rpms
/
httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
76 Commits 11 Branches 64 Tags 8.4 MiB
Commit Graph

70 Commits

Author SHA1 Message Date
Joe Orton 926baa67c3 mod_xml2enc: fix media type handling 
Resolves: RHEL-17686
 2024-02-07 15:45:02 +00:00
Luboš Uhliarik df3e6a5147 Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read 
vulnerability (CVE-2023-31122)
 2024-02-05 16:06:21 +01:00
Joe Orton 763937a8bc Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType, 
add mod_dav_fs locking around lockdb API
 2023-12-14 12:52:27 +00:00
Tomas Korbar 1607557553 Fix issue found by covscan 
Related: #2222001
 2023-07-20 09:50:07 +02:00
Joe Orton 931da42665 Resolves: #2217726 - Make PROPFIND tolerant of deletion race 2023-07-18 10:58:57 +01:00
Tomas Korbar e0badf3bc2 Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice 2023-07-11 15:16:47 +02:00
Luboš Uhliarik 11c156ebbe Resolves: #2186645 - Fix issue found by covscan in httpd package 
Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
 2023-04-14 02:41:37 +02:00
Luboš Uhliarik d4b55888c2 Resolves: #2184403 - rebase httpd to 2.4.57 
Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
  mod_rewrite and mod_proxy
 2023-04-11 14:31:37 +02:00
Luboš Uhliarik 188a9ca177 Security fix for CVE-2006-20001 CVE-2022-37436 CVE-2022-36760 
Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling
 2023-01-30 22:46:43 +01:00
Luboš Uhliarik f38bb25abe Resolves: #2160667 - prevent sscg creating /dhparams.pem 2023-01-24 10:24:39 +01:00
Luboš Uhliarik 29ba282799 Resolves: #2143176 - Dependency from mod_http2 on httpd broken 2022-12-08 02:34:40 +01:00
Luboš Uhliarik 486cdd8e18 Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO 2022-12-06 18:30:22 +01:00
Luboš Uhliarik d0bb9350f2 Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure 
with websockets
 2022-07-22 12:23:04 +02:00
Luboš Uhliarik 9837c3578f Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2022-07-21 19:44:30 +02:00
Luboš Uhliarik 7d7f7cade3 Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2022-07-21 18:14:08 +02:00
Luboš Uhliarik e48d1ff2b5 Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2022-07-21 17:19:49 +02:00
Luboš Uhliarik 3e971cd869 Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped 
by hop-by-hop mechanism
 2022-07-20 18:39:13 +02:00
Luboš Uhliarik f50c76924f Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in 
ap_strcmp_match()

- uncomment previous security patch200 - it was commented out by mistake
 2022-07-20 17:04:41 +02:00
Luboš Uhliarik 4e955b0b8d Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request 
smuggling
 2022-07-20 16:41:33 +02:00
Luboš Uhliarik 3bed4484eb Related: #2065677 - fix downgrade issue after introducing httpd 
core sub-package

- mod_ssl and other modules should depend on httpd core sub-package
 2022-06-28 01:18:59 +02:00
Luboš Uhliarik 7fd1efd8e0 Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() 2022-06-24 14:53:45 +02:00
Luboš Uhliarik 032b2cd822 Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() 2022-06-16 18:28:30 +02:00
Luboš Uhliarik 14361142ce Related: #2079939 - httpd rebase to 2.4.53 
- there is possible regression in PCRE 2 and in httpd 2.4.53 it was
  automatically switched to use PCRE 1 as default. Therefore I'm forcing
  httpd to build with PCRE 1
 2022-06-15 15:28:08 +02:00
Luboš Uhliarik ef2b91d363 Resolves: #2065677 - httpd minimisation for ubi-micro 
minimize httpd dependencies (new httpd-core package)
mod_systemd and mod_brotli are now packaged in the main httpd package
 2022-06-01 16:48:59 +02:00
Luboš Uhliarik d6fbadf25f Related: #2079939 - httpd rebase to 2.4.53 
- backport regression fix - r1901199
 2022-06-01 02:11:42 +02:00
Luboš Uhliarik 0ded77a485 Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending 
with core
 2022-06-01 01:49:31 +02:00
Luboš Uhliarik 0579fb3c3f new version 2.4.53 
Resolves: #2079939 - httpd rebase to 2.4.53
 2022-06-01 01:12:41 +02:00
Luboš Uhliarik 30c01a09c1 Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using 
SetEnv or PassEnv
 2022-04-11 15:13:04 +02:00
Luboš Uhliarik c3884c0db7 Related: #2065251 - bump release num 2022-03-22 12:29:12 +01:00
Luboš Uhliarik bdf0e9e785 Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling 
vulnerability in Apache HTTP Server 2.4.52 and earlier
Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF
  in forward proxy configurations
 2022-03-21 14:25:44 +01:00
Luboš Uhliarik b7d7474a46 Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling 
vulnerability in Apache HTTP Server 2.4.52 and earlier
 2022-03-21 13:04:58 +01:00
Luboš Uhliarik 0cc775339f Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow 
when parsing multipart content
 2022-01-10 18:57:43 +01:00
Neal Gompa ec4da30e9b Use NAME from os-release(5) for vendor string 
Resolves: #2029071 - httpd on CentOS identifies as RHEL

