[packages/apache] Up to 2.4.56; fixes CVE-2023-27522, CVE-2023-25690
arekm
arekm at pld-linux.org
Thu Mar 9 10:59:34 CET 2023
commit 6a27310dbcaa0f01963d322b1307642d3578b423
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Mar 9 10:59:10 2023 +0100
Up to 2.4.56; fixes CVE-2023-27522, CVE-2023-25690
apache.spec | 8 +++-----
http2-500.patch | 35 -----------------------------------
2 files changed, 3 insertions(+), 40 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index cc97512..58d35fa 100644
--- a/apache.spec
+++ b/apache.spec
@@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.4.55
-Release: 2
+Version: 2.4.56
+Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: b6a8b9d8741db43cf5b4dd8e9bdb0ce7
+# Source0-md5: 67f3c04a28df1ad36ff6ea55df010869
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
@@ -79,7 +79,6 @@ Patch2: %{name}-suexec.patch
Patch3: %{name}-branding.patch
Patch4: %{name}-apr.patch
Patch7: %{name}-syslibs.patch
-Patch8: http2-500.patch
Patch10: httpd-2.0.46-dav401dest.patch
Patch14: httpd-2.0.48-corelimit.patch
@@ -2693,7 +2692,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
%patch4 -p1
%patch7 -p1
-%patch8 -p1
%patch10 -p1
diff --git a/http2-500.patch b/http2-500.patch
deleted file mode 100644
index e75fbef..0000000
--- a/http2-500.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit a829ac7f3f543ce6849d563aed4b6d602a7ca0e7
-Author: Stefan Eissing <icing at apache.org>
-Date: Wed Jan 18 20:02:25 2023 +0000
-
- *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
- reported in access logs and error documents. The processing of the
- reset was correct, only unneccesary reporting was caused.
-
-
-
- git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906775 13f79535-47bb-0310-9956-ffa450edef68
-
-diff --git a/changes-entries/h2-rst-access-500-fix.txt b/changes-entries/h2-rst-access-500-fix.txt
-new file mode 100644
-index 0000000000..d165fa3bc8
---- /dev/null
-+++ b/changes-entries/h2-rst-access-500-fix.txt
-@@ -0,0 +1,4 @@
-+ *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
-+ reported in access logs and error documents. The processing of the
-+ reset was correct, only unneccesary reporting was caused.
-+ [Stefan Eissing]
-diff --git a/modules/http2/h2_c2_filter.c b/modules/http2/h2_c2_filter.c
-index f537a19f07..37254fc1d7 100644
---- a/modules/http2/h2_c2_filter.c
-+++ b/modules/http2/h2_c2_filter.c
-@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f, apr_bucket_brigade* bb)
- ap_assert(conn_ctx);
- H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
-
-- if (!conn_ctx->has_final_response) {
-+ if (!f->c->aborted && !conn_ctx->has_final_response) {
- if (!parser) {
- parser = apr_pcalloc(f->c->pool, sizeof(*parser));
- parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, conn_ctx->stream_id);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/6a27310dbcaa0f01963d322b1307642d3578b423
More information about the pld-cvs-commit
mailing list