packages/mod_fcgid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2016-1000104

Browse Source
This commit is contained in:
starlet-dx 2022-07-13 16:36:04 +08:00
parent d456a4eb20
commit f55c301537
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CVE-2016-1000104.patch Normal file
View File

@ -0,0 +1,23 @@
Index: mod_fcgid-2.3.9/modules/fcgid/mod_fcgid.c
===================================================================
--- mod_fcgid-2.3.9.orig/modules/fcgid/mod_fcgid.c
+++ mod_fcgid-2.3.9/modules/fcgid/mod_fcgid.c
@@ -155,9 +155,15 @@ static void fcgid_add_cgi_vars(request_r
* consistent with legacy mod_fcgid behavior and mod_fastcgi
* prior to 2.4.7
*/
- apr_table_setn(r->subprocess_env, *hdr, val);
- /* standard munging of header name (upcase, HTTP_, etc.) */
- apr_table_setn(r->subprocess_env, http2env(r->pool, *hdr), val);
+ /* boo#988492 httpoxy don't set HTTP_PROXY */
+ if ( strcasecmp(*hdr, "HTTP_PROXY") != 0 && strcasecmp(*hdr, "HTTP-PROXY") != 0) {
+ apr_table_setn(r->subprocess_env, *hdr, val);
+ }
+ /* boo#988492 httpoxy don't set HTTP_PROXY */
+ if ( strcasecmp(*hdr, "PROXY") != 0 ) {
+ /* standard munging of header name (upcase, HTTP_, etc.) */
+ apr_table_setn(r->subprocess_env, http2env(r->pool, *hdr), val);
+ }
}
}
}

6
mod_fcgid.spec
View File

@ -1,12 +1,13 @@
Name: mod_fcgid Name: mod_fcgid
Version: 2.3.9 Version: 2.3.9
Release: 20 Release: 21
Summary: High performance alternative to mod_cgi or mod_cgid Summary: High performance alternative to mod_cgi or mod_cgid
License: ASL 2.0 License: ASL 2.0
URL: http://httpd.apache.org/mod_fcgid/ URL: http://httpd.apache.org/mod_fcgid/
Source0: http://www.apache.org/dist/httpd/mod_fcgid/mod_fcgid-%{version}.tar.bz2 Source0: http://www.apache.org/dist/httpd/mod_fcgid/mod_fcgid-%{version}.tar.bz2
Source1: mod_fcgid-tmpfs.conf Source1: mod_fcgid-tmpfs.conf
Source2: fcgid24.conf Source2: fcgid24.conf
Patch0: CVE-2016-1000104.patch
BuildRequires: coreutils gcc httpd-devel >= 2.0 make pkgconfig sed perl BuildRequires: coreutils gcc httpd-devel >= 2.0 make pkgconfig sed perl
Requires: httpd-mmn = %{_httpd_mmn} Requires: httpd-mmn = %{_httpd_mmn}
Requires: systemd Requires: systemd
@ -54,6 +55,9 @@ install -p -m644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/mod_fcgid.conf
%doc build/fixconf.sed %doc build/fixconf.sed
%changelog %changelog
* Wed Jul 13 2022 yaoxin <yaoxin30@h-partners.com> - 2.3.9-21
- Fix CVE-2016-1000104
* Fri Jan 7 2022 liyanan <liyanan32@huawei.com> - 2.3.9-20 * Fri Jan 7 2022 liyanan <liyanan32@huawei.com> - 2.3.9-20
- Add the perl dependency - Add the perl dependency