Signed-off-by: Neal Gompa <ngompa@centosproject.org>
 2021-12-06 19:39:06 -05:00
Joe Orton 9d1c57410b Bump NVR. 
Resolves: rhbz#1938740
 2021-12-03 15:01:54 +00:00
Joe Orton 4d3fe82afc add fixes for static analyzer issues (#1938740) 
Resolves: rhbz#1938740
 2021-12-03 14:19:05 +00:00
Luboš Uhliarik 71a047ad15 Resolves: #2005416 - httpd default configuration changes 2021-11-08 16:26:13 +01:00
Luboš Uhliarik 7f280ee9bc - new version 2.4.51 (#2011090) 
- add comments to apachectl
- adjust patches
- update openssl 3.0 patch

Resolves: #2011090
 2021-10-19 18:23:25 +02:00
Luboš Uhliarik 7302c9b133 new version 2.4.49 (#2005339) 
Resolves: #2005339
 2021-09-17 17:54:49 +02:00
Luboš Uhliarik d826352e8c Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which 
differ only in case
 2021-09-15 13:23:58 +02:00
Mohan Boddu c77124140b Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 20:28:44 +00:00
Luboš Uhliarik 674e740262 Related: #1956386 - Apache trademark update - new logo 
- fix link destination (when you use underscores in filenames in
one package and dashes in the other....)
 2021-08-09 14:36:09 +02:00
Luboš Uhliarik 01677aa399 Related: #1956386 - Apache trademark update - new logo 
- fix release number
 2021-08-09 13:01:58 +02:00
Luboš Uhliarik 23cd1df953 Merge branch 'c9s' into bz1956386 2021-08-09 10:44:10 +02:00
Luboš Uhliarik e50a90d493 Related: #1956386 - Apache trademark update - new logo 
- fix link destination
 2021-08-09 10:40:41 +02:00
Luboš Uhliarik 76b2921307 Resolves: #1956386 - Apache trademark update - new logo 2021-08-09 10:29:50 +02:00
Florian Weimer c4d6c17a34 Rebuild to pick up new build flags from redhat-rpm-config (#1984652) 
Related: #1984652
 2021-08-06 19:37:10 +02:00
Joe Orton 6ba433c549 mod_ssl: OpenSSL 3 compatibility update (#1986822) 
Resolves: rhbz#1986822
 2021-07-28 12:47:32 +01:00
Joe Orton 5097b89c7d Update to upstream version of patch for #1976080 (no functional change, 
except it also builds on OpenSSL < 3.0)

Related: rhbz#1976080
 2021-07-15 13:04:34 +01:00
Joe Orton e6d49b6319 - mod_ssl: add SSLKEYLOGFILE support (#1982656) 
Resolves: rhbz#1982656
 2021-07-15 12:41:39 +01:00
Joe Orton daf3bf9ef7 mod_cgid: fix doubled script timeout (#1977234) 
Resolves: rhbz#1977234
 2021-07-12 15:48:10 +01:00