import httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed

This commit is contained in:
CentOS Sources 2019-11-05 14:03:21 -05:00 committed by Andrew Lukoshko
parent b98ff77132
commit 58abeedc85
10 changed files with 657 additions and 242 deletions

24
SOURCES/config.layout Normal file
View File

@ -0,0 +1,24 @@
# Layout used in Fedora httpd packaging.
<Layout Fedora>
prefix: /etc/httpd
localstatedir: /var
exec_prefix: /usr
bindir: ${exec_prefix}/bin
sbindir: ${exec_prefix}/sbin
libdir: ${exec_prefix}/lib
libexecdir: ${exec_prefix}/libexec
mandir: ${exec_prefix}/man
sysconfdir: /etc/httpd/conf
datadir: ${exec_prefix}/share/httpd
installbuilddir: ${libdir}/httpd/build
errordir: ${datadir}/error
iconsdir: ${datadir}/icons
htdocsdir: ${localstatedir}/www/html
manualdir: ${datadir}/manual
cgidir: ${localstatedir}/www/cgi-bin
includedir: ${exec_prefix}/include/httpd
runtimedir: ${prefix}/run
logfiledir: ${localstatedir}/log/httpd
statedir: ${prefix}/state
proxycachedir: ${localstatedir}/cache/httpd/proxy
</Layout>

View File

@ -1,35 +0,0 @@
Add layout for Fedora.
diff --git a/config.layout b/config.layout
index 8579587..79fbce7 100644
--- a/config.layout
+++ b/config.layout
@@ -394,3 +394,27 @@
logfiledir: ${localstatedir}/log/httpd
proxycachedir: ${localstatedir}/cache/httpd
</Layout>
+
+# Fedora/RHEL layout
+<Layout Fedora>
+ prefix: /usr
+ exec_prefix: ${prefix}
+ bindir: ${prefix}/bin
+ sbindir: ${prefix}/sbin
+ libdir: ${prefix}/lib
+ libexecdir: ${prefix}/libexec
+ mandir: ${prefix}/man
+ sysconfdir: /etc/httpd/conf
+ datadir: ${prefix}/share/httpd
+ installbuilddir: ${libdir}/httpd/build
+ errordir: ${datadir}/error
+ iconsdir: ${datadir}/icons
+ htdocsdir: /var/www/html
+ manualdir: ${datadir}/manual
+ cgidir: /var/www/cgi-bin
+ includedir: ${prefix}/include/httpd
+ localstatedir: /var
+ runtimedir: /run/httpd
+ logfiledir: ${localstatedir}/log/httpd
+ proxycachedir: ${localstatedir}/cache/httpd/proxy
+</Layout>

View File

@ -0,0 +1,111 @@
--- a/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:19 1855297
+++ b/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:26 1855298
@@ -92,7 +92,6 @@
int check_nc;
const char *algorithm;
char *uri_list;
- const char *ha1;
} digest_config_rec;
@@ -153,6 +152,7 @@
apr_time_t nonce_time;
enum hdr_sts auth_hdr_sts;
int needed_auth;
+ const char *ha1;
client_entry *client;
} digest_header_rec;
@@ -1304,7 +1304,7 @@
*/
static authn_status get_hash(request_rec *r, const char *user,
- digest_config_rec *conf)
+ digest_config_rec *conf, const char **rethash)
{
authn_status auth_result;
char *password;
@@ -1356,7 +1356,7 @@
} while (current_provider);
if (auth_result == AUTH_USER_FOUND) {
- conf->ha1 = password;
+ *rethash = password;
}
return auth_result;
@@ -1483,25 +1483,24 @@
/* RFC-2069 */
static const char *old_digest(const request_rec *r,
- const digest_header_rec *resp, const char *ha1)
+ const digest_header_rec *resp)
{
const char *ha2;
ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
resp->uri, NULL));
return ap_md5(r->pool,
- (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
- ":", ha2, NULL));
+ (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
+ resp->nonce, ":", ha2, NULL));
}
/* RFC-2617 */
static const char *new_digest(const request_rec *r,
- digest_header_rec *resp,
- const digest_config_rec *conf)
+ digest_header_rec *resp)
{
const char *ha1, *ha2, *a2;
- ha1 = conf->ha1;
+ ha1 = resp->ha1;
a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
ha2 = ap_md5(r->pool, (const unsigned char *)a2);
@@ -1514,7 +1513,6 @@
NULL));
}
-
static void copy_uri_components(apr_uri_t *dst,
apr_uri_t *src, request_rec *r) {
if (src->scheme && src->scheme[0] != '\0') {
@@ -1759,7 +1757,7 @@
return HTTP_UNAUTHORIZED;
}
- return_code = get_hash(r, r->user, conf);
+ return_code = get_hash(r, r->user, conf, &resp->ha1);
if (return_code == AUTH_USER_NOT_FOUND) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
@@ -1789,7 +1787,7 @@
if (resp->message_qop == NULL) {
/* old (rfc-2069) style digest */
- if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
+ if (strcmp(resp->digest, old_digest(r, resp))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
"user %s: password mismatch: %s", r->user,
r->uri);
@@ -1819,7 +1817,7 @@
return HTTP_UNAUTHORIZED;
}
- exp_digest = new_digest(r, resp, conf);
+ exp_digest = new_digest(r, resp);
if (!exp_digest) {
/* we failed to allocate a client struct */
return HTTP_INTERNAL_SERVER_ERROR;
@@ -1903,7 +1901,7 @@
/* calculate rspauth attribute
*/
- ha1 = conf->ha1;
+ ha1 = resp->ha1;
a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
ha2 = ap_md5(r->pool, (const unsigned char *)a2);

