new version 2.4.53
fixes CVE-2022-23943, CVE-2022-22721, CVE-2022-22720 and CVE-2022-22719
This commit is contained in:
Luboš Uhliarik
parent
af43dc5b98
commit
cd09c3e5ec
1
.gitignore
vendored
1
.gitignore
vendored
@ -43,3 +43,4 @@ x86_64
|
|||||||
/httpd-2.4.50.tar.bz2.asc
|
/httpd-2.4.50.tar.bz2.asc
|
||||||
/httpd-2.4.51.tar.bz2.asc
|
/httpd-2.4.51.tar.bz2.asc
|
||||||
/httpd-2.4.52.tar.bz2.asc
|
/httpd-2.4.52.tar.bz2.asc
|
||||||
|
/httpd-2.4.53.tar.bz2.asc
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
diff --git a/Makefile.in b/Makefile.in
|
diff --git a/Makefile.in b/Makefile.in
|
||||||
index 0b088ac..9eeb5c7 100644
|
index a2e9c82..bd8045c 100644
|
||||||
--- a/Makefile.in
|
--- a/Makefile.in
|
||||||
+++ b/Makefile.in
|
+++ b/Makefile.in
|
||||||
@@ -4,7 +4,7 @@ CLEAN_SUBDIRS = test
|
@@ -4,7 +4,7 @@ CLEAN_SUBDIRS = test
|
||||||
@ -12,10 +12,10 @@ index 0b088ac..9eeb5c7 100644
|
|||||||
PROGRAM_DEPENDENCIES = \
|
PROGRAM_DEPENDENCIES = \
|
||||||
server/libmain.la \
|
server/libmain.la \
|
||||||
diff --git a/acinclude.m4 b/acinclude.m4
|
diff --git a/acinclude.m4 b/acinclude.m4
|
||||||
index 2a7e5d1..eb28321 100644
|
index 97484c9..05abe18 100644
|
||||||
--- a/acinclude.m4
|
--- a/acinclude.m4
|
||||||
+++ b/acinclude.m4
|
+++ b/acinclude.m4
|
||||||
@@ -624,6 +624,7 @@ case $host in
|
@@ -631,6 +631,7 @@ case $host in
|
||||||
if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
|
if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
|
||||||
AC_MSG_WARN([Your system does not support systemd.])
|
AC_MSG_WARN([Your system does not support systemd.])
|
||||||
else
|
else
|
||||||
@ -24,18 +24,18 @@ index 2a7e5d1..eb28321 100644
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
diff --git a/configure.in b/configure.in
|
diff --git a/configure.in b/configure.in
|
||||||
index 3618a5a..74a782b 100644
|
index cf437fe..521fc45 100644
|
||||||
--- a/configure.in
|
--- a/configure.in
|
||||||
+++ b/configure.in
|
+++ b/configure.in
|
||||||
@@ -234,6 +234,7 @@ if test "$PCRE_CONFIG" != "false"; then
|
@@ -239,6 +239,7 @@ if test "x$PCRE_CONFIG" != "x"; then
|
||||||
AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG])
|
AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG])
|
||||||
APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`])
|
APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`])
|
||||||
APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs`])
|
APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs8 2>/dev/null || $PCRE_CONFIG --libs`])
|
||||||
+ APR_ADDTO(HTTPD_LIBS, [\$(PCRE_LIBS)])
|
+ APR_ADDTO(HTTPD_LIBS, [\$(PCRE_LIBS)])
|
||||||
else
|
else
|
||||||
AC_MSG_ERROR([pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/])
|
AC_MSG_ERROR([pcre(2)-config for libpcre not found. PCRE is required and available from http://pcre.org/])
|
||||||
fi
|
fi
|
||||||
@@ -710,6 +711,7 @@ APACHE_SUBST(OS_DIR)
|
@@ -734,6 +735,7 @@ APACHE_SUBST(OS_DIR)
|
||||||
APACHE_SUBST(BUILTIN_LIBS)
|
APACHE_SUBST(BUILTIN_LIBS)
|
||||||
APACHE_SUBST(SHLIBPATH_VAR)
|
APACHE_SUBST(SHLIBPATH_VAR)
|
||||||
APACHE_SUBST(OS_SPECIFIC_VARS)
|
APACHE_SUBST(OS_SPECIFIC_VARS)
|
||||||
@ -1,12 +1,5 @@
|
|||||||
|
|
||||||
Reduce size of httpd binary by telling linker to export all symbols
|
|
||||||
from libmain.a, rather than bloating the symbol table with ap_hack_*
|
|
||||||
to do so indirectly.
