diff --git a/CVE-2020-13950.patch b/CVE-2020-13950.patch deleted file mode 100644 index 93ac841..0000000 --- a/CVE-2020-13950.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001 -From: Yann Ylavic -Date: Mon, 11 May 2015 15:48:58 +0000 -Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection - may be NULL during prefetch, don't try to dereference it! Still - origin->keepalive will be set according to p_conn->close by the caller - (proxy_http_handler). - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68 ---- - modules/proxy/mod_proxy_http.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c -index 044bfcd..4a5b851 100644 ---- a/modules/proxy/mod_proxy_http.c -+++ b/modules/proxy/mod_proxy_http.c -@@ -577,7 +577,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req, - apr_off_t bytes; - int force10, rv; - apr_read_type_e block; -- conn_rec *origin = p_conn->connection; - - if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) { - if (req->expecting_100) { -@@ -637,7 +636,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req, - "chunked body with Content-Length (C-L ignored)", - c->client_ip, c->remote_host ? c->remote_host: ""); - req->old_cl_val = NULL; -- origin->keepalive = AP_CONN_CLOSE; - p_conn->close = 1; - } - --- -2.23.0 - diff --git a/CVE-2020-35452.patch b/CVE-2020-35452.patch deleted file mode 100644 index 5f86235..0000000 --- a/CVE-2020-35452.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3b6431eb9c9dba603385f70a2131ab4a01bf0d3b Mon Sep 17 00:00:00 2001 -From: Yann Ylavic -Date: Mon, 18 Jan 2021 17:39:12 +0000 -Subject: [PATCH] Merge r1885659 from trunk: - -mod_auth_digest: Fast validation of the nonce's base64 to fail early if - the format can't match anyway. - -Submitted by: ylavic -Reviewed by: ylavic, covener, jailletc36 - - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68 ---- - modules/aaa/mod_auth_digest.c | 9 +++++++-- - 1 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c -index 1b5a204278f..d126387cc7f 100644 ---- a/modules/aaa/mod_auth_digest.c -+++ b/modules/aaa/mod_auth_digest.c -@@ -1426,9 +1426,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp, - time_rec nonce_time; - char tmp, hash[NONCE_HASH_LEN+1]; - -- if (strlen(resp->nonce) != NONCE_LEN) { -+ /* Since the time part of the nonce is a base64 encoding of an -+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise. -+ */ -+ if (strlen(resp->nonce) != NONCE_LEN -+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775) -- "invalid nonce %s received - length is not %d", -+ "invalid nonce '%s' received - length is not %d " -+ "or time encoding is incorrect", - resp->nonce, NONCE_LEN); - note_digest_auth_failure(r, conf, resp, 1); - return HTTP_UNAUTHORIZED; diff --git a/CVE-2021-26690.patch b/CVE-2021-26690.patch deleted file mode 100644 index 2c3d49d..0000000 --- a/CVE-2021-26690.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001 -From: Yann Ylavic -Date: Mon, 1 Mar 2021 20:07:08 +0000 -Subject: [PATCH] mod_session: save one apr_strtok() in - session_identity_decode(). - -When the encoding is invalid (missing '='), no need to parse further. - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68 ---- - modules/session/mod_session.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c -index a2b4a3e608b..01f41fe5d0f 100644 ---- a/modules/session/mod_session.c -+++ b/modules/session/mod_session.c -@@ -413,8 +413,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z) - char *plast = NULL; - const char *psep = "="; - char *key = apr_strtok(pair, psep, &plast); -- char *val = apr_strtok(NULL, psep, &plast); - if (key && *key) { -+ char *val = apr_strtok(NULL, sep, &plast); - if (!val || !*val) { - apr_table_unset(z->entries, key); - } diff --git a/CVE-2021-26691.patch b/CVE-2021-26691.patch deleted file mode 100644 index 1d0f11d..0000000 --- a/CVE-2021-26691.