[packages/apache] - up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740
arekm
arekm at pld-linux.org
Thu Dec 29 08:36:02 CET 2016
commit c7e4d1c1c1cc38a8893dc833dca7dafc983dcecc
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Dec 29 08:35:55 2016 +0100
- up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740
apache-CVE-2016-5387.patch | 19 -------------------
apache.spec | 8 +++-----
2 files changed, 3 insertions(+), 24 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 9092209..94b9acd 100644
--- a/apache.spec
+++ b/apache.spec
@@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.4.23
-Release: 2
+Version: 2.4.25
+Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 04f19c60e810c028f5240a062668a688
+# Source0-md5: 2826f49619112ad5813c0be5afcc7ddb
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
@@ -77,7 +77,6 @@ Patch1: %{name}-layout.patch
Patch2: %{name}-suexec.patch
Patch3: %{name}-branding.patch
Patch4: %{name}-apr.patch
-Patch5: %{name}-CVE-2016-5387.patch
Patch7: %{name}-syslibs.patch
@@ -2645,7 +2644,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
%patch7 -p1
diff --git a/apache-CVE-2016-5387.patch b/apache-CVE-2016-5387.patch
deleted file mode 100644
index b8e9c14..0000000
--- a/apache-CVE-2016-5387.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/server/util_script.c b/server/util_script.c
-index 5e071a2..443dfb6 100644
---- a/server/util_script.c
-+++ b/server/util_script.c
-@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
- else if (!ap_cstr_casecmp(hdrs[i].key, "Content-length")) {
- apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
- }
-+ /* HTTP_PROXY collides with a popular envvar used to configure
-+ * proxies, don't let clients set/override it. But, if you must...
-+ */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+ else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
-+ ;
-+ }
-+#endif
- /*
- * You really don't want to disable this check, since it leaves you
- * wide open to CGIs stealing passwords and people viewing them
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/c7e4d1c1c1cc38a8893dc833dca7dafc983dcecc
More information about the pld-cvs-commit
mailing list