pali pushed to cherokee (el6). "Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Wed Apr 15 20:46:53 UTC 2015 

>From 489f02d7b5da1fe11a40a5e422061213ac470865 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 16:02:07 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
 when LDAP server allows unauthenticated binds

- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz  959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)

diff --git a/cherokee.spec b/cherokee.spec
index 38ea10d..5b98fbe 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -1,6 +1,6 @@
 %define         home %{_var}/lib/%{name}
 %define         shortversion   %(echo %{version} | sed -e 's/^\([0-9]+\.[0-9]+\)\.[0-9]+/\1/g')
-%define         opensslversion 1.0.0d
+%define         opensslversion 1.0.0r
 %define         pkgname cherokee
 %{!?_unitdir:%define _unitdir /lib/systemd/system}
 
@@ -18,7 +18,7 @@ Source1:        %{name}.init
 Source2:        %{name}.logrotate
 Source3:        %{name}.service
 
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
 Source100:      http://www.openssl.org/source/openssl-%{opensslversion}.tar.gz
 %endif
 
@@ -65,12 +65,7 @@ Patch0: 01-drop-privileges.patch
 Patch2: cherokee-1.2.103_CVE-2014-4668.patch
 
 BuildRequires:  pam-devel mysql-devel pcre-devel GeoIP-devel openldap-devel
-%if "%{rhel}" == "4"
-BuildRequires:  php
-%else
 BuildRequires:  php-cli
-%endif
-# BuildRequires:  pcre-devel
 BuildRequires:  gettext
 # For spawn-fcgi
 Requires:        spawn-fcgi
@@ -108,7 +103,7 @@ This package holds the development files for cherokee.
 
 
 %prep
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
 %setup -n %{pkgname}-%{version} -q -a 100
 %else
 %setup -n %{pkgname}-%{version} -q
@@ -152,10 +147,9 @@ cp %{SOURCE115} doc/media/images/
 cp %{SOURCE116} doc/media/images/
 
 %build
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
 pushd openssl-%{opensslversion}
-./config --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls shared
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
+./config --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls shared no-asm
 make depend
 make all
 mkdir ./lib
@@ -166,7 +160,7 @@ popd
 %endif
 
 %configure --with-wwwroot=%{_var}/www/%{name} \
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
    --with-libssl=$(pwd)/openssl-%{opensslversion} --enable-static-module=libssl \
 %else
    --with-libssl \
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/cherokee.git/commit/?h=el6&id=489f02d7b5da1fe11a40a5e422061213ac470865

More information about the scm-commits mailing list