import UBI httpd-2.4.37-64.module+el8.10.0+21332+dfb1b40e

2024-05-22 13:20:45 +00:00 · 2024-05-22 13:20:45 +00:00 · 414eaf2ac7
commit 414eaf2ac7
parent c10b412a0d
3 changed files with 65 additions and 1 deletions
--- a/SOURCES/httpd-2.4.37-CVE-2023-31122.patch
+++ b/SOURCES/httpd-2.4.37-CVE-2023-31122.patch
@ -0,0 +1,11 @@
+--- a/modules/core/mod_macro.c	2023/10/16 06:19:16	1912992
+++ b/modules/core/mod_macro.c	2023/10/16 06:38:32	1912993
+@@ -483,7 +483,7 @@
+     for (i = 0; i < contents->nelts; i++) {
+         const char *errmsg;
+         /* copy the line and substitute macro parameters */
+-        strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1);
+        apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
+         errmsg = substitute_macro_args(line, MAX_STRING_LEN,
+                                        macro, replacements, used);
+         if (errmsg) {
--- a/SOURCES/httpd-2.4.57-r1884505+.patch
+++ b/SOURCES/httpd-2.4.57-r1884505+.patch
@ -0,0 +1,39 @@
+# ./pullrev.sh 1884505 1915625
+http://svn.apache.org/viewvc?view=revision&revision=1884505
+http://svn.apache.org/viewvc?view=revision&revision=1915625
+
+--- httpd-2.4.57/modules/filters/mod_xml2enc.c
+++ httpd-2.4.57/modules/filters/mod_xml2enc.c
+@@ -329,7 +329,7 @@
+     apr_bucket* bstart;
+     apr_size_t insz = 0;
+     int pending_meta = 0;
+-    char *ctype;
+    char *mtype;
+     char *p;
+ 
+     if (!ctx || !f->r->content_type) {
+@@ -338,13 +338,17 @@
+         return ap_pass_brigade(f->next, bb) ;
+     }
+ 
+-    ctype = apr_pstrdup(f->r->pool, f->r->content_type);
+-    for (p = ctype; *p; ++p)
+-        if (isupper(*p))
+-            *p = tolower(*p);
+    /* Extract the media type, ignoring parameters in content-type. */
+    mtype = apr_pstrdup(f->r->pool, f->r->content_type);
+    if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0';
+    ap_str_tolower(mtype);
+ 
+-    /* only act if starts-with "text/" or contains "xml" */
+-    if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml"))  {
+    /* Accept text/ types, plus any XML media type per RFC 7303. */
+    if (!(strncmp(mtype, "text/", 5) == 0
+          || strcmp(mtype, "application/xml") == 0
+          || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */
+              && (p = strstr(mtype, "+xml")) != NULL
+              && strlen(p) == 4 /* ensures +xml is a suffix */))) {
+         ap_remove_output_filter(f);
+         return ap_pass_brigade(f->next, bb) ;
+     }
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.37
-Release: 62%{?dist}
+Release: 64%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source2: httpd.logrotate
@ -169,6 +169,8 @@ Patch91: httpd-2.4.37-add-SNI-support.patch
 Patch92: httpd-2.4.37-mod_status-duplicate-key.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2221083
 Patch93: httpd-2.4.37-r1885607.patch
+# https://issues.redhat.com/browse/RHEL-14321
+Patch94: httpd-2.4.57-r1884505+.patch

 # Security fixes
 Patch200: httpd-2.4.37-r1851471.patch
@ -254,6 +256,8 @@ Patch237: httpd-2.4.37-CVE-2022-36760.patch
 Patch238: httpd-2.4.37-CVE-2023-25690.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2176211
 Patch239: httpd-2.4.37-CVE-2023-27522.patch
+# https://issues.redhat.com/browse/RHEL-14448
+Patch240: httpd-2.4.37-CVE-2023-31122.patch

 License: ASL 2.0
 Group: System Environment/Daemons
@ -437,6 +441,7 @@ interface for storing and accessing per-user session data.
 %patch91 -p1 -b .SNI
 %patch92 -p1 -b .mod_status-dupl
 %patch93 -p1 -b .r1885607
+%patch94 -p1 -b .r1884505+

 %patch200 -p1 -b .r1851471
 %patch201 -p1 -b .CVE-2019-0211
@ -478,6 +483,7 @@ interface for storing and accessing per-user session data.
 %patch237 -p1 -b .CVE-2022-36760
 %patch238 -p1 -b .CVE-2023-25690
 %patch239 -p1 -b .CVE-2023-27522
+%patch240 -p1 -b .CVE-2023-31122

 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -983,6 +989,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd

 %changelog
+* Fri Feb 16 2024 Joe Orton <jorton@redhat.com> - 2.4.37-64
+- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read
+  vulnerability (CVE-2023-31122)
+
+* Wed Feb 14 2024 Joe Orton <jorton@redhat.com> - 2.4.37-63
+- mod_xml2enc: fix media type handling
+  Resolves: RHEL-14321
+
 * Thu Aug 17 2023 Johnny Hughes <jhughes@redhat.com> - 2.4.37-62
 - change for CentOS Stream Branding