rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
83 Commits 12 Branches 71 Tags 10 MiB
48fe4ca174
Commit Graph

83 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Orton
48fe4ca174 mod_ssl: restore SSL_OP_NO_RENEGOTIATE support 2024-06-01 02:05:44 +00:00
Joe Orton
ed6e87717d mod_ssl: defer ENGINE_finish() calls to a cleanup 
Resolves: RHEL-36755
 2024-05-21 16:41:55 +01:00
Luboš Uhliarik
966d01a60e Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers 2024-05-20 12:47:28 +02:00
Luboš Uhliarik
f62333944e Related: RHEL-14668 - RFE: httpd rebase to 2.4.59 2024-05-08 18:48:35 +02:00
Joe Orton
48a224a9c9 Resolves: RHEL-35870 - httpd mod_cgi/cgid unification 2024-05-08 16:13:02 +01:00
Luboš Uhliarik
bc238b515b new version 2.4.59 
Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59
Resolves: RHEL-31856 - httpd: HTTP response splitting
  (CVE-2023-38709)
Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple
  modules (CVE-2024-24795)
 2024-05-06 17:41:14 +02:00
Joe Orton
b3d1e6d8de mod_dav: add DavBasePath 
Resolves: RHEL-6600
 2024-02-08 17:19:45 +00:00
Joe Orton
926baa67c3 mod_xml2enc: fix media type handling 
Resolves: RHEL-17686
 2024-02-07 15:45:02 +00:00
Luboš Uhliarik
df3e6a5147 Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read 
vulnerability (CVE-2023-31122)
 2024-02-05 16:06:21 +01:00
Joe Orton
763937a8bc Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType, 
add mod_dav_fs locking around lockdb API
 2023-12-14 12:52:27 +00:00
Tomas Korbar
1607557553 Fix issue found by covscan 
Related: #2222001
 2023-07-20 09:50:07 +02:00
Joe Orton
931da42665 Resolves: #2217726 - Make PROPFIND tolerant of deletion race 2023-07-18 10:58:57 +01:00
Tomas Korbar
e0badf3bc2 Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice 2023-07-11 15:16:47 +02:00
Luboš Uhliarik
11c156ebbe Resolves: #2186645 - Fix issue found by covscan in httpd package 
Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
 2023-04-14 02:41:37 +02:00
Luboš Uhliarik
d4b55888c2 Resolves: #2184403 - rebase httpd to 2.4.57 
Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
  mod_rewrite and mod_proxy
 2023-04-11 14:31:37 +02:00
Luboš Uhliarik
188a9ca177 Security fix for CVE-2006-20001 CVE-2022-37436 CVE-2022-36760 
Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling
 2023-01-30 22:46:43 +01:00
Luboš Uhliarik
f38bb25abe Resolves: #2160667 - prevent sscg creating /dhparams.pem 2023-01-24 10:24:39 +01:00
Luboš Uhliarik
29ba282799 Resolves: #2143176 - Dependency from mod_http2 on httpd broken 2022-12-08 02:34:40 +01:00
Luboš Uhliarik
486cdd8e18 Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO 2022-12-06 18:30:22 +01:00
Luboš Uhliarik
d0bb9350f2 Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure 
with websockets
 2022-07-22 12:23:04 +02:00
Luboš Uhliarik
9837c3578f Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2022-07-21 19:44:30 +02:00
Luboš Uhliarik
7d7f7cade3 Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2022-07-21 18:14:08 +02:00
Luboš Uhliarik
e48d1ff2b5 Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2022-07-21 17:19:49 +02:00
Luboš Uhliarik
3e971cd869 Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped 
by hop-by-hop mechanism
 2022-07-20 18:39:13 +02:00
Luboš Uhliarik
f50c76924f Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in 
ap_strcmp_match()

- uncomment previous security patch200 - it was commented out by mistake
 2022-07-20 17:04:41 +02:00
Luboš Uhliarik
4e955b0b8d Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request 
smuggling
 2022-07-20 16:41:33 +02:00
Luboš Uhliarik
3bed4484eb Related: #2065677 - fix downgrade issue after introducing httpd 
core sub-package

