pali pushed to cherokee (el6). "Merge branch 'master' into el6"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 15 20:47:06 UTC 2015
>From 868ecf5c0539ec2df6a4ee99840a1f1c1b2791e3 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore <dennis at ausil.us>
Date: Fri, 6 Jun 2014 23:36:27 -0500
Subject: - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/cherokee.spec b/cherokee.spec
index 807ce8d..b395fe7 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -7,7 +7,7 @@
Name: cherokee
Version: 1.2.103
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Flexible and Fast Webserver
Group: Applications/Internet
@@ -322,6 +322,9 @@ fi
%{_libdir}/lib%{name}-*.so
%changelog
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
* Wed Mar 5 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 1.2.103-3
- Remove the upstream cherokee logo due to: https://fedorahosted.org/fesco/ticket/1230
--
cgit v0.10.2
>From d91d5a17aa667b2927aeb971328964eeb85d3a3f Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson at fedoraproject.org>
Date: Sat, 16 Aug 2014 00:03:40 +0000
Subject: - Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
diff --git a/cherokee.spec b/cherokee.spec
index b395fe7..cd37aa5 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -7,7 +7,7 @@
Name: cherokee
Version: 1.2.103
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Flexible and Fast Webserver
Group: Applications/Internet
@@ -322,6 +322,9 @@ fi
%{_libdir}/lib%{name}-*.so
%changelog
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--
cgit v0.10.2
>From 7df9fedc9b1ca2d6253fbc171712e736423ef986 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 10:59:28 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds
- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
diff --git a/cherokee.spec b/cherokee.spec
index 807ce8d..38ea10d 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -1,20 +1,18 @@
%define home %{_var}/lib/%{name}
%define shortversion %(echo %{version} | sed -e 's/^\([0-9]+\.[0-9]+\)\.[0-9]+/\1/g')
%define opensslversion 1.0.0d
-#%define pkgname webserver
%define pkgname cherokee
%{!?_unitdir:%define _unitdir /lib/systemd/system}
Name: cherokee
Version: 1.2.103
-Release: 3%{?dist}
+Release: 6%{?dist}
Summary: Flexible and Fast Webserver
Group: Applications/Internet
License: GPLv2
URL: http://www.cherokee-project.com/
Source0: http://www.cherokee-project.com/download/%{shortversion}/%{version}/%{name}-%{version}.tar.gz
-# Source0: http://github.com/%{name}/%{pkgname}/archive/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source1: %{name}.init
Source2: %{name}.logrotate
@@ -63,7 +61,8 @@ Source116: screencast.png
# Drop privileges to cherokee:cherokee after startup
Patch0: 01-drop-privileges.patch
-#Patch1: http://ausil.fedorapeople.org/aarch64/cherokee/cherokee-aarch64.patch
+# Patch1: http://ausil.fedorapeople.org/aarch64/cherokee/cherokee-aarch64.patch
+Patch2: cherokee-1.2.103_CVE-2014-4668.patch
BuildRequires: pam-devel mysql-devel pcre-devel GeoIP-devel openldap-devel
%if "%{rhel}" == "4"
@@ -77,9 +76,10 @@ BuildRequires: gettext
Requires: spawn-fcgi
%if ( 0%{?fedora} )
-Requires(post): systemd-units
-Requires(preun): systemd-units
-Requires(postun): systemd-units
+Requires(post): systemd systemd-units
+Requires(preun): systemd systemd-units
+Requires(postun): systemd systemd-units
+BuildRequires: systemd
%else
Requires(post): chkconfig
Requires(preun): chkconfig
@@ -114,7 +114,8 @@ This package holds the development files for cherokee.
