rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 260912 from Apache

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/260912
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=89
This commit is contained in:
Dominique Leuenberger
2014-11-13 08:21:36 +00:00
committed by Git OBS Bridge
parent b0fd6f1b6b bf5cc252d9
commit dc6389acb9
4 changed files with 62 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apache2.changes
View File

@@ -1,9 +1,27 @@
-------------------------------------------------------------------
Sun Nov 09 00:57:00 UTC 2014 - Led <ledest@gmail.com>
- fix bashisms in post scripts
-------------------------------------------------------------------
Fri Nov 7 15:52:47 UTC 2014 - kstreitova@suse.com
- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
a crash when Content-Type has an empty value [bnc#899836],
CVE-2014-3581
-------------------------------------------------------------------
Fri Oct 31 16:04:15 UTC 2014 - crrodriguez@opensuse.org
- httpd-event-deadlock.patch: Fix worker-listener
deadlock in graceful restart.
-------------------------------------------------------------------
Sat Oct 18 16:21:00 UTC 2014 - Led <ledest@gmail.com>
- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch
and updated (fixed bashism).
-------------------------------------------------------------------
Thu Oct 16 12:29:06 UTC 2014 - pgajdos@suse.com

15
apache2.spec
View File

@@ -150,7 +150,7 @@ Source142: start_apache2
Source143: apache2-systemd-ask-pass
Source144: apache2.service
Patch2: httpd-2.1.3alpha-layout.dif
Patch23: httpd-2.1.9-apachectl.dif
Patch23: httpd-2.4.10-apachectl.patch
#Patch65: httpd-2.0.49-log_server_status.dif
Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
@@ -164,6 +164,8 @@ Patch71: httpd-event-deadlock.patch
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
Patch111: httpd-visibility.patch
# PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value
Patch112: httpd-2.4.10-check_null_pointer_dereference.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.4
@@ -343,6 +345,7 @@ to administrators of web servers in general.
#%patch108 -p1
%patch109 -p1
%patch111 -p1
%patch112 -p1
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
a=$(basename %{S:22})
@@ -981,19 +984,19 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
%if %prefork
%post prefork
/usr/share/%{pname}/get_module_list &>/dev/null
/usr/share/%{pname}/get_module_list >/dev/null 2>&1
exit 0
%endif
%if %worker
%post worker
/usr/share/%{pname}/get_module_list &>/dev/null
/usr/share/%{pname}/get_module_list >/dev/null 2>&1
exit 0
%endif
%if %event
%post event
/usr/share/%{pname}/get_module_list &>/dev/null
/usr/share/%{pname}/get_module_list >/dev/null 2>&1
exit 0
%endif
@@ -1006,7 +1009,7 @@ exit 0
%pre
%if %{?suse_version:0}%{!?suse_version:1}
# on Fedora, add the "apache" user
if ! /usr/bin/getent passwd %httpduser &>/dev/null; then
if ! /usr/bin/getent passwd %httpduser >/dev/null 2>&1; then
echo "Creating %httpduser user"
/usr/sbin/useradd -c "Apache" -u 48 \
-s /sbin/nologin -r -d %{localstatedir} %httpduser 2> /dev/null || :
@@ -1086,7 +1089,7 @@ fi
rm -rf $tmpdir
/usr/share/%{pname}/apache-20-22-upgrade
/usr/share/%{pname}/get_module_list &>/dev/null
/usr/share/%{pname}/get_module_list >/dev/null 2>&1
%if 0%{?suse_version} >= 1210
%service_add_post apache2.service
%endif

7
httpd-2.1.9-apachectl.dif → httpd-2.4.10-apachectl.patch
View File

@@ -1,5 +1,6 @@
--- httpd-2.4.6.orig/support/apachectl.in
+++ httpd-2.4.6/support/apachectl.in
diff -Ndurp httpd-2.4.10/support/apachectl.in httpd-2.4.10-apachectl/support/apachectl.in
--- httpd-2.4.10/support/apachectl.in 2012-02-01 05:47:28.000000000 +0200
+++ httpd-2.4.10-apachectl/support/apachectl.in 2014-10-18 19:18:51.203692588 +0300
@@ -42,17 +42,32 @@ ARGV="$@"
# -------------------- --------------------
#
@@ -16,7 +17,7 @@
+sysconfig_apache=/etc/sysconfig/$pname
+sysconfdir=/etc/$pname
+
+test -s $sysconfig_apache && source $sysconfig_apache
+test -s $sysconfig_apache && . $sysconfig_apache
+httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
+
#

31
httpd-2.4.10-check_null_pointer_dereference.patch Normal file
View File

@@ -0,0 +1,31 @@
Index: httpd-2.4.10/CHANGES
===================================================================
--- httpd-2.4.10.orig/CHANGES
+++ httpd-2.4.10/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.10
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+ [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
Index: httpd-2.4.10/modules/cache/cache_util.c
===================================================================
--- httpd-2.4.10.orig/modules/cache/cache_util.c
+++ httpd-2.4.10/modules/cache/cache_util.c
@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding