pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- update to 2.4.25: fixed several security issues (CVE-2016-8740,

Browse Source 
CVE-2016-5387, CVE-2016-2161, CVE-2016-0736, CVE-2016-8743), many
  fixes and improvements of mod_http2 and other modules; see CHANGES 
  for full change log

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=494
This commit is contained in:
Petr Gajdos 2017-01-02 10:31:04 +00:00 committed by Git OBS Bridge
parent 259521aeb2
commit 1403855591
6 changed files with 121 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apache2.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Jan 2 09:50:00 UTC 2017 - pgajdos@suse.com
- update to 2.4.25: fixed several security issues (CVE-2016-8740,
CVE-2016-5387, CVE-2016-2161, CVE-2016-0736, CVE-2016-8743), many
fixes and improvements of mod_http2 and other modules; see CHANGES
for full change log
-------------------------------------------------------------------
Fri Dec 9 12:21:27 UTC 2016 - pgajdos@suse.com

6
apache2.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package apache2
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -51,7 +51,7 @@
%endif
Name: apache2
Version: 2.4.23
Version: 2.4.25
Release: 0
Summary: The Apache Web Server Version 2.4
License: Apache-2.0
@ -312,7 +312,7 @@ to administrators of web servers in general.
%endif
%patch111 -p1
%patch114 -p1
%patch115
%patch115 -p1
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
a=$(basename %{SOURCE22})

3
httpd-2.4.23.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0c1694b2aad7765896faf92843452ee2555b9591ae10d4f19b245f2adfe85e58
size 6351875

3
httpd-2.4.25.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2
size 6398218

85
httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
View File

@ -42,39 +42,19 @@ Conflicts:
server/protocol.c | 25 +++++++++++++++++--------
6 files changed, 77 insertions(+), 10 deletions(-)
Index: include/http_core.h
Index: httpd-2.4.25/modules/http/http_filters.c
===================================================================
--- include/http_core.h.orig 2016-01-20 15:10:51.651189219 +0100
+++ include/http_core.h 2016-01-20 15:12:18.983188213 +0100
@@ -694,6 +694,15 @@
#define AP_MERGE_TRAILERS_DISABLE 2
int merge_trailers;
+#define AP_HTTP_CL_HEAD_ZERO_UNSET 0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2
+ int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET 0
+#define AP_HTTP_EXPECT_STRICT_ENABLE 1
+#define AP_HTTP_EXPECT_STRICT_DISABLE 2
+ int http_expect_strict;
apr_array_header_t *protocols;
Index: modules/http/http_filters.c
===================================================================
--- modules/http/http_filters.c.orig 2015-07-08 10:59:36.000000000 +0200
+++ modules/http/http_filters.c 2016-01-20 15:10:51.651189219 +0100
@@ -1175,6 +1175,7 @@
header_filter_ctx *ctx = f->ctx;
--- httpd-2.4.25.orig/modules/http/http_filters.c 2016-12-15 13:18:59.000000000 +0100
+++ httpd-2.4.25/modules/http/http_filters.c 2017-01-02 10:54:37.608517377 +0100
@@ -1260,6 +1260,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
const char *ctype;
ap_bucket_error *eb = NULL;
apr_bucket *eos = NULL;
+ core_server_config *conf;
AP_DEBUG_ASSERT(!r->main);
@@ -1315,10 +1316,17 @@
@@ -1441,10 +1442,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
* zero C-L to the client. We can't just remove the C-L filter,
