 - [email protected] + +- Initial creation of package haserl-0.8.0 + New: ---- haserl-0.9.36.tar.gz haserl.changes haserl.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haserl.spec ++++++ # # spec file for package haserl # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: haserl BuildRequires: automake BuildRequires: lua-devel BuildRequires: pkg-config Version: 0.9.36 Release: 0 Url: http://haserl.sourceforge.net/ Source: http://downloads.sourceforge.net/project/%{name}/haserl-devel/%{name}-%{version}.tar.gz Summary: CGI scripting with shell/lua License: GPL-2.0 Group: Development/Tools/GUI Builders BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Haserl is a small cgi wrapper that allows "PHP" style cgi programming, but uses a UNIX bash-like shell or lua as the programming language. It is very small, so it can be used in embedded environments, or where something like PHP is too big. It combines three features into a small cgi engine: * It parses POST and GET requests, placing form-elements as name=value pairs into the environment for the CGI script to use. This is somewhat like the uncgi wrapper. * It opens a shell, and translates all text into printable statements. All text within <? ... ?> constructs are passed verbatim to the shell. This is somewhat like writing PHP scripts. * It can optionally be installed to drop its permissions to the owner of the script, giving it some of the security features of suexec or cgiwrapper. %prep %setup %build %configure --with-lua --enable-bash-extensions \ --enable-subshell=/bin/bash make %check make check %install make install DESTDIR=$RPM_BUILD_ROOT %files %defattr(-,root,root) %{_bindir}/haserl %{_mandir}/man1/haserl.1.gz %changelog