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 7e09dd714fc62c08c5b0319ed7b9702594faf49b Mon Sep 17 00:00:00 2001 -From: Yann Ylavic -Date: Mon, 1 Mar 2021 20:13:54 +0000 -Subject: [PATCH] mod_session: account for the '&' in identity_concat(). - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68 ---- - modules/session/mod_session.c | 3 +-- - 1 files changed, 1 insertions(+), 2 deletions(-) - -diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c -index 01f41fe5d0f..a41e58444f9 100644 ---- a/modules/session/mod_session.c -+++ b/modules/session/mod_session.c -@@ -326,7 +326,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z, - static int identity_count(void *v, const char *key, const char *val) - { - int *count = v; -- *count += strlen(key) * 3 + strlen(val) * 3 + 1; -+ *count += strlen(key) * 3 + strlen(val) * 3 + 2; - return 1; - } - -@@ -362,7 +362,6 @@ static int identity_concat(void *v, const char *key, const char *val) - */ - static apr_status_t session_identity_encode(request_rec * r, session_rec * z) - { -- - char *buffer = NULL; - int length = 0; - if (z->expiry) { diff --git a/CVE-2021-30641.patch b/CVE-2021-30641.patch deleted file mode 100644 index 042b013..0000000 --- a/CVE-2021-30641.patch +++ /dev/null @@ -1,62 +0,0 @@ -From eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 Mon Sep 17 00:00:00 2001 -From: Eric Covener -Date: Wed, 21 Apr 2021 01:10:12 +0000 -Subject: [PATCH] Merge r1889036 from trunk: - -legacy default slash-matching behavior w/ 'MergeSlashes OFF' - -Submitted By: Ruediger Pluem -Reviewed By: covener, rpluem, ylavic - - - - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1889038 13f79535-47bb-0310-9956-ffa450edef68 ---- - server/request.c | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -diff --git a/server/request.c b/server/request.c -index 0f150a763d6..299eae04d3f 100644 ---- a/server/request.c -+++ b/server/request.c -@@ -1420,7 +1420,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) - - cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r); - cached = (cache->cached != NULL); -- entry_uri = r->uri; -+ -+ /* -+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri -+ * have not been merged. But for Location walks we always go with merged -+ * slashes no matter what merge_slashes is set to. -+ */ -+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { -+ entry_uri = r->uri; -+ } -+ else { -+ char *uri = apr_pstrdup(r->pool, r->uri); -+ ap_no2slash(uri); -+ entry_uri = uri; -+ } - - /* If we have an cache->cached location that matches r->uri, - * and the vhost's list of locations hasn't changed, we can skip -@@ -1488,7 +1501,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) - pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t)); - } - -- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) { -+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) { - continue; - } - -@@ -1498,7 +1511,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) - apr_table_setn(r->subprocess_env, - ((const char **)entry_core->refs->elts)[i], - apr_pstrndup(r->pool, -- entry_uri + pmatch[i].rm_so, -+ r->uri + pmatch[i].rm_so, - pmatch[i].rm_eo - pmatch[i].rm_so)); - } - } diff --git a/httpd-2.4.46-lua-resume.patch b/httpd-2.4.46-lua-resume.patch deleted file mode 100644 index 1a22008..0000000 --- a/httpd-2.4.46-lua-resume.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff --git a/modules/lua/config.m4 b/modules/lua/config.m4 -index 29fd563..abeba1c 100644 ---- a/modules/lua/config.m4 -+++ b/modules/lua/config.m4 -@@ -34,7 +34,7 @@ AC_DEFUN([CHECK_LUA_PATH], [dnl - fi - ]) - --dnl Check for Lua 5.3/5.2/5.1 Libraries -+dnl Check for Lua Libraries - dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]) - dnl Sets: - dnl LUA_CFLAGS -@@ -44,7 +44,7 @@ AC_DEFUN([CHECK_LUA], - - AC_ARG_WITH( - lua, -- [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.3/5.2/5.1 prefix])], -+ [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua installation prefix])], - lua_path="$withval", - :) - -diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c -index 05f1e44..18b628c 100644 ---- a/modules/lua/mod_lua.c -+++ b/modules/lua/mod_lua.c -@@ -342,7 +342,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil - { - apr_pool_t *pool; - ap_lua_vm_spec *spec; -- int n, rc; -+ int n, rc, nres; - lua_State *L; - lua_filter_ctx *ctx; - ap_lua_server_cfg *server_cfg = ap_get_module_config(r->server->module_config, -@@ -410,7 +410,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil - /* If a Lua filter is interested in filtering a request, it must first do a yield, - * otherwise we'll