View File

@ -0,0 +1,235 @@
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 0a24bc8..20d1e5a 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -97,6 +97,7 @@ available</td></tr>
<li><img alt="" src="../images/down.gif" /> <a href="#maxrangeoverlaps">MaxRangeOverlaps</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#maxrangereversals">MaxRangeReversals</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#maxranges">MaxRanges</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mergeslashes">MergeSlashes</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mergetrailers">MergeTrailers</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mutex">Mutex</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#namevirtualhost">NameVirtualHost</a></li>
@@ -3465,6 +3466,30 @@ resource </td></tr>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MergeSlashes" id="MergeSlashes">MergeSlashes</a> <a name="mergeslashes" id="mergeslashes">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether the server merges consecutive slashes in URLs. </td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MergeSlashes ON | OFF</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MergeSlashes ON</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.4.6 in Red Hat Enterprise Linux 7</td></tr>
+</table>
+ <p>By default, the server merges (or collapses) multiple consecutive slash
+ ('/') characters in the path component of the request URL.</p>
+
+ <p>When mapping URL's to the filesystem, these multiple slashes are not
+ significant. However, URL's handled other ways, such as by CGI or proxy,
+ might prefer to retain the significance of multiple consecutive slashes.
+ In these cases <code class="directive">MergeSlashes</code> can be set to
+ <em>OFF</em> to retain the multiple consecutive slashes. In these
+ configurations, regular expressions used in the configuration file that match
+ the path component of the URL (<code class="directive">LocationMatch</code>,
+ <code class="directive">RewriteRule</code>, ...) need to take into account multiple
+ consecutive slashes.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MergeTrailers" id="MergeTrailers">MergeTrailers</a> <a name="mergetrailers" id="mergetrailers">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines whether trailers are merged into headers</td></tr>
--- a/include/http_core.h 2019/03/18 08:49:19 1855736
+++ b/include/http_core.h 2019/03/18 08:49:59 1855737
@@ -740,7 +740,7 @@
#define AP_HTTP_METHODS_LENIENT 1
#define AP_HTTP_METHODS_REGISTERED 2
char http_methods;
-
+ unsigned int merge_slashes;
} core_server_config;
/* for AddOutputFiltersByType in core.c */
diff --git a/include/httpd.h b/include/httpd.h
index 65392f8..99f7f04 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1697,11 +1697,21 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
AP_DECLARE(int) ap_unescape_urlencoded(char *query);
/**
- * Convert all double slashes to single slashes
- * @param name The string to convert
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert, assumed to be a filesystem path
*/
AP_DECLARE(void) ap_no2slash(char *name);
+/**
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert
+ * @param is_fs_path if set to 0, the significance of any double-slashes is
+ * ignored.
+ */
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
+
/**
* Remove all ./ and xx/../ substrings from a file name. Also remove
* any leading ../ or /../ substrings.
diff --git a/server/request.c b/server/request.c
index dbe3e07..d5c558a 100644
--- a/server/request.c
+++ b/server/request.c
@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
int file_req = (r->main && r->filename);
int access_status;
core_dir_config *d;
+ core_server_config *sconf =
+ ap_get_core_module_config(r->server->module_config);
/* Ignore embedded %2F's in path for proxy requests */
if (!r->proxyreq && r->parsed_uri.path) {
@@ -191,6 +193,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
}
ap_getparents(r->uri); /* OK --- shrinking transformations... */
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+ ap_no2slash(r->uri);
+ if (r->parsed_uri.path) {
+ ap_no2slash(r->parsed_uri.path);
+ }
+ }
/* All file subrequests are a huge pain... they cannot bubble through the
* next several steps. Only file subrequests are allowed an empty uri,
@@ -1411,20 +1419,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
cached = (cache->cached != NULL);
-
- /* Location and LocationMatch differ on their behaviour w.r.t. multiple
- * slashes. Location matches multiple slashes with a single slash,
- * LocationMatch doesn't. An exception, for backwards brokenness is
- * absoluteURIs... in which case neither match multiple slashes.
- */
- if (r->uri[0] != '/') {
- entry_uri = r->uri;
- }
- else {
- char *uri = apr_pstrdup(r->pool, r->uri);
- ap_no2slash(uri);
- entry_uri = uri;
- }
+ entry_uri = r->uri;
/* If we have an cache->cached location that matches r->uri,
* and the vhost's list of locations hasn't changed, we can skip
@@ -1491,7 +1486,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
}
- if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
+ if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
continue;
}
@@ -1501,7 +1496,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
apr_table_setn(r->subprocess_env,
((const char **)entry_core->refs->elts)[i],
apr_pstrndup(r->pool,
- r->uri + pmatch[i].rm_so,
+ entry_uri + pmatch[i].rm_so,
pmatch[i].rm_eo - pmatch[i].rm_so));
}
}
diff --git a/server/util.c b/server/util.c
index fd7a0a1..e0c558c 100644
--- a/server/util.c
+++ b/server/util.c
@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *name)
name[l] = '\0';
}
}
-
-AP_DECLARE(void) ap_no2slash(char *name)
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
{
+
char *d, *s;
+ if (!*name) {
+ return;
+ }
+
s = d = name;
#ifdef HAVE_UNC_PATHS
/* Check for UNC names. Leave leading two slashes. */
- if (s[0] == '/' && s[1] == '/')
+ if (is_fs_path && s[0] == '/' && s[1] == '/')
*d++ = *s++;
#endif
@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
*d = '\0';
}
+AP_DECLARE(void) ap_no2slash(char *name)
+{
+ ap_no2slash_ex(name, 1);
+}
/*
* copy at most n leading directories of s into d
diff --git a/server/core.c b/server/core.c
index b5ab429..a31f1e4 100644
--- a/server/core.c
+++ b/server/core.c
@@ -493,6 +493,7 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s)
*/
conf->trace_enable = AP_TRACE_UNSET;
+ conf->merge_slashes = AP_CORE_CONFIG_UNSET;
conf->protocols = apr_array_make(a, 5, sizeof(const char *));
conf->protocols_honor_order = -1;
@@ -561,7 +562,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
base->protocols_honor_order :
virt->protocols_honor_order);
-
+
+ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
+
return conf;
}
@@ -1872,6 +1875,13 @@ static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
return NULL;
}
+static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+ return ap_set_flag_slot(cmd, conf, flag);
+}
+
static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
{
core_dir_config *d = d_;
@@ -4598,6 +4608,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CON
"'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
"Registers non-standard HTTP methods"),
+AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
+ (void *)APR_OFFSETOF(core_server_config, merge_slashes),
+ RSRC_CONF,
+ "Controls whether consecutive slashes in the URI path are merged"),
{ NULL }
};

View File

@ -0,0 +1,44 @@
diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c
index f96d566..8df0248 100644
--- a/modules/md/mod_md_os.c
+++ b/modules/md/mod_md_os.c
@@ -41,14 +41,20 @@
apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool_t *p)
{
-#if AP_NEED_SET_MUTEX_PERMS
- if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
- apr_status_t rv = APR_FROM_OS_ERROR(errno);
- if (!APR_STATUS_IS_ENOENT(rv)) {
- ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
- "Can't change owner of %s", fname);
+#if AP_NEED_SET_MUTEX_PERMS && HAVE_UNISTD_H
+ /* Since we only switch user when running as root, we only need to chown directories
+ * in that case. Otherwise, the server will ignore any "user/group" directives and
+ * child processes have the same privileges as the parent.
+ */
+ if (!geteuid()) {
+ if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
+ apr_status_t rv = APR_FROM_OS_ERROR(errno);
+ if (!APR_STATUS_IS_ENOENT(rv)) {
+ ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
+ "Can't change owner of %s", fname);
+ }
+ return rv;
}
- return rv;
}
return APR_SUCCESS;
#else
@@ -58,11 +64,7 @@ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool
apr_status_t md_make_worker_accessible(const char *fname, apr_pool_t *p)
{
-#if AP_NEED_SET_MUTEX_PERMS
return md_try_chown(fname, ap_unixd_config.user_id, -1, p);
-#else
- return APR_ENOTIMPL;
-#endif
}
#ifdef WIN32

View File

@ -0,0 +1,24 @@
diff --git a/docs/conf/magic b/docs/conf/magic
index 7c56119..bc891d9 100644
--- a/docs/conf/magic
+++ b/docs/conf/magic
@@ -87,7 +87,7 @@
# Microsoft WAVE format (*.wav)
# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
# Microsoft RIFF
-0 string RIFF audio/unknown
+0 string RIFF
# - WAVE format
>8 string WAVE audio/x-wav
# MPEG audio.
--- a/modules/metadata/mod_mime_magic.c 2013/06/11 07:36:13 1491699
+++ b/modules/metadata/mod_mime_magic.c 2013/06/11 07:41:40 1491700
@@ -606,7 +606,7 @@
/* high overhead for 1 char - just hope they don't do this much */
str[0] = c;
str[1] = '\0';
- return magic_rsl_add(r, str);
+ return magic_rsl_add(r, apr_pstrdup(r->pool, str));
}
/* allocate and copy a contiguous string from a result string list */

View File

@ -0,0 +1,35 @@
diff --git a/modules/arch/unix/mod_systemd.c b/modules/arch/unix/mod_systemd.c
index 7a82a90..6c244b6 100644
--- a/modules/arch/unix/mod_systemd.c
+++ b/modules/arch/unix/mod_systemd.c
@@ -100,6 +100,21 @@ static int systemd_post_config(apr_pool_t *pconf, apr_pool_t *plog,
return OK;
}
+/* Report the service is ready in post_config, which could be during
+ * startup or after a reload. The server could still hit a fatal
+ * startup error after this point during ap_run_mpm(), so this is
+ * perhaps too early, but by post_config listen() has been called on
+ * the TCP ports so new connections will not be rejected. There will
+ * always be a possible async failure event simultaneous to the
+ * service reporting "ready", so this should be good enough. */
+static int systemd_post_config_last(apr_pool_t *p, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *main_server)
+{
+ sd_notify(0, "READY=1\n"
+ "STATUS=Configuration loaded.\n");
+ return OK;
+}
+
static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type)
{
int rv;
@@ -187,6 +202,8 @@ static void systemd_register_hooks(apr_pool_t *p)
ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST);
/* Grab the listener config. */
ap_hook_post_config(systemd_post_config, NULL, NULL, APR_HOOK_LAST);
+ /* Signal service is ready. */
+ ap_hook_post_config(systemd_post_config_last, NULL, NULL, APR_HOOK_REALLY_LAST);
/* We know the PID in this hook ... */
ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST);
/* Used to update httpd's status line using sd_notifyf */

