freeipa

Clone
Source Code
GIT

901d0ec Secure AJP connector between Dogtag and Apache proxy

7 files Authored by abbra 4 years ago, Committed by frenaud 4 years ago,
raw patch tree parent
7 files changed. 94 lines added. 8 lines removed.
install/conf/ipa-pki-proxy.conf
file modified
+6 -6
ipaplatform/base/paths.py
file modified
+2 -0
ipaplatform/debian/paths.py
file modified
+1 -0
ipaserver/install/cainstance.py
file modified
+2 -0
ipaserver/install/dogtaginstance.py
file modified
+75 -0
ipaserver/install/krainstance.py
file modified
+0 -2
ipaserver/install/server/upgrade.py
file modified
+8 -0 
    Secure AJP connector between Dogtag and Apache proxy
    
    AJP implementation in Tomcat is vulnerable to CVE-2020-1938 if used
    without shared secret. Set up a shared secret between localhost
    connector and Apache mod_proxy_ajp pass-through.
    
    For existing secured AJP pass-through make sure the option used for
    configuration on the tomcat side is up to date. Tomcat 9.0.31.0
    deprecated 'requiredSecret' option name in favor of 'secret'. Details
    can be found at https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x
    
    Fixes: https://pagure.io/freeipa/issue/8221
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    (cherry picked from commit ec73de969f55b7a005b6401029f87fe6a225a417)
    (cherry picked from commit c2655f4545f28cf5195a98e9bdeef3d51fa0d24b)
    
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+6 -6
file modified
+2 -0
file modified
+1 -0
file modified
+2 -0
file modified
+75 -0
file modified
+0 -2
file modified
+8 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.