Merge branch 'c8-stream-2.4' into a8-stream-2.4
This commit is contained in:
commit
5897347d31
|
@ -0,0 +1,10 @@
|
|||
--- a/modules/lua/lua_request.c 2021/12/16 11:09:40 1896038
|
||||
+++ b/modules/lua/lua_request.c 2021/12/16 11:15:47 1896039
|
||||
@@ -410,6 +410,7 @@
|
||||
if (end == NULL) break;
|
||||
key = (char *) apr_pcalloc(r->pool, 256);
|
||||
filename = (char *) apr_pcalloc(r->pool, 256);
|
||||
+ if (end - crlf <= 8) break;
|
||||
vlen = end - crlf - 8;
|
||||
buffer = (char *) apr_pcalloc(r->pool, vlen+1);
|
||||
memcpy(buffer, crlf + 4, vlen);
|
|
@ -14,7 +14,7 @@
|
|||
Summary: Apache HTTP Server
|
||||
Name: httpd
|
||||
Version: 2.4.37
|
||||
Release: 43%{?dist}
|
||||
Release: 43%{?dist}.1
|
||||
URL: https://httpd.apache.org/
|
||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||
Source2: httpd.logrotate
|
||||
|
@ -197,6 +197,8 @@ Patch213: httpd-2.4.37-CVE-2021-26690.patch
|
|||
Patch214: httpd-2.4.37-CVE-2021-40438.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1966732
|
||||
Patch215: httpd-2.4.37-CVE-2021-26691.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2034674
|
||||
Patch216: httpd-2.4.37-CVE-2021-44790.patch
|
||||
|
||||
License: ASL 2.0
|
||||
Group: System Environment/Daemons
|
||||
|
@ -392,6 +394,7 @@ interface for storing and accessing per-user session data.
|
|||
%patch213 -p1 -b .CVE-2021-26690
|
||||
%patch214 -p1 -b .CVE-2021-40438
|
||||
%patch215 -p1 -b .CVE-2021-26691
|
||||
%patch216 -p1 -b .CVE-2021-44790
|
||||
|
||||
# Patch in the vendor string
|
||||
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
|
||||
|
@ -897,9 +900,13 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||
|
||||
%changelog
|
||||
* Wed Oct 27 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 2.4.37-43.alma
|
||||
* Tue Jan 25 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 2.4.37-43.1.alma
|
||||
- include AlmaLinux in version string
|
||||
|
||||
* Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43.1
|
||||
- Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer
|
||||
overflow when parsing multipart content
|
||||
|
||||
* Tue Oct 26 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43
|
||||
- Related: #2007235 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
|
||||
a crafted request uri-path
|
||||
|
|
Loading…
Reference in New Issue