Skip to content
Snippets Groups Projects
Commit f45152a5 authored by CentOS Sources's avatar CentOS Sources
Browse files

import httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da

parent b2bd2280
No related branches found
No related merge requests found
......@@ -2,4 +2,3 @@ SOURCES/htcacheclean.service.xml
SOURCES/httpd-2.4.37.tar.bz2
SOURCES/httpd.conf.xml
SOURCES/httpd.service.xml
SOURCES/centos-noindex-8.0.tar.gz
......@@ -2,4 +2,3 @@ a34c31169efbe6140496c37801489610461bdf9b SOURCES/htcacheclean.service.xml
4a38471de821288b0300148016f2b03dfee8adf2 SOURCES/httpd-2.4.37.tar.bz2
fa18caadd0afbddc2c7a7fc404bf4f2b41867148 SOURCES/httpd.conf.xml
888df830bdc465de3bced6f075c33380018e544f SOURCES/httpd.service.xml
6aa65f45c247226fc922c455e0187abd90c839e8 SOURCES/centos-noindex-8.0.tar.gz
Warning: This package was configured for automatic debranding, but the changes
failed to apply.
diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c
index 16e39be..2543693 100644
--- a/server/mpm/event/event.c
+++ b/server/mpm/event/event.c
@@ -1111,10 +1111,11 @@ read_request:
"network write failure in core output filter");
cs->pub.state = CONN_STATE_LINGER;
}
- else if (c->data_in_output_filters) {
+ else if (c->data_in_output_filters ||
+ cs->pub.sense == CONN_SENSE_WANT_READ) {
/* Still in WRITE_COMPLETION_STATE:
- * Set a write timeout for this connection, and let the
- * event thread poll for writeability.
+ * Set a read/write timeout for this connection, and let the
+ * event thread poll for read/writeability.
*/
cs->queue_timestamp = apr_time_now();
notify_suspend(cs);
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Test Page for the Apache HTTP Server on Red Hat Enterprise Linux</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/*<![CDATA[*/
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #c00;
}
:visited {
color: #c00;
}
a:hover {
color: #f50;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #900;
color: #fff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
}
h2 {
font-size: 1.1em;
font-weight: bold;
}
hr {
display: none;
}
.content {
padding: 1em 5em;
}
.content-columns {
/* Setting relative positioning allows for
absolute positioning for sub-classes */
position: relative;
padding-top: 1em;
}
.content-column-left {
/* Value for IE/Win; will be overwritten for other browsers */
width: 47%;
padding-right: 3%;
float: left;
padding-bottom: 2em;
}
.content-column-left hr {
display: none;
}
.content-column-right {
/* Values for IE/Win; will be overwritten for other browsers */
width: 47%;
padding-left: 3%;
float: left;
padding-bottom: 2em;
}
.content-columns>.content-column-left, .content-columns>.content-column-right {
/* Non-IE/Win */
}
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #f50;
}
/*]]>*/
</style>
</head>
<body>
<h1>Red Hat Enterprise Linux <strong>Test Page</strong></h1>
<div class="content">
<div class="content-middle">
<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly.</p>
</div>
<hr />
<div class="content-columns">
<div class="content-column-left">
<h2>If you are a member of the general public:</h2>
<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>
<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
<hr />
</div>
<div class="content-column-right">
<h2>If you are the website administrator:</h2>
<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>
<p>You are free to use the image below on web sites powered by the Apache HTTP Server:</p>
<p align="center"><a href="http://httpd.apache.org/"><img src="/icons/apache_pb2.gif" alt="[ Powered by Apache ]"/></a></p>
</div>
</div>
</div>
</body>
</html>
......@@ -6,25 +6,13 @@
# NOTE: if this file is removed, it will be restored on upgrades.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /noindex/index.html
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
Alias /noindex /usr/share/httpd/noindex
<Directory /usr/share/httpd/noindex>
Options MultiViews
DirectoryIndex index.html
AddLanguage en-US .en-US
AddLanguage es-ES .es-ES
AddLanguage zh-CN .zh-CN
AddLanguage zh-HK .zh-HK
AddLanguage zh-TW .zh-TW
LanguagePriority en
ForceLanguagePriority Fallback
AllowOverride None
Require all granted
AllowOverride None
Require all granted
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html
......@@ -13,10 +13,10 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 11%{?dist}
Release: 12%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: centos-noindex-8.0.tar.gz
Source1: index.html
Source2: httpd.logrotate
Source3: instance.conf
Source4: httpd-ssl-pass-dialog
......@@ -113,6 +113,10 @@ Patch200: httpd-2.4.37-r1851471.patch
Patch201: httpd-2.4.37-CVE-2019-0211.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
Patch202: httpd-2.4.37-CVE-2019-0215.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
# https://bugzilla.redhat.com/show_bug.cgi?id=1741868
Patch203: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
License: ASL 2.0
Group: System Environment/Daemons
......@@ -280,6 +284,7 @@ interface for storing and accessing per-user session data.
%patch200 -p1 -b .r1851471
%patch201 -p1 -b .CVE-2019-0211
%patch202 -p1 -b .CVE-2019-0215
%patch203 -p1 -b .CVE-2019-9511-and-9516-and-9517
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
......@@ -479,7 +484,8 @@ EOF
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
tar xzf %{SOURCE1} -C $RPM_BUILD_ROOT%{contentdir}/noindex/ --strip-components=1
install -m 644 -p $RPM_SOURCE_DIR/index.html \
$RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
......@@ -694,7 +700,7 @@ rm -rf $RPM_BUILD_ROOT
%{contentdir}/error/README
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
%{contentdir}/noindex/*
%{contentdir}/noindex/index.html
%attr(0710,root,apache) %dir /run/httpd
%attr(0700,apache,apache) %dir /run/httpd/htcacheclean
......@@ -783,12 +789,13 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Sun May 26 2019 Alain Reguera Delgado <areguera@centosproject.org> - 2.4.37-11.el8.centos
- Remove index.html, add centos-noindex-8.0.tar.gz
- Update welcome.conf to support content negotiation based on locale
* Tue May 07 2019 CentOS Sources <bugs@centos.org> - 2.4.37-11.el8.centos
- Apply debranding changes
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-12
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service
* Wed Apr 03 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment