Hello community,
here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2014-11-13 09:21:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
and /work/SRC/openSUSE:Factory/.apache2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2014-11-05 16:26:45.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2014-11-13 09:21:37.000000000 +0100
@@ -1,0 +2,12 @@
+Sun Nov 09 00:57:00 UTC 2014 - Led
+
+- fix bashisms in post scripts
+
+-------------------------------------------------------------------
+Fri Nov 7 15:52:47 UTC 2014 - kstreitova@suse.com
+
+- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
+ a crash when Content-Type has an empty value [bnc#899836],
+ CVE-2014-3581
+
+-------------------------------------------------------------------
@@ -5,0 +18,6 @@
+
+-------------------------------------------------------------------
+Sat Oct 18 16:21:00 UTC 2014 - Led
+
+- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch
+ and updated (fixed bashism).
Old:
----
httpd-2.1.9-apachectl.dif
New:
----
httpd-2.4.10-apachectl.patch
httpd-2.4.10-check_null_pointer_dereference.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.UJxwV3/_old 2014-11-13 09:21:40.000000000 +0100
+++ /var/tmp/diff_new_pack.UJxwV3/_new 2014-11-13 09:21:40.000000000 +0100
@@ -150,7 +150,7 @@
Source143: apache2-systemd-ask-pass
Source144: apache2.service
Patch2: httpd-2.1.3alpha-layout.dif
-Patch23: httpd-2.1.9-apachectl.dif
+Patch23: httpd-2.4.10-apachectl.patch
#Patch65: httpd-2.0.49-log_server_status.dif
Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
@@ -164,6 +164,8 @@
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
Patch111: httpd-visibility.patch
+# PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value
+Patch112: httpd-2.4.10-check_null_pointer_dereference.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.4
@@ -343,6 +345,7 @@
#%patch108 -p1
%patch109 -p1
%patch111 -p1
+%patch112 -p1
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
a=$(basename %{S:22})
@@ -981,19 +984,19 @@
%if %prefork
%post prefork
-/usr/share/%{pname}/get_module_list &>/dev/null
+/usr/share/%{pname}/get_module_list >/dev/null 2>&1
exit 0
%endif
%if %worker
%post worker
-/usr/share/%{pname}/get_module_list &>/dev/null
+/usr/share/%{pname}/get_module_list >/dev/null 2>&1
exit 0
%endif
%if %event
%post event
-/usr/share/%{pname}/get_module_list &>/dev/null
+/usr/share/%{pname}/get_module_list >/dev/null 2>&1
exit 0
%endif
@@ -1006,7 +1009,7 @@
%pre
%if %{?suse_version:0}%{!?suse_version:1}
# on Fedora, add the "apache" user
-if ! /usr/bin/getent passwd %httpduser &>/dev/null; then
+if ! /usr/bin/getent passwd %httpduser >/dev/null 2>&1; then
echo "Creating %httpduser user"
/usr/sbin/useradd -c "Apache" -u 48 \
-s /sbin/nologin -r -d %{localstatedir} %httpduser 2> /dev/null || :
@@ -1086,7 +1089,7 @@
rm -rf $tmpdir
/usr/share/%{pname}/apache-20-22-upgrade
-/usr/share/%{pname}/get_module_list &>/dev/null
+/usr/share/%{pname}/get_module_list >/dev/null 2>&1
%if 0%{?suse_version} >= 1210
%service_add_post apache2.service
%endif
++++++ httpd-2.4.10-apachectl.patch ++++++
diff -Ndurp httpd-2.4.10/support/apachectl.in httpd-2.4.10-apachectl/support/apachectl.in
--- httpd-2.4.10/support/apachectl.in 2012-02-01 05:47:28.000000000 +0200
+++ httpd-2.4.10-apachectl/support/apachectl.in 2014-10-18 19:18:51.203692588 +0300
@@ -42,17 +42,32 @@ ARGV="$@"
# -------------------- --------------------
#
# the path to your httpd binary, including options if necessary
-HTTPD='@exp_sbindir@/@progname@'
+HTTPD='@exp_sbindir@/httpd2'
#
# pick up any necessary environment variables
if test -f @exp_sbindir@/envvars; then
. @exp_sbindir@/envvars
fi
+
+pname=apache2
+sysconfig_apache=/etc/sysconfig/$pname
+sysconfdir=/etc/$pname
+
+test -s $sysconfig_apache && . $sysconfig_apache
+httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
+
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
-LYNX="@LYNX_PATH@ -dump"
+
+if [ -x "`which w3m`" ]; then
+ LYNX="w3m -dump -cols ${COLUMNS:-80}"
+elif [ -x "`which lynx`" ]; then
+ LYNX="lynx -dump -width=${COLUMNS:-80}"
+fi
+
+
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.
@@ -78,7 +93,7 @@ fi
case $ACMD in
start|stop|restart|graceful|graceful-stop)
- $HTTPD -k $ARGV
+ $HTTPD ${httpd_conf+-f $httpd_conf} -k $ARGV
ERROR=$?
;;
startssl|sslstart|start-SSL)
@@ -88,7 +103,7 @@ startssl|sslstart|start-SSL)
ERROR=2
;;
configtest)
- $HTTPD -t
+ $HTTPD ${httpd_conf+-f $httpd_conf} -t
ERROR=$?
;;
status)
++++++ httpd-2.4.10-check_null_pointer_dereference.patch ++++++
Index: httpd-2.4.10/CHANGES
===================================================================
--- httpd-2.4.10.orig/CHANGES
+++ httpd-2.4.10/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.10
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+ [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
Index: httpd-2.4.10/modules/cache/cache_util.c
===================================================================
--- httpd-2.4.10.orig/modules/cache/cache_util.c
+++ httpd-2.4.10/modules/cache/cache_util.c
@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org