* because well behaved 2.0 handlers will send their data down the stack,
* and we will compute a real C-L for the head request. RBB
@ -93,13 +73,13 @@ Index: modules/http/http_filters.c
apr_table_unset(r->headers_out, "Content-Length");
}
Index: server/core.c
Index: httpd-2.4.25/server/core.c
===================================================================
--- server/core.c.orig 2015-11-19 20:55:25.000000000 +0100
+++ server/core.c 2016-01-20 15:13:29.575187399 +0100
@@ -503,6 +503,12 @@
if (virt->trace_enable != AP_TRACE_UNSET)
conf->trace_enable = virt->trace_enable;
--- httpd-2.4.25.orig/server/core.c 2016-12-05 15:34:29.000000000 +0100
+++ httpd-2.4.25/server/core.c 2017-01-02 10:54:37.608517377 +0100
@@ -528,6 +528,12 @@ static void *merge_core_server_configs(a
if (virt->http_methods != AP_HTTP_METHODS_UNSET)
conf->http_methods = virt->http_methods;
+ if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
+ conf->http_cl_head_zero = virt->http_cl_head_zero;
@ -110,7 +90,7 @@ Index: server/core.c
/* no action for virt->accf_map, not allowed per-vhost */
if (virt->protocol)
@@ -3756,6 +3762,32 @@
@@ -3955,6 +3961,32 @@ static const char *set_http_method(cmd_p
return NULL;
}
@ -143,7 +123,7 @@ Index: server/core.c
static apr_hash_t *errorlog_hash;
static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4273,6 +4305,10 @@
@@ -4474,6 +4506,10 @@ AP_INIT_TAKE1("TraceEnable", set_trace_e
"'on' (default), 'off' or 'extended' to trace request body content"),
AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
"merge request trailers into request headers or not"),
@ -154,11 +134,11 @@ Index: server/core.c
AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF,
"Controls which protocols are allowed"),
AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF,
Index: server/protocol.c
Index: httpd-2.4.25/server/protocol.c
===================================================================
--- server/protocol.c.orig 2015-11-26 14:42:42.000000000 +0100
+++ server/protocol.c 2016-01-20 15:10:51.651189219 +0100
@@ -1144,14 +1144,23 @@
--- httpd-2.4.25.orig/server/protocol.c 2016-12-12 16:22:49.000000000 +0100
+++ httpd-2.4.25/server/protocol.c 2017-01-02 10:54:37.608517377 +0100
@@ -1416,14 +1416,23 @@ request_rec *ap_read_request(conn_rec *c
r->expecting_100 = 1;
}
else {
@ -190,3 +170,32 @@ Index: server/protocol.c
}
}
Index: httpd-2.4.25/include/http_core.h
===================================================================
--- httpd-2.4.25.orig/include/http_core.h 2016-12-05 15:34:29.000000000 +0100
+++ httpd-2.4.25/include/http_core.h 2017-01-02 10:55:18.613603512 +0100
@@ -723,6 +723,16 @@ typedef struct {
#define AP_MERGE_TRAILERS_DISABLE 2
int merge_trailers;
+#define AP_HTTP_CL_HEAD_ZERO_UNSET 0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2
+ int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET 0
+#define AP_HTTP_EXPECT_STRICT_ENABLE 1
+#define AP_HTTP_EXPECT_STRICT_DISABLE 2
+ int http_expect_strict;
+
apr_array_header_t *protocols;
int protocols_honor_order;
@@ -762,7 +772,6 @@ apr_status_t ap_core_input_filter(ap_fil
apr_off_t readbytes);
apr_status_t ap_core_output_filter(ap_filter_t *f, apr_bucket_brigade *b);
-
AP_DECLARE(const char*) ap_get_server_protocol(server_rec* s);
AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto);