View File

@ -1,10 +1,27 @@
# ./pullrev.sh 1842929 1842931
# ./pullrev.sh 1842929 1842931 1852982 1853631 1857731
http://svn.apache.org/viewvc?view=revision&revision=1842929
http://svn.apache.org/viewvc?view=revision&revision=1842931
http://svn.apache.org/viewvc?view=revision&revision=1852982
http://svn.apache.org/viewvc?view=revision&revision=1857731
http://svn.apache.org/viewvc?view=revision&revision=1853631
--- httpd-2.4.37/acinclude.m4.r1842929+
+++ httpd-2.4.37/acinclude.m4
@@ -45,6 +45,7 @@
diff --git a/Makefile.in b/Makefile.in
index 06b8c5a..9eeb5c7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -213,6 +213,7 @@ install-cgi:
install-other:
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
@test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
+ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir)
@for ext in dll x; do \
file=apachecore.$$ext; \
if test -f $$file; then \
diff --git a/acinclude.m4 b/acinclude.m4
index 0ad0c13..a8c2804 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -45,6 +45,7 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[
APACHE_SUBST(installbuilddir)
APACHE_SUBST(runtimedir)
APACHE_SUBST(proxycachedir)
@ -12,7 +29,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
APACHE_SUBST(other_targets)
APACHE_SUBST(progname)
APACHE_SUBST(prefix)
@@ -663,6 +664,7 @@
@@ -663,6 +664,7 @@ AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[
APACHE_SUBST_EXPANDED_ARG(runtimedir)
APACHE_SUBST_EXPANDED_ARG(logfiledir)
APACHE_SUBST_EXPANDED_ARG(proxycachedir)
@ -20,131 +37,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
])
dnl
--- httpd-2.4.37/config.layout.r1842929+
+++ httpd-2.4.37/config.layout
@@ -29,6 +29,7 @@
includedir: ${prefix}/include
localstatedir: ${prefix}
runtimedir: ${localstatedir}/logs
+ statedir: ${localstatedir}/state
logfiledir: ${localstatedir}/logs
proxycachedir: ${localstatedir}/proxy
</Layout>
@@ -54,6 +55,7 @@
includedir: ${prefix}/include+
localstatedir: ${prefix}/var+
runtimedir: ${localstatedir}/run
+ statedir: ${localstatedir}/state
logfiledir: ${localstatedir}/log
proxycachedir: ${localstatedir}/proxy
</Layout>
@@ -78,6 +80,7 @@
includedir: /System/Library/Frameworks/Apache.framework/Versions/2.0/Headers
localstatedir: /var
runtimedir: ${prefix}/Logs
+ statedir: ${prefix}/State
logfiledir: ${prefix}/Logs
proxycachedir: ${prefix}/ProxyCache
</Layout>
@@ -102,6 +105,7 @@
includedir: ${prefix}/include+
localstatedir: /var
runtimedir: ${localstatedir}/run
+ statedir: ${localstatedir}/state
logfiledir: ${localstatedir}/log+
proxycachedir: ${runtimedir}/proxy
</Layout>
@@ -126,6 +130,7 @@
includedir: ${prefix}/include/apache
localstatedir: /var
runtimedir: ${localstatedir}/run
+ statedir: ${localstatedir}/lib/httpd
logfiledir: ${localstatedir}/log/httpd
proxycachedir: ${localstatedir}/cache/httpd
</Layout>
@@ -151,6 +156,7 @@
includedir: ${prefix}/include/httpd
runtimedir: /run/httpd
logfiledir: ${localstatedir}/log/httpd
+ statedir: ${localstatedir}/lib/httpd
proxycachedir: ${localstatedir}/cache/httpd/proxy
</Layout>
@@ -175,6 +181,7 @@
localstatedir: /var${prefix}
runtimedir: ${localstatedir}/run
logfiledir: ${localstatedir}/logs
+ statedir: ${localstatedir}/state
proxycachedir: ${localstatedir}/proxy
</Layout>
@@ -197,6 +204,7 @@
cgidir: ${datadir}/cgi-bin
includedir: ${prefix}/include/apache
localstatedir: /var/lib/httpd
+ statedir: ${localstatedir}
runtimedir: /var/run
logfiledir: /var/log/httpd
proxycachedir: /var/cache/httpd
@@ -223,6 +231,7 @@
localstatedir: /var
runtimedir: ${localstatedir}/run
logfiledir: ${localstatedir}/log/httpd
+ statedir: ${prefix}/state
proxycachedir: ${localstatedir}/proxy
</Layout>
@@ -246,6 +255,7 @@
includedir: ${exec_prefix}/include
localstatedir: ${prefix}
runtimedir: /var/run
+ statedir: ${datadir}/state
logfiledir: ${datadir}/logs
proxycachedir: ${datadir}/proxy
</Layout>
@@ -271,6 +281,7 @@
localstatedir: ${prefix}
runtimedir: ${prefix}/logs
logfiledir: ${prefix}/logs
+ statedir: ${prefix}/state
proxycachedir: ${prefix}/proxy
</Layout>
@@ -315,6 +326,7 @@
cgidir: ${prefix}/usr/lib/cgi-bin
includedir: ${exec_prefix}/include/apache2
