rpms/dap-server/devel dap-server-3.7.4-get_url.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 dap-server.spec, 1.20, 1.21 sources, 1.5, 1.6 dap-server-fix_config.diff, 1.1, NONE
Patrice Dumas (pertusus)
fedora-extras-commits at redhat.com
Tue May 1 13:11:18 UTC 2007
Author: pertusus
Update of /cvs/extras/rpms/dap-server/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21273
Modified Files:
.cvsignore dap-server.spec sources
Added Files:
dap-server-3.7.4-get_url.patch
Removed Files:
dap-server-fix_config.diff
Log Message:
* Mon Apr 30 2007 Patrice Dumas <pertusus at free.fr> 3.7.4-2
- update to 3.7.4
- fix security issue
- remove config files upstreamed patch
dap-server-3.7.4-get_url.patch:
--- NEW FILE dap-server-3.7.4-get_url.patch ---
--- dap-server-3.7.4/DODS_Dispatch.pm.get_url 2007-04-30 12:51:23.000000000 +0200
+++ dap-server-3.7.4/DODS_Dispatch.pm 2007-04-30 12:55:06.000000000 +0200
@@ -839,30 +839,21 @@
# Private. Get the remote thing. The param $url should be scanned for shell
# meta-characters.
+# modified as in http://www.opendap.org/server3-patch-04.27.2007.txt
sub get_url {
my $self = shift;
my $url = shift;
- my $transfer = $self->curl() . " --silent " . $url . " |";
- my $buf;
- print( DBG_LOG "About to run curl: $transfer\n" ) if $debug > 1;
-
- # Use the HTML error message format since this is only used via a web
- # browser, never a client built with our library. 11/21/03 jhrg
- open CURL, $transfer
- or print_error_message(
- $self, "Could not transfer $url: \n\
-Unable to open the transfer utility (curl).\n", 0 );
- print( DBG_LOG "Back from curl\n" ) if $debug > 1;
- my $offset = 0;
- my $bytes;
- while ( $bytes = read CURL, $buf, 20, $offset ) {
- $offset += $bytes;
- }
+ use CGI;
+ use LWP::Simple;
+ use FilterDirHTML; # FilterDirHTML is a subclass of HTML::Filter
+
+ print(DBG_LOG "get_url: Getting the directory listing using: $url\n")
+ if $debug > 1;
- close CURL;
+ my $directory_html = &get($url);
- return $buf;
+ return $directory_html
}
sub url_text {
--- dap-server-3.7.4/nph-dods.in.get_url 2007-04-30 12:46:52.000000000 +0200
+++ dap-server-3.7.4/nph-dods.in 2007-04-30 12:47:58.000000000 +0200
@@ -118,7 +118,7 @@
# more information, go to the NASA ESIP Federation web site and search for
# MODSter. 07/22/03 jhrg
-my $dodster = is_dodster( $dispatch->filename() );
+my $dodster = "";
my $compressed = is_compressed( $dispatch->filename() );
if ( $dodster || $compressed ) {
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/dap-server/devel/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore 19 Sep 2006 23:53:31 -0000 1.5
+++ .cvsignore 1 May 2007 13:10:44 -0000 1.6
@@ -1 +1 @@
-dap-server-3.7.1.tar.gz
+dap-server-3.7.4.tar.gz
Index: dap-server.spec
===================================================================
RCS file: /cvs/extras/rpms/dap-server/devel/dap-server.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- dap-server.spec 31 Oct 2006 17:23:10 -0000 1.20
+++ dap-server.spec 1 May 2007 13:10:44 -0000 1.21
@@ -7,18 +7,21 @@
Summary: Basic request handling for OPeNDAP servers
Name: dap-server
-Version: 3.7.1
-Release: 4%{?dist}
+Version: 3.7.4
+Release: 2%{?dist}
License: LGPL
Group: System Environment/Daemons
Source0: ftp://ftp.unidata.ucar.edu/pub/opendap/source/%{name}-%{version}.tar.gz
URL: http://www.opendap.org/
-Patch0: dap-server-fix_config.diff
+Patch0: dap-server-3.7.4-get_url.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: curl libdap-devel >= 3.7.2
-Requires: curl webserver
+# we use httpd and not webserver because we make use of the apache user.
+# not sure if it is right.
