packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport patches

Browse Source
This commit is contained in:
xingwei 2025-04-16 03:32:16 +00:00
parent 979e52f822
commit f1b7701527
7 changed files with 321 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
backport-Check-SSL_CTX_new-return-value.patch Normal file
View File

@ -0,0 +1,41 @@
From c8c469b3a907ea263a888217d6d5c48c287205ec Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 20 Jan 2025 10:27:52 +0000
Subject: [PATCH] Merge r1916054 from trunk:
mod_ssl: Check SSL_CTX_new() return value
SSL_CTX_new() will return NULL if there was an error creating a new SSL context.
Submitted by: StephenWall
Github: closes #402
Reviewed by: jailletc36, rjung, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923248 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/c8c469b3a907ea263a888217d6d5c48c287205ec
---
modules/ssl/ssl_engine_init.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index beb5dac..b8150a9 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -704,6 +704,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
TLS_server_method(); /* server */
#endif
ctx = SSL_CTX_new(method);
+ if (ctx == NULL) {
+ /* Can fail for some system/install mis-configuration. */
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+ return ssl_die(s);
+ }
mctx->ssl_ctx = ctx;
--
2.33.0

43
backport-Fix-possible-crash-on-error-path.patch Normal file
View File

@ -0,0 +1,43 @@
From 000cd2291d3d2c40682ec607e8d3b0711ac5a097 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 20 Jan 2025 10:24:13 +0000
Subject: [PATCH] Merge r1921067 from trunk:
* Take care for the case where nkey is NULL
PR: 69358
Reported by: <zhora.budyukin111 gmail.com>
Submitted by: rpluem
Reviewed by: jailletc36, rjung, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923247 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/000cd2291d3d2c40682ec607e8d3b0711ac5a097
---
modules/cache/mod_cache_socache.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/modules/cache/mod_cache_socache.c b/modules/cache/mod_cache_socache.c
index f369004..341db53 100644
--- a/modules/cache/mod_cache_socache.c
+++ b/modules/cache/mod_cache_socache.c
@@ -694,9 +694,11 @@ fail:
return DECLINED;
}
}
- conf->provider->socache_provider->remove(
- conf->provider->socache_instance, r->server,
- (unsigned char *) nkey, strlen(nkey), r->pool);
+ if (nkey) {
+ conf->provider->socache_provider->remove(
+ conf->provider->socache_instance, r->server,
+ (unsigned char *) nkey, strlen(nkey), r->pool);
+ }
if (socache_mutex) {
apr_status_t status = apr_global_mutex_unlock(socache_mutex);
if (status != APR_SUCCESS) {
--
2.33.0

42
backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch Normal file
View File

@ -0,0 +1,42 @@
From c8c5aef865dd4dfcce6606cf5a4fba1e815adb0f Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Wed, 15 Jan 2025 12:03:59 +0000
Subject: [PATCH] *) Do not add a space before '|' when setting the value for
stickysession in the balancer manager as this breaks the stickysession
configuration once a new configuration is submitted by the balancer
manager. PR: 69510 trunk patch: https://svn.apache.org/r1923101
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923145 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/c8c5aef865dd4dfcce6606cf5a4fba1e815adb0f
---
modules/proxy/mod_proxy_balancer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index 6ec6383..77344c8 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -1704,7 +1704,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
balancer->max_workers - (int)storage->num_free_slots(balancer->wslot));
if (*balancer->s->sticky) {
if (strcmp(balancer->s->sticky, balancer->s->sticky_path)) {
- ap_rvputs(r, "<td>", ap_escape_html(r->pool, balancer->s->sticky), " | ",
+ ap_rvputs(r, "<td>", ap_escape_html(r->pool, balancer->s->sticky), "|",
ap_escape_html(r->pool, balancer->s->sticky_path), NULL);
}
else {
@@ -1889,7 +1889,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
ap_rputs("</tr>\n", r);
ap_rputs("<tr><td>Sticky Session:</td><td><input name='b_ss' id='b_ss' size=64 type=text ", r);
if (strcmp(bsel->s->sticky, bsel->s->sticky_path)) {
- ap_rvputs(r, "value =\"", ap_escape_html(r->pool, bsel->s->sticky), " | ",
+ ap_rvputs(r, "value =\"", ap_escape_html(r->pool, bsel->s->sticky), "|",
ap_escape_html(r->pool, bsel->s->sticky_path), NULL);
}
else {
--
2.33.0

