Accepting request 961736 from Apache
OBS-URL: https://build.opensuse.org/request/show/961736 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=193
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
a542458269
@ -1,19 +0,0 @@
|
||||
--- a/httpd-framework/t/modules/dir.t.orig 2021-11-24 10:37:58.688525957 +0000
|
||||
+++ b/httpd-framework/t/modules/dir.t 2021-11-24 10:38:15.568621991 +0000
|
||||
@@ -98,12 +98,12 @@ $res = GET "/modules/dir/htaccess", redi
|
||||
ok ($res->code == 403);
|
||||
|
||||
if (have_min_apache_version('2.5.1')) {
|
||||
- skip("missing DirectorySlash NotFound");
|
||||
-}
|
||||
-else {
|
||||
$res = GET "/modules/dir/htaccess/sub1", redirect_ok => 0;
|
||||
ok ($res->code == 404);
|
||||
}
|
||||
+else {
|
||||
+ skip("missing DirectorySlash NotFound");
|
||||
+}
|
||||
|
||||
|
||||
sub write_htaccess {
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
--- httpd/test/framework/trunk/t/ssl/ocsp.t 2022/01/10 15:44:45 1896888
|
||||
+++ httpd/test/framework/trunk/t/ssl/ocsp.t 2022/01/10 18:08:12 1896889
|
||||
@@ -32,13 +32,21 @@ sok {
|
||||
$r = GET $url, cert => undef;
|
||||
my $message = $r->content() || '';
|
||||
my $warning = $r->header('Client-Warning') || '';
|
||||
+ print "warning: $warning\n";
|
||||
+ print "message: $message";
|
||||
+ print "response:\n";
|
||||
print $r->as_string;
|
||||
$r->code == 500 && $warning =~ 'Internal response' &&
|
||||
- $message =~ /alert handshake failure|read failed/;
|
||||
+ $message =~ /alert handshake failure|read failed|closed connection without sending any data/;
|
||||
};
|
||||
|
||||
sok {
|
||||
$r = GET $url, cert => 'client_ok';
|
||||
+ my $warning = $r->header('Client-Warning') || '';
|
||||
+ my $message = $r->content() || '';
|
||||
+ print "warning: $warning\n";
|
||||
+ print "message: $message";
|
||||
+ print "response:\n";
|
||||
print $r->as_string;
|
||||
$r->code == 200;
|
||||
};
|
||||
@@ -47,7 +55,10 @@ sok {
|
||||
$r = GET $url, cert => 'client_revoked';
|
||||
my $message = $r->content() || '';
|
||||
my $warning = $r->header('Client-Warning') || '';
|
||||
+ print "warning: $warning\n";
|
||||
+ print "message: $message";
|
||||
+ print "response:\n";
|
||||
print $r->as_string;
|
||||
$r->code == 500 && $warning =~ 'Internal response' &&
|
||||
- $message =~ /alert certificate revoked|read failed/;
|
||||
+ $message =~ /alert handshake failure|read failed|closed connection without sending any data/;
|
||||
};
|
||||
@ -1,3 +1,82 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 14 12:19:36 UTC 2022 - pgajdos@suse.com
|
||||
|
||||
- httpd-framework updated to svn1898917
|
||||
- deleted patches
|
||||
- apache-test-DirectorySlash-NotFound-logic.patch (upstreamed)
|
||||
- apache2-perl-io-socket.patch (upstreamed)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 14 11:20:53 UTC 2022 - pgajdos@suse.com
|
||||
|
||||
- version update to 2.4.53
|
||||
*) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds
|
||||
(cve.mitre.org)
|
||||
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP
|
||||
Server allows an attacker to overwrite heap memory with possibly
|
||||
attacker provided data.
|
||||
This issue affects Apache HTTP Server 2.4 version 2.4.52 and
|
||||
prior versions.
|
||||
Credits: Ronald Crane (Zippenhop LLC)
|
||||
*) SECURITY: CVE-2022-22721: core: Possible buffer overflow with
|
||||
very large or unlimited LimitXMLRequestBody (cve.mitre.org)
|
||||
If LimitXMLRequestBody is set to allow request bodies larger
|
||||
than 350MB (defaults to 1M) on 32 bit systems an integer
|
||||
overflow happens which later causes out of bounds writes.
|
||||
This issue affects Apache HTTP Server 2.4.52 and earlier.
|
||||
Credits: Anonymous working with Trend Micro Zero Day Initiative
|
||||
*) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability
|
||||
in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org)
|
||||
Apache HTTP Server 2.4.52 and earlier fails to close inbound
|
||||
connection when errors are encountered discarding the request
|
||||
body, exposing the server to HTTP Request Smuggling
|
||||
Credits: James Kettle <james.kettle portswigger.net>
|
||||
*) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of
|
||||
in r:parsebody (cve.mitre.org)
|
||||
A carefully crafted request body can cause a read to a random
|
||||
memory area which could cause the process to crash.
