packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update httpd to 2.4.48

Browse Source
This commit is contained in:
eaglegai 2021-07-13 10:29:49 +08:00
parent 3eee556ed4
commit 72626f7e40
9 changed files with 8 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2020-13950.patch
View File

@ -1,36 +0,0 @@
From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 11 May 2015 15:48:58 +0000
Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
may be NULL during prefetch, don't try to dereference it! Still
origin->keepalive will be set according to p_conn->close by the caller
(proxy_http_handler).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68
---
modules/proxy/mod_proxy_http.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 044bfcd..4a5b851 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -577,7 +577,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
apr_off_t bytes;
int force10, rv;
apr_read_type_e block;
- conn_rec *origin = p_conn->connection;
if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
if (req->expecting_100) {
@@ -637,7 +636,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
"chunked body with Content-Length (C-L ignored)",
c->client_ip, c->remote_host ? c->remote_host: "");
req->old_cl_val = NULL;
- origin->keepalive = AP_CONN_CLOSE;
p_conn->close = 1;
}
--
2.23.0

38
CVE-2020-35452.patch
View File

@ -1,38 +0,0 @@
From 3b6431eb9c9dba603385f70a2131ab4a01bf0d3b Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 18 Jan 2021 17:39:12 +0000
Subject: [PATCH] Merge r1885659 from trunk:
mod_auth_digest: Fast validation of the nonce's base64 to fail early if
the format can't match anyway.
Submitted by: ylavic
Reviewed by: ylavic, covener, jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68
---
modules/aaa/mod_auth_digest.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
index 1b5a204278f..d126387cc7f 100644
--- a/modules/aaa/mod_auth_digest.c
+++ b/modules/aaa/mod_auth_digest.c
@@ -1426,9 +1426,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
time_rec nonce_time;
char tmp, hash[NONCE_HASH_LEN+1];
- if (strlen(resp->nonce) != NONCE_LEN) {
+ /* Since the time part of the nonce is a base64 encoding of an
+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
+ */
+ if (strlen(resp->nonce) != NONCE_LEN
+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
- "invalid nonce %s received - length is not %d",
+ "invalid nonce '%s' received - length is not %d "
+ "or time encoding is incorrect",
resp->nonce, NONCE_LEN);
note_digest_auth_failure(r, conf, resp, 1);
return HTTP_UNAUTHORIZED;

27
CVE-2021-26690.patch
View File

@ -1,27 +0,0 @@
From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 1 Mar 2021 20:07:08 +0000
Subject: [PATCH] mod_session: save one apr_strtok() in
session_identity_decode().
When the encoding is invalid (missing '='), no need to parse further.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
---
modules/session/mod_session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index a2b4a3e608b..01f41fe5d0f 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -413,8 +413,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)
char *plast = NULL;
const char *psep = "=";
char *key = apr_strtok(pair, psep, &plast);
- char *val = apr_strtok(NULL, psep, &plast);
if (key && *key) {
+ char *val = apr_strtok(NULL, sep, &plast);
if (!val || !*val) {
apr_table_unset(z->entries, key);
}

31
CVE-2021-26691.patch
View File

@ -1,31 +0,0 @@
From 7e09dd714fc62c08c5b0319ed7b9702594faf49b Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 1 Mar 2021 20:13:54 +0000
Subject: [PATCH] mod_session: account for the '&' in identity_concat().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68
---
modules/session/mod_session.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 01f41fe5d0f..a41e58444f9 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -326,7 +326,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
static int identity_count(void *v, const char *key, const char *val)
{
int *count = v;
- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
+ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}
@@ -362,7 +362,6 @@ static int identity_concat(void *v, const char *key, const char *val)
*/
static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
{
-
char *buffer = NULL;
int length = 0;
if (z->expiry) {

62
CVE-2021-30641.patch
View File

@ -1,62 +0,0 @@
From eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 21 Apr 2021 01:10:12 +0000
Subject: [PATCH] Merge r1889036 from trunk:
legacy default slash-matching behavior w/ 'MergeSlashes OFF'
Submitted By: Ruediger Pluem
Reviewed By: covener, rpluem, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1889038 13f79535-47bb-0310-9956-ffa450edef68
---
server/request.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/server/request.c b/server/request.c
index 0f150a763d6..299eae04d3f 100644
--- a/server/request.c
+++ b/server/request.c
@@ -1420,7 +1420,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
cached = (cache->cached != NULL);
- entry_uri = r->uri;
+
+ /*
+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
+ * have not been merged. But for Location walks we always go with merged
+ * slashes no matter what merge_slashes is set to.
+ */
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+ entry_uri = r->uri;
+ }
+ else {
+ char *uri = apr_pstrdup(r->pool, r->uri);
+ ap_no2slash(uri);
+ entry_uri = uri;
+ }
/* If we have an cache->cached location that matches r->uri,
* and the vhost's list of locations hasn't changed, we can skip
@@ -1488,7 +1501,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
}
- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
continue;
}
@@ -1498,7 +1511,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
apr_table_setn(r->subprocess_env,
((const char **)entry_core->refs->elts)[i],
apr_pstrndup(r->pool,
- entry_uri + pmatch[i].rm_so,
+ r->uri + pmatch[i].rm_so,
pmatch[i].rm_eo - pmatch[i].rm_so));
}
}