assume that it's not interested and pretend we didn't find it. - */ -- rc = lua_resume(L, 1); -+ rc = lua_resume(L, 1, &nres); - if (rc == LUA_YIELD) { - if (f->frec->providers == NULL) { - /* Not wired by mod_filter */ -@@ -432,7 +432,7 @@ static apr_status_t lua_setup_filter_ctx(ap_filter_t* f, request_rec* r, lua_fil - static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade *pbbIn) - { - request_rec *r = f->r; -- int rc; -+ int rc, nres; - lua_State *L; - lua_filter_ctx* ctx; - conn_rec *c = r->connection; -@@ -492,7 +492,7 @@ static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade - lua_setglobal(L, "bucket"); - - /* If Lua yielded, it means we have something to pass on */ -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); - if (olen > 0) { -@@ -524,7 +524,7 @@ static apr_status_t lua_output_filter_handle(ap_filter_t *f, apr_bucket_brigade - apr_bucket *pbktEOS; - lua_pushnil(L); - lua_setglobal(L, "bucket"); -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - apr_bucket *pbktOut; - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); -@@ -558,7 +558,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f, - apr_off_t nBytes) - { - request_rec *r = f->r; -- int rc, lastCall = 0; -+ int rc, lastCall = 0, nres; - lua_State *L; - lua_filter_ctx* ctx; - conn_rec *c = r->connection; -@@ -621,7 +621,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f, - lua_setglobal(L, "bucket"); - - /* If Lua yielded, it means we have something to pass on */ -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); - pbktOut = apr_bucket_heap_create(output, olen, 0, c->bucket_alloc); -@@ -643,7 +643,7 @@ static apr_status_t lua_input_filter_handle(ap_filter_t *f, - apr_bucket *pbktEOS = apr_bucket_eos_create(c->bucket_alloc); - lua_pushnil(L); - lua_setglobal(L, "bucket"); -- if (lua_resume(L, 0) == LUA_YIELD) { -+ if (lua_resume(L, 0, &nres) == LUA_YIELD && nres == 1) { - apr_bucket *pbktOut; - size_t olen; - const char* output = lua_tolstring(L, 1, &olen); -diff --git a/modules/lua/mod_lua.h b/modules/lua/mod_lua.h -index 0e49cdc..72b4de7 100644 ---- a/modules/lua/mod_lua.h -+++ b/modules/lua/mod_lua.h -@@ -48,7 +48,15 @@ - #if LUA_VERSION_NUM > 501 - /* Load mode for lua_load() */ - #define lua_load(a,b,c,d) lua_load(a,b,c,d,NULL) --#define lua_resume(a,b) lua_resume(a, NULL, b) -+ -+#if LUA_VERSION_NUM > 503 -+#define lua_resume(a,b,c) lua_resume(a, NULL, b, c) -+#else -+/* ### For version < 5.4, assume that exactly one stack item is on the -+ * stack, which is what the code did before but seems dubious. */ -+#define lua_resume(a,b,c) (*(c) = 1, lua_resume(a, NULL, b)) -+#endif -+ - #define luaL_setfuncs_compat(a,b) luaL_setfuncs(a,b,0) - #else - #define lua_rawlen(L,i) lua_objlen(L, (i)) diff --git a/httpd-2.4.46.tar.bz2 b/httpd-2.4.46.tar.bz2 deleted file mode 100644 index ee55f07..0000000 Binary files a/httpd-2.4.46.tar.bz2 and /dev/null differ diff --git a/httpd-2.4.48.tar.bz2 b/httpd-2.4.48.tar.bz2 new file mode 100644 index 0000000..df5af15 Binary files /dev/null and b/httpd-2.4.48.tar.bz2 differ diff --git a/httpd.spec b/httpd.spec index 2df0203..7e4d824 100644 --- a/httpd.spec +++ b/httpd.spec @@ -7,8 +7,8 @@ Name: httpd Summary: Apache HTTP Server -Version: 2.4.46 -Release: 5 +Version: 2.4.48 +Release: 1 License: ASL 2.0 URL: https://httpd.apache.org/ Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 @@ -65,16 +65,10 @@ Patch11: httpd-2.4.34-sslciphdefault.patch Patch12: httpd-2.4.34-sslprotdefault.patch Patch13: httpd-2.4.34-enable-sslv3.patch Patch14: layout_add_openEuler.patch -Patch15: httpd-2.4.46-lua-resume.patch Patch16: httpd-2.4.43-gettid.patch Patch17: httpd-2.4.43-r1861793+.patch Patch18: httpd-2.4.43-r1828172+.patch Patch19: httpd-2.4.46-htcacheclean-dont-break.patch -Patch20: CVE-2021-26691.patch -Patch21: CVE-2020-13950.patch -Patch22: CVE-2020-35452.patch -Patch23: CVE-2021-30641.patch -Patch24: CVE-2021-26690.patch BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel @@ -507,6 +501,12 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Tue Jul 13 2021 gaihuiying - 2.4.48-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update to 2.4.48 + * Wed Jun 23 2021 gaihuiying - 2.4.46-5 - Type:cves - ID:CVE-2021-26690