From 30c01a09c12a47d594d6f9cc59a6824bb07cae7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Mon, 11 Apr 2022 15:13:04 +0200
Subject: [PATCH] Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache
 HTTPD using

  SetEnv or PassEnv
---
 httpd-2.4.51-r1811831.patch | 81 +++++++++++++++++++++++++++++++++++++
 httpd.spec                  |  9 ++++-
 2 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 httpd-2.4.51-r1811831.patch

diff --git a/httpd-2.4.51-r1811831.patch b/httpd-2.4.51-r1811831.patch
new file mode 100644
index 0000000..b8d8215
--- /dev/null
+++ b/httpd-2.4.51-r1811831.patch
@@ -0,0 +1,81 @@
+diff --git a/server/util_script.c b/server/util_script.c
+index 4121ae0..b7f8674 100644
+--- a/server/util_script.c
++++ b/server/util_script.c
+@@ -92,9 +92,21 @@ static void add_unless_null(apr_table_t *table, const char *name, const char *va
+     }
+ }
+ 
+-static void env2env(apr_table_t *table, const char *name)
++/* Sets variable @name in table @dest from r->subprocess_env if
++ * available, else from the environment, else from @fallback if
++ * non-NULL. */
++static void env2env(apr_table_t *dest, request_rec *r,
++                    const char *name, const char *fallback)
+ {
+-    add_unless_null(table, name, getenv(name));
++    const char *val;
++
++    val = apr_table_get(r->subprocess_env, name);
++    if (!val)
++        val = apr_pstrdup(r->pool, getenv(name));
++    if (!val)
++        val = apr_pstrdup(r->pool, fallback);
++    if (val)
++        apr_table_addn(dest, name, val);
+ }
+ 
+ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
+@@ -211,37 +223,29 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
+             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
+     }
+ 
+-    env_temp = apr_table_get(r->subprocess_env, "PATH");
+-    if (env_temp == NULL) {
+-        env_temp = getenv("PATH");
+-    }
+-    if (env_temp == NULL) {
+-        env_temp = DEFAULT_PATH;
+-    }
+-    apr_table_addn(e, "PATH", apr_pstrdup(r->pool, env_temp));
+-
++    env2env(e, r, "PATH", DEFAULT_PATH);
+ #if defined(WIN32)
+-    env2env(e, "SystemRoot");
+-    env2env(e, "COMSPEC");
+-    env2env(e, "PATHEXT");
+-    env2env(e, "WINDIR");
++    env2env(e, r, "SystemRoot", NULL);
++    env2env(e, r, "COMSPEC", NULL);
++    env2env(e, r, "PATHEXT", NULL);
++    env2env(e, r, "WINDIR", NULL);
+ #elif defined(OS2)
+-    env2env(e, "COMSPEC");
+-    env2env(e, "ETC");
+-    env2env(e, "DPATH");
+-    env2env(e, "PERLLIB_PREFIX");
++    env2env(e, r, "COMSPEC", NULL);
++    env2env(e, r, "ETC", NULL);
++    env2env(e, r, "DPATH", NULL);
++    env2env(e, r, "PERLLIB_PREFIX", NULL);
+ #elif defined(BEOS)
+-    env2env(e, "LIBRARY_PATH");
++    env2env(e, r, "LIBRARY_PATH", NULL);
+ #elif defined(DARWIN)
+-    env2env(e, "DYLD_LIBRARY_PATH");
++    env2env(e, r, "DYLD_LIBRARY_PATH", NULL);
+ #elif defined(_AIX)
+-    env2env(e, "LIBPATH");
++    env2env(e, r, "LIBPATH", NULL);
+ #elif defined(__HPUX__)
+     /* HPUX PARISC 2.0W knows both, otherwise redundancy is harmless */
+-    env2env(e, "SHLIB_PATH");
+-    env2env(e, "LD_LIBRARY_PATH");
++    env2env(e, r, "SHLIB_PATH", NULL);
++    env2env(e, r, "LD_LIBRARY_PATH", NULL);
+ #else /* Some Unix */
+-    env2env(e, "LD_LIBRARY_PATH");
++    env2env(e, r, "LD_LIBRARY_PATH", NULL);
+ #endif
+ 
+     apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
diff --git a/httpd.spec b/httpd.spec
index e7040df..0e5dcc3 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.51
-Release: 7%{?dist}
+Release: 8%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -107,6 +107,8 @@ Patch64: httpd-2.4.48-full-release.patch
 Patch65: httpd-2.4.51-r1877397.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1938740
 Patch66: httpd-2.4.51-r1892413+.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2073459
+Patch67: httpd-2.4.51-r1811831.patch
 
 # Security fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=2034674
@@ -269,6 +271,7 @@ written in the Lua programming language.
 %patch64 -p1 -b .full-release
 %patch65 -p1 -b .r1877397
 %patch66 -p1 -b .r1892413+
+%patch67 -p1 -b .r1811831
 
 %patch200 -p1 -b .CVE-2021-44790
 %patch201 -p1 -b .CVE-2022-22720
@@ -819,6 +822,10 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Mon Apr 11 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-8
+- Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
+  SetEnv or PassEnv
+
 * Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-7
 - Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling
   vulnerability in Apache HTTP Server 2.4.52 and earlier