Hi LTS folks, On Fri, Mar 10, 2017 at 07:11:07AM +0100, Petter Reinholdtsen wrote: > [Sébastien Delafond] > > Sure, we can do that. Send us a debdiff and we can take it from there. > > The debdiff for jessie is in bts already. Here is the equivalent diff > for wheezy. The code change is the same, only the changelog version is > different. > > diff --git a/debian/changelog b/debian/changelog > index f8e2c48..f8df229 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,11 @@ > +sitesummary (0.1.8+deb7u2) UNRELEASED; urgency=medium > + > + [ Wolfgang Schweer ] > + * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant > + with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623). > + > + -- Wolfgang Schweer <wschw...@arcor.de> Fri, 27 Jan 2017 15:49:50 +0100 > + > sitesummary (0.1.8+deb7u1) wheezy; urgency=low > > * No change upload targeted at wheezy-proposed-update for the upcoming 7.2 > diff --git a/sitesummary-upload b/sitesummary-upload > index 050aefa..28c19d6 100755 > --- a/sitesummary-upload > +++ b/sitesummary-upload > @@ -78,15 +78,13 @@ $form .= "$ORS"; > my $formlen = length($form); > > #Send data > -print $remote <<"EOF"; > -POST $submiturl HTTP/1.1 > -User-Agent: sitesummary-upload > -Host: $host > -content-type: multipart/form-data; boundary=$boundary > -content-length: $formlen > - > -$form > -EOF > +print $remote "POST $submiturl HTTP/1.1\r\n"; > +print $remote "User-Agent: sitesummary-upload\r\n"; > +print $remote "Host: $host\r\n"; > +print $remote "Content-Type: multipart/form-data; boundary=$boundary\r\n"; > +print $remote "Content-Length: $formlen\r\n"; > +print $remote "\r\n"; > +print $remote "$form"; > > #Get answer > my($answer)=""; > -- I've just uploaded this to wheezy-security and am still waiting for my secure-testing git svn clone to update, so that I can allocate a DLA number for it.
I'll also send the DLA once that has happened…
--
cheers,
Holger
signature.asc
Description: Digital signature
