rpms/dap-server/devel dap-server-3.7.4-get_url.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 dap-server.spec, 1.20, 1.21 sources, 1.5, 1.6 dap-server-fix_config.diff, 1.1, NONE

Patrice Dumas (pertusus) fedora-extras-commits at redhat.com
Tue May 1 13:11:18 UTC 2007 

Author: pertusus

Update of /cvs/extras/rpms/dap-server/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21273

Modified Files:
	.cvsignore dap-server.spec sources 
Added Files:
	dap-server-3.7.4-get_url.patch 
Removed Files:
	dap-server-fix_config.diff 
Log Message:
* Mon Apr 30 2007  Patrice Dumas <pertusus at free.fr> 3.7.4-2
- update to 3.7.4
- fix security issue
- remove config files upstreamed patch


dap-server-3.7.4-get_url.patch:

--- NEW FILE dap-server-3.7.4-get_url.patch ---
--- dap-server-3.7.4/DODS_Dispatch.pm.get_url	2007-04-30 12:51:23.000000000 +0200
+++ dap-server-3.7.4/DODS_Dispatch.pm	2007-04-30 12:55:06.000000000 +0200
@@ -839,30 +839,21 @@
 
 # Private. Get the remote thing. The param $url should be scanned for shell
 # meta-characters.
+# modified as in http://www.opendap.org/server3-patch-04.27.2007.txt
 sub get_url {
     my $self = shift;
     my $url  = shift;
 
-    my $transfer = $self->curl() . " --silent " . $url . " |";
-    my $buf;
-    print( DBG_LOG "About to run curl: $transfer\n" ) if $debug > 1;
-
-    # Use the HTML error message format since this is only used via a web
-    # browser, never a client built with our library. 11/21/03 jhrg
-    open CURL, $transfer
-      or print_error_message(
-        $self, "Could not transfer $url: \n\
-Unable to open the transfer utility (curl).\n", 0 );
-    print( DBG_LOG "Back from curl\n" ) if $debug > 1;
-    my $offset = 0;
-    my $bytes;
-    while ( $bytes = read CURL, $buf, 20, $offset ) {
-        $offset += $bytes;
-    }
+    use CGI;
+    use LWP::Simple;
+    use FilterDirHTML;      # FilterDirHTML is a subclass of HTML::Filter
+
+    print(DBG_LOG "get_url: Getting the directory listing using: $url\n")
+       if $debug > 1;
 
-    close CURL;
+    my $directory_html = &get($url);
 
-    return $buf;
+    return $directory_html 
 }
 
 sub url_text {
--- dap-server-3.7.4/nph-dods.in.get_url	2007-04-30 12:46:52.000000000 +0200
+++ dap-server-3.7.4/nph-dods.in	2007-04-30 12:47:58.000000000 +0200
@@ -118,7 +118,7 @@
 # more information, go to the NASA ESIP Federation web site and search for
 # MODSter. 07/22/03 jhrg
 
-my $dodster    = is_dodster( $dispatch->filename() );
+my $dodster    = "";
 my $compressed = is_compressed( $dispatch->filename() );
 
 if ( $dodster || $compressed ) {


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/dap-server/devel/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- .cvsignore	19 Sep 2006 23:53:31 -0000	1.5
+++ .cvsignore	1 May 2007 13:10:44 -0000	1.6
@@ -1 +1 @@
-dap-server-3.7.1.tar.gz
+dap-server-3.7.4.tar.gz


Index: dap-server.spec
===================================================================
RCS file: /cvs/extras/rpms/dap-server/devel/dap-server.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- dap-server.spec	31 Oct 2006 17:23:10 -0000	1.20
+++ dap-server.spec	1 May 2007 13:10:44 -0000	1.21
@@ -7,18 +7,21 @@
 
 Summary:         Basic request handling for OPeNDAP servers 
 Name:            dap-server
-Version:         3.7.1
-Release:         4%{?dist}
+Version:         3.7.4
+Release:         2%{?dist}
 License:         LGPL
 Group:           System Environment/Daemons 
 Source0:         ftp://ftp.unidata.ucar.edu/pub/opendap/source/%{name}-%{version}.tar.gz
 URL:             http://www.opendap.org/
-Patch0:          dap-server-fix_config.diff
+Patch0:          dap-server-3.7.4-get_url.patch
 
 BuildRoot:       %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:   curl libdap-devel >= 3.7.2
-Requires:        curl webserver
+# we use httpd and not webserver because we make use of the apache user. 
+# not sure if it is right.
+Requires:        curl httpd
 Requires:        perl perl(HTML::Filter) perl(Time::Local) perl(POSIX)
+Requires:        perl(CGI) perl(LWP::Simple)
 
 %description
 This is base software for the OPeNDAP (Open-source Project for a Network 
@@ -56,54 +59,55 @@
 
