From b3b1879b1383b32faa5ff9ca368ff7d8a7814710 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Sep 27 2018 10:15:09 +0000
Subject: import rh-perl526-mod_perl-2.0.10-10.el7


---

diff --git a/SOURCES/mod_perl-2.0.10-restrict_perl_section_to_server_scope.patch b/SOURCES/mod_perl-2.0.10-restrict_perl_section_to_server_scope.patch
new file mode 100644
index 0000000..79dc46c
--- /dev/null
+++ b/SOURCES/mod_perl-2.0.10-restrict_perl_section_to_server_scope.patch
@@ -0,0 +1,62 @@
+From jani@ulrik.uio.no Wed Oct 05 09:38:47 2011
+To: 644169@bugs.debian.org
+Subject: Re: Bug#644169: libapache2-mod-perl2: PerlOptions -Sections not
+ permitted in server config, but should be
+From: Jan Ingvoldstad <jani+debian-2011+@ifi.uio.no>
+Date: Wed, 05 Oct 2011 11:38:37 +0200
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Content-Type: text/plain; charset=utf-8
+
+Here is a patch that ensures that <Perl> (and Pod) sections are only
+allowed in the server configuration and not per directory, which
+incidentally matches the specification table here:
+
+http://perl.apache.org/docs/2.0/user/config/config.html#mod_perl_Directives_Argument_Types_and_Allowed_Location
+
+The patch has been tested on the same system where I identified the
+problem.
+
+The patch solves the issue for me, and leaves only the following
+issues, as far as I can tell:
+
+ - Should there be fine-grained control as "PerlOptions -Sections"
+   implies or not?
+
+ - The mod_perl documentation (online and in the module) probably
+   needs to be changed to reflect that PerlOptions -Sections does not
+   work.
+
+Description: allow Perl and Pod sections only in server config
+Author: Jan Ingvoldstad <jani+debian-mod-perl-2011+@ifi.uio.no>
+Last-Update: 2011-10-05
+--- a/src/modules/perl/mod_perl.c	2011-02-02 21:23:45.000000000 +0100
++++ b/src/modules/perl/mod_perl.c	2011-10-05 11:05:52.977576861 +0200
+@@ -913,18 +913,18 @@
+     MP_CMD_DIR_ITERATE2("PerlAddVar", add_var, "PerlAddVar"),
+     MP_CMD_DIR_TAKE2("PerlSetEnv", set_env, "PerlSetEnv"),
+     MP_CMD_SRV_TAKE1("PerlPassEnv", pass_env, "PerlPassEnv"),
+-    MP_CMD_DIR_RAW_ARGS_ON_READ("<Perl", perl, "Perl Code"),
+-    MP_CMD_DIR_RAW_ARGS("Perl", perldo, "Perl Code"),
++    MP_CMD_SRV_RAW_ARGS_ON_READ("<Perl", perl, "Perl Code"),
++    MP_CMD_SRV_RAW_ARGS("Perl", perldo, "Perl Code"),
+ 
+     MP_CMD_DIR_TAKE1("PerlSetInputFilter", set_input_filter,
+                      "filter[;filter]"),
+     MP_CMD_DIR_TAKE1("PerlSetOutputFilter", set_output_filter,
+                      "filter[;filter]"),
+ 
+-    MP_CMD_DIR_RAW_ARGS_ON_READ("=pod", pod, "Start of POD"),
+-    MP_CMD_DIR_RAW_ARGS_ON_READ("=back", pod, "End of =over"),
+-    MP_CMD_DIR_RAW_ARGS_ON_READ("=cut", pod_cut, "End of POD"),
+-    MP_CMD_DIR_RAW_ARGS_ON_READ("__END__", END, "Stop reading config"),
++    MP_CMD_SRV_RAW_ARGS_ON_READ("=pod", pod, "Start of POD"),
++    MP_CMD_SRV_RAW_ARGS_ON_READ("=back", pod, "End of =over"),
++    MP_CMD_SRV_RAW_ARGS_ON_READ("=cut", pod_cut, "End of POD"),
++    MP_CMD_SRV_RAW_ARGS_ON_READ("__END__", END, "Stop reading config"),
+ 
+     MP_CMD_SRV_RAW_ARGS("PerlLoadModule", load_module, "A Perl module"),
+ #ifdef MP_TRACE
+
+
+
diff --git a/SPECS/mod_perl.spec b/SPECS/mod_perl.spec
index bc77409..6ed7394 100644
--- a/SPECS/mod_perl.spec
+++ b/SPECS/mod_perl.spec
@@ -25,7 +25,7 @@
 
 Name:           %{?scl:%scl_prefix}mod_perl
 Version:        2.0.10
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        An embedded Perl interpreter for the Apache HTTP Server
 # other files:                  ASL 2.0
 ## Not in binary packages
@@ -49,6 +49,9 @@ Patch4:         mod_perl-2.0.10-inject_header_line_terminators.patch
 #Patch5:         mod_perl-2.0.5-nolfs.patch
 # Use short_name as argv[0] (bug #1388851)
 Patch6:         mod_perl-short-name.patch
+# Fix CVE-2011-2767 (arbitrary Perl code execution in the context of the user
+# account via a user-owned .htaccess), bug #1626275, CPAN RT#126984
+Patch7:         mod_perl-2.0.10-restrict_perl_section_to_server_scope.patch
 BuildRequires:  apr-devel >= 1.2.0
 BuildRequires:  apr-util-devel
 BuildRequires:  coreutils
@@ -214,6 +217,7 @@ This mod_perl extension allows to reload Perl modules that changed on the disk.
 %patch3 -p1
 %patch4 -p1
 %patch6 -p1
+%patch7 -p1
 %{?scl:sed -i 's|@scl@|%{_scl_root}|' %{SOURCE1}}
 %{!?scl:sed -i 's|@scl@||' %{SOURCE1}}
 # Remove docs/os. It's only win32 info with non-ASL-2.0 license. Bug #1199044.
@@ -411,6 +415,10 @@ exit 0
 
 
 %changelog
+* Wed Aug 29 2018 Petr Pisar <ppisar@redhat.com> - 2.0.10-10
+- Fix CVE-2011-2767 (arbitrary Perl code execution in the context of the user
+  account via a user-owned .htaccess) (bug #1626275)
+
 * Mon Dec 18 2017 Petr Pisar <ppisar@redhat.com> - 2.0.10-9
 - SCL
 - Disable tests because they cannot locate httpd