92
httpd-visibility.patch
View File

@ -1,5 +1,7 @@
--- httpd-2.4.6.orig/include/ap_config.h
+++ httpd-2.4.6/include/ap_config.h
Index: httpd-2.4.25/include/ap_config.h
===================================================================
--- httpd-2.4.25.orig/include/ap_config.h 2012-08-15 01:59:24.000000000 +0200
+++ httpd-2.4.25/include/ap_config.h 2017-01-02 10:33:40.411244315 +0100
@@ -64,7 +64,7 @@
* AP_DECLARE(rettype) ap_func(args)
* @endcode
@ -41,8 +43,10 @@
#else
/**
* AP_MODULE_DECLARE_EXPORT is a no-op. Unless contradicted by the
--- httpd-2.4.6.orig/modules/cache/mod_cache.h
+++ httpd-2.4.6/modules/cache/mod_cache.h
Index: httpd-2.4.25/modules/cache/mod_cache.h
===================================================================
--- httpd-2.4.25.orig/modules/cache/mod_cache.h 2011-12-03 19:02:24.000000000 +0100
+++ httpd-2.4.25/modules/cache/mod_cache.h 2017-01-02 10:33:40.411244315 +0100
@@ -37,9 +37,9 @@
* CACHE_DECLARE_DATA with appropriate export and import tags for the platform
*/
@ -56,9 +60,11 @@
#elif defined(CACHE_DECLARE_STATIC)
#define CACHE_DECLARE(type) type __stdcall
#define CACHE_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/proxy/mod_proxy.h
+++ httpd-2.4.6/modules/proxy/mod_proxy.h
@@ -475,9 +475,9 @@ struct proxy_balancer_method {
Index: httpd-2.4.25/modules/proxy/mod_proxy.h
===================================================================
--- httpd-2.4.25.orig/modules/proxy/mod_proxy.h 2016-10-24 12:06:41.000000000 +0200
+++ httpd-2.4.25/modules/proxy/mod_proxy.h 2017-01-02 10:33:40.411244315 +0100
@@ -535,9 +535,9 @@ struct proxy_balancer_method {
* PROXY_DECLARE_DATA with appropriate export and import tags for the platform
*/
#if !defined(WIN32)
@ -71,8 +77,10 @@
#elif defined(PROXY_DECLARE_STATIC)
#define PROXY_DECLARE(type) type __stdcall
#define PROXY_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/lua/mod_lua.h
+++ httpd-2.4.6/modules/lua/mod_lua.h
Index: httpd-2.4.25/modules/lua/mod_lua.h
===================================================================
--- httpd-2.4.25.orig/modules/lua/mod_lua.h 2013-06-10 16:36:56.000000000 +0200
+++ httpd-2.4.25/modules/lua/mod_lua.h 2017-01-02 10:33:40.411244315 +0100
@@ -58,9 +58,9 @@
* AP_LUA_DECLARE_DATA with appropriate export and import tags for the platform
*/
@ -86,8 +94,10 @@
#elif defined(AP_LUA_DECLARE_STATIC)
#define AP_LUA_DECLARE(type) type __stdcall
#define AP_LUA_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/core/mod_watchdog.h
+++ httpd-2.4.6/modules/core/mod_watchdog.h
Index: httpd-2.4.25/modules/core/mod_watchdog.h
===================================================================
--- httpd-2.4.25.orig/modules/core/mod_watchdog.h 2014-09-05 16:19:29.000000000 +0200
+++ httpd-2.4.25/modules/core/mod_watchdog.h 2017-01-02 10:33:40.411244315 +0100
@@ -83,9 +83,9 @@ typedef struct ap_watchdog_t ap_watchdog
*/
#if !defined(AP_WD_DECLARE)
@ -101,8 +111,10 @@
#elif defined(AP_WD_DECLARE_STATIC)
#define AP_WD_DECLARE(type) type __stdcall
#define AP_WD_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/generators/mod_status.h
+++ httpd-2.4.6/modules/generators/mod_status.h
Index: httpd-2.4.25/modules/generators/mod_status.h
===================================================================
--- httpd-2.4.25.orig/modules/generators/mod_status.h 2006-07-11 22:33:53.000000000 +0200
+++ httpd-2.4.25/modules/generators/mod_status.h 2017-01-02 10:33:40.411244315 +0100
@@ -34,9 +34,9 @@
#define AP_STATUS_EXTENDED (0x4) /* detailed report */
@ -116,8 +128,10 @@
#elif defined(STATUS_DECLARE_STATIC)
#define STATUS_DECLARE(type) type __stdcall
#define STATUS_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/dav/main/mod_dav.h
+++ httpd-2.4.6/modules/dav/main/mod_dav.h
Index: httpd-2.4.25/modules/dav/main/mod_dav.h
===================================================================
--- httpd-2.4.25.orig/modules/dav/main/mod_dav.h 2016-10-26 15:44:36.000000000 +0200
+++ httpd-2.4.25/modules/dav/main/mod_dav.h 2017-01-02 10:33:40.411244315 +0100
@@ -82,9 +82,9 @@ extern "C" {
* DAV_DECLARE_DATA with appropriate export and import tags for the platform
*/
@ -131,8 +145,10 @@
#elif defined(DAV_DECLARE_STATIC)
#define DAV_DECLARE(type) type __stdcall
#define DAV_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/session/mod_session.h
+++ httpd-2.4.6/modules/session/mod_session.h
