add security fix for CVE-2016-5387

2016-07-18 16:31:52 +01:00 · 2016-07-18 16:31:52 +01:00 · 4a0435cd7b
commit 4a0435cd7b
parent 17ef1b1f5e
2 changed files with 23 additions and 1 deletions
--- a/httpd-2.4.18-CVE-2016-5387.patch
+++ b/httpd-2.4.18-CVE-2016-5387.patch
@ -0,0 +1,16 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
+
+--- httpd-2.4.18/server/util_script.c.cve5387
+++ httpd-2.4.18/server/util_script.c
+@@ -195,6 +195,10 @@
+             }
+         }
+ #endif
+        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
+            /* Don't pass through HTTP_PROXY */
+            continue;
+        }
+         else
+             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
+     }
--- a/httpd.spec
+++ b/httpd.spec
@ -8,7 +8,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.23
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@ -67,6 +67,7 @@ Patch55: httpd-2.4.4-malformed-host.patch
 Patch56: httpd-2.4.4-mod_unique_id.patch
 Patch57: httpd-2.4.10-sigint.patch
 # Security fixes
+Patch100: httpd-2.4.18-CVE-2016-5387.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -211,6 +212,8 @@ interface for storing and accessing per-user session data.
 %patch56 -p1 -b .uniqueid
 %patch57 -p1 -b .sigint

+%patch100 -p1 -b .cve5387
+
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h

@ -682,6 +685,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd

 %changelog
+* Mon Jul 18 2016 Joe Orton <jorton@redhat.com> - 2.4.23-4
+- add security fix for CVE-2016-5387
+
 * Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.23-3
 - load mod_watchdog by default (#1353582)