localstatedir: ${prefix}/var/lock/apache2
+ statedir: ${prefix}/var/lib/apache2
runtimedir: ${prefix}/var/run/apache2
logfiledir: ${prefix}/var/log/apache2
proxycachedir: ${prefix}/var/cache/apache2/proxy
@@ -343,6 +355,7 @@
manualdir: ${datadir}/manual
cgidir: ${datadir}/cgi-bin
runtimedir: ${localstatedir}/run
+ runtimedir: ${localstatedir}/lib/httpd
logfiledir: ${localstatedir}/log/httpd
proxycachedir: ${localstatedir}/cache/httpd/cache-root
</Layout>
@@ -366,6 +379,7 @@
manualdir: ${prefix}/manual
includedir: ${prefix}/include
localstatedir: /var/httpd
+ statedir: ${localstatedir}/state
runtimedir: ${localstatedir}/run
logfiledir: ${localstatedir}/logs
proxycachedir: ${localstatedir}/proxy
@@ -391,6 +405,7 @@
includedir: ${prefix}/include/httpd
localstatedir: /var
runtimedir: ${localstatedir}/run/httpd
+ statedir: ${localstatedir}/lib/httpd
logfiledir: ${localstatedir}/log/httpd
proxycachedir: ${localstatedir}/cache/httpd
</Layout>
--- httpd-2.4.37/configure.in.r1842929+
+++ httpd-2.4.37/configure.in
@@ -41,7 +41,7 @@
diff --git a/configure.in b/configure.in
index a208b53..de6a8ad 100644
--- a/configure.in
+++ b/configure.in
@@ -41,7 +41,7 @@ dnl Something seems broken here.
AC_PREFIX_DEFAULT(/usr/local/apache2)
dnl Get the layout here, so we can pass the required variables to apr
@ -153,8 +50,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
dnl reparse the configure arguments.
APR_PARSE_ARGUMENTS
--- httpd-2.4.37/include/ap_config_layout.h.in.r1842929+
+++ httpd-2.4.37/include/ap_config_layout.h.in
diff --git a/include/ap_config_layout.h.in b/include/ap_config_layout.h.in
index 2b4a70c..e076f41 100644
--- a/include/ap_config_layout.h.in
+++ b/include/ap_config_layout.h.in
@@ -60,5 +60,7 @@
#define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@"
#define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@"
@ -163,9 +62,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
+#define DEFAULT_REL_STATEDIR "@rel_statedir@"
#endif /* AP_CONFIG_LAYOUT_H */
--- httpd-2.4.37/include/http_config.h.r1842929+
+++ httpd-2.4.37/include/http_config.h
@@ -757,6 +757,14 @@
diff --git a/include/http_config.h b/include/http_config.h
index adc5825..effccc1 100644
--- a/include/http_config.h
+++ b/include/http_config.h
@@ -757,6 +757,14 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *fname);
*/
AP_DECLARE(char *) ap_runtime_dir_relative(apr_pool_t *p, const char *fname);
@ -180,19 +81,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
/* Finally, the hook for dynamically loading modules in... */
/**
--- httpd-2.4.37/Makefile.in.r1842929+
+++ httpd-2.4.37/Makefile.in
@@ -213,6 +213,7 @@
install-other:
@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
@test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir)
+ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir)
@for ext in dll x; do \
file=apachecore.$$ext; \
if test -f $$file; then \
--- httpd-2.4.37/modules/dav/fs/mod_dav_fs.c.r1842929+
+++ httpd-2.4.37/modules/dav/fs/mod_dav_fs.c
@@ -29,6 +29,10 @@
diff --git a/modules/dav/fs/mod_dav_fs.c b/modules/dav/fs/mod_dav_fs.c
index addfd7e..2389f8f 100644
--- a/modules/dav/fs/mod_dav_fs.c
+++ b/modules/dav/fs/mod_dav_fs.c
@@ -29,6 +29,10 @@ typedef struct {
extern module AP_MODULE_DECLARE_DATA dav_fs_module;
@ -203,22 +96,45 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
const char *dav_get_lockdb_path(const request_rec *r)
{
dav_fs_server_conf *conf;
@@ -39,7 +43,11 @@
static void *dav_fs_create_server_config(apr_pool_t *p, server_rec *s)
{
- return apr_pcalloc(p, sizeof(dav_fs_server_conf));
+ dav_fs_server_conf *conf = apr_pcalloc(p, sizeof(dav_fs_server_conf));
+
+ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB);
+
+ return conf;
@@ -57,6 +61,24 @@ static void *dav_fs_merge_server_config(apr_pool_t *p,
return newconf;
}
static void *dav_fs_merge_server_config(apr_pool_t *p,
--- httpd-2.4.37/modules/md/mod_md_config.c.r1842929+
+++ httpd-2.4.37/modules/md/mod_md_config.c
@@ -54,10 +54,14 @@
+static apr_status_t dav_fs_post_config(apr_pool_t *p, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *base_server)