+Requires: curl httpd
Requires: perl perl(HTML::Filter) perl(Time::Local) perl(POSIX)
+Requires: perl(CGI) perl(LWP::Simple)
%description
This is base software for the OPeNDAP (Open-source Project for a Network
@@ -56,54 +59,55 @@
%prep
%setup -q
-%patch0
+%patch0 -p1 -b .get_url
%build
-%configure --with-cgidir=%{dap_cgidir} --disable-dependency-tracking
-#--with-cgiconfdir=%{dap_cgiconfdir}
+%configure --with-cgidir=%{dap_cgidir} --disable-dependency-tracking \
+ --with-cgiconfdir=%{dap_cgiconfdir}
make %{?_smp_mflags}
+touch -r nph-dods __nph-dods_stamp
+# the security fix should cause the client to advertise something above 3.7.x
+sed -i -e 's:DAP2/3.7.4:DAP2/3.8.0:' nph-dods
+
# prepend -sample to cgi and config file to install them as doc
-cp opendap_apache.conf opendap_apache.conf-sample
-cp dap-server.rc dap-server.rc-sample
-cp nph-dods nph-dods-sample
+cp -p opendap_apache.conf opendap_apache.conf-sample
+cp -p dap-server.rc dap-server.rc-sample
+cp -p nph-dods nph-dods-sample
chmod a-x nph-dods-sample
# adjust jgofs paths
sed -i -e 's:^\$ENV{"JGOFS_METHOD"} = "`pwd`";:\$ENV{"JGOFS_METHOD"} = "%{_bindir}";:' nph-dods
sed -i -e 's:^\$ENV{"JGOFS_OBJECT"} = "`pwd`";:\$ENV{"JGOFS_OBJEXT"} = "%{dap_cgidir}";:' nph-dods
-# put the cgi config file at a right place
-sed -i -e 's:\./dap-server.rc:%{dap_cgiconfdir}dap-server.rc:' nph-dods
# /usr/tmp isn't a safe place, substitute to a dir in
# /var/cache
sed -e 's:cache_dir /usr/tmp:cache_dir %{dap_cachedir}:' \
dap-server.rc-sample > dap-server.rc
+touch -r dap-server.rc-sample dap-server.rc
+touch -r __nph-dods_stamp nph-dods
+rm __nph-dods_stamp
# cgi-bin dir for the dap-server is in %%{dap_cgidir}, substitute that in
# opendap_apache.conf
sed -e 's:<<prefix>>/share/dap-server-cgi:%{dap_cgidir}:' \
opendap_apache.conf-sample > opendap_apache.conf
-
+touch -r opendap_apache.conf-sample opendap_apache.conf
%install
rm -rf $RPM_BUILD_ROOT
-make DESTDIR=$RPM_BUILD_ROOT install
-install -d -m755 $RPM_BUILD_ROOT/%{dap_cachedir}
-install -d -m755 $RPM_BUILD_ROOT/%{dap_webconfdir}
-install -d -m755 $RPM_BUILD_ROOT/%{dap_cgiconfdir}
-install -m644 opendap_apache.conf $RPM_BUILD_ROOT/%{dap_webconfdir}/
-# install the config file below %_sysconfdir
-install -m644 dap-server.rc $RPM_BUILD_ROOT/%{dap_cgiconfdir}/
-# the config file is also installed in the cgi directory
-rm $RPM_BUILD_ROOT/%{dap_cgidir}/dap-server.rc
+make DESTDIR=$RPM_BUILD_ROOT install INSTALL="%{__install} -p"
+install -d -m755 $RPM_BUILD_ROOT%{dap_cachedir}
+install -d -m755 $RPM_BUILD_ROOT%{dap_webconfdir}
+install -d -m755 $RPM_BUILD_ROOT%{dap_cgiconfdir}
+install -p -m644 opendap_apache.conf $RPM_BUILD_ROOT%{dap_webconfdir}/
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
-%doc COPYING COPYRIGHT_URI EXAMPLE_OPENDAP_STATISTICS NEWS README
+%doc COPYING COPYRIGHT_URI EXAMPLE_OPENDAP_STATISTICS NEWS README.cgi-server
# add those as documentation
%doc opendap_apache.conf-sample nph-dods-sample dap-server.rc-sample
%{_bindir}/dap_usage
@@ -122,6 +126,11 @@
%changelog
+* Mon Apr 30 2007 Patrice Dumas <pertusus at free.fr> 3.7.4-2
+- update to 3.7.4
+- fix security issue
+- remove config files upstreamed patch
+
* Tue Oct 31 2006 Patrice Dumas <pertusus at free.fr> 3.7.1-4
- rebuild for new libcurl soname (indirect dependency through libdap)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/dap-server/devel/sources,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sources 19 Sep 2006 23:53:31 -0000 1.5
+++ sources 1 May 2007 13:10:44 -0000 1.6
@@ -1 +1 @@
-d7541b95688899da9a70b9657670931c dap-server-3.7.1.tar.gz
+b6c0aa29eedd3e39c51025f6597025f0 dap-server-3.7.4.tar.gz
--- dap-server-fix_config.diff DELETED ---
More information about the fedora-extras-commits
mailing list