Index: httpd-2.4.25/modules/session/mod_session.h
===================================================================
--- httpd-2.4.25.orig/modules/session/mod_session.h 2011-12-02 18:51:27.000000000 +0100
+++ httpd-2.4.25/modules/session/mod_session.h 2017-01-02 10:33:40.411244315 +0100
@@ -21,9 +21,9 @@
* SESSION_DECLARE_DATA with appropriate export and import tags for the platform
*/
@ -146,8 +162,10 @@
#elif defined(SESSION_DECLARE_STATIC)
#define SESSION_DECLARE(type) type __stdcall
#define SESSION_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/database/mod_dbd.h
+++ httpd-2.4.6/modules/database/mod_dbd.h
Index: httpd-2.4.25/modules/database/mod_dbd.h
===================================================================
--- httpd-2.4.25.orig/modules/database/mod_dbd.h 2011-09-23 15:38:09.000000000 +0200
+++ httpd-2.4.25/modules/database/mod_dbd.h 2017-01-02 10:33:40.411244315 +0100
@@ -35,9 +35,9 @@
* DBD_DECLARE_DATA with appropriate export and import tags for the platform
*/
@ -161,8 +179,10 @@
#elif defined(DBD_DECLARE_STATIC)
#define DBD_DECLARE(type) type __stdcall
#define DBD_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/filters/mod_xml2enc.h
+++ httpd-2.4.6/modules/filters/mod_xml2enc.h
Index: httpd-2.4.25/modules/filters/mod_xml2enc.h
===================================================================
--- httpd-2.4.25.orig/modules/filters/mod_xml2enc.h 2012-04-04 22:11:57.000000000 +0200
+++ httpd-2.4.25/modules/filters/mod_xml2enc.h 2017-01-02 10:33:40.411244315 +0100
@@ -25,9 +25,9 @@
/* declarations to deal with WIN32 compile-flag-in-source-code crap */
@ -176,8 +196,10 @@
#elif defined(XML2ENC_DECLARE_STATIC)
#define XML2ENC_DECLARE(type) type __stdcall
#define XML2ENC_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/filters/mod_ratelimit.h
+++ httpd-2.4.6/modules/filters/mod_ratelimit.h
Index: httpd-2.4.25/modules/filters/mod_ratelimit.h
===================================================================
--- httpd-2.4.25.orig/modules/filters/mod_ratelimit.h 2012-04-04 22:11:57.000000000 +0200
+++ httpd-2.4.25/modules/filters/mod_ratelimit.h 2017-01-02 10:33:40.415244421 +0100
@@ -21,9 +21,9 @@
* AP_RL_DECLARE_DATA with appropriate export and import tags for the platform
*/
@ -191,8 +213,10 @@
#elif defined(AP_RL_DECLARE_STATIC)
#define AP_RL_DECLARE(type) type __stdcall
#define AP_RL_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/modules/aaa/mod_authz_dbd.h
+++ httpd-2.4.6/modules/aaa/mod_authz_dbd.h
Index: httpd-2.4.25/modules/aaa/mod_authz_dbd.h
===================================================================
--- httpd-2.4.25.orig/modules/aaa/mod_authz_dbd.h 2011-09-23 15:38:09.000000000 +0200
+++ httpd-2.4.25/modules/aaa/mod_authz_dbd.h 2017-01-02 10:33:40.415244421 +0100
@@ -22,9 +22,9 @@
* AUTHZ_DBD_DECLARE_DATA with appropriate export and import tags
*/
@ -206,9 +230,11 @@
#elif defined(AUTHZ_DBD_DECLARE_STATIC)
#define AUTHZ_DBD_DECLARE(type) type __stdcall
#define AUTHZ_DBD_DECLARE_NONSTD(type) type
--- httpd-2.4.6.orig/include/httpd.h
+++ httpd-2.4.6/include/httpd.h
@@ -341,7 +341,7 @@ extern "C" {
Index: httpd-2.4.25/include/httpd.h
===================================================================
--- httpd-2.4.25.orig/include/httpd.h 2016-12-05 15:34:29.000000000 +0100
+++ httpd-2.4.25/include/httpd.h 2017-01-02 10:33:40.415244421 +0100
@@ -345,7 +345,7 @@ extern "C" {
* by modules. Its purpose is to allow us to add attributes that
* particular platforms or compilers require to every exported function.
*/
@ -217,9 +243,9 @@
#endif
#ifndef AP_DECLARE_NONSTD
@@ -352,20 +352,20 @@ extern "C" {
@@ -356,20 +356,20 @@ extern "C" {
* which use varargs or are used via indirect function call. This
* is to accomodate the two calling conventions in windows dlls.
* is to accommodate the two calling conventions in windows dlls.
*/
-# define AP_DECLARE_NONSTD(type) type
+# define AP_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type
@ -243,8 +269,10 @@
#endif
/**
--- httpd-2.4.6.orig/include/util_ldap.h
+++ httpd-2.4.6/include/util_ldap.h
Index: httpd-2.4.25/include/util_ldap.h
===================================================================
--- httpd-2.4.25.orig/include/util_ldap.h 2016-08-25 14:48:18.000000000 +0200
+++ httpd-2.4.25/include/util_ldap.h 2017-01-02 10:33:40.415244421 +0100
@@ -66,9 +66,9 @@
* and import tags for the platform
*/