apache: security update to 2.2.22.

Fix six low and moderate security flaws. Most of them are not important for ipfire.
low: mod_setenvif .htaccess privilege escalation CVE-2011-3607
low: mod_log_config crash CVE-2012-0021
low: scoreboard parent DoS CVE-2012-0031
moderate: mod_proxy reverse proxy exposure CVE-2011-4317
moderate: error responses can expose cookies CVE-2012-0053
moderate: mod_proxy reverse proxy exposure CVE-2011-3368

For details check: http://httpd.apache.org/security/vulnerabilities_22.html

diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2
index 2eab3b5e72b5eb9fc9e41be9499f5bf0a291ebc8..01e9bbe4c06cccd9c95d907941adbd7b32f2275a 100644 (file)
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -482,6 +482,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/license.html.en
 #srv/web/ipfire/manual/logs.html
 #srv/web/ipfire/manual/logs.html.en
+#srv/web/ipfire/manual/logs.html.fr
 #srv/web/ipfire/manual/logs.html.ja.utf8
 #srv/web/ipfire/manual/logs.html.ko.euc-kr
 #srv/web/ipfire/manual/logs.html.tr.utf8
@@ -758,11 +759,14 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/mod/mod_proxy_connect.html.ja.utf8
 #srv/web/ipfire/manual/mod/mod_proxy_ftp.html
 #srv/web/ipfire/manual/mod/mod_proxy_ftp.html.en
+#srv/web/ipfire/manual/mod/mod_proxy_ftp.html.ja.utf8
 #srv/web/ipfire/manual/mod/mod_proxy_http.html
 #srv/web/ipfire/manual/mod/mod_proxy_http.html.en
 #srv/web/ipfire/manual/mod/mod_proxy_http.html.fr
+#srv/web/ipfire/manual/mod/mod_proxy_http.html.ja.utf8
 #srv/web/ipfire/manual/mod/mod_proxy_scgi.html
 #srv/web/ipfire/manual/mod/mod_proxy_scgi.html.en
+#srv/web/ipfire/manual/mod/mod_proxy_scgi.html.ja.utf8
 #srv/web/ipfire/manual/mod/mod_reqtimeout.html
 #srv/web/ipfire/manual/mod/mod_reqtimeout.html.en
 #srv/web/ipfire/manual/mod/mod_rewrite.html
@@ -873,6 +877,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/new_features_2_2.html
 #srv/web/ipfire/manual/new_features_2_2.html.en
 #srv/web/ipfire/manual/new_features_2_2.html.fr
+#srv/web/ipfire/manual/new_features_2_2.html.ja.utf8
 #srv/web/ipfire/manual/new_features_2_2.html.ko.euc-kr
 #srv/web/ipfire/manual/new_features_2_2.html.pt-br
 #srv/web/ipfire/manual/new_features_2_2.html.tr.utf8
@@ -942,6 +947,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/programs/index.html
 #srv/web/ipfire/manual/programs/index.html.en
 #srv/web/ipfire/manual/programs/index.html.es
+#srv/web/ipfire/manual/programs/index.html.ja.utf8
 #srv/web/ipfire/manual/programs/index.html.ko.euc-kr
 #srv/web/ipfire/manual/programs/index.html.ru.koi8-r
 #srv/web/ipfire/manual/programs/index.html.tr.utf8
@@ -1066,6 +1072,7 @@ etc/httpd/conf/mime.types
 #srv/web/ipfire/manual/upgrading.html.de
 #srv/web/ipfire/manual/upgrading.html.en
 #srv/web/ipfire/manual/upgrading.html.fr
+#srv/web/ipfire/manual/upgrading.html.ja.utf8
 #srv/web/ipfire/manual/urlmapping.html
 #srv/web/ipfire/manual/urlmapping.html.en
 #srv/web/ipfire/manual/urlmapping.html.ja.utf8
@@ -1135,6 +1142,7 @@ etc/httpd/conf/mime.types
 #usr/include/apache/apr_atomic.h
 #usr/include/apache/apr_base64.h
 #usr/include/apache/apr_buckets.h
+#usr/include/apache/apr_crypto.h
 #usr/include/apache/apr_date.h
 #usr/include/apache/apr_dbd.h
 #usr/include/apache/apr_dbm.h
@@ -1194,6 +1202,7 @@ etc/httpd/conf/mime.types
 #usr/include/apache/apr_xlate.h
 #usr/include/apache/apr_xml.h
 #usr/include/apache/apu.h
+#usr/include/apache/apu_errno.h
 #usr/include/apache/apu_version.h
 #usr/include/apache/apu_want.h
 #usr/include/apache/http_config.h
@@ -1322,7 +1331,7 @@ usr/lib/libapr-1.so.0.4.5
 #usr/lib/libaprutil-1.la
 usr/lib/libaprutil-1.so
 usr/lib/libaprutil-1.so.0
-usr/lib/libaprutil-1.so.0.3.12
+usr/lib/libaprutil-1.so.0.4.1
 #usr/lib/pkgconfig/apr-1.pc
 #usr/lib/pkgconfig/apr-util-1.pc
 #usr/sbin/ab
@@ -1340,16 +1349,17 @@ usr/sbin/httpd
 #usr/sbin/httxt2dbm
 #usr/sbin/logresolve
 #usr/sbin/rotatelogs
+#usr/share/man/man1/ab.1
+#usr/share/man/man1/apxs.1
 #usr/share/man/man1/dbmmanage.1
 #usr/share/man/man1/htdbm.1
 #usr/share/man/man1/htdigest.1
 #usr/share/man/man1/htpasswd.1
-#usr/share/man/man8/ab.8
+#usr/share/man/man1/httxt2dbm.1
+#usr/share/man/man1/logresolve.1
 #usr/share/man/man8/apachectl.8
-#usr/share/man/man8/apxs.8
 #usr/share/man/man8/htcacheclean.8
 #usr/share/man/man8/httpd.8
-#usr/share/man/man8/logresolve.8
 #usr/share/man/man8/rotatelogs.8
 #usr/share/man/man8/suexec.8
 var/log/httpd

diff --git a/lfs/apache2 b/lfs/apache2
index f548271c5fbd5fa6effdd97717486b462ac5d771..f849fc0cf6faa48dc64e66c2c471bcb2410494d3 100644 (file)
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011   IPFire Team  <info@ipfire.org>                    #
+# Copyright (C) 2007-2012   IPFire Team  <info@ipfire.org>                    #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 2.2.21
+VER        = 2.2.22
 
 THISAPP    = httpd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch
 
-$(DL_FILE)_MD5 = 1696ae62cd879ab1d4dd9ff021a470f2
+$(DL_FILE)_MD5 = 9fe3093194c8a57f085ff7c3fc43715f
 httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822
 
 install : $(TARGET)
@@ -133,9 +133,10 @@ else
        cd $(DIR_APP) && make install
        chown -v root:root /usr/lib/apache/httpd.exp \
            /usr/sbin/{apxs,apachectl,dbmmanage,envvars{,-std}} \
-           /usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd}}.1 \
-           /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
-           /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
+           /usr/share/man/man1/{ab,apxs,dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \
+           /usr/share/man/man1/{logresolve}.1 \
+           /usr/share/man/man8/{apachectl,htcacheclean,httpd}.8 \
+           /usr/share/man/man8/{rotatelogs,suexec}.8
        @rm -rf $(DIR_APP)
 endif
        @$(POSTBUILD)