SHA256
1
0
forked from pool/apache2
Dominique Leuenberger 2024-08-08 08:57:11 +00:00 committed by Git OBS Bridge
commit 56b3280607
6 changed files with 66 additions and 20 deletions

View File

@ -1,3 +1,49 @@
-------------------------------------------------------------------
Sat Aug 3 17:27:07 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
- Update to 2.4.62
*) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
mod_rewrite in server/vhost context on Windows (cve.mitre.org)
[boo#1228098]
SSRF in Apache HTTP Server on Windows with mod_rewrite in
server/vhost context, allows to potentially leak NTML hashes to
a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes
this issue.
Credits: Smi1e (DBAPPSecurity Ltd.)
*) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
disclosure with handlers configured via AddType (cve.mitre.org)
[boo#1228097]
A partial fix for CVE-2024-39884 in the core of Apache HTTP
Server 2.4.61 ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes
this issue.
*) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
"balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
with BalancerMember(s). PR 69168. [Yann Ylavic]
*) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
PR 69160 [Yann Ylavic]
*) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
[Joe Orton]
*) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>]
*) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
[Ruediger Pluem, Yann Ylavic]
*) mpm_worker: Fix possible warning (AH00045) about children processes not
terminating timely. [Yann Ylavic]
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 4 20:58:39 UTC 2024 - Arjen de Korte <suse+build@de-korte.org> Thu Jul 4 20:58:39 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>

View File

@ -107,7 +107,7 @@
%define build_http2 1 %define build_http2 1
Name: apache2%{psuffix} Name: apache2%{psuffix}
Version: 2.4.61 Version: 2.4.62
Release: 0 Release: 0
Summary: The Apache HTTPD Server Summary: The Apache HTTPD Server
License: Apache-2.0 License: Apache-2.0

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea8ba86fd95bd594d15e46d25ac5bbda82ae0c9122ad93998cc539c133eaceb6
size 7512908

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmaEBhQACgkQgngd5G1Z
VPpsJg//QI5CO5SIH+aEdgwwF4/d9ChDmcU1laAe/sLVXmIMcpHvE76rjjs2rlSI
kZPlHdYZLfj6nhbDFcvWAsdBikWP0sbxb4wTR+rEztmFVewrN7EwZee9Qfe4Gkh0
FwgHyHUexfOAP2znkqcgbADuhYCn00WumNM9Sh8+pBbtX10RhA95MxMR9Z2WXDpR
wxey/h2kxjlLA42MNraF+C89U+hoNq5+MPbfRp4O3S53ftP7cwfNaJT0p4pZvn8z
fvpjqwc1QVqzJoB+Z2Pw7krK74AcW4IBDLmDvJzhvXN9I9MwT58PFkb86y5yDi6Q
6w31G7vYvLDQ0o+Z4PsH9hOtaeo/NzuaVZcCQMfd4awJkQ7ADxKzckqyy0JbITob
VN7RFISHigIC7b5RR3VpQhLQEPJHSc24tMIjYSU/sd7SZEVAIo3Waq84zhKjQVZ5
gWou9gfVT9um8iTAWRWz0dcS+rV5tnvVv8rls57VWIrysjoUWWujBf/5i8QLnR1S
+y5AO4XigRERc4Z9oD7NUXVJglXCuDUBCesYXuIn52aROlcMPeMQ+E21l+3k449Y
HXHazw0KgBZoLu7UmcbULCgRsVkAADoUUuvMh+lLsA2XpOUqSyVEoz1xGqnCuKDF
RYkLrmBDEiYLf6vWzq5JZ2znHXn3n1e+08bWEeWqyFKYLHHZJaw=
=te+z
-----END PGP SIGNATURE-----

3
httpd-2.4.62.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec
size 7521661

16
httpd-2.4.62.tar.bz2.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZbLUT+dL1ePeOsPwgngd5G1ZVPoFAmaVEjgACgkQgngd5G1Z
VPqlUA//dMZ01CalmRf4Li2gDH+ETlQXkMST+2IYNCWZzV78g5wfjpZtApKOk+6O
73WxdNSvnB15CJVIi/wXN/8ZQHu3u9kHCHw+ydDhOq7CiSAe1x5k0PcodR+me299
PErBiAaBct+oJOnPCRdw5c5g3jomZgg1Nt5xS5NmI83UnbT9KHd92nNFdIjp6nFE
mKzsQSWSSXkObj83inJ3HvT8ALGr5TpMjHSJAC/YP9B9FuTW4lQh0XFEESz6LcR/
Z8GWAV0qfauRhNYcp5qYcVdreVAk0J9vfnruv9OdYsMI/sDM2PYAyDk9pCMuVIfv
PuZd8n/EpMuQfeWBOLzkft2TjNYx0UAt0xLK0/FLQqbZSKgCxce3mnbm0N3qXl8h
OpWYC86h4y4shaBOCAHI4oqRFbIlbf9bssMRSYfBYTJ1k8zmADWAhIsr5276A33G
S8Z+Ah1XeYkvy1blSJDRqECAPLtAXgesLadpkTKTwu+9BmHXYllSmfdhW8D3v6SA
Ab7RMonp7poBexO0o0mm14cEAwetffUhSrFfvGp7sTBjQYH3s309HtRBuLJOwmP2
uZvAKo84nJVaZIe7TTjpA/om7sq08Jq8xdzGbEhfGnOrtg/34d3K5S9tDvBMkmDq
HfYjFxCmfTbUDy4nqVNZcwno6jApweon+KAHbG/vJ2uMWozn2Bo=
=Lelg
-----END PGP SIGNATURE-----