%setup -n %{pkgname}-%{version} -q
%endif
%patch0 -p1 -b .privs
-#%patch1 -p1 -b .aarch64
+# %patch1 -p1 -b .aarch64
+%patch2 -p1 -b .cve-2014-4668
# Replace upstream logos: https://fedorahosted.org/fesco/ticket/1230
for i in admin/icons/cherokee-admin-launcher-* \
@@ -226,38 +227,30 @@ exit 0
%post
%if ( 0%{?fedora} )
-if [ $1 -eq 1 ] ; then
- # Initial installation: enabled by default
- /bin/systemctl enable cherokee.service >/dev/null 2>&1 || :
-fi
+ %systemd_post cherokee.service
%else
-/sbin/ldconfig
-/sbin/chkconfig --add %{name}
+ /sbin/ldconfig
+ /sbin/chkconfig --add %{name}
+%endif
+%if "%{rhel}" == "5"
+ /usr/bin/execstack --clear-execstack %{_libdir}/lib%{name}-server.so.*
%endif
%preun
%if ( 0%{?fedora} )
-if [ $1 -eq 0 ] ; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable cherokee.service > /dev/null 2>&1 || :
- /bin/systemctl stop cherokee.service > /dev/null 2>&1 || :
-fi
+ %systemd_preun cherokee.service
%else
-if [ $1 = 0 ] ; then
- /sbin/service %{name} stop >/dev/null 2>&1
- /sbin/chkconfig --del %{name}
-fi
+ if [ $1 = 0 ] ; then
+ /sbin/service %{name} stop >/dev/null 2>&1
+ /sbin/chkconfig --del %{name}
+ fi
%endif
%postun
%if ( 0%{?fedora} )
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ] ; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart cherokee.service >/dev/null 2>&1 || :
-fi
+ %systemd_postun_with_restart cherokee.service
%else
-/sbin/ldconfig
+ /sbin/ldconfig
%endif
%files
@@ -321,7 +314,19 @@ fi
%{_datadir}/aclocal/%{name}.m4
%{_libdir}/lib%{name}-*.so
+
%changelog
+* Wed Apr 15 2015 Pavel Lisý <pali at fedoraproject.org> - 1.2.103-6
+- Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds
+- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
+- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
* Wed Mar 5 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 1.2.103-3
- Remove the upstream cherokee logo due to: https://fedorahosted.org/fesco/ticket/1230
--
cgit v0.10.2
>From 489f02d7b5da1fe11a40a5e422061213ac470865 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 16:02:07 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds
- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
diff --git a/cherokee.spec b/cherokee.spec
index 38ea10d..5b98fbe 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -1,6 +1,6 @@
%define home %{_var}/lib/%{name}
%define shortversion %(echo %{version} | sed -e 's/^\([0-9]+\.[0-9]+\)\.[0-9]+/\1/g')
-%define opensslversion 1.0.0d
+%define opensslversion 1.0.0r
%define pkgname cherokee
%{!?_unitdir:%define _unitdir /lib/systemd/system}
@@ -18,7 +18,7 @@ Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.service
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
Source100: http://www.openssl.org/source/openssl-%{opensslversion}.tar.gz
%endif
@@ -65,12 +65,7 @@ Patch0: 01-drop-privileges.patch
Patch2: cherokee-1.2.103_CVE-2014-4668.patch
BuildRequires: pam-devel mysql-devel pcre-devel GeoIP-devel openldap-devel
-%if "%{rhel}" == "4"
-BuildRequires: php
-%else
BuildRequires: php-cli
-%endif
-# BuildRequires: pcre-devel
BuildRequires: gettext
# For spawn-fcgi
Requires: spawn-fcgi
@@ -108,7 +103,7 @@ This package holds the development files for cherokee.
%prep
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
%setup -n %{pkgname}-%{version} -q -a 100
%else
%setup -n %{pkgname}-%{version} -q
@@ -152,10 +147,9 @@ cp %{SOURCE115} doc/media/images/
cp %{SOURCE116} doc/media/images/
%build
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
pushd openssl-%{opensslversion}
-./config --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls shared
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
+./config --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls shared no-asm
make depend
make all
mkdir ./lib
@@ -166,7 +160,7 @@ popd
%endif
%configure --with-wwwroot=%{_var}/www/%{name} \
-%if "%{rhel}" == "4" || "%{rhel}" == "5"
+%if "%{rhel}" == "5"
--with-libssl=$(pwd)/openssl-%{opensslversion} --enable-static-module=libssl \
%else
--with-libssl \
--
cgit v0.10.2
>From 0a919b50cf5387f559abcad605851fcbb36da91a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 16:08:22 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds
- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
diff --git a/cherokee-1.2.103_CVE-2014-4668.patch b/cherokee-1.2.103_CVE-2014-4668.patch
new file mode 100644
index 0000000..06329b7
--- /dev/null
+++ b/cherokee-1.2.103_CVE-2014-4668.patch
@@ -0,0 +1,13 @@
+diff -uNr cherokee-1.2.103.orig/cherokee/validator_ldap.c cherokee-1.2.103/cherokee/validator_ldap.c
+--- cherokee-1.2.103.orig/cherokee/validator_ldap.c 2013-04-26 19:59:11.000000000 +0200
++++ cherokee-1.2.103/cherokee/validator_ldap.c 2015-04-15 07:57:29.828878580 +0200
+@@ -331,7 +331,8 @@
+ /* Sanity checks
+ */
+ if ((conn->validator == NULL) ||
+- cherokee_buffer_is_empty (&conn->validator->user))
++ cherokee_buffer_is_empty (&conn->validator->user) ||
++ cherokee_buffer_is_empty (&conn->validator->passwd))
+ return ret_error;
+
+ size = cherokee_buffer_cnt_cspn (&conn->validator->user, 0, "*()");
--
cgit v0.10.2
>From e1738cd632a98c847eba65d753df6e74905944ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 16:13:28 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds
- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
diff --git a/.gitignore b/.gitignore
index 844f38c..c32ad55 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ openssl-1.0.0d.tar.gz
/cherokee-1.2.100.tar.gz
/cherokee-1.2.101.tar.gz
/cherokee-1.2.103.tar.gz
+/openssl-1.0.0r.tar.gz
diff --git a/sources b/sources
index 33c32b7..d247e58 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-527b3de97ef9727bfd5f6832043cf916 cherokee-1.2.103.tar.gz
+ea48d0ad53e10f06a9475d8cdc209dfa openssl-1.0.0r.tar.gz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/cherokee.git/commit/?h=el6&id=d3b9383d9ed9a26f03cfd2e225fabeee381772e4
More information about the scm-commits
mailing list