diff --git a/CVE-2018-17199.patch b/CVE-2018-17199.patch new file mode 100644 index 0000000..e42f56b --- /dev/null +++ b/CVE-2018-17199.patch @@ -0,0 +1,85 @@ +From 34f58ae20d9a85f2a1508a9a732874239491d456 Mon Sep 17 00:00:00 2001 +From: Hank Ibell +Date: Tue, 15 Jan 2019 19:54:41 +0000 +Subject: [PATCH] mod_session: Always decode session attributes early. + +Backport r1850947 from trunk +Submitted by: hwibell +Reviewed by: hwibell, covener, wrowe + + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1851409 13f79535-47bb-0310-9956-ffa450edef68 +--- + CHANGES | 2 ++ + STATUS | 5 ----- + modules/session/mod_session.c | 25 ++++++++++++++----------- + 3 files changed, 16 insertions(+), 16 deletions(-) + +#diff --git a/CHANGES b/CHANGES +#index c4d9f6c2ea8..4b0a07fdcf5 100644 +#--- a/CHANGES +#+++ b/CHANGES +#@@ -9,6 +9,8 @@ Changes with Apache 2.4.38 +# and we should just set the value for the environment variable +# like in the pattern case. [Ruediger Pluem] +# +#+ *) mod_session: Always decode session attributes early. [Hank Ibell] +#+ +# *) core: Incorrect values for environment variables are substituted when +# multiple environment variables are specified in a directive. [Hank Ibell] +# +#diff --git a/STATUS b/STATUS +#index 00070f9f247..45a92ba4d81 100644 +#--- a/STATUS +#+++ b/STATUS +#@@ -125,11 +125,6 @@ RELEASE SHOWSTOPPERS: +# PATCHES ACCEPTED TO BACKPORT FROM TRUNK: +# [ start all new proposals below, under PATCHES PROPOSED. ] +# +#- *) mod_session: Always decode session attributes early. +#- trunk patch: http://svn.apache.org/r1850947 +#- 2.4.x patch: svn merge -c 1850947 ^/httpd/httpd/trunk . +#- +1: hwibell, covener, wrowe +#- +# *) mod_ssl (ssl_engine_io.c: bio_filter_out_write, bio_filter_in_read) +# Clear retry flags before aborting on client-initiated reneg. [Joe Orton] +# PR: 63052 +diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c +index d517020d995..64e6e4a8132 100644 +--- a/modules/session/mod_session.c ++++ b/modules/session/mod_session.c +@@ -126,20 +126,23 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z) + + /* found a session that hasn't expired? */ + now = apr_time_now(); ++ + if (zz) { +- if (zz->expiry && zz->expiry < now) { ++ /* load the session attibutes */ ++ rv = ap_run_session_decode(r, zz); ++ ++ /* having a session we cannot decode is just as good as having ++ none at all */ ++ if (OK != rv) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817) ++ "error while decoding the session, " ++ "session not loaded: %s", r->uri); + zz = NULL; + } +- else { +- /* having a session we cannot decode is just as good as having +- none at all */ +- rv = ap_run_session_decode(r, zz); +- if (OK != rv) { +- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817) +- "error while decoding the session, " +- "session not loaded: %s", r->uri); +- zz = NULL; +- } ++ ++ /* invalidate session if session is expired */ ++ if (zz && zz->expiry && zz->expiry < now) { ++ zz = NULL; + } + } + diff --git a/httpd.spec b/httpd.spec index 93ae172..19eecd5 100644 --- a/httpd.spec +++ b/httpd.spec @@ -8,7 +8,7 @@ Name: httpd Summary: Apache HTTP Server Version: 2.4.34 -Release: 14 +Release: 15 License: ASL 2.0 URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 @@ -97,6 +97,7 @@ Patch6022: CVE-2018-17189.patch Patch6023: CVE-2019-0220-1.patch Patch6024: CVE-2019-0220-2.patch Patch6025: CVE-2019-0220-3.patch +Patch6026: CVE-2018-17199.patch Patch9000: layout_add_openEuler.patch @@ -535,6 +536,12 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Mon Feb 03 2020 yanzhihua - 2.4.34-15 +- Type:cves +- ID:CVE-2018-17199 +- SUG:NA +- DESC:fix CVE-2018-17199 + * Sun Jan 19 2020 openEuler Buildteam - 2.4.34-14 - Type:bugfix - ID:NA