Accepting request 1192286 from Apache
OBS-URL: https://build.opensuse.org/request/show/1192286 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=211
This commit is contained in:
commit
56b3280607
@ -1,3 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 3 17:27:07 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
|
||||
|
||||
- Update to 2.4.62
|
||||
|
||||
*) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
|
||||
mod_rewrite in server/vhost context on Windows (cve.mitre.org)
|
||||
[boo#1228098]
|
||||
SSRF in Apache HTTP Server on Windows with mod_rewrite in
|
||||
server/vhost context, allows to potentially leak NTML hashes to
|
||||
a malicious server via SSRF and malicious requests.
|
||||
Users are recommended to upgrade to version 2.4.62 which fixes
|
||||
this issue.
|
||||
Credits: Smi1e (DBAPPSecurity Ltd.)
|
||||
|
||||
*) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
|
||||
disclosure with handlers configured via AddType (cve.mitre.org)
|
||||
[boo#1228097]
|
||||
A partial fix for CVE-2024-39884 in the core of Apache HTTP
|
||||
Server 2.4.61 ignores some use of the legacy content-type based
|
||||
configuration of handlers. "AddType" and similar configuration,
|
||||
under some circumstances where files are requested indirectly,
|
||||
result in source code disclosure of local content. For example,
|
||||
PHP scripts may be served instead of interpreted.
|
||||
Users are recommended to upgrade to version 2.4.62, which fixes
|
||||
this issue.
|
||||
|
||||
*) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
|
||||
"balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
|
||||
with BalancerMember(s). PR 69168. [Yann Ylavic]
|
||||
|
||||
*) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
|
||||
PR 69160 [Yann Ylavic]
|
||||
|
||||
*) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
|
||||
[Joe Orton]
|
||||
|
||||
*) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
|
||||
via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>]
|
||||
|
||||
*) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
|
||||
[Ruediger Pluem, Yann Ylavic]
|
||||
|
||||
*) mpm_worker: Fix possible warning (AH00045) about children processes not
|
||||
terminating timely. [Yann Ylavic]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 4 20:58:39 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
|
||||
|
||||
|
@ -107,7 +107,7 @@
|
||||
%define build_http2 1
|
||||
|
||||
Name: apache2%{psuffix}
|
||||
Version: 2.4.61
|
||||
Version: 2.4.62
|
||||
Release: 0
|
||||
Summary: The Apache HTTPD Server
|
||||
License: Apache-2.0
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ea8ba86fd95bd594d15e46d25ac5bbda82ae0c9122ad93998cc539c133eaceb6
|
||||
size 7512908
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmaEBhQACgkQgngd5G1Z
|
||||
VPpsJg//QI5CO5SIH+aEdgwwF4/d9ChDmcU1laAe/sLVXmIMcpHvE76rjjs2rlSI
|
||||
kZPlHdYZLfj6nhbDFcvWAsdBikWP0sbxb4wTR+rEztmFVewrN7EwZee9Qfe4Gkh0
|
||||
FwgHyHUexfOAP2znkqcgbADuhYCn00WumNM9Sh8+pBbtX10RhA95MxMR9Z2WXDpR
|
||||
wxey/h2kxjlLA42MNraF+C89U+hoNq5+MPbfRp4O3S53ftP7cwfNaJT0p4pZvn8z
|
||||
fvpjqwc1QVqzJoB+Z2Pw7krK74AcW4IBDLmDvJzhvXN9I9MwT58PFkb86y5yDi6Q
|
||||
6w31G7vYvLDQ0o+Z4PsH9hOtaeo/NzuaVZcCQMfd4awJkQ7ADxKzckqyy0JbITob
|
||||
VN7RFISHigIC7b5RR3VpQhLQEPJHSc24tMIjYSU/sd7SZEVAIo3Waq84zhKjQVZ5
|
||||
gWou9gfVT9um8iTAWRWz0dcS+rV5tnvVv8rls57VWIrysjoUWWujBf/5i8QLnR1S
|
||||
+y5AO4XigRERc4Z9oD7NUXVJglXCuDUBCesYXuIn52aROlcMPeMQ+E21l+3k449Y
|
||||
HXHazw0KgBZoLu7UmcbULCgRsVkAADoUUuvMh+lLsA2XpOUqSyVEoz1xGqnCuKDF
|
||||
RYkLrmBDEiYLf6vWzq5JZ2znHXn3n1e+08bWEeWqyFKYLHHZJaw=
|
||||
=te+z
|
||||
-----END PGP SIGNATURE-----
|
BIN
httpd-2.4.62.tar.bz2
(Stored with Git LFS)
Normal file
BIN
httpd-2.4.62.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
16
httpd-2.4.62.tar.bz2.asc
Normal file
16
httpd-2.4.62.tar.bz2.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmaVEjgACgkQgngd5G1Z
|
||||
VPqlUA//dMZ01CalmRf4Li2gDH+ETlQXkMST+2IYNCWZzV78g5wfjpZtApKOk+6O
|
||||
73WxdNSvnB15CJVIi/wXN/8ZQHu3u9kHCHw+ydDhOq7CiSAe1x5k0PcodR+me299
|
||||
PErBiAaBct+oJOnPCRdw5c5g3jomZgg1Nt5xS5NmI83UnbT9KHd92nNFdIjp6nFE
|
||||
mKzsQSWSSXkObj83inJ3HvT8ALGr5TpMjHSJAC/YP9B9FuTW4lQh0XFEESz6LcR/
|
||||
Z8GWAV0qfauRhNYcp5qYcVdreVAk0J9vfnruv9OdYsMI/sDM2PYAyDk9pCMuVIfv
|
||||
PuZd8n/EpMuQfeWBOLzkft2TjNYx0UAt0xLK0/FLQqbZSKgCxce3mnbm0N3qXl8h
|
||||
OpWYC86h4y4shaBOCAHI4oqRFbIlbf9bssMRSYfBYTJ1k8zmADWAhIsr5276A33G
|
||||
S8Z+Ah1XeYkvy1blSJDRqECAPLtAXgesLadpkTKTwu+9BmHXYllSmfdhW8D3v6SA
|
||||
Ab7RMonp7poBexO0o0mm14cEAwetffUhSrFfvGp7sTBjQYH3s309HtRBuLJOwmP2
|
||||
uZvAKo84nJVaZIe7TTjpA/om7sq08Jq8xdzGbEhfGnOrtg/34d3K5S9tDvBMkmDq
|
||||
HfYjFxCmfTbUDy4nqVNZcwno6jApweon+KAHbG/vJ2uMWozn2Bo=
|
||||
=Lelg
|
||||
-----END PGP SIGNATURE-----
|
Loading…
x
Reference in New Issue
Block a user