[packages/apache] - up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740

arekm arekm at pld-linux.org
Thu Dec 29 08:36:02 CET 2016 

commit c7e4d1c1c1cc38a8893dc833dca7dafc983dcecc
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Dec 29 08:35:55 2016 +0100

    - up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740

 apache-CVE-2016-5387.patch | 19 -------------------
 apache.spec                |  8 +++-----
 2 files changed, 3 insertions(+), 24 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 9092209..94b9acd 100644
--- a/apache.spec
+++ b/apache.spec
@@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8):	Servidor HTTPD para prover serviços WWW
 Summary(ru.UTF-8):	Самый популярный веб-сервер
 Summary(tr.UTF-8):	Lider WWW tarayıcı
 Name:		apache
-Version:	2.4.23
-Release:	2
+Version:	2.4.25
+Release:	1
 License:	Apache v2.0
 Group:		Networking/Daemons/HTTP
 Source0:	http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5:	04f19c60e810c028f5240a062668a688
+# Source0-md5:	2826f49619112ad5813c0be5afcc7ddb
 Source1:	%{name}.init
 Source2:	%{name}.logrotate
 Source3:	%{name}.sysconfig
@@ -77,7 +77,6 @@ Patch1:		%{name}-layout.patch
 Patch2:		%{name}-suexec.patch
 Patch3:		%{name}-branding.patch
 Patch4:		%{name}-apr.patch
-Patch5:		%{name}-CVE-2016-5387.patch
 
 Patch7:		%{name}-syslibs.patch
 
@@ -2645,7 +2644,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 %patch7 -p1
 
diff --git a/apache-CVE-2016-5387.patch b/apache-CVE-2016-5387.patch
deleted file mode 100644
index b8e9c14..0000000
--- a/apache-CVE-2016-5387.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/server/util_script.c b/server/util_script.c
-index 5e071a2..443dfb6 100644
---- a/server/util_script.c
-+++ b/server/util_script.c
-@@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
-         else if (!ap_cstr_casecmp(hdrs[i].key, "Content-length")) {
-             apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
-         }
-+        /* HTTP_PROXY collides with a popular envvar used to configure
-+         * proxies, don't let clients set/override it.  But, if you must...
-+         */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+        else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
-+            ;
-+        }
-+#endif
-         /*
-          * You really don't want to disable this check, since it leaves you
-          * wide open to CGIs stealing passwords and people viewing them
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/c7e4d1c1c1cc38a8893dc833dca7dafc983dcecc

More information about the pld-cvs-commit mailing list