fix CVE-2022-28615

2022-06-17 16:25:08 +08:00 · 2022-06-17 16:25:08 +08:00 · cb9594df3e
commit cb9594df3e
parent 5e6c1b061a
2 changed files with 42 additions and 1 deletions
--- a/backport-CVE-2022-28615.patch
+++ b/backport-CVE-2022-28615.patch
@ -0,0 +1,34 @@
+From 929c7156cefdd2f74f83dcab2b15b2d09e80ec82 Mon Sep 17 00:00:00 2001
+From: covener <covener@apache.org>
+Date: Wed Jun 1 12:20:56 2022 UTC
+Subject: [PATCH] ap_strcasecmp_match/ap_strcmp_match:fix types
+
+---
+ server/util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/server/util.c b/server/util.c
+index 633648c..09ac0c5 100644
+--- a/server/util.c
+++ b/server/util.c
+@@ -185,7 +185,7 @@ AP_DECLARE(char *) ap_ht_time(apr_pool_t *p, apr_time_t t, const char *fmt,
+  */
+ AP_DECLARE(int) ap_strcmp_match(const char *str, const char *expected)
+ {
+-    int x, y;
+    apr_size_t x, y;
+ 
+     for (x = 0, y = 0; expected[y]; ++y, ++x) {
+         if (expected[y] == '*') {
+@@ -209,7 +209,7 @@ AP_DECLARE(int) ap_strcmp_match(const char *str, const char *expected)
+ 
+ AP_DECLARE(int) ap_strcasecmp_match(const char *str, const char *expected)
+ {
+-    int x, y;
+    apr_size_t x, y;
+ 
+     for (x = 0, y = 0; expected[y]; ++y, ++x) {
+         if (!str[x] && expected[y] != '*')
+-- 
+1.8.3.1
+
--- a/httpd.spec
+++ b/httpd.spec
@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.51
-Release:          3
+Release:          4
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -77,6 +77,7 @@ Patch23:          backport-002-CVE-2022-23934.patch
 Patch24:          backport-CVE-2021-44790.patch
 Patch25:          backport-001-CVE-2021-44224.patch
 Patch26:          backport-002-CVE-2021-44224.patch
+Patch27:          backport-CVE-2022-28615.patch

 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@ -509,6 +510,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd

 %changelog
+* Mon Jun 20 2022 chengyechun <chengyechun1@huawei.com> - 2.4.51-4
+- Type:CVE
+- ID:NA
+- SUG:restart
+- DESC:fix CVE-2022-28615
+
 * Wed Mar 30 2022 yanglu <yanglu72@h-partners.com> - 2.4.51-3
 - Type:cves
 - ID:NA