Fix CVE-2022-2255

change License to Apache-2.0

cve to CVE

CVE-2022-2255.patch

@@ -0,0 +1,11 @@
+diff -Nur mod_wsgi-4.6.4.old/src/server/mod_wsgi.c mod_wsgi-4.6.4/src/server/mod_wsgi.c
+--- mod_wsgi-4.6.4.old/src/server/mod_wsgi.c	2022-08-08 15:27:04.978005420 +0800
++++ mod_wsgi-4.6.4/src/server/mod_wsgi.c	2022-08-08 15:30:20.395491862 +0800
+@@ -13897,6 +13897,7 @@
+             value = apr_table_get(r->subprocess_env, name);
+ 
+             if (!strcmp(name, "HTTP_X_FORWARDED_FOR") ||
++	             !strcmp(name, "HTTP_X_CLIENT_IP") ||
+                      !strcmp(name, "HTTP_X_REAL_IP")) {
+ 
+                 match_client_header = 1;

mod_wsgi.spec

@@ -6,15 +6,16 @@
 %global sphinxbin %{_bindir}/sphinx-build-3
 Name:                mod_wsgi
 Version:             4.6.4
-Release:             2
+Release:             3
 Summary:             A WSGI interface for Python web applications in Apache
-License:             ASL 2.0
+License:             Apache-2.0
 URL:                 https://modwsgi.readthedocs.io/
 Source0:             https://github.com/GrahamDumpleton/mod_wsgi/archive/%{version}.tar.gz#/mod_wsgi-%{version}.tar.gz
 Source1:             wsgi-python3.conf
 Patch1:              mod_wsgi-4.5.20-exports.patch
 Patch2:              Use-official-APIs-for-accessing-interpreter-list.patch
 Patch3:              Changed-functions-to-pre-post-actions-when-forking.patch
+Patch4:              CVE-2022-2255.patch
 BuildRequires:       httpd-devel gcc
 %{?filter_provides_in: %filter_provides_in %{_httpd_moddir}/.*\.so$}
 %{?filter_setup}
@@ -76,6 +77,9 @@ popd
 %{_bindir}/mod_wsgi-express-3
 
 %changelog
+* Mon Aug 08 2022 zhuhai95 <zhuhai@ncti-gba.cn> - 4.6.4-3
+- Fix CVE-2022-2255
+
 * Sat Feb 27 2021 zhaorenhai <zhaorenhai@hotmail.com> - 4.6.4-2
 - Add configure file