!22 Fix CVE-2022-2255

From: @zhuhai95 Reviewed-by: @caodongxia Signed-off-by: @caodongxia
2022-08-09 03:20:06 +00:00 · 2022-08-09 03:20:06 +00:00 · d93706a6af
commit d93706a6af
parent 675d937adb 59bcd859ac
2 changed files with 17 additions and 2 deletions
--- a/CVE-2022-2255.patch
+++ b/CVE-2022-2255.patch
@ -0,0 +1,11 @@
 diff -Nur mod_wsgi-4.9.1.old/src/server/mod_wsgi.c mod_wsgi-4.9.1/src/server/mod_wsgi.c
 --- mod_wsgi-4.9.1.old/src/server/mod_wsgi.c	2022-08-08 10:12:40.044127804 +0800
 +++ mod_wsgi-4.9.1/src/server/mod_wsgi.c	2022-08-08 10:14:21.532845853 +0800
@@ -14044,6 +14044,7 @@
             name = ((const char**)trusted_proxy_headers->elts)[i];
             if (!strcmp(name, "HTTP_X_FORWARDED_FOR") ||
 +                     !strcmp(name, "HTTP_X_CLIENT_IP") ||
                      !strcmp(name, "HTTP_X_REAL_IP")) {
                 match_client_header = 1;
--- a/mod_wsgi.spec
+++ b/mod_wsgi.spec
@ -6,13 +6,14 @@
 %global sphinxbin %{_bindir}/sphinx-build-3
 Name:                mod_wsgi
 Version:             4.9.1
-Release:             1
+Release:             2
 Summary:             A WSGI interface for Python web applications in Apache
-License:             ASL 2.0
+License:             Apache-2.0
 URL:                 https://modwsgi.readthedocs.io/
 Source0:             https://github.com/GrahamDumpleton/mod_wsgi/archive/refs/tags/%{version}.tar.gz
 Source1:             wsgi-python3.conf
 Patch1:              mod_wsgi-4.5.20-exports.patch
 Patch2:              CVE-2022-2255.patch
 BuildRequires:       httpd-devel gcc perl
 %{?filter_provides_in: %filter_provides_in %{_httpd_moddir}/.*\.so$}
 %{?filter_setup}
@ -74,6 +75,9 @@ popd
 %{_bindir}/mod_wsgi-express-3
 %changelog
 * Mon Aug 08 2022 zhuhai95 <zhuhai@ncti-gba.cn> - 4.9.1-2
 - Fix CVE-2022-2255
 * Tue May 17 2022 yangping <yangping69@h-partners> - 4.9.1-1
 - Update to 4.9.1