httpd/httpd-2.4.57-selinux.patch

diff --git a/configure.in b/configure.in
index 3932407..00e2369 100644
--- a/configure.in
+++ b/configure.in
@@ -531,6 +531,11 @@ gettid
 dnl confirm that a void pointer is large enough to store a long integer
 APACHE_CHECK_VOID_PTR_LEN
 
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+   APR_ADDTO(HTTPD_LIBS, [-lselinux])
+])
+
 if test $ac_cv_func_gettid = no; then
   # On Linux before glibc 2.30, gettid() is only usable via syscall()
   AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,
diff --git a/server/core.c b/server/core.c
index 8970a50..ff1024d 100644
--- a/server/core.c
+++ b/server/core.c
@@ -65,6 +65,10 @@
 #include <unistd.h>
 #endif
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 /* LimitRequestBody handling */
 #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
 #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
@@ -5170,6 +5174,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
     }
 #endif
 
+#ifdef HAVE_SELINUX
+    {
+        static int already_warned = 0;
+        int is_enabled = is_selinux_enabled() > 0;
+        
+        if (is_enabled && !already_warned) {
+            security_context_t con;
+            
+            if (getcon(&con) == 0) {
+                
+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+                             "SELinux policy enabled; "
+                             "httpd running as context %s", con);
+                
+                already_warned = 1;
+                
+                freecon(con);
+            }
+        }
+    }
+#endif
+
     return OK;
 }
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`diff --git a/configure.in b/configure.in`
new version 2.4.59 Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) 2024-05-03 11:51:17 +00:00			`index 3932407..00e2369 100644`
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`--- a/configure.in`
			`+++ b/configure.in`
new version 2.4.59 Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) 2024-05-03 11:51:17 +00:00			`@@ -531,6 +531,11 @@ gettid`
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`dnl confirm that a void pointer is large enough to store a long integer`
			`APACHE_CHECK_VOID_PTR_LEN`

			`+AC_CHECK_LIB(selinux, is_selinux_enabled, [`
			`+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])`
			`+ APR_ADDTO(HTTPD_LIBS, [-lselinux])`
			`+])`
			`+`
new version 2.4.59 Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) 2024-05-03 11:51:17 +00:00			`if test $ac_cv_func_gettid = no; then`
			`# On Linux before glibc 2.30, gettid() is only usable via syscall()`
			`AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid,`
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`diff --git a/server/core.c b/server/core.c`
new version 2.4.59 Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) 2024-05-03 11:51:17 +00:00			`index 8970a50..ff1024d 100644`
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`--- a/server/core.c`
			`+++ b/server/core.c`
Resolves: #2184403 - rebase httpd to 2.4.57 Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy 2023-04-11 12:31:37 +00:00			`@@ -65,6 +65,10 @@`
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`#include <unistd.h>`
			`#endif`

			`+#ifdef HAVE_SELINUX`
			`+#include <selinux/selinux.h>`
			`+#endif`
			`+`
			`/* LimitRequestBody handling */`
			`#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)`
Resolves: #2184403 - rebase httpd to 2.4.57 Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy 2023-04-11 12:31:37 +00:00			`#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */`
new version 2.4.59 Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) 2024-05-03 11:51:17 +00:00			`@@ -5170,6 +5174,28 @@ static int core_post_config(apr_pool_t pconf, apr_pool_t plog, apr_pool_t *pte`
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/httpd#c8bf9e154099a01a8f30dde2e71cdb5d9fe40842 2020-10-15 10:30:30 +00:00			`}`
			`#endif`

			`+#ifdef HAVE_SELINUX`
			`+ {`
			`+ static int already_warned = 0;`
			`+ int is_enabled = is_selinux_enabled() > 0;`
			`+`
			`+ if (is_enabled && !already_warned) {`
			`+ security_context_t con;`
			`+`
			`+ if (getcon(&con) == 0) {`
			`+`
			`+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,`
			`+ "SELinux policy enabled; "`
			`+ "httpd running as context %s", con);`
			`+`
			`+ already_warned = 1;`
			`+`
			`+ freecon(con);`
			`+ }`
			`+ }`
			`+ }`
			`+#endif`
			`+`
			`return OK;`
			`}`