From 1679d306c26cb34b54a6493858af0da7d27ffb3eaaea2b338f95b1423dafc914 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Fri, 8 Oct 2021 06:03:36 +0000 Subject: [PATCH] Accepting request 924064 from home:stroeder:network - version update to 2.4.51 *) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. OBS-URL: https://build.opensuse.org/request/show/924064 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=657 --- apache2.changes | 11 +++++++++++ apache2.spec | 2 +- httpd-2.4.50.tar.bz2 | 3 --- httpd-2.4.50.tar.bz2.asc | 17 ----------------- httpd-2.4.51.tar.bz2 | 3 +++ httpd-2.4.51.tar.bz2.asc | 17 +++++++++++++++++ 6 files changed, 32 insertions(+), 21 deletions(-) delete mode 100644 httpd-2.4.50.tar.bz2 delete mode 100644 httpd-2.4.50.tar.bz2.asc create mode 100644 httpd-2.4.51.tar.bz2 create mode 100644 httpd-2.4.51.tar.bz2.asc diff --git a/apache2.changes b/apache2.changes index db32641..2a2e1bf 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Oct 7 17:30:44 UTC 2021 - Michael Ströder + +- version update to 2.4.51 + *) SECURITY: CVE-2021-42013: Path Traversal and Remote Code + Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete + fix of CVE-2021-41773) (cve.mitre.org) + *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate + unused AP_NORMALIZE_DROP_PARAMETERS flag. + + ------------------------------------------------------------------- Mon Oct 4 15:23:51 UTC 2021 - Michael Ströder diff --git a/apache2.spec b/apache2.spec index d72b353..0b515e0 100644 --- a/apache2.spec +++ b/apache2.spec @@ -115,7 +115,7 @@ %endif Name: apache2%{psuffix} -Version: 2.4.50 +Version: 2.4.51 Release: 0 Summary: The Apache HTTPD Server License: Apache-2.0 diff --git a/httpd-2.4.50.tar.bz2 b/httpd-2.4.50.tar.bz2 deleted file mode 100644 index 8d361ee..0000000 --- a/httpd-2.4.50.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f -size 7653174 diff --git a/httpd-2.4.50.tar.bz2.asc b/httpd-2.4.50.tar.bz2.asc deleted file mode 100644 index a124300..0000000 --- a/httpd-2.4.50.tar.bz2.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Comment: GPGTools - https://gpgtools.org - -iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmFXGlIACgkQ03fJ59GU -TGabXhAAoArFS8OJaAdmTEojAP1S8XbAgnB8HzoZEs9nMSQZSuyz2kW9odf0dr6V -2+/OhEAfWE0urZ/kbUUY8n5miO3eG1mkBnZasiQ08xUTxX9uXoztS7WpdWtdxU6f -6easTDDfxzmAteWHuTYt3fEIdcms+3vho3TxzkWAnVeECfSSfsAK+vw9ZIGdNCBj -NpmxFEUONof2qmuBE3Gkxvcv7Qp+H7c5eNBsr2Ae04YNHdIHUALbc+gRFkjhbnXe -+2ouY13ONfKuHB2bEYwVbE9AdU/uOsVVAt8LGu4PS/W+owhubCV2dQ+wv71pksp3 -2psZG6VYrSwxOnB77mCGCrM/Mi4RnrYbUlCgNi8ad32QjcH7iK7MPnSx/dZ3dcf5 -7W1IUw5dPrPKO+xmQLkcjXMC4qSQhB7VPJuKYBBmJ32tSVMY6BxIotiTvoVJkNl5 -Xtsq8GH++vENPvCeaQh9aflesPcHguss3UMuwpny+I/od2mRhp9ZTyRTHmQM5gJo -Gt3k2WcBfOaVrnJdufT8sAMDL8H2XDlHUZuhQX5VwLupJiDGXIcmXLP/mxrhnqCp -K97niY5NjdHNJP/nyVMxwAcWJweLizlxP+xlCH13cAXsL6os4NR+OSJ0KRGJ+fGA -tIUy87ujOvPm9T7TR+j7GPsauDY0qRy4+I60Dqg6+kzLgN+ZCps= -=AE4U ------END PGP SIGNATURE----- diff --git a/httpd-2.4.51.tar.bz2 b/httpd-2.4.51.tar.bz2 new file mode 100644 index 0000000..c6a0a84 --- /dev/null +++ b/httpd-2.4.51.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4 +size 7653609 diff --git a/httpd-2.4.51.tar.bz2.asc b/httpd-2.4.51.tar.bz2.asc new file mode 100644 index 0000000..d34b317 --- /dev/null +++ b/httpd-2.4.51.tar.bz2.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmFe8kEACgkQ03fJ59GU +TGatthAAtWzeOD1TCIEvf5f9bAIZDK9vjEEnBZDeYMMrH1wVJGNJm48XP08O/Kbq +qhvc9201RUwkAtWEUX811ZBAYd5A8lAqetfmIuCSHerYSOU0CbhvBjKsuIJVIKWD +Wo1uPUDWk068V0HBquQtW6AEB4oo16fKPMEr1aOOxFpR+F806daJN1gt3ubPzkNJ +rZd4E6dV00eEymeUIfk0BjDqSWKHmUr+08/dtWqc7kGYGcnJzu0e5pr6cc0hOV2o +mqYm28F7eMSe5JCnAOd1LnnqtOwV81mZLxiAxR40PoFhV7IoBLo0zAJ99AHxJfA2 +9RjCmZ/WYtleeDT7mC1cdATHKOPRaubklzK6Ntf7tMaRIO07hnIfIRXQveKG7h+G +Og6PGtfR9bwDGrg2f5Dr+R2fwUJO7EL31IxTYQFBUDe2Q82aNIWpdIFdte93nc+S +HqjWq3w6zq+jdSm3xvyLB0LLSOguXhcjj5VEqV+aExZPASbf+Q8bG51mSbMQhkaq +fEheFcdhu3Sm0x5xQXvEM3gX5XUr8vmrPWaacayPYfS7MinWukV0hXe5/DoYkFTt +a1pt6bHcyVfR0tB0Q3bvm59EeaxLVfogb6Eq74RlrfYiCU/Qx7bMUs3tSeIkHGmY +cNhpxzc/36i4Cf+fBDPKuJroXYV5wFoQmpnXVLAqRd6jWZcOizY= +=f5dx +-----END PGP SIGNATURE-----