Commit Graph

68 Commits

Author SHA1 Message Date
Luboš Uhliarik
188a9ca177 Security fix for CVE-2006-20001 CVE-2022-37436 CVE-2022-36760
Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling
2023-01-30 22:46:43 +01:00
Luboš Uhliarik
f38bb25abe Resolves: #2160667 - prevent sscg creating /dhparams.pem 2023-01-24 10:24:39 +01:00
Luboš Uhliarik
29ba282799 Resolves: #2143176 - Dependency from mod_http2 on httpd broken 2022-12-08 02:34:40 +01:00
Luboš Uhliarik
486cdd8e18 Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO 2022-12-06 18:30:22 +01:00
Luboš Uhliarik
d0bb9350f2 Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure
with websockets
2022-07-22 12:23:04 +02:00
Luboš Uhliarik
9837c3578f Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2022-07-21 19:44:30 +02:00
Luboš Uhliarik
7d7f7cade3 Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2022-07-21 18:14:08 +02:00
Luboš Uhliarik
e48d1ff2b5 Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2022-07-21 17:19:49 +02:00
Luboš Uhliarik
3e971cd869 Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
2022-07-20 18:39:13 +02:00
Luboš Uhliarik
f50c76924f Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
ap_strcmp_match()

- uncomment previous security patch200 - it was commented out by mistake
2022-07-20 17:04:41 +02:00
Luboš Uhliarik
4e955b0b8d Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
2022-07-20 16:41:33 +02:00
Luboš Uhliarik
3bed4484eb Related: #2065677 - fix downgrade issue after introducing httpd
core sub-package

- mod_ssl and other modules should depend on httpd core sub-package
2022-06-28 01:18:59 +02:00
Luboš Uhliarik
7fd1efd8e0 Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() 2022-06-24 14:53:45 +02:00
Luboš Uhliarik
032b2cd822 Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() 2022-06-16 18:28:30 +02:00
Luboš Uhliarik
14361142ce Related: #2079939 - httpd rebase to 2.4.53
- there is possible regression in PCRE 2 and in httpd 2.4.53 it was
  automatically switched to use PCRE 1 as default. Therefore I'm forcing
  httpd to build with PCRE 1
2022-06-15 15:28:08 +02:00
Luboš Uhliarik
ef2b91d363 Resolves: #2065677 - httpd minimisation for ubi-micro
minimize httpd dependencies (new httpd-core package)
mod_systemd and mod_brotli are now packaged in the main httpd package
2022-06-01 16:48:59 +02:00
Luboš Uhliarik
d6fbadf25f Related: #2079939 - httpd rebase to 2.4.53
- backport regression fix - r1901199
2022-06-01 02:11:42 +02:00
Luboš Uhliarik
0ded77a485 Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending
with core
2022-06-01 01:49:31 +02:00
Luboš Uhliarik
0579fb3c3f new version 2.4.53
Resolves: #2079939 - httpd rebase to 2.4.53
2022-06-01 01:12:41 +02:00
Luboš Uhliarik
30c01a09c1 Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
SetEnv or PassEnv
2022-04-11 15:13:04 +02:00
Luboš Uhliarik
c3884c0db7 Related: #2065251 - bump release num 2022-03-22 12:29:12 +01:00
Luboš Uhliarik
bdf0e9e785 Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
  in forward proxy configurations
2022-03-21 14:25:44 +01:00
Luboš Uhliarik
b7d7474a46 Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
2022-03-21 13:04:58 +01:00
Luboš Uhliarik
0cc775339f Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
when parsing multipart content
2022-01-10 18:57:43 +01:00
ec4da30e9b Use NAME from os-release(5) for vendor string
Resolves: #2029071 - httpd on CentOS identifies as RHEL