+{
+ server_rec *s;
+
+ for (s = base_server; s; s = s->next) {
+ dav_fs_server_conf *conf;
+
+ conf = ap_get_module_config(s->module_config, &dav_fs_module);
+
+ if (!conf->lockdb_path) {
+ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB);
+ }
+ }
+
+ return OK;
+}
+
/*
* Command handler for the DAVLockDB directive, which is TAKE1
*/
@@ -87,6 +109,8 @@ static const command_rec dav_fs_cmds[] =
static void register_hooks(apr_pool_t *p)
{
+ ap_hook_post_config(dav_fs_post_config, NULL, NULL, APR_HOOK_MIDDLE);
+
dav_hook_gather_propsets(dav_fs_gather_propsets, NULL, NULL,
APR_HOOK_MIDDLE);
dav_hook_find_liveprop(dav_fs_find_liveprop, NULL, NULL, APR_HOOK_MIDDLE);
diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c
index 336a21b..4d50e26 100644
--- a/modules/md/mod_md_config.c
+++ b/modules/md/mod_md_config.c
@@ -54,10 +54,18 @@
#define DEF_VAL (-1)
@ -230,21 +146,32 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
static md_mod_conf_t defmc = {
NULL,
- "md",
+ NULL,
+#if 1
+ NULL, /* apply default state-dir-relative */
+#else
+ MD_DEFAULT_BASE_DIR,
+#endif
NULL,
NULL,
80,
@@ -112,6 +116,7 @@
memcpy(mod_md_config, &defmc, sizeof(*mod_md_config));
mod_md_config->mds = apr_array_make(pool, 5, sizeof(const md_t *));
mod_md_config->unused_names = apr_array_make(pool, 5, sizeof(const md_t *));
+ mod_md_config->base_dir = ap_state_dir_relative(pool, MD_DEFAULT_BASE_DIR);
apr_pool_cleanup_register(pool, NULL, cleanup_mod_config, apr_pool_cleanup_null);
@@ -864,6 +872,12 @@ apr_status_t md_config_post_config(server_rec *s, apr_pool_t *p)
if (mc->hsts_max_age > 0) {
mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age);
}
--- httpd-2.4.37/server/core.c.r1842929+
+++ httpd-2.4.37/server/core.c
@@ -129,6 +129,8 @@
+
+#if 1
+ if (mc->base_dir == NULL) {
+ mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR);
+ }
+#endif
return APR_SUCCESS;
}
diff --git a/server/core.c b/server/core.c
index bbe52e0..b5ab429 100644
--- a/server/core.c
+++ b/server/core.c
@@ -133,6 +133,8 @@ AP_DECLARE_DATA int ap_main_state = AP_SQ_MS_INITIAL_STARTUP;
AP_DECLARE_DATA int ap_run_mode = AP_SQ_RM_UNKNOWN;
AP_DECLARE_DATA int ap_config_generation = 0;
@ -253,7 +180,25 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
static void *create_core_dir_config(apr_pool_t *a, char *dir)
{
core_dir_config *conf;
@@ -3104,6 +3106,24 @@
@@ -1411,12 +1413,15 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word)
return res_buf;
}
-static int reset_config_defines(void *dummy)
+/* pconf cleanup - clear global variables set from config here. */
+static apr_status_t reset_config(void *dummy)
{
ap_server_config_defines = saved_server_config_defines;
saved_server_config_defines = NULL;
server_config_defined_vars = NULL;
- return OK;
+ core_state_dir = NULL;
+
+ return APR_SUCCESS;
}
/*
@@ -3108,6 +3113,24 @@ static const char *set_runtime_dir(cmd_parms *cmd, void *dummy, const char *arg)
return NULL;
}
@ -278,7 +223,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
static const char *set_timeout(cmd_parms *cmd, void *dummy, const char *arg)
{
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
@@ -4398,6 +4418,8 @@
@@ -4409,6 +4432,8 @@ AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory of server-related files (logs, confs, etc.)"),
AP_INIT_TAKE1("DefaultRuntimeDir", set_runtime_dir, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory for run-time files (shared memory, locks, etc.)"),
@ -287,7 +232,17 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931
AP_INIT_TAKE1("ErrorLog", set_server_string_slot,
(void *)APR_OFFSETOF(server_rec, error_fname), RSRC_CONF,
"The filename of the error log"),
@@ -5150,6 +5172,27 @@
@@ -4932,8 +4957,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem
if (!saved_server_config_defines)
init_config_defines(pconf);
- apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
- apr_pool_cleanup_null);
+ apr_pool_cleanup_register(pconf, NULL, reset_config, apr_pool_cleanup_null);
ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
@@ -5202,6 +5226,27 @@ AP_DECLARE(int) ap_state_query(int query)
}
}