|
||||
This issue affects Apache HTTP Server 2.4.52 and earlier.
|
||||
Credits: Chamal De Silva
|
||||
*) core: Make sure and check that LimitXMLRequestBody fits in system memory.
|
||||
[Ruediger Pluem, Yann Ylavic]
|
||||
*) core: Simpler connection close logic if discarding the request body fails.
|
||||
[Yann Ylavic, Ruediger Pluem]
|
||||
*) mod_http2: preserve the port number given in a HTTP/1.1
|
||||
request that was Upgraded to HTTP/2. Fixes PR65881.
|
||||
[Stefan Eissing]
|
||||
*) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic]
|
||||
*) dbm: Split the loading of a dbm driver from the opening of a dbm file. When
|
||||
an attempt to load a dbm driver fails, log clearly which driver triggered
|
||||
the error (not "default"), and what the error was. [Graham Leggett]
|
||||
*) mod_proxy: Use the maxium of front end and backend timeouts instead of the
|
||||
minimum when tunneling requests (websockets, CONNECT requests).
|
||||
Backend timeouts can be configured more selectively (per worker if needed)
|
||||
as front end timeouts and typically the backend timeouts reflect the
|
||||
application requirements better. PR 65886 [Ruediger Pluem]
|
||||
*) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers
|
||||
when an efficient TLS implementation is available. [Yann Ylavic]
|
||||
*) core, mod_info: Add compiled and loaded PCRE versions to version
|
||||
number display. [Rainer Jung]
|
||||
*) mod_md: do not interfere with requests to /.well-known/acme-challenge/
|
||||
resources if challenge type 'http-01' is not configured for a domain.
|
||||
Fixes <https://github.com/icing/mod_md/issues/279>.
|
||||
[Stefan Eissing]
|
||||
*) mod_dav: Fix regression when gathering properties which could lead to huge
|
||||
memory consumption proportional to the number of resources.
|
||||
[Evgeny Kotkov, Ruediger Pluem]
|
||||
*) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x)
|
||||
for regular expression evaluation. This depends on locating pcre2-config.
|
||||
[William Rowe, Petr Pisar <ppisar redhat.com>, Rainer Jung]
|
||||
*) Add the ldap function to the expression API, allowing LDAP filters and
|
||||
distinguished names based on expressions to be escaped correctly to
|
||||
guard against LDAP injection. [Graham Leggett]
|
||||
*) mod_md: the status description in MDomain's JSON, exposed in the
|
||||
md-status handler (if configured) did sometimes not carry the correct
|
||||
message when certificates needed renew.
|
||||
[Stefan Eissing]
|
||||
*) mpm_event: Fix a possible listener deadlock on heavy load when restarting
|
||||
and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 27 13:57:47 UTC 2022 - pgajdos@suse.com
|
||||
|
||||
|
||||
12
apache2.spec
12
apache2.spec
@ -18,7 +18,7 @@
|
||||
|
||||
%global upstream_name httpd
|
||||
%global testsuite_name %{upstream_name}-framework
|
||||
%global tversion svn1894461
|
||||
%global tversion svn1898917
|
||||
%global flavor @BUILD_FLAVOR@%{nil}
|
||||
%define mpm %{nil}
|
||||
%if "%{flavor}" == "prefork" || "%{flavor}" == "test_prefork"
|
||||
@ -115,7 +115,7 @@
|
||||
%endif
|
||||
|
||||
Name: apache2%{psuffix}
|
||||
Version: 2.4.52
|
||||
Version: 2.4.53
|
||||
Release: 0
|
||||
Summary: The Apache HTTPD Server
|
||||
License: Apache-2.0
|
||||
@ -198,10 +198,6 @@ Patch100: apache-test-application-xml-type.patch
|
||||
# even if in live system I do not experience this inconsistency, let's turn off
|
||||
# these variables from the test
|
||||
Patch101: apache-test-turn-off-variables-in-ssl-var-lookup.patch
|
||||
# PATCH: reverted logic, DirectorySlash NotFound is available in trunk onlyyet
|
||||
Patch102: apache-test-DirectorySlash-NotFound-logic.patch
|
||||
# https://svn.apache.org/viewvc?view=revision&revision=1896889
|
||||
Patch103: apache2-perl-io-socket.patch
|
||||
BuildRequires: apache-rpm-macros-control
|
||||
#Since 2.4.7 the event MPM requires apr 1.5.0 or later.
|
||||
BuildRequires: apr-devel >= 1.5.0
|
||||
@ -330,10 +326,6 @@ provides HTTP services in sync with the current HTTP standards.