59
backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch Normal file
View File

@ -0,0 +1,59 @@
From 8486d22d82e484e2e027db30722a9b74e6c99ab9 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Fri, 14 Feb 2025 09:16:23 +0000
Subject: [PATCH] Merge r1917017, r1923218 from trunk:
* server/core.c (set_override): Catch errors returned by
set_allow_opts() for a parsing fail in an Options= argument.
Submitted by: Zhou Qingyang <zhou1615 umn.edu>
Github: closes #310
Add a Changes entry related to r1917017
While at it, fix a small style issue (tab vs spaces)
Submitted by: jorton, jailletc36
Reviewed by: rjung (reduce code drift), jorton, jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923804 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/8486d22d82e484e2e027db30722a9b74e6c99ab9
---
changes-entries/github 310.txt | 3 +++
server/core.c | 6 ++++--
2 files changed, 7 insertions(+), 2 deletions(-)
create mode 100644 changes-entries/github 310.txt
diff --git a/changes-entries/github 310.txt b/changes-entries/github 310.txt
new file mode 100644
index 0000000..2d966cd
--- /dev/null
+++ b/changes-entries/github 310.txt
@@ -0,0 +1,3 @@
+ *) core: Report invalid Options= argument when parsing AllowOverride
+ directives.
+ Github #310 [Zhou Qingyang <zhou1615 umn.edu>]
diff --git a/server/core.c b/server/core.c
index e8ef728..1401863 100644
--- a/server/core.c
+++ b/server/core.c
@@ -1831,8 +1831,10 @@ static const char *set_override(cmd_parms *cmd, void *d_, const char *l)
}
else if (!ap_cstr_casecmp(k, "Options")) {
d->override |= OR_OPTIONS;
- if (v)
- set_allow_opts(cmd, &(d->override_opts), v);
+ if (v) {
+ if ((err = set_allow_opts(cmd, &(d->override_opts), v)) != NULL)
+ return err;
+ }
else
d->override_opts = OPT_ALL;
}
--
2.33.0

40
backport-fix-LogFormat-directive-merging.patch Normal file
View File

@ -0,0 +1,40 @@
From 9248113bed1c5c0c610c7108b447314cf2847fdc Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Tue, 7 Jan 2025 15:07:17 +0000
Subject: [PATCH] *) mod_log_config: Fix LogFormat directive merging
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1922961 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/9248113bed1c5c0c610c7108b447314cf2847fdc
---
changes-entries/pr65222.txt | 2 ++
modules/loggers/mod_log_config.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
create mode 100644 changes-entries/pr65222.txt
diff --git a/changes-entries/pr65222.txt b/changes-entries/pr65222.txt
new file mode 100644
index 0000000..8efffd6
--- /dev/null
+++ b/changes-entries/pr65222.txt
@@ -0,0 +1,2 @@
+ *) mod_log_config: Fix merging for the "LogFormat" directive.
+ PR: 65222. [Michael Kaufmann <mail michael-kaufmann.ch>]
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
index aba01f2..8a3c64a 100644
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -1263,7 +1263,7 @@ static void *merge_config_log_state(apr_pool_t *p, void *basev, void *addv)
add->default_format_string = base->default_format_string;
add->default_format = base->default_format;
}
- add->formats = apr_table_overlay(p, base->formats, add->formats);
+ add->formats = apr_table_overlay(p, add->formats, base->formats);
return add;
}
--
2.33.0

78
backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch Normal file
View File

