diff options
author | Joe Slater <jslater@windriver.com> | 2016-10-27 09:48:43 -0700 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-11-23 15:23:57 +0100 |
commit | 6d4ca6868bb6195f3c4cc785a1a8afc1af10f7e2 (patch) | |
tree | 81415c7e9960bcc5df1070c85bc8939d79be9a74 | |
parent | 87affdd40511d557cfe9ae21ad943c7e30937c89 (diff) | |
download | meta-openembedded-6d4ca6868bb6195f3c4cc785a1a8afc1af10f7e2.tar.gz |
apache2: cve-2016-5387
Handle HTTP_PROXY envirnoment variable.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch | 25 | ||||
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb | 1 |
2 files changed, 26 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch b/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch new file mode 100644 index 000000000..dbcdfc6df --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/cve-2016-5387.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | This patch has been copied from https://www.apache.org/security/asf-httpoxy-response.txt | ||
2 | as a mitigation of CVE-2016-5387. | ||
3 | |||
4 | Upstream-Status: Backport - fixed in 2.4.24 | ||
5 | |||
6 | Signed-off-by: Joe Slater<jslater@windriver.com> | ||
7 | |||
8 | |||
9 | --- a/server/util_script.c (revision 1752426) | ||
10 | +++ b/server/util_script.c (working copy) | ||
11 | @@ -186,6 +186,14 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r | ||
12 | else if (!strcasecmp(hdrs[i].key, "Content-length")) { | ||
13 | apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val); | ||
14 | } | ||
15 | + /* HTTP_PROXY collides with a popular envvar used to configure | ||
16 | + * proxies, don't let clients set/override it. But, if you must... | ||
17 | + */ | ||
18 | +#ifndef SECURITY_HOLE_PASS_PROXY | ||
19 | + else if (!strcasecmp(hdrs[i].key, "Proxy")) { | ||
20 | + ; | ||
21 | + } | ||
22 | +#endif | ||
23 | /* | ||
24 | * You really don't want to disable this check, since it leaves you | ||
25 | * wide open to CGIs stealing passwords and people viewing them | ||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb index be24998d1..7656595c8 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.23.bb | |||
@@ -17,6 +17,7 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ | |||
17 | file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ | 17 | file://httpd-2.4.3-fix-race-issue-of-dir-install.patch \ |
18 | file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ | 18 | file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ |
19 | file://configure-allow-to-disable-selinux-support.patch \ | 19 | file://configure-allow-to-disable-selinux-support.patch \ |
20 | file://cve-2016-5387.patch \ | ||
20 | file://init \ | 21 | file://init \ |
21 | file://apache2-volatile.conf \ | 22 | file://apache2-volatile.conf \ |
22 | file://apache2.service \ | 23 | file://apache2.service \ |