import httpd-2.4.53-11.el9_2.4

This commit is contained in:
CentOS Sources 2023-05-09 05:30:01 +00:00 committed by Stepan Oksanichenko
parent 0ee71a8f08
commit 2361b91abe
2 changed files with 36 additions and 11 deletions

View File

@ -0,0 +1,14 @@
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index e488aa6..8267f1b 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -3121,7 +3121,7 @@ PROXY_DECLARE(apr_status_t) ap_proxy_check_connection(const char *scheme,
"%s: backend socket is disconnected.", scheme);
}
else {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, server, APLOGNO(03408)
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, server, APLOGNO(03408)
"%s: reusable backend connection is not empty: "
"forcibly closed", scheme);
}

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.53
Release: 7%{?dist}.5
Release: 11%{?dist}.4
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -114,6 +114,8 @@ Patch66: httpd-2.4.51-r1892413+.patch
Patch67: httpd-2.4.51-r1811831.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2098056
Patch68: httpd-2.4.53-r1878890.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2151313
Patch69: httpd-2.4.53-proxy-util-loglevel.patch
# Security fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=2094997
@ -168,7 +170,7 @@ Requires: httpd-filesystem = %{version}-%{release}
Requires(pre): httpd-filesystem
Conflicts: apr < 1.5.0-1
Conflicts: httpd < 2.4.53-3
Conflicts: mod_http2 < 1.15.19-3%{?dist}.4
Conflicts: mod_http2 < 1.15.19-4%{?dist}.3
Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
%description core
@ -221,7 +223,7 @@ Epoch: 1
BuildRequires: openssl-devel
Requires(pre): httpd-filesystem
Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
Requires: sscg >= 2.2.0, /usr/bin/hostname
Requires: sscg >= 3.0.0-7, /usr/bin/hostname
# Require an OpenSSL which supports PROFILE=SYSTEM
Conflicts: openssl-libs < 1:1.0.1h-4
@ -305,6 +307,7 @@ written in the Lua programming language.
%patch66 -p1 -b .r1892413+
%patch67 -p1 -b .r1811831
%patch68 -p1 -b .r1878890
%patch69 -p1 -b .proxyutil-loglevel
%patch200 -p1 -b .CVE-2022-26377
%patch201 -p1 -b .CVE-2022-28615
@ -876,18 +879,26 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Thu Mar 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7.5
- Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
* Sat Mar 18 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11.4
- Resolves: #2177752 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
* Tue Jan 31 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7.1
- Resolves: #2165975 - prevent sscg creating /dhparams.pem
- Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
* Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
of zero byte
- Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
smuggling
* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
- Resolves: #2160667 - prevent sscg creating /dhparams.pem
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
* Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
* Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling