Hello community,
here is the log from the commit of package info2html for openSUSE:Factory
checked in at 2017-08-12 19:59:32
Comparing /work/SRC/openSUSE:Factory/info2html (Old)
and /work/SRC/openSUSE:Factory/.info2html.new (New)
Package is "info2html"
Sat Aug 12 19:59:32 2017 rev:20 rq:514964 version:2.0
Changes:
--- /work/SRC/openSUSE:Factory/info2html/info2html.changes 2011-09-23
02:03:31.0 +0200
+++ /work/SRC/openSUSE:Factory/.info2html.new/info2html.changes 2017-08-12
19:59:35.236175491 +0200
@@ -1,0 +2,13 @@
+Mon Aug 7 12:11:40 UTC 2017 - wer...@suse.de
+
+- Readd a fixed version of DirnameCheck() for security
+ that is allow access even if no path for the info files had
+ been requested
+
+---
+Mon Aug 7 11:26:08 UTC 2017 - wer...@suse.de
+
+- Avoid DirnameCheck() as it breaks the info2html (boo#1052383)
+- Avoid $* asignment with newer perl
+
+---
New:
info2html-rpmlintrc
Other differences:
--
++ info2html.spec ++
--- /var/tmp/diff_new_pack.hdW6xQ/_old 2017-08-12 19:59:36.707969339 +0200
+++ /var/tmp/diff_new_pack.hdW6xQ/_new 2017-08-12 19:59:36.715968218 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package info2html (Version 2.0)
+# spec file for package info2html
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,26 +15,27 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: info2html
-BuildRequires: apache2-devel libapr-util1-devel pcre-devel
+BuildRequires: apache2-devel
+BuildRequires: libapr-util1-devel
+BuildRequires: pcre-devel
Url:http://sourceforge.net/projects/info2html/
-License:GPL-2.0+
-Group: Productivity/Publishing/Texinfo
-AutoReqProv:on
Provides: inf2htm
Obsoletes: inf2htm
Version:2.0
-Release:202
+Release:0
Summary:Program to Convert Info Pages into HTML Pages
+License:GPL-2.0+
+Group: Productivity/Publishing/Texinfo
BuildArch: noarch
-Source: info2html-2.0.tar.bz2
-Source1:arrows.tar.bz2
-Patch: info2html-2.0.dif
+Source0:info2html-2.0.tar.bz2
+Source1:info2html-rpmlintrc
+Source2:arrows.tar.bz2
+Patch0: info2html-2.0.dif
%define apache_serverroot %(/usr/sbin/apxs2 -q datadir 2>/dev/null || apxs -q
PREFIX)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildArch: noarch
%description
This package contains the CGI script 'info2html' that creates HTML pages
@@ -49,8 +50,8 @@
Karl Guggisberg
%prep
-%setup -n info2html-2.0 -a 1
-%patch
+%setup -n info2html-2.0 -a 2
+%patch0 -b .p0
%build
++ info2html-2.0.dif ++
--- /var/tmp/diff_new_pack.hdW6xQ/_old 2017-08-12 19:59:36.903941889 +0200
+++ /var/tmp/diff_new_pack.hdW6xQ/_new 2017-08-12 19:59:36.907941329 +0200
@@ -1,5 +1,11 @@
+---
+ info2html | 91
+
+ info2html.conf | 27
+ infocat| 14 +++-
+ 3 files changed, 91 insertions(+), 41 deletions(-)
+
--- info2html
-+++ info2html 2006-08-30 16:57:37.0 +0200
info2html 2017-08-07 12:10:40.074152757 +
@@ -62,15 +62,20 @@ $FTAG = '[^\)]+'; #-- p
#-
# Don't reveal where we're looking... --jonh 5/20/97 (and reapplied 5/4/1998)
@@ -25,12 +31,10 @@
EOF
die "\n";
}
-@@ -90,6 +95,25 @@ sub Escape{
- return CGI::escape($Tag);
+@@ -91,6 +96,28 @@ sub Escape{
}
-+
-+#--
+ #--
+#DirnameCheck
+#--
+sub DirnameCheck{
@@ -39,19 +43,24 @@
+
+ $Base =~ s@.*/@@g;
+ $Dir =~ s@/[^/]*$@@;
-+ $Dir = "" if ($Dir eq $Base);
++
++ if ($Dir eq $Base) {
++ $Dir = "";
++ return(1);
++ }
+
+ for (@INFODIR) {
-+ return(1) if ( $Dir eq $_ );
++ return(1) if ( $Dir eq $_ );
+ }
+
+ return(0);
+}
+
- #--
++#--
#DeEscape
#--
-@@ -100,6 +124,10 @@ sub DeEscape{
+ sub DeEscape{
+@@ -100,6 +12