119
httpd-2.4.46-lua-resume.patch
View File

@ -1,119 +0,0 @@
diff --git a/modules/lua/config.m4 b/modules/lua/config.m4
index 29fd563..abeba1c 100644
--- a/modules/lua/config.m4
+++ b/modules/lua/config.m4
@@ -34,7 +34,7 @@ AC_DEFUN([CHECK_LUA_PATH], [dnl
fi
])
-dnl Check for Lua 5.3/5.2/5.1 Libraries
+dnl Check for Lua Libraries
dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND])
dnl Sets:
dnl LUA_CFLAGS
@@ -44,7 +44,7 @@ AC_DEFUN([CHECK_LUA],
AC_ARG_WITH(
lua,
- [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.3/5.2/5.1 prefix])],
+ [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua installation prefix])],
lua_path="$withval",
:)
diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
index 05f1e44..18b628c 100644
--- a/modules/lua/mod_lua.c
+++ b/modules/lua/mod_lua.c
@@ -342,7 +342,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil
{
apr_pool_t *pool;
ap_lua_vm_spec *spec;
- int n, rc;
+ int n, rc, nres;
lua_State *L;
lua_filter_ctx *ctx;
ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config,
@@ -410,7 +410,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil
/* If a Lua filter is interested in filtering a request, it must first do a yield,
* otherwise we'll assume that it's not interested and pretend we didn't find it.
*/
- rc = lua_resume(L, 1);
+ rc = lua_resume(L, 1, &nres);
if (rc == LUA_YIELD) {
if (f->frec->providers == NULL) {
/* Not wired by mod_filter */
@@ -432,7 +432,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil
static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade *pbbIn)
{
request_rec *r = f->r;
- int rc;
+ int rc, nres;
lua_State *L;
lua_filter_ctx* ctx;
conn_rec *c = r->connection;
@@ -492,7 +492,7 @@ static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade
lua_setglobal(L, "bucket");
/* If Lua yielded, it means we have something to pass on */
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
if (olen > 0) {
@@ -524,7 +524,7 @@ static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade
apr_bucket *pbktEOS;
lua_pushnil(L);
lua_setglobal(L, "bucket");
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
apr_bucket *pbktOut;
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
@@ -558,7 +558,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f,
apr_off_t nBytes)
{
request_rec *r = f->r;
- int rc, lastCall = 0;
+ int rc, lastCall = 0, nres;
lua_State *L;
lua_filter_ctx* ctx;
conn_rec *c = r->connection;
@@ -621,7 +621,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f,
lua_setglobal(L, "bucket");
/* If Lua yielded, it means we have something to pass on */
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
pbktOut = apr_bucket_heap_create(output, olen, 0, c->bucket_alloc);
@@ -643,7 +643,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f,
apr_bucket *pbktEOS = apr_bucket_eos_create(c->bucket_alloc);
lua_pushnil(L);
lua_setglobal(L, "bucket");
- if (lua_resume(L, 0) == LUA_YIELD) {
+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) {
apr_bucket *pbktOut;
size_t olen;
const char* output = lua_tolstring(L, 1, &olen);
diff --git a/modules/lua/mod_lua.h b/modules/lua/mod_lua.h
index 0e49cdc..72b4de7 100644
--- a/modules/lua/mod_lua.h
+++ b/modules/lua/mod_lua.h
@@ -48,7 +48,15 @@
#if LUA_VERSION_NUM > 501
/* Load mode for lua_load() */
#define lua_load(a,b,c,d) lua_load(a,b,c,d,NULL)
-#define lua_resume(a,b) lua_resume(a, NULL, b)
+
+#if LUA_VERSION_NUM > 503
+#define lua_resume(a,b,c) lua_resume(a, NULL, b, c)
+#else
+/* ### For version < 5.4, assume that exactly one stack item is on the
+ * stack, which is what the code did before but seems dubious. */
+#define lua_resume(a,b,c) (*(c) = 1, lua_resume(a, NULL, b))
+#endif
+
#define luaL_setfuncs_compat(a,b) luaL_setfuncs(a,b,0)
#else
#define lua_rawlen(L,i) lua_objlen(L, (i))

BIN
httpd-2.4.46.tar.bz2
View File

Binary file not shown.

BIN
httpd-2.4.48.tar.bz2 Normal file
View File

Binary file not shown.

16
httpd.spec
View File

@ -7,8 +7,8 @@
Name: httpd
Summary: Apache HTTP Server
Version: 2.4.46
Release: 5
Version: 2.4.48
Release: 1
License: ASL 2.0
URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -65,16 +65,10 @@ Patch11: httpd-2.4.34-sslciphdefault.patch
Patch12: httpd-2.4.34-sslprotdefault.patch
Patch13: httpd-2.4.34-enable-sslv3.patch
Patch14: layout_add_openEuler.patch
Patch15: httpd-2.4.46-lua-resume.patch
Patch16: httpd-2.4.43-gettid.patch
Patch17: httpd-2.4.43-r1861793+.patch
Patch18: httpd-2.4.43-r1828172+.patch
Patch19: httpd-2.4.46-htcacheclean-dont-break.patch
Patch20: CVE-2021-26691.patch
Patch21: CVE-2020-13950.patch
Patch22: CVE-2020-35452.patch
Patch23: CVE-2021-30641.patch
Patch24: CVE-2021-26690.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -507,6 +501,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Tue Jul 13 2021 gaihuiying<gaihuiying1@huawei.com> - 2.4.48-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update to 2.4.48
* Wed Jun 23 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.46-5
- Type:cves
- ID:CVE-2021-26690