- mod_ssl and other modules should depend on httpd core sub-package
 2022-06-28 01:18:59 +02:00
Luboš Uhliarik
7fd1efd8e0 Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() 2022-06-24 14:53:45 +02:00
Luboš Uhliarik
032b2cd822 Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() 2022-06-16 18:28:30 +02:00
Luboš Uhliarik
14361142ce Related: #2079939 - httpd rebase to 2.4.53 
- there is possible regression in PCRE 2 and in httpd 2.4.53 it was
  automatically switched to use PCRE 1 as default. Therefore I'm forcing
  httpd to build with PCRE 1
 2022-06-15 15:28:08 +02:00
Luboš Uhliarik
ef2b91d363 Resolves: #2065677 - httpd minimisation for ubi-micro 
minimize httpd dependencies (new httpd-core package)
mod_systemd and mod_brotli are now packaged in the main httpd package
 2022-06-01 16:48:59 +02:00
Luboš Uhliarik
d6fbadf25f Related: #2079939 - httpd rebase to 2.4.53 
- backport regression fix - r1901199
 2022-06-01 02:11:42 +02:00
Luboš Uhliarik
0ded77a485 Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending 
with core
 2022-06-01 01:49:31 +02:00
Luboš Uhliarik
0579fb3c3f new version 2.4.53 
Resolves: #2079939 - httpd rebase to 2.4.53
 2022-06-01 01:12:41 +02:00
Luboš Uhliarik
30c01a09c1 Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using 
SetEnv or PassEnv
 2022-04-11 15:13:04 +02:00
Luboš Uhliarik
c3884c0db7 Related: #2065251 - bump release num 2022-03-22 12:29:12 +01:00
Luboš Uhliarik
bdf0e9e785 Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling 
vulnerability in Apache HTTP Server 2.4.52 and earlier
Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
  in forward proxy configurations
 2022-03-21 14:25:44 +01:00
Luboš Uhliarik
b7d7474a46 Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling 
vulnerability in Apache HTTP Server 2.4.52 and earlier
 2022-03-21 13:04:58 +01:00
Luboš Uhliarik
0cc775339f Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow 
when parsing multipart content
 2022-01-10 18:57:43 +01:00
Neal Gompa
ec4da30e9b Use NAME from os-release(5) for vendor string 
Resolves: #2029071 - httpd on CentOS identifies as RHEL

Signed-off-by: Neal Gompa <ngompa@centosproject.org>
 2021-12-06 19:39:06 -05:00
Joe Orton
9d1c57410b Bump NVR. 
Resolves: rhbz#1938740
 2021-12-03 15:01:54 +00:00
Joe Orton
4d3fe82afc add fixes for static analyzer issues (#1938740) 
Resolves: rhbz#1938740
 2021-12-03 14:19:05 +00:00
Branislav Náter
6a9dd7ed67 Resolves: #2025996 - Internal tests are not available for c9s 2021-12-02 12:41:35 +01:00
Branislav Náter
69ec5aa077 Resolves: #2025996 - Enhanced TMT testing 2021-11-23 17:03:11 +01:00
Luboš Uhliarik
71a047ad15 Resolves: #2005416 - httpd default configuration changes 2021-11-08 16:26:13 +01:00
Luboš Uhliarik
7f280ee9bc - new version 2.4.51 (#2011090) 
- add comments to apachectl
- adjust patches
- update openssl 3.0 patch

Resolves: #2011090
 2021-10-19 18:23:25 +02:00
Luboš Uhliarik
7302c9b133 new version 2.4.49 (#2005339) 
Resolves: #2005339
 2021-09-17 17:54:49 +02:00
Luboš Uhliarik
d826352e8c Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which 
differ only in case
 2021-09-15 13:23:58 +02:00
Mohan Boddu
c77124140b Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 20:28:44 +00:00
Luboš Uhliarik
674e740262 Related: #1956386 - Apache trademark update - new logo 
- fix link destination (when you use underscores in filenames in
one package and dashes in the other....)
 2021-08-09 14:36:09 +02:00