|
|
||||||
|
|
||||||
Upstream: https://svn.apache.org/r1861685 (as new default-off configure option)
|
|
||||||
|
|
||||||
diff --git a/Makefile.in b/Makefile.in
|
diff --git a/Makefile.in b/Makefile.in
|
||||||
index 40c7076..ac98e5f 100644
|
index bd8045c..d6733a5 100644
|
||||||
--- a/Makefile.in
|
--- a/Makefile.in
|
||||||
+++ b/Makefile.in
|
+++ b/Makefile.in
|
||||||
@@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test
|
@@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test
|
||||||
@ -40,10 +33,10 @@ index 8111877..f00bb3f 100644
|
|||||||
eoc_bucket.c eor_bucket.c core_filters.c \
|
eoc_bucket.c eor_bucket.c core_filters.c \
|
||||||
util_expr_parse.c util_expr_scan.c util_expr_eval.c
|
util_expr_parse.c util_expr_scan.c util_expr_eval.c
|
||||||
diff --git a/server/main.c b/server/main.c
|
diff --git a/server/main.c b/server/main.c
|
||||||
index 62e06df..17c09ee 100644
|
index 7da7aa2..e63d2eb 100644
|
||||||
--- a/server/main.c
|
--- a/server/main.c
|
||||||
+++ b/server/main.c
|
+++ b/server/main.c
|
||||||
@@ -835,17 +835,3 @@ int main(int argc, const char * const argv[])
|
@@ -857,17 +857,3 @@ int main(int argc, const char * const argv[])
|
||||||
return !OK;
|
return !OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
12
httpd.spec
12
httpd.spec
@ -12,8 +12,8 @@
|
|||||||
|
|
||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Name: httpd
|
Name: httpd
|
||||||
Version: 2.4.52
|
Version: 2.4.53
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
||||||
@ -66,11 +66,11 @@ Source48: apache-poweredby.png
|
|||||||
Patch2: httpd-2.4.43-apxs.patch
|
Patch2: httpd-2.4.43-apxs.patch
|
||||||
Patch3: httpd-2.4.43-deplibs.patch
|
Patch3: httpd-2.4.43-deplibs.patch
|
||||||
# Needed for socket activation and mod_systemd patch
|
# Needed for socket activation and mod_systemd patch
|
||||||
Patch19: httpd-2.4.43-detect-systemd.patch
|
Patch19: httpd-2.4.53-detect-systemd.patch
|
||||||
# Features/functional changes
|
# Features/functional changes
|
||||||
Patch21: httpd-2.4.48-r1842929+.patch
|
Patch21: httpd-2.4.48-r1842929+.patch
|
||||||
Patch22: httpd-2.4.43-mod_systemd.patch
|
Patch22: httpd-2.4.43-mod_systemd.patch
|
||||||
Patch23: httpd-2.4.48-export.patch
|
Patch23: httpd-2.4.53-export.patch
|
||||||
Patch24: httpd-2.4.43-corelimit.patch
|
Patch24: httpd-2.4.43-corelimit.patch
|
||||||
Patch25: httpd-2.4.43-selinux.patch
|
Patch25: httpd-2.4.43-selinux.patch
|
||||||
Patch26: httpd-2.4.43-gettid.patch
|
Patch26: httpd-2.4.43-gettid.patch
|
||||||
@ -790,6 +790,10 @@ exit $rv
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 17 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-1
|
||||||
|
- new version 2.4.53
|
||||||
|
- fixes CVE-2022-23943, CVE-2022-22721, CVE-2022-22720 and CVE-2022-22719
|
||||||
|
|
||||||
* Tue Feb 1 2022 Joe Orton <jorton@redhat.com> - 2.4.52-5
|
* Tue Feb 1 2022 Joe Orton <jorton@redhat.com> - 2.4.52-5
|
||||||
- rebuild for new OpenLDAP (#2032699)
|
- rebuild for new OpenLDAP (#2032699)
|
||||||
|
|
||||||
|
|||||||
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
|
SHA512 (httpd-2.4.53.tar.bz2) = 07ef59594251a30a864cc9cc9a58ab788c2d006cef85b728f29533243927c63cb063e0867f2a306f37324c3adb9cf7dcb2402f3516b05c2c6f32469d475dd756
|
||||||
|
SHA512 (httpd-2.4.53.tar.bz2.asc) = 553df571cf8edda9146c2aaadce7e5a204f9aa8bd05b165dd81e2339db830c06bdb2b546321d3ab1dcc3133a7d37bbbeb31944b725d8a5fc6b6dc389a5c25686
|
||||||
SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192
|
SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192
|
||||||
SHA512 (httpd-2.4.52.tar.bz2) = 97c021c576022a9d32f4a390f62e07b5f550973aef2f299fd52defce1a9fa5d27bd4a676e7bf214373ba46063d34aecce42de62fdd93678a4e925cfcbb2afdf6
|
|
||||||
SHA512 (httpd-2.4.52.tar.bz2.asc) = 59b8b86a9626525868ef72cfd8192102db0dc1e6a257040331b4a9abb872cbeace2fbc5c961c5dc35e7900eef987107ed3732e6527eb289fc9cf47654eec3f05
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user