[LON-CAPA-cvs] cvs: doc /loncapafiles webserver.piml rat lonwrapper.pm

raeburn raeburn at source.lon-capa.org
Sun Feb 16 16:57:59 EST 2020


raeburn		Sun Feb 16 21:57:59 2020 EDT

  Modified files:              
    /rat	lonwrapper.pm 
    /doc/loncapafiles	webserver.piml 
  Log:
  - Accommodate Apache 2.4 updated to address CVE-2019-0220, in which 
    multiple consecutive slashes are collapsed into a single slash.
  
  
Index: rat/lonwrapper.pm
diff -u rat/lonwrapper.pm:1.71 rat/lonwrapper.pm:1.72
--- rat/lonwrapper.pm:1.71	Tue Jan 14 16:48:06 2020
+++ rat/lonwrapper.pm	Sun Feb 16 21:57:49 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Wrapper for external and binary files as standalone resources
 #
-# $Id: lonwrapper.pm,v 1.71 2020/01/14 16:48:06 raeburn Exp $
+# $Id: lonwrapper.pm,v 1.72 2020/02/16 21:57:49 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -293,7 +293,7 @@
     for ($url){
         s|^/adm/wrapper||;
         $is_ext = $_ =~ s|^/ext/|http://|;         
-        s|http://https://|https://|;
+        s|http://https://?|https://| if ($is_ext);
         s|:|:|g;
     }
 
Index: doc/loncapafiles/webserver.piml
diff -u doc/loncapafiles/webserver.piml:1.50 doc/loncapafiles/webserver.piml:1.51
--- doc/loncapafiles/webserver.piml:1.50	Mon Jan  6 15:47:10 2020
+++ doc/loncapafiles/webserver.piml	Sun Feb 16 21:57:59 2020
@@ -2,7 +2,7 @@
 	"http://lpml.sourceforge.net/DTD/piml.dtd">
 <!-- webserver.piml -->
 
-<!-- $Id: webserver.piml,v 1.50 2020/01/06 15:47:10 raeburn Exp $ -->
+<!-- $Id: webserver.piml,v 1.51 2020/02/16 21:57:59 raeburn Exp $ -->
 
 <!--
 
@@ -227,7 +227,7 @@
             }
             my $hostname = Sys::Hostname::FQDN::fqdn();
             my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost');
-            my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)',
+            my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)',
                             'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
                             'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]',
                             'RewriteCond %{REMOTE_ADDR} 127.0.0.1',




More information about the LON-CAPA-cvs mailing list