|
|
|
@ -13,7 +13,7 @@
|
|
|
|
|
Summary: Apache HTTP Server
|
|
|
|
|
Name: httpd
|
|
|
|
|
Version: 2.4.53
|
|
|
|
|
Release: 7%{?dist}.5
|
|
|
|
|
Release: 11%{?dist}.4
|
|
|
|
|
URL: https://httpd.apache.org/
|
|
|
|
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
|
|
|
|
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
|
|
|
@ -114,6 +114,8 @@ Patch66: httpd-2.4.51-r1892413+.patch
|
|
|
|
|
Patch67: httpd-2.4.51-r1811831.patch
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2098056
|
|
|
|
|
Patch68: httpd-2.4.53-r1878890.patch
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2151313
|
|
|
|
|
Patch69: httpd-2.4.53-proxy-util-loglevel.patch
|
|
|
|
|
|
|
|
|
|
# Security fixes
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2094997
|
|
|
|
@ -168,7 +170,7 @@ Requires: httpd-filesystem = %{version}-%{release}
|
|
|
|
|
Requires(pre): httpd-filesystem
|
|
|
|
|
Conflicts: apr < 1.5.0-1
|
|
|
|
|
Conflicts: httpd < 2.4.53-3
|
|
|
|
|
Conflicts: mod_http2 < 1.15.19-3%{?dist}.4
|
|
|
|
|
Conflicts: mod_http2 < 1.15.19-4%{?dist}.3
|
|
|
|
|
Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
|
|
|
|
|
|
|
|
|
|
%description core
|
|
|
|
@ -221,7 +223,7 @@ Epoch: 1
|
|
|
|
|
BuildRequires: openssl-devel
|
|
|
|
|
Requires(pre): httpd-filesystem
|
|
|
|
|
Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
|
|
|
|
|
Requires: sscg >= 2.2.0, /usr/bin/hostname
|
|
|
|
|
Requires: sscg >= 3.0.0-7, /usr/bin/hostname
|
|
|
|
|
# Require an OpenSSL which supports PROFILE=SYSTEM
|
|
|
|
|
Conflicts: openssl-libs < 1:1.0.1h-4
|
|
|
|
|
|
|
|
|
@ -305,6 +307,7 @@ written in the Lua programming language.
|
|
|
|
|
%patch66 -p1 -b .r1892413+
|
|
|
|
|
%patch67 -p1 -b .r1811831
|
|
|
|
|
%patch68 -p1 -b .r1878890
|
|
|
|
|
%patch69 -p1 -b .proxyutil-loglevel
|
|
|
|
|
|
|
|
|
|
%patch200 -p1 -b .CVE-2022-26377
|
|
|
|
|
%patch201 -p1 -b .CVE-2022-28615
|
|
|
|
@ -876,18 +879,26 @@ exit $rv
|
|
|
|
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Thu Mar 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7.5
|
|
|
|
|
- Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
|
|
|
|
|
mod_rewrite and mod_proxy
|
|
|
|
|
* Sat Mar 18 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11.4
|
|
|
|
|
- Resolves: #2177752 - CVE-2023-25690 httpd: HTTP request splitting with
|
|
|
|
|
mod_rewrite and mod_proxy
|
|
|
|
|
|
|
|
|
|
* Tue Jan 31 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7.1
|
|
|
|
|
- Resolves: #2165975 - prevent sscg creating /dhparams.pem
|
|
|
|
|
- Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
|
|
|
|
|
* Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
|
|
|
|
|
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
|
|
|
|
|
of zero byte
|
|
|
|
|
- Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
|
|
|
|
|
- Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
|
|
|
|
|
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
|
|
|
|
|
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
|
|
|
|
|
smuggling
|
|
|
|
|
|
|
|
|
|
* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
|
|
|
|
|
- Resolves: #2160667 - prevent sscg creating /dhparams.pem
|
|
|
|
|
|
|
|
|
|
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
|
|
|
|
|
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
|
|
|
|
|
|
|
|
|
|
* Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
|
|
|
|
|
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
|
|
|
|
|
|
|
|
|
|
* Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
|
|
|
|
|
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
|
|
|
|
|
smuggling
|
|
|
|
|