pali pushed to cherokee (epel7). "Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Apr 20 08:14:12 UTC 2015
>From 7df9fedc9b1ca2d6253fbc171712e736423ef986 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Lis=C3=BD?= <pali at fedoraproject.org>
Date: Wed, 15 Apr 2015 10:59:28 +0200
Subject: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds
- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
diff --git a/cherokee.spec b/cherokee.spec
index 807ce8d..38ea10d 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -1,20 +1,18 @@
%define home %{_var}/lib/%{name}
%define shortversion %(echo %{version} | sed -e 's/^\([0-9]+\.[0-9]+\)\.[0-9]+/\1/g')
%define opensslversion 1.0.0d
-#%define pkgname webserver
%define pkgname cherokee
%{!?_unitdir:%define _unitdir /lib/systemd/system}
Name: cherokee
Version: 1.2.103
-Release: 3%{?dist}
+Release: 6%{?dist}
Summary: Flexible and Fast Webserver
Group: Applications/Internet
License: GPLv2
URL: http://www.cherokee-project.com/
Source0: http://www.cherokee-project.com/download/%{shortversion}/%{version}/%{name}-%{version}.tar.gz
-# Source0: http://github.com/%{name}/%{pkgname}/archive/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source1: %{name}.init
Source2: %{name}.logrotate
@@ -63,7 +61,8 @@ Source116: screencast.png
# Drop privileges to cherokee:cherokee after startup
Patch0: 01-drop-privileges.patch
-#Patch1: http://ausil.fedorapeople.org/aarch64/cherokee/cherokee-aarch64.patch
+# Patch1: http://ausil.fedorapeople.org/aarch64/cherokee/cherokee-aarch64.patch
+Patch2: cherokee-1.2.103_CVE-2014-4668.patch
BuildRequires: pam-devel mysql-devel pcre-devel GeoIP-devel openldap-devel
%if "%{rhel}" == "4"
@@ -77,9 +76,10 @@ BuildRequires: gettext
Requires: spawn-fcgi
%if ( 0%{?fedora} )
-Requires(post): systemd-units
-Requires(preun): systemd-units
-Requires(postun): systemd-units
+Requires(post): systemd systemd-units
+Requires(preun): systemd systemd-units
+Requires(postun): systemd systemd-units
+BuildRequires: systemd
%else
Requires(post): chkconfig
Requires(preun): chkconfig
@@ -114,7 +114,8 @@ This package holds the development files for cherokee.
%setup -n %{pkgname}-%{version} -q
%endif
%patch0 -p1 -b .privs
-#%patch1 -p1 -b .aarch64
+# %patch1 -p1 -b .aarch64
+%patch2 -p1 -b .cve-2014-4668
# Replace upstream logos: https://fedorahosted.org/fesco/ticket/1230
for i in admin/icons/cherokee-admin-launcher-* \
@@ -226,38 +227,30 @@ exit 0
%post
%if ( 0%{?fedora} )
-if [ $1 -eq 1 ] ; then
- # Initial installation: enabled by default
- /bin/systemctl enable cherokee.service >/dev/null 2>&1 || :
-fi
+ %systemd_post cherokee.service
%else
-/sbin/ldconfig
-/sbin/chkconfig --add %{name}
+ /sbin/ldconfig
+ /sbin/chkconfig --add %{name}
+%endif
+%if "%{rhel}" == "5"
+ /usr/bin/execstack --clear-execstack %{_libdir}/lib%{name}-server.so.*
%endif
%preun
%if ( 0%{?fedora} )
-if [ $1 -eq 0 ] ; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable cherokee.service > /dev/null 2>&1 || :
- /bin/systemctl stop cherokee.service > /dev/null 2>&1 || :
-fi
+ %systemd_preun cherokee.service
%else
-if [ $1 = 0 ] ; then
- /sbin/service %{name} stop >/dev/null 2>&1
- /sbin/chkconfig --del %{name}
-fi
+ if [ $1 = 0 ] ; then
+ /sbin/service %{name} stop >/dev/null 2>&1
+ /sbin/chkconfig --del %{name}
+ fi
%endif
%postun
%if ( 0%{?fedora} )
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ] ; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart cherokee.service >/dev/null 2>&1 || :
-fi
+ %systemd_postun_with_restart cherokee.service
%else
-/sbin/ldconfig
+ /sbin/ldconfig
%endif
%files
@@ -321,7 +314,19 @@ fi
%{_datadir}/aclocal/%{name}.m4
%{_libdir}/lib%{name}-*.so
+
%changelog
+* Wed Apr 15 2015 Pavel Lisý <pali at fedoraproject.org> - 1.2.103-6
+- Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds
+- Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units
+- Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5)
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.103-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
* Wed Mar 5 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 1.2.103-3
- Remove the upstream cherokee logo due to: https://fedorahosted.org/fesco/ticket/1230
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/cherokee.git/commit/?h=epel7&id=7df9fedc9b1ca2d6253fbc171712e736423ef986
More information about the scm-commits
mailing list