@ -0,0 +1,78 @@
From 84a9b978e7a502e3d93e2d757af67f8f303cb615 Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Wed, 15 Jan 2025 11:51:28 +0000
Subject: [PATCH] svn merge -c 1910518,1910847,1912477,1918297
^/httpd/httpd/trunk . *) Easy patches: synch 2.4.x and trunk - ab:
Increase MAX_CONCURRENCY hard limit (from 20K to 200K) - ab: Fix X509
* leak - dav/fs/dbm.c: Remove error message references to "property"
databases - httpd.h: Fix comment
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923142 13f79535-47bb-0310-9956-ffa450edef68
Conflict:delete non-existent file STATUS
Reference:https://github.com/apache/httpd/commit/84a9b978e7a502e3d93e2d757af67f8f303cb615
---
include/httpd.h | 2 +-
modules/dav/fs/dbm.c | 4 ++--
support/ab.c | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/httpd.h b/include/httpd.h
index 61e02a9..3ee836a 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1114,7 +1114,7 @@ struct request_rec {
*/
int double_reverse;
/** Request flags associated with this request. Use
- * AP_REQUEST_GET_FLAGS() and AP_REQUEST_SET_FLAGS() to access
+ * AP_REQUEST_GET_BNOTE() and AP_REQUEST_SET_BNOTE() to access
* the elements of this field.
*/
ap_request_bnotes_t bnotes;
diff --git a/modules/dav/fs/dbm.c b/modules/dav/fs/dbm.c
index 347d75d..39ab4ad 100644
--- a/modules/dav/fs/dbm.c
+++ b/modules/dav/fs/dbm.c
@@ -100,7 +100,7 @@ static dav_error * dav_fs_dbm_error(dav_db *db, apr_pool_t *p,
/* There might not be a <db> if we had problems creating it. */
if (db == NULL) {
errcode = 1;
- errstr = "Could not open property database.";
+ errstr = "Could not open database.";
if (APR_STATUS_IS_EDSOOPEN(status))
ap_log_error(APLOG_MARK, APLOG_CRIT, status, ap_server_conf, APLOGNO(00576)
"The DBM driver could not be loaded");
@@ -147,7 +147,7 @@ dav_error * dav_dbm_open_direct(apr_pool_t *p, const char *pathname, int ro,
"mod_dav_fs: The DBM library '%s' could not be loaded: %s",
err->reason, err->msg);
return dav_new_error(p, HTTP_INTERNAL_SERVER_ERROR, 1, status,
- "Could not load library for property database.");
+ "Could not load library for database.");
}
if ((status = apr_dbm_open2(&file, driver, pathname,
ro ? APR_DBM_READONLY : APR_DBM_RWCREATE,
diff --git a/support/ab.c b/support/ab.c
index 3aa2660..eb8845c 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -292,7 +292,7 @@ struct data {
#define ap_max(a,b) (((a)>(b))?(a):(b))
#define ap_round_ms(a) ((apr_time_t)((a) + 500)/1000)
#define ap_double_ms(a) ((double)(a)/1000.0)
-#define MAX_CONCURRENCY 20000
+#define MAX_CONCURRENCY 200000
/* --------------------- GLOBALS ---------------------------- */
@@ -748,6 +748,7 @@ static void ssl_proceed_handshake(struct connection *c)
SSL_get_version(c->ssl),
SSL_CIPHER_get_name(ci),
pk_bits, sk_bits);
+ if (cert) X509_free(cert);
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
if (ssl_tmp_key == NULL) {
--
2.33.0

19
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd
Summary: Apache HTTP Server
Version: 2.4.58
Release: 8
Release: 9
License: ASL 2.0
URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -88,6 +88,12 @@ Patch34: backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differen
Patch35: backport-CVE-2024-38477-validate-hostsname.patch
Patch36: backport-CVE-2024-39884-maintain-trusted-flag.patch
Patch37: backport-CVE-2024-40725.patch
Patch38: backport-fix-LogFormat-directive-merging.patch
Patch39: backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch
Patch40: backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch
Patch41: backport-Fix-possible-crash-on-error-path.patch
Patch42: backport-Check-SSL_CTX_new-return-value.patch
Patch43: backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -525,6 +531,17 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Wed Apr 16 2025 xingwei <xingwei14@h-partners.com> - 2.4.58-9
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:mod_log_config: Fix LogFormat directive merging
Fix X509 leak and Increase MAX_CONCURRENCY hard limit
mod_proxy_balancer: Fix the handling of the stickysession
mod_cache_socache: Fix possible crash on error path
mod_ssl: Check SSL_CTX_new() return value
core: Report invalid Options argument when parsing AllowOverride directives
* Sat Mar 15 2025 mahailiang <mahailiang@uniontech.com> - 2.4.58-8
- Type:bugfix
- ID:NA