---- httpd-2.4.1/docs/cgi-examples/printenv.orig 2008-09-06 22:26:15.000000000 +0200
-+++ httpd-2.4.1/docs/cgi-examples/printenv 2012-02-22 00:03:03.259441113 +0100
+--- httpd-2.4.4/docs/cgi-examples/printenv.orig 2012-12-17 22:47:48.000000000 +0100
++++ httpd-2.4.4/docs/cgi-examples/printenv 2013-02-28 21:05:57.651099413 +0100
@@ -1,9 +1,5 @@
-#
+#!/usr/bin/perl
-# To permit this cgi, replace # on the first line above with the
--# appropriate #!/path/to/perl shebang, and set this script executable
--# with chmod 755.
+-# appropriate #!/path/to/perl shebang, and on Unix / Linux also
+-# set this script executable with chmod 755.
-#
- # Note that it is subject to cross site scripting attacks on MS IE
- # and any other browser which fails to honor RFC2616, so never use
- # it in a live server environment, it is provided only for testing.
+ # ***** !!! WARNING !!! *****
+ # This script echoes the server environment variables and therefore
+ # leaks information - so NEVER use it in a live server environment!
---- httpd-2.4.1/support/suexec.c.orig 2011-07-13 21:11:21.000000000 +0200
-+++ httpd-2.4.1/support/suexec.c 2012-02-22 00:26:17.549340557 +0100
-@@ -234,6 +234,21 @@
+--- httpd-2.4.4/support/suexec.c.orig 2012-12-03 17:33:42.000000000 +0100
++++ httpd-2.4.4/support/suexec.c 2013-03-07 23:13:29.312581994 +0100
+@@ -240,6 +240,21 @@
environ = cleanenv;
}
int main(int argc, char *argv[])
{
int userdir = 0; /* ~userdir flag */
-@@ -249,6 +264,7 @@
+@@ -255,6 +270,7 @@
char dwd[AP_MAXPATH]; /* docroot working directory */
struct passwd *pw; /* password entry holder */
struct group *gr; /* group entry holder */
struct stat dir_info; /* directory info holder */
struct stat prg_info; /* program info holder */
-@@ -369,8 +385,23 @@
+@@ -375,8 +391,23 @@
}
else {
if ((pw = getpwuid(atoi(target_uname))) == NULL) {
}
}
-@@ -549,20 +580,24 @@
- }
-
- /*
-- * Error out if the target name/group is different from
-- * the name/group of the cwd or the program.
-- */
-- if ((uid != dir_info.st_uid) ||
-- (gid != dir_info.st_gid) ||
-- (uid != prg_info.st_uid) ||
-- (gid != prg_info.st_gid)) {
-- log_err("target uid/gid (%ld/%ld) mismatch "
-- "with directory (%ld/%ld) or program (%ld/%ld)\n",
-- uid, gid,
-- dir_info.st_uid, dir_info.st_gid,
-- prg_info.st_uid, prg_info.st_gid);
-- exit(120);
-+ * If not called as suexec.fcgi error out if the target
-+ * name/group is different from the name/group of the cwd
-+ * or the program.
-+ */
+@@ -558,6 +589,7 @@
+ * Error out if the target name/group is different from
+ * the name/group of the cwd or the program.
+ */
+ if(strcmp(base_pathname(argv[0]),"suexec.fcgi")) {
-+ if ((uid != dir_info.st_uid) ||
-+ (gid != dir_info.st_gid) ||
-+ (uid != prg_info.st_uid) ||
-+ (gid != prg_info.st_gid)) {
-+ log_err("target uid/gid (%ld/%ld) mismatch "
-+ "with directory (%ld/%ld) or program (%ld/%ld)\n",
-+ uid, gid,
-+ dir_info.st_uid, dir_info.st_gid,
-+ prg_info.st_uid, prg_info.st_gid);
-+ exit(120);
-+ }
+ if ((uid != dir_info.st_uid) ||
+ (gid != dir_info.st_gid) ||
+ (uid != prg_info.st_uid) ||
+@@ -569,6 +601,7 @@
+ (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
+ exit(120);
}
-+
++ }
/*
* Error out if the program is not executable for the user.
* Otherwise, she won't find any error in the logs except for
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.4.3
-Release: 5
+Version: 2.4.4
+Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
-# Source0-md5: 538dccd22dd18466fff3ec7948495417
+# Source0-md5: a2fed766e67c9681e0d9b86768f08286
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
---- httpd-2.2.17/build/rules.mk.in~ 2006-07-12 06:38:44.000000000 +0300
-+++ httpd-2.2.17/build/rules.mk.in 2011-03-26 18:27:36.410587573 +0200
-@@ -38,17 +38,17 @@
- COMPILE = $(BASE_CC) @PICFLAGS@
- CXX_COMPILE = $(BASE_CXX) @PICFLAGS@
-
--SH_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CC) @SHLTCFLAGS@ -c $< && touch $@
--SH_CXX_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CXX) @SHLTCFLAGS@ -c $< && touch $@
-+SH_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(BASE_CC) @SHLTCFLAGS@ -c $< && touch $@
-+SH_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(BASE_CXX) @SHLTCFLAGS@ -c $< && touch $@
-
--LT_COMPILE = $(LIBTOOL) --mode=compile $(COMPILE) @LTCFLAGS@ -c $< && touch $@
--LT_CXX_COMPILE = $(LIBTOOL) --mode=compile $(CXX_COMPILE) @LTCFLAGS@ -c $< && touch $@
-+LT_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(COMPILE) @LTCFLAGS@ -c $< && touch $@
-+LT_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(CXX_COMPILE) @LTCFLAGS@ -c $< && touch $@
+--- httpd-2.4.4/build/rules.mk.in.orig 2012-09-26 16:30:31.000000000 +0200
++++ httpd-2.4.4/build/rules.mk.in 2013-03-07 23:18:20.779633942 +0100
+@@ -41,17 +41,17 @@
+ COMPILE = $(BASE_CC) $(PICFLAGS)
+ CXX_COMPILE = $(BASE_CXX) $(PICFLAGS)
+
+-SH_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CC) $(SHLTCFLAGS) -c $< && touch $@
+-SH_CXX_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CXX) $(SHLTCFLAGS) -c $< && touch $@
++SH_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(BASE_CC) $(SHLTCFLAGS) -c $< && touch $@
++SH_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(BASE_CXX) $(SHLTCFLAGS) -c $< && touch $@
+
+-LT_COMPILE = $(LIBTOOL) --mode=compile $(COMPILE) $(LTCFLAGS) -c $< && touch $@
+-LT_CXX_COMPILE = $(LIBTOOL) --mode=compile $(CXX_COMPILE) $(LTCFLAGS) -c $< && touch $@
++LT_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(COMPILE) $(LTCFLAGS) -c $< && touch $@
++LT_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(CXX_COMPILE) $(LTCFLAGS) -c $< && touch $@
# Link-related commands
--LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) @PILDFLAGS@ $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
+-LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(PILDFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
-SH_LINK = $(SH_LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@
-MOD_LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
-+LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) @PILDFLAGS@ $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
++LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) $(PILDFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
+SH_LINK = $(SH_LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@
+MOD_LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
# Cross compile commands
-@@ -216,7 +216,7 @@
+@@ -228,7 +228,7 @@
# Makes an import library from a def file
.def.la:
TLD / packages / apache.git / commitdiff