 %prep 
 %setup -q
-%patch0
+%patch0 -p1 -b .get_url
 
 %build
-%configure --with-cgidir=%{dap_cgidir} --disable-dependency-tracking
-#--with-cgiconfdir=%{dap_cgiconfdir}
+%configure --with-cgidir=%{dap_cgidir} --disable-dependency-tracking \
+ --with-cgiconfdir=%{dap_cgiconfdir}
 make %{?_smp_mflags}
 
+touch -r nph-dods __nph-dods_stamp
+# the security fix should cause the client to advertise something above 3.7.x
+sed -i -e 's:DAP2/3.7.4:DAP2/3.8.0:' nph-dods
+
 # prepend -sample to cgi and config file to install them as doc
-cp opendap_apache.conf opendap_apache.conf-sample
-cp dap-server.rc dap-server.rc-sample
-cp nph-dods nph-dods-sample
+cp -p opendap_apache.conf opendap_apache.conf-sample
+cp -p dap-server.rc dap-server.rc-sample
+cp -p nph-dods nph-dods-sample
 chmod a-x nph-dods-sample
 
 # adjust jgofs paths
 sed -i -e 's:^\$ENV{"JGOFS_METHOD"} = "`pwd`";:\$ENV{"JGOFS_METHOD"} = "%{_bindir}";:' nph-dods
 sed -i -e 's:^\$ENV{"JGOFS_OBJECT"} = "`pwd`";:\$ENV{"JGOFS_OBJEXT"} = "%{dap_cgidir}";:' nph-dods
-# put the cgi config file at a right place
-sed -i -e 's:\./dap-server.rc:%{dap_cgiconfdir}dap-server.rc:' nph-dods
 
 # /usr/tmp isn't a safe place, substitute to a dir in 
 # /var/cache
 sed -e 's:cache_dir /usr/tmp:cache_dir %{dap_cachedir}:' \
    dap-server.rc-sample > dap-server.rc
+touch -r dap-server.rc-sample dap-server.rc
+touch -r __nph-dods_stamp nph-dods
+rm __nph-dods_stamp
 
 # cgi-bin dir for the dap-server is in %%{dap_cgidir}, substitute that in
 # opendap_apache.conf
 sed -e 's:<<prefix>>/share/dap-server-cgi:%{dap_cgidir}:' \
     opendap_apache.conf-sample > opendap_apache.conf
-
+touch -r opendap_apache.conf-sample opendap_apache.conf
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make DESTDIR=$RPM_BUILD_ROOT install
-install -d -m755 $RPM_BUILD_ROOT/%{dap_cachedir}
-install -d -m755 $RPM_BUILD_ROOT/%{dap_webconfdir}
-install -d -m755 $RPM_BUILD_ROOT/%{dap_cgiconfdir}
-install -m644 opendap_apache.conf $RPM_BUILD_ROOT/%{dap_webconfdir}/
-# install the config file below %_sysconfdir
-install -m644 dap-server.rc $RPM_BUILD_ROOT/%{dap_cgiconfdir}/
-# the config file is also installed in the cgi directory
-rm $RPM_BUILD_ROOT/%{dap_cgidir}/dap-server.rc
+make DESTDIR=$RPM_BUILD_ROOT install INSTALL="%{__install} -p"
+install -d -m755 $RPM_BUILD_ROOT%{dap_cachedir}
+install -d -m755 $RPM_BUILD_ROOT%{dap_webconfdir}
+install -d -m755 $RPM_BUILD_ROOT%{dap_cgiconfdir}
+install -p -m644 opendap_apache.conf $RPM_BUILD_ROOT%{dap_webconfdir}/
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root,-)
-%doc COPYING COPYRIGHT_URI EXAMPLE_OPENDAP_STATISTICS NEWS README
+%doc COPYING COPYRIGHT_URI EXAMPLE_OPENDAP_STATISTICS NEWS README.cgi-server
 # add those as documentation
 %doc opendap_apache.conf-sample nph-dods-sample dap-server.rc-sample
 %{_bindir}/dap_usage
@@ -122,6 +126,11 @@
 
 
 %changelog
+* Mon Apr 30 2007  Patrice Dumas <pertusus at free.fr> 3.7.4-2
+- update to 3.7.4
+- fix security issue
+- remove config files upstreamed patch
+
 * Tue Oct 31 2006 Patrice Dumas <pertusus at free.fr> 3.7.1-4
 - rebuild for new libcurl soname (indirect dependency through libdap)
 


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/dap-server/devel/sources,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sources	19 Sep 2006 23:53:31 -0000	1.5
+++ sources	1 May 2007 13:10:44 -0000	1.6
@@ -1 +1 @@
-d7541b95688899da9a70b9657670931c  dap-server-3.7.1.tar.gz
+b6c0aa29eedd3e39c51025f6597025f0  dap-server-3.7.4.tar.gz


--- dap-server-fix_config.diff DELETED ---

More information about the fedora-extras-commits mailing list