apache: update to 2.2.23.
authorArne Fitzenreiter <Arne_F@ipfire.org>
Sun, 30 Sep 2012 20:34:41 +0000 (22:34 +0200)
committerArne Fitzenreiter <Arne_F@ipfire.org>
Sun, 30 Sep 2012 20:34:41 +0000 (22:34 +0200)
Fixed in Apache httpd 2.2.23

low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687
    Note: This issue is also known as CVE-2008-0455.

low: insecure LD_LIBRARY_PATH handling CVE-2012-0883

http://httpd.apache.org/security/vulnerabilities_22.html

config/rootfiles/common/apache2
config/rootfiles/core/63/filelists/apache2 [new symlink]
config/rootfiles/core/63/update.sh
lfs/apache2

index 01e9bbe..802ddcb 100644 (file)
@@ -439,6 +439,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/images/mod_rewrite_fig2.gif
 #srv/web/ipfire/manual/images/mod_rewrite_fig2.png
 #srv/web/ipfire/manual/images/pixel.gif
+#srv/web/ipfire/manual/images/rewrite_backreferences.png
 #srv/web/ipfire/manual/images/rewrite_rule_flow.png
 #srv/web/ipfire/manual/images/right.gif
 #srv/web/ipfire/manual/images/ssl_intro_fig1.gif
@@ -1051,6 +1052,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/style/css/manual-zip-100pc.css
 #srv/web/ipfire/manual/style/css/manual-zip.css
 #srv/web/ipfire/manual/style/css/manual.css
+#srv/web/ipfire/manual/style/css/prettify.css
 #srv/web/ipfire/manual/style/faq.dtd
 #srv/web/ipfire/manual/style/lang
 #srv/web/ipfire/manual/style/lang.dtd
@@ -1058,6 +1060,8 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/style/latex/atbeginend.sty
 #srv/web/ipfire/manual/style/manualpage.dtd
 #srv/web/ipfire/manual/style/modulesynopsis.dtd
+#srv/web/ipfire/manual/style/scripts
+#srv/web/ipfire/manual/style/scripts/prettify.js
 #srv/web/ipfire/manual/style/sitemap.dtd
 #srv/web/ipfire/manual/style/version.ent
 #srv/web/ipfire/manual/style/xsl
@@ -1326,7 +1330,7 @@ usr/lib/apr-util-1/apr_dbd_sqlite3.so
 #usr/lib/libapr-1.la
 usr/lib/libapr-1.so
 usr/lib/libapr-1.so.0
-usr/lib/libapr-1.so.0.4.5
+usr/lib/libapr-1.so.0.4.6
 #usr/lib/libaprutil-1.a
 #usr/lib/libaprutil-1.la
 usr/lib/libaprutil-1.so
@@ -1349,17 +1353,17 @@ usr/sbin/httpd
 #usr/sbin/httxt2dbm
 #usr/sbin/logresolve
 #usr/sbin/rotatelogs
-#usr/share/man/man1/ab.1
-#usr/share/man/man1/apxs.1
 #usr/share/man/man1/dbmmanage.1
 #usr/share/man/man1/htdbm.1
 #usr/share/man/man1/htdigest.1
 #usr/share/man/man1/htpasswd.1
 #usr/share/man/man1/httxt2dbm.1
-#usr/share/man/man1/logresolve.1
+#usr/share/man/man8/ab.8
 #usr/share/man/man8/apachectl.8
+#usr/share/man/man8/apxs.8
 #usr/share/man/man8/htcacheclean.8
 #usr/share/man/man8/httpd.8
+#usr/share/man/man8/logresolve.8
 #usr/share/man/man8/rotatelogs.8
 #usr/share/man/man8/suexec.8
 var/log/httpd
diff --git a/config/rootfiles/core/63/filelists/apache2 b/config/rootfiles/core/63/filelists/apache2
new file mode 120000 (symlink)
index 0000000..eef95ef
--- /dev/null
@@ -0,0 +1 @@
+../../../common/apache2
\ No newline at end of file
index 9b3fec5..f0764ae 100644 (file)
@@ -26,7 +26,7 @@
 
 #
 # Remove old core updates from pakfire cache to save space...
-core=62
+core=63
 for (( i=1; i<=$core; i++ ))
 do
        rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
@@ -37,6 +37,7 @@ rm -f /etc/dhcpd.conf
 
 #
 #Stop services
+/etc/init.d/apache stop
 
 #
 #Extract files
@@ -44,6 +45,7 @@ extract_files
 
 #
 #Start services
+/etc/init.d/apache start
 
 #
 #Update Language cache
index bcc9155..c3d9156 100644 (file)
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 2.2.22
+VER        = 2.2.23
 
 THISAPP    = httpd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
 
-$(DL_FILE)_MD5 = 9fe3093194c8a57f085ff7c3fc43715f
+$(DL_FILE)_MD5 = ca133de0e4b4b15316990a97186b9993
 httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
 
 install : $(TARGET)
@@ -133,10 +133,9 @@ else
        cd $(DIR_APP) && make install
        chown -v root:root /usr/lib/apache/httpd.exp \
            /usr/sbin/{apxs,apachectl,dbmmanage,envvars{,-std}} \
-           /usr/share/man/man1/{ab,apxs,dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \
-           /usr/share/man/man1/logresolve.1 \
-           /usr/share/man/man8/{apachectl,htcacheclean,httpd}.8 \
-           /usr/share/man/man8/{rotatelogs,suexec}.8
+           /usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \
+           /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
+           /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
        @rm -rf $(DIR_APP)
 endif
        @$(POSTBUILD)