Ignore:
Timestamp:
Jul 18, 2016, 7:53:10 PM (8 years ago)
Author:
andersk
Message:
Apply the 2015 suexec patch for CVE-2016-5387 “httpoxy”.

Also remove our inexplicable whitelist entry for HTTPS_* environment
variables.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/specs/httpd.spec.patch

    r2707 r2774  
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1111 Source1: index.html
    12 @@ -65,6 +65,15 @@
     12@@ -65,6 +65,16 @@
    1313 Patch101: httpd-2.4.6-CVE-2014-3581.patch
    1414 Patch102: httpd-2.4.10-CVE-2014-3583.patch
     
    2222+Patch1006: httpd-suexec-journald.patch
    2323+Patch1007: httpd-bug57070.patch
     24+Patch1008: httpd-suexec-CVE-2016-5387.patch
    2425+
    2526 License: ASL 2.0
     
    5051 
    5152 %description -n mod_ssl
    52 @@ -190,6 +202,14 @@
     53@@ -190,6 +202,15 @@
    5354 %patch55 -p1 -b .malformedhost
    5455 %patch56 -p1 -b .uniqueid
     
    6162+%patch1006 -p1 -b .journald
    6263+%patch1007 -p0 -b .bug57070
     64+%patch1008 -p0 -b .CVE-2016-5387
    6365+
    6466 # Patch in the vendor string
Note: See TracChangeset for help on using the changeset viewer.