View File

@ -1,10 +0,0 @@
--- a/server/core.c 2019/02/05 09:44:29 1852981
+++ b/server/core.c 2019/02/05 10:11:44 1852982
@@ -5293,6 +5293,7 @@
ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
mpm_common_pre_config(pconf);
+ core_state_dir = NULL;
return OK;
}

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 12%{?dist}
Release: 16%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@ -55,6 +55,7 @@ Source41: htcacheclean.sysconf
Source42: httpd-init.service
Source43: httpd-ssl-gencerts
Source44: httpd@.service
Source45: config.layout
# build/scripts patches
# http://bugzilla.redhat.com/show_bug.cgi?id=1231924
@ -63,7 +64,6 @@ Source44: httpd@.service
Patch1: httpd-2.4.35-apachectl.patch
Patch2: httpd-2.4.28-apxs.patch
Patch3: httpd-2.4.35-deplibs.patch
Patch4: httpd-2.4.35-layout.patch
# Needed for socket activation and mod_systemd patch
Patch19: httpd-2.4.35-detect-systemd.patch
@ -98,14 +98,19 @@ Patch63: httpd-2.4.28-r1811831.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1602548
Patch65: httpd-2.4.35-r1842888.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1653009
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
Patch66: httpd-2.4.37-r1842929+.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1630432
Patch67: httpd-2.4.35-r1825120.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1670716
Patch68: httpd-2.4.37-fips-segfault.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1672977
Patch69: httpd-2.4.37-state-dir.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1669221
Patch70: httpd-2.4.37-r1840554.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1673022
Patch71: httpd-2.4.37-mod-md-perms.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1724549
Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch
# Security fixes
Patch200: httpd-2.4.37-r1851471.patch
@ -113,10 +118,14 @@ Patch200: httpd-2.4.37-r1851471.patch
Patch201: httpd-2.4.37-CVE-2019-0211.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1695025
Patch202: httpd-2.4.37-CVE-2019-0215.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1696141
Patch203: httpd-2.4.37-CVE-2019-0217.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1696097
Patch204: httpd-2.4.37-CVE-2019-0220.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1741860
# https://bugzilla.redhat.com/show_bug.cgi?id=1741864
# https://bugzilla.redhat.com/show_bug.cgi?id=1741868
Patch203: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
License: ASL 2.0
Group: System Environment/