Signed-off-by: Neal Gompa <ngompa@centosproject.org>
2021-12-06 19:39:06 -05:00
Joe Orton
9d1c57410b Bump NVR.
Resolves: rhbz#1938740
2021-12-03 15:01:54 +00:00
Joe Orton
4d3fe82afc add fixes for static analyzer issues (#1938740)
Resolves: rhbz#1938740
2021-12-03 14:19:05 +00:00
Branislav Náter
6a9dd7ed67 Resolves: #2025996 - Internal tests are not available for c9s 2021-12-02 12:41:35 +01:00
Branislav Náter
69ec5aa077 Resolves: #2025996 - Enhanced TMT testing 2021-11-23 17:03:11 +01:00
Luboš Uhliarik
71a047ad15 Resolves: #2005416 - httpd default configuration changes 2021-11-08 16:26:13 +01:00
Luboš Uhliarik
7f280ee9bc - new version 2.4.51 (#2011090)
- add comments to apachectl
- adjust patches
- update openssl 3.0 patch

Resolves: #2011090
2021-10-19 18:23:25 +02:00
Luboš Uhliarik
7302c9b133 new version 2.4.49 (#2005339)
Resolves: #2005339
2021-09-17 17:54:49 +02:00
Luboš Uhliarik
d826352e8c Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which
differ only in case
2021-09-15 13:23:58 +02:00
Mohan Boddu
c77124140b Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 20:28:44 +00:00
Luboš Uhliarik
674e740262 Related: #1956386 - Apache trademark update - new logo
- fix link destination (when you use underscores in filenames in
one package and dashes in the other....)
2021-08-09 14:36:09 +02:00
Luboš Uhliarik
01677aa399 Related: #1956386 - Apache trademark update - new logo
- fix release number
2021-08-09 13:01:58 +02:00
Luboš Uhliarik
23cd1df953 Merge branch 'c9s' into bz1956386 2021-08-09 10:44:10 +02:00
Luboš Uhliarik
e50a90d493 Related: #1956386 - Apache trademark update - new logo
- fix link destination
2021-08-09 10:40:41 +02:00
Luboš Uhliarik
76b2921307 Resolves: #1956386 - Apache trademark update - new logo 2021-08-09 10:29:50 +02:00
Florian Weimer
c4d6c17a34 Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
Related: #1984652
2021-08-06 19:37:10 +02:00
Joe Orton
6ba433c549 mod_ssl: OpenSSL 3 compatibility update (#1986822)
Resolves: rhbz#1986822
2021-07-28 12:47:32 +01:00
Joe Orton
5097b89c7d Update to upstream version of patch for #1976080 (no functional change,
except it also builds on OpenSSL < 3.0)

Related: rhbz#1976080
2021-07-15 13:04:34 +01:00
Joe Orton
e6d49b6319 - mod_ssl: add SSLKEYLOGFILE support (#1982656)
Resolves: rhbz#1982656
2021-07-15 12:41:39 +01:00
Joe Orton
daf3bf9ef7 mod_cgid: fix doubled script timeout (#1977234)
Resolves: rhbz#1977234
2021-07-12 15:48:10 +01:00
Joe Orton
694f7e90dc fix release in ServerTokens Full-Release (#1932442)
Related: rhbz#1932442
2021-07-09 12:05:12 +01:00
Joe Orton
f0962294b0 use OOMPolicy=continue in httpd.service, httpd@.service (#1947475)
Resolves: rhbz#1947475
2021-07-07 11:53:40 +01:00
Luboš Uhliarik
2be7e43256 Resolves: #1950021 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
to be able to handle certs without matching private key
2021-07-01 14:16:33 +02:00
Luboš Uhliarik
dc59040381 Resolves: #1950011 - unorderly connection close when client attempts
renegotiation
2021-07-01 13:16:36 +02:00
Luboš Uhliarik
566c28b19e Resolves: #1932442 - "ServerTokens FullRelease" support 2021-07-01 12:56:22 +02:00
Joe Orton
f4d5942464 mod_ssl: fix loading encrypted privkeys with OpenSSL 3.0 (#1976080)
Resolves: rhbz#1976080

Add rpminspect waivers.
2021-06-25 14:52:16 +01:00