pali pushed to cherokee (f22). "Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 15 14:20:26 UTC 2015
>From 489f02d7b5da1fe11a40a5e422061213ac470865 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 16:02:07 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds
- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
diff --git a/cherokee.spec b/cherokee.spec
index 38ea10d..5b98fbe 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -1,6 +1,6 @@
%define home %{_var}/lib/%{name}
%define shortversion %(echo %{version} | sed -e 's/^\([0-9]+\.[0-9]+\)\.[0-9]+/\1/g')
-%define opensslversion 1.0.0d
+%define opensslversion 1.0.0r
%define pkgname cherokee
%{!?_unitdir:%define _unitdir /lib/systemd/system}
@@ -18,7 +18,7 @@ Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.service
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
Source100: http://www.openssl.org/source/openssl-%{opensslversion}.tar.gz
%endif
@@ -65,12 +65,7 @@ Patch0: 01-drop-privileges.patch
Patch2: cherokee-1.2.103_CVE-2014-4668.patch
BuildRequires: pam-devel mysql-devel pcre-devel GeoIP-devel openldap-devel
-%if "%{rhel}" == "4"
-BuildRequires: php
-%else
BuildRequires: php-cli
-%endif
-# BuildRequires: pcre-devel
BuildRequires: gettext
# For spawn-fcgi
Requires: spawn-fcgi
@@ -108,7 +103,7 @@ This package holds the development files for cherokee.
%prep
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
%setup -n %{pkgname}-%{version} -q -a 100
%else
%setup -n %{pkgname}-%{version} -q
@@ -152,10 +147,9 @@ cp %{SOURCE115} doc/media/images/
cp %{SOURCE116} doc/media/images/
%build
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
pushd openssl-%{opensslversion}
-./config --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls shared
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
+./config --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls shared no-asm
make depend
make all
mkdir ./lib
@@ -166,7 +160,7 @@ popd
%endif
%configure --with-wwwroot=%{_var}/www/%{name} \
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
--with-libssl=$(pwd)/openssl-%{opensslversion} --enable-static-module=libssl \
%else
--with-libssl \
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/cherokee.git/commit/?h=f22&id=489f02d7b5da1fe11a40a5e422061213ac470865
More information about the scm-commits
mailing list