import httpd-2.4.53-11.el9_2.4

SOURCES/httpd-2.4.53-proxy-util-loglevel.patch

@@ -0,0 +1,14 @@
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index e488aa6..8267f1b 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -3121,7 +3121,7 @@ PROXY_DECLARE(apr_status_t) ap_proxy_check_connection(const char *scheme,
+                          "%s: backend socket is disconnected.", scheme);
+         }
+         else {
+-            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, server, APLOGNO(03408)
++            ap_log_error(APLOG_MARK, APLOG_INFO, 0, server, APLOGNO(03408)
+                          "%s: reusable backend connection is not empty: "
+                          "forcibly closed", scheme);
+         }
+

SPECS/httpd.spec

@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.53
-Release: 7%{?dist}.5
+Release: 11%{?dist}.4
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -114,6 +114,8 @@ Patch66: httpd-2.4.51-r1892413+.patch
 Patch67: httpd-2.4.51-r1811831.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2098056
 Patch68: httpd-2.4.53-r1878890.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2151313
+Patch69: httpd-2.4.53-proxy-util-loglevel.patch
 
 # Security fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=2094997
@@ -168,7 +170,7 @@ Requires: httpd-filesystem = %{version}-%{release}
 Requires(pre): httpd-filesystem
 Conflicts: apr < 1.5.0-1
 Conflicts: httpd < 2.4.53-3
-Conflicts: mod_http2 < 1.15.19-3%{?dist}.4
+Conflicts: mod_http2 < 1.15.19-4%{?dist}.3
 Obsoletes: mod_proxy_uwsgi < 2.0.17.1-2
 
 %description core
@@ -221,7 +223,7 @@ Epoch: 1
 BuildRequires: openssl-devel
 Requires(pre): httpd-filesystem
 Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires: sscg >= 2.2.0, /usr/bin/hostname
+Requires: sscg >= 3.0.0-7, /usr/bin/hostname
 # Require an OpenSSL which supports PROFILE=SYSTEM
 Conflicts: openssl-libs < 1:1.0.1h-4
 
@@ -305,6 +307,7 @@ written in the Lua programming language.
 %patch66 -p1 -b .r1892413+
 %patch67 -p1 -b .r1811831
 %patch68 -p1 -b .r1878890
+%patch69 -p1 -b .proxyutil-loglevel
 
 %patch200 -p1 -b .CVE-2022-26377
 %patch201 -p1 -b .CVE-2022-28615
@@ -876,18 +879,26 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
-* Thu Mar 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7.5
-- Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with
+* Sat Mar 18 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11.4
+- Resolves: #2177752 - CVE-2023-25690 httpd: HTTP request splitting with
   mod_rewrite and mod_proxy 
 
-* Tue Jan 31 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7.1
-- Resolves: #2165975 - prevent sscg creating /dhparams.pem
-- Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
+* Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
+- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
   of zero byte
-- Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
-- Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
+- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
+- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
   smuggling
 
+* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
+- Resolves: #2160667 - prevent sscg creating /dhparams.pem
+
+* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
+- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
+
+* Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
+- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
+
 * Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
 - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
   smuggling