- mod_ssl: add security fix for CVE-2005-3357 (#177914)

- mod_imagemap: add security fix for CVE-2005-3352 (#177913) - add fix for AP_INIT_* designated initializers with C++ compilers - httpd.conf: enable HTMLTable in default IndexOptions - httpd.conf: add more "redirect-carefully" matches for DAV clients
2006-02-03 10:06:08 +00:00 · 2006-02-03 10:06:08 +00:00 · 73a46bb6e8
commit 73a46bb6e8
parent ab67633ccf
2 changed files with 23 additions and 5 deletions
--- a/httpd.conf
+++ b/httpd.conf
@ -588,7 +588,7 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
 # IndexOptions: Controls the appearance of server-generated directory
 # listings.
 #
-IndexOptions FancyIndexing VersionSort NameWidth=*
+IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable

 #
 # AddIcon* directives tell the server which icon to show for different
@ -887,9 +887,12 @@ BrowserMatch "JDK/1\.0" force-response-1.0
 # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
 #
 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
 BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
-BrowserMatch "^gnome-vfs" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

 #
 # Allow server status reports generated by mod_status,
--- a/httpd.spec
+++ b/httpd.spec
@ -7,7 +7,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.2.0
-Release: 4
+Release: 5
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
 Source1: index.html
@ -41,7 +41,11 @@ Patch25: httpd-2.0.54-selinux.patch
 # Bug fixes
 Patch50: httpd-2.0.45-encode.patch
 Patch51: httpd-2.2.0-headclength.patch
-patch52: httpd-2.2.0-ajpcookie.patch
+Patch52: httpd-2.2.0-ajpcookie.patch
+Patch53: httpd-2.2.0-cppheader.patch
+# Security fixes
+Patch200: httpd-2.2.0-CVE-2005-3352.patch
+Patch201: httpd-2.2.0-CVE-2005-3357.patch
 License: Apache Software License
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-root
@ -121,6 +125,10 @@ Security (TLS) protocols.
 %patch50 -p1
 %patch51 -p1 -b .headclength
 %patch52 -p1 -b .ajpcookie
+%patch53 -p1 -b .cppheader
+
+%patch200 -p1 -b .cve3352
+%patch201 -p1 -b .cve3352

 # Patch in vendor/release string
 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@ -481,6 +489,13 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/httpd/build/*.sh

 %changelog
+* Fri Feb  3 2006 Joe Orton <jorton@redhat.com> 2.2.0-5
+- mod_ssl: add security fix for CVE-2005-3357 (#177914)
+- mod_imagemap: add security fix for CVE-2005-3352 (#177913)
+- add fix for AP_INIT_* designated initializers with C++ compilers
+- httpd.conf: enable HTMLTable in default IndexOptions
+- httpd.conf: add more "redirect-carefully" matches for DAV clients
+
 * Thu Jan  5 2006 Joe Orton <jorton@redhat.com> 2.2.0-4
 - mod_proxy_ajp: fix Cookie handling (Mladen Turk, r358769)