packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-28615

Browse Source
This commit is contained in:
chengyechun 2022-06-17 16:25:08 +08:00
parent 5e6c1b061a
commit cb9594df3e
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2022-28615.patch Normal file
View File

@ -0,0 +1,34 @@
From 929c7156cefdd2f74f83dcab2b15b2d09e80ec82 Mon Sep 17 00:00:00 2001
From: covener <covener@apache.org>
Date: Wed Jun 1 12:20:56 2022 UTC
Subject: [PATCH] ap_strcasecmp_match/ap_strcmp_match:fix types
---
server/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/util.c b/server/util.c
index 633648c..09ac0c5 100644
--- a/server/util.c
+++ b/server/util.c
@@ -185,7 +185,7 @@ AP_DECLARE(char *) ap_ht_time(apr_pool_t *p, apr_time_t t, const char *fmt,
*/
AP_DECLARE(int) ap_strcmp_match(const char *str, const char *expected)
{
- int x, y;
+ apr_size_t x, y;
for (x = 0, y = 0; expected[y]; ++y, ++x) {
if (expected[y] == '*') {
@@ -209,7 +209,7 @@ AP_DECLARE(int) ap_strcmp_match(const char *str, const char *expected)
AP_DECLARE(int) ap_strcasecmp_match(const char *str, const char *expected)
{
- int x, y;
+ apr_size_t x, y;
for (x = 0, y = 0; expected[y]; ++y, ++x) {
if (!str[x] && expected[y] != '*')
--
1.8.3.1

9
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd Name: httpd
Summary: Apache HTTP Server Summary: Apache HTTP Server
Version: 2.4.51 Version: 2.4.51
Release: 3 Release: 4
License: ASL 2.0 License: ASL 2.0
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -77,6 +77,7 @@ Patch23: backport-002-CVE-2022-23934.patch
Patch24: backport-CVE-2021-44790.patch Patch24: backport-CVE-2021-44790.patch
Patch25: backport-001-CVE-2021-44224.patch Patch25: backport-001-CVE-2021-44224.patch
Patch26: backport-002-CVE-2021-44224.patch Patch26: backport-002-CVE-2021-44224.patch
Patch27: backport-CVE-2022-28615.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -509,6 +510,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Mon Jun 20 2022 chengyechun <chengyechun1@huawei.com> - 2.4.51-4
- Type:CVE
- ID:NA
- SUG:restart
- DESC:fix CVE-2022-28615
* Wed Mar 30 2022 yanglu <yanglu72@h-partners.com> - 2.4.51-3 * Wed Mar 30 2022 yanglu <yanglu72@h-partners.com> - 2.4.51-3
- Type:cves - Type:cves
- ID:NA - ID:NA