|
||||
%patch4 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
(cd httpd-framework
|
||||
%patch103 -p4
|
||||
)
|
||||
|
||||
#
|
||||
# BUILD
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0127f7dc497e9983e9c51474bed75e45607f2f870a7675a86dc90af6d572f5c9
|
||||
size 7439184
|
||||
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Comment: GPGTools - https://gpgtools.org
|
||||
|
||||
iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmG7Q+8ACgkQ03fJ59GU
|
||||
TGbpCA/+Ne63eHZTIxNF86FN6rOXgCvoIGPcc8SCpJ3h9k3rfCdltB/Mwnmz93R8
|
||||
Eo0djI/jCdfQsrmw+4IALIVpH6WsVHLnFbR2gk5wY9Kv5SDoMNs8iNUKAa23yQ9y
|
||||
JNN3W9Bw3O3q7RhfK8a5jSCAVkKw4gxNPGu+4x6QwHZOCrCoXJdKjoWAPSdE6L2p
|
||||
RQDBAW+wHmqwh2HBrM4WZhWaj6Eer7UbV1ir7nIGXmCz0f5ekiADJA4c6aWHV5PL
|
||||
EBIHbRsSzhgvK0ZtLeR1oOQAZfsNJT2BMjk5M/8yanAyUxnOGcNdRRSBMk1XPbxa
|
||||
EhBujT9KuSAq1jk5FbwgzP1l+Yq2Gxxsh2a4UK7K7AaJV8macQtVDUq4TfYKIk8R
|
||||
hnXweflKw9nonxaYOiNwhtLE3FFMg7XozrNPImc2abLT/wDE/N6LPI2NMf4FWAkm
|
||||
XkQ5yzy5Nxs/MybIJs/YJQjLCrfDD8hbUcqPp6445YqJsiXAQ3vhMy755maI2ciz
|
||||
xXBe0xhq9kEILIUCynCpPZE8eCKEGjFr/hWfaYZR32GVceAmHV9GiDoD5K6dqk6z
|
||||
00TCNbfjY5hXzEkigLd1g2ZKp/d8tsG0NUw1SoXfXSdlK0ugMTkmqqZxcekvGOk9
|
||||
UcpKyzkxdqCywfwYFKmYsLi6cKFBXAlRq0K89vg4glC2cedVu9Y=
|
||||
=Fz0f
|
||||
-----END PGP SIGNATURE-----
|
||||
3
httpd-2.4.53.tar.bz2
Normal file
3
httpd-2.4.53.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d0bbd1121a57b5f2a6ff92d7b96f8050c5a45d3f14db118f64979d525858db63
|
||||
size 7431942
|
||||
17
httpd-2.4.53.tar.bz2.asc
Normal file
17
httpd-2.4.53.tar.bz2.asc
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Comment: GPGTools - https://gpgtools.org
|
||||
|
||||
iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmIotxoACgkQ03fJ59GU
|
||||
TGbaAQ//TeVio63uLRIhyhW4qoUlGCL4KfCyY3aj5Yh6JGea9lYdioZ4JdHJan2y
|
||||
IYRuF7B2S/MgfWESsEkPq8Nh0+ym78ZObdTFsskUF9so3+3WN9szQwTP/9suNd4+
|
||||
fv1vOKKGdy2h4hakR+E182A8gJ9FO6FabiETLvPvYVma3+5Zd2duzyvAOAQUDvkj
|
||||
JhFXYVQCrWfiJN7gARePAzZyxbfWd5QVQMuCiWSIQ2PG0SkfQa07CsEiDiN8r8fZ
|
||||
NGpNmyfUNqz4aUkBssNr0rVfmLzG2vicrfWaOgyS0rAEqn7fYhgF3s9k5y2htgOu
|
||||
mdv2TPYl39NBf3uQNtR5tTUCPaop2GvH1GMJnz18W2fpessscHsuWiqeVVNUDmvV
|
||||
zrFWlH2ehYPIOt07moP80nWJzpP7F5BGSG3DqcXPSG1JM/TM8uC3dgbC7k26i3vh
|
||||
+8ypE1unHjop4nGff4cSkGeC5W2PkXrYNJC8xyjwbT098Q+Z8kAcO8TLpdaSx6tf
|
||||
fI/9IwX+2uOhGx+ZHok0BSX0EpGK+i51Kspih++AcNaf6T4urXKdrpEgNm4jdHw7
|
||||
maCHPDelUMyxffBM/Jl8/VZD+SHuhK2LzPBFGOJdNhbNKzdkfg5TaxhfIywvV1T6
|
||||
JzRtvx/HoglaqCNFsBqflWpctC5dS2DeKEbP9FaDbqfxLmxp/G8=
|
||||
=7fpY
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8536f6794f8ca000c2722e227c7ad6e17b33f8aeb0a5ce7662b4be110877733d
|
||||
size 1581270
|
||||
3
httpd-framework-svn1898917.tar.bz2
Normal file
3
httpd-framework-svn1898917.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e0b49ceac5780f010a6695608fc0e62d45101a8efc395ea656b47ae225a3dfb1
|
||||
size 729713
|
||||
Loading…
Reference in New Issue
Block a user