From a93186ee278cfa5c9352ee12343702f4232373a2b85d625ff4f6ac9360967ed3 Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Tue, 30 Nov 2010 23:13:47 +0000
Subject: [PATCH 1/2] Updating link to change in
 openSUSE:Factory/apache2-mod_perl revision 13.0

OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_perl?expand=0&rev=cd145c417a9b3bd41130cbdcdf9b7557

From 69c2c7bb422cc9733f9f921a63eaba812f9d3f149444cf644fbceb0e22b89080 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?=
 <vcizek@suse.com>
Date: Mon, 27 Dec 2010 11:36:41 +0000
Subject: [PATCH 2/2] Accepting request 56409 from
 home:vitezslav_cizek:branches:Apache:Modules

OBS-URL: https://build.opensuse.org/request/show/56409
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_perl?expand=0&rev=23
---
 apache2-mod_perl-2.0.4-xss.patch | 47 ++++++++++++++++++++++++++++++++
 apache2-mod_perl.changes         |  5 ++++
 apache2-mod_perl.spec            |  2 ++
 3 files changed, 54 insertions(+)
 create mode 100644 apache2-mod_perl-2.0.4-xss.patch

diff --git a/apache2-mod_perl-2.0.4-xss.patch b/apache2-mod_perl-2.0.4-xss.patch
new file mode 100644
index 0000000..29a4a3d
--- /dev/null
+++ b/apache2-mod_perl-2.0.4-xss.patch
@@ -0,0 +1,47 @@
+--- perl/modperl/trunk/lib/Apache2/Status.pm	2007/12/31 08:05:11	607697
++++ perl/modperl/trunk/lib/Apache2/Status.pm	2009/04/01 15:39:56	760926
+@@ -29,7 +29,7 @@ use File::Spec ();
+ 
+ use Apache2::Const -compile => qw(OK);
+ 
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+ 
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+ 
+@@ -126,7 +126,7 @@ sub handler {
+         $r->print(symdump($r, $qs));
+     }
+     else {
+-        my $uri = $r->uri;
++        my $uri = $r->location;
+         $r->print('<p>');
+         $r->print(
+             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@ sub status_section_config {
+ sub status_inc {
+     my ($r) = @_;
+ 
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my @retval = (
+         '<table border="1">',
+         "<tr>",
+@@ -289,7 +289,7 @@ sub status_rgysubs {
+     my ($r) = @_;
+ 
+     local $_;
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $cache = __PACKAGE__->registry_cache;
+ 
+     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@ sub as_HTML {
+     my ($self, $package, $r) = @_;
+ 
+     my @m = qw(<table>);
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $is_main = $package eq "main";
+ 
+     my $do_dump = has($r, "dumper");
diff --git a/apache2-mod_perl.changes b/apache2-mod_perl.changes
index 107cfdb..d7d59ef 100644
--- a/apache2-mod_perl.changes
+++ b/apache2-mod_perl.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Dec 20 11:35:31 UTC 2010 - vcizek@novell.com
+
+- bnc#495434 (cve-2009-0796) 
+
 -------------------------------------------------------------------
 Thu Nov 25 18:09:09 UTC 2010 - chris@computersalat.de
 
diff --git a/apache2-mod_perl.spec b/apache2-mod_perl.spec
index d04e238..1c6aad2 100644
--- a/apache2-mod_perl.spec
+++ b/apache2-mod_perl.spec
@@ -46,6 +46,7 @@ Version:        2.0.4
 Release:        48
 Source0:        mod_perl-%{version}.tar.bz2
 Patch:          %{name}-%{version}-tests.diff
+Patch1:         apache2-mod_perl-2.0.4-xss.patch
 #%define apache_test_version 1_99_15
 # cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic up -r MODPERL_%{apache_test_version}
 #Source1:      Apache-Test-%{apache_test_version}.tar.bz2
@@ -108,6 +109,7 @@ software depending on apache2-mod_perl.
 #%setup -q -n modperl-2.0 -a 1
 %setup -q -n mod_perl-%{version}
 %patch
+%patch1 -p3
 find -name ".svn" -type d | xargs rm -rfv
 
 %build