From 7e4506e9c7cc5e2dd2cd5e617ec190c89cd12dca Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 8 Feb 2012 07:43:48 +0100 Subject: [PATCH] apache: security update to 2.2.22. Fix six low and moderate security flaws. Most of them are not important for ipfire. low: mod_setenvif .htaccess privilege escalation CVE-2011-3607 low: mod_log_config crash CVE-2012-0021 low: scoreboard parent DoS CVE-2012-0031 moderate: mod_proxy reverse proxy exposure CVE-2011-4317 moderate: error responses can expose cookies CVE-2012-0053 moderate: mod_proxy reverse proxy exposure CVE-2011-3368 For details check: http://httpd.apache.org/security/vulnerabilities_22.html --- config/rootfiles/common/apache2 | 18 ++++++++++++++---- lfs/apache2 | 13 +++++++------ 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 2eab3b5e7..01e9bbe4c 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -482,6 +482,7 @@ etc/httpd/conf/mime.types #srv/web/ipfire/manual/license.html.en #srv/web/ipfire/manual/logs.html #srv/web/ipfire/manual/logs.html.en +#srv/web/ipfire/manual/logs.html.fr #srv/web/ipfire/manual/logs.html.ja.utf8 #srv/web/ipfire/manual/logs.html.ko.euc-kr #srv/web/ipfire/manual/logs.html.tr.utf8 @@ -758,11 +759,14 @@ etc/httpd/conf/mime.types #srv/web/ipfire/manual/mod/mod_proxy_connect.html.ja.utf8 #srv/web/ipfire/manual/mod/mod_proxy_ftp.html #srv/web/ipfire/manual/mod/mod_proxy_ftp.html.en +#srv/web/ipfire/manual/mod/mod_proxy_ftp.html.ja.utf8 #srv/web/ipfire/manual/mod/mod_proxy_http.html #srv/web/ipfire/manual/mod/mod_proxy_http.html.en #srv/web/ipfire/manual/mod/mod_proxy_http.html.fr +#srv/web/ipfire/manual/mod/mod_proxy_http.html.ja.utf8 #srv/web/ipfire/manual/mod/mod_proxy_scgi.html #srv/web/ipfire/manual/mod/mod_proxy_scgi.html.en +#srv/web/ipfire/manual/mod/mod_proxy_scgi.html.ja.utf8 #srv/web/ipfire/manual/mod/mod_reqtimeout.html #srv/web/ipfire/manual/mod/mod_reqtimeout.html.en #srv/web/ipfire/manual/mod/mod_rewrite.html @@ -873,6 +877,7 @@ etc/httpd/conf/mime.types #srv/web/ipfire/manual/new_features_2_2.html #srv/web/ipfire/manual/new_features_2_2.html.en #srv/web/ipfire/manual/new_features_2_2.html.fr +#srv/web/ipfire/manual/new_features_2_2.html.ja.utf8 #srv/web/ipfire/manual/new_features_2_2.html.ko.euc-kr #srv/web/ipfire/manual/new_features_2_2.html.pt-br #srv/web/ipfire/manual/new_features_2_2.html.tr.utf8 @@ -942,6 +947,7 @@ etc/httpd/conf/mime.types #srv/web/ipfire/manual/programs/index.html #srv/web/ipfire/manual/programs/index.html.en #srv/web/ipfire/manual/programs/index.html.es +#srv/web/ipfire/manual/programs/index.html.ja.utf8 #srv/web/ipfire/manual/programs/index.html.ko.euc-kr #srv/web/ipfire/manual/programs/index.html.ru.koi8-r #srv/web/ipfire/manual/programs/index.html.tr.utf8 @@ -1066,6 +1072,7 @@ etc/httpd/conf/mime.types #srv/web/ipfire/manual/upgrading.html.de #srv/web/ipfire/manual/upgrading.html.en #srv/web/ipfire/manual/upgrading.html.fr +#srv/web/ipfire/manual/upgrading.html.ja.utf8 #srv/web/ipfire/manual/urlmapping.html #srv/web/ipfire/manual/urlmapping.html.en #srv/web/ipfire/manual/urlmapping.html.ja.utf8 @@ -1135,6 +1142,7 @@ etc/httpd/conf/mime.types #usr/include/apache/apr_atomic.h #usr/include/apache/apr_base64.h #usr/include/apache/apr_buckets.h +#usr/include/apache/apr_crypto.h #usr/include/apache/apr_date.h #usr/include/apache/apr_dbd.h #usr/include/apache/apr_dbm.h @@ -1194,6 +1202,7 @@ etc/httpd/conf/mime.types #usr/include/apache/apr_xlate.h #usr/include/apache/apr_xml.h #usr/include/apache/apu.h +#usr/include/apache/apu_errno.h #usr/include/apache/apu_version.h #usr/include/apache/apu_want.h #usr/include/apache/http_config.h @@ -1322,7 +1331,7 @@ usr/lib/libapr-1.so.0.4.5 #usr/lib/libaprutil-1.la usr/lib/libaprutil-1.so usr/lib/libaprutil-1.so.0 -usr/lib/libaprutil-1.so.0.3.12 +usr/lib/libaprutil-1.so.0.4.1 #usr/lib/pkgconfig/apr-1.pc #usr/lib/pkgconfig/apr-util-1.pc #usr/sbin/ab @@ -1340,16 +1349,17 @@ usr/sbin/httpd #usr/sbin/httxt2dbm #usr/sbin/logresolve #usr/sbin/rotatelogs +#usr/share/man/man1/ab.1 +#usr/share/man/man1/apxs.1 #usr/share/man/man1/dbmmanage.1 #usr/share/man/man1/htdbm.1 #usr/share/man/man1/htdigest.1 #usr/share/man/man1/htpasswd.1 -#usr/share/man/man8/ab.8 +#usr/share/man/man1/httxt2dbm.1 +#usr/share/man/man1/logresolve.1 #usr/share/man/man8/apachectl.8 -#usr/share/man/man8/apxs.8 #usr/share/man/man8/htcacheclean.8 #usr/share/man/man8/httpd.8 -#usr/share/man/man8/logresolve.8 #usr/share/man/man8/rotatelogs.8 #usr/share/man/man8/suexec.8 var/log/httpd diff --git a/lfs/apache2 b/lfs/apache2 index f548271c5..f849fc0cf 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2011 IPFire Team # +# Copyright (C) 2007-2012 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@ include Config -VER = 2.2.21 +VER = 2.2.22 THISAPP = httpd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -47,7 +47,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) httpd-2.2.2-config-1.patch = $(DL_FROM)/httpd-2.2.2-config-1.patch -$(DL_FILE)_MD5 = 1696ae62cd879ab1d4dd9ff021a470f2 +$(DL_FILE)_MD5 = 9fe3093194c8a57f085ff7c3fc43715f httpd-2.2.2-config-1.patch_MD5 = e02a3ec5925eb9e111400b9aa229f822 install : $(TARGET) @@ -133,9 +133,10 @@ else cd $(DIR_APP) && make install chown -v root:root /usr/lib/apache/httpd.exp \ /usr/sbin/{apxs,apachectl,dbmmanage,envvars{,-std}} \ - /usr/share/man/man1/{dbmmanage,ht{dbm,digest,passwd}}.1 \ - /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \ - /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8 + /usr/share/man/man1/{ab,apxs,dbmmanage,ht{dbm,digest,passwd,txt2dbm}}.1 \ + /usr/share/man/man1/{logresolve}.1 \ + /usr/share/man/man8/{apachectl,htcacheclean,httpd}.8 \ + /usr/share/man/man8/{rotatelogs,suexec}.8 @rm -rf $(DIR_APP) endif @$(POSTBUILD) -- 2.39.2