CVE-2022-2255

change License to git Apache-2.0 cve to CVE
2022-08-08 11:47:56 +08:00 · 2022-08-08 11:47:56 +08:00 · 59bcd859ac
commit 59bcd859ac
parent 675d937adb
2 changed files with 17 additions and 2 deletions
--- a/CVE-2022-2255.patch
+++ b/CVE-2022-2255.patch
@ -0,0 +1,11 @@
+diff -Nur mod_wsgi-4.9.1.old/src/server/mod_wsgi.c mod_wsgi-4.9.1/src/server/mod_wsgi.c
+--- mod_wsgi-4.9.1.old/src/server/mod_wsgi.c	2022-08-08 10:12:40.044127804 +0800
+++ mod_wsgi-4.9.1/src/server/mod_wsgi.c	2022-08-08 10:14:21.532845853 +0800
+@@ -14044,6 +14044,7 @@
+             name = ((const char**)trusted_proxy_headers->elts)[i];
+ 
+             if (!strcmp(name, "HTTP_X_FORWARDED_FOR") ||
+                     !strcmp(name, "HTTP_X_CLIENT_IP") ||
+                      !strcmp(name, "HTTP_X_REAL_IP")) {
+ 
+                 match_client_header = 1;
--- a/mod_wsgi.spec
+++ b/mod_wsgi.spec
@ -6,13 +6,14 @@
 %global sphinxbin %{_bindir}/sphinx-build-3
 Name:                mod_wsgi
 Version:             4.9.1
-Release:             1
+Release:             2
 Summary:             A WSGI interface for Python web applications in Apache
-License:             ASL 2.0
+License:             Apache-2.0
 URL:                 https://modwsgi.readthedocs.io/
 Source0:             https://github.com/GrahamDumpleton/mod_wsgi/archive/refs/tags/%{version}.tar.gz
 Source1:             wsgi-python3.conf
 Patch1:              mod_wsgi-4.5.20-exports.patch
+Patch2:              CVE-2022-2255.patch
 BuildRequires:       httpd-devel gcc perl
 %{?filter_provides_in: %filter_provides_in %{_httpd_moddir}/.*\.so$}
 %{?filter_setup}
@ -74,6 +75,9 @@ popd
 %{_bindir}/mod_wsgi-express-3

 %changelog
+* Mon Aug 08 2022 zhuhai95 <zhuhai@ncti-gba.cn> - 4.9.1-2
+- Fix CVE-2022-2255
+
 * Tue May 17 2022 yangping <yangping69@h-partners> - 4.9.1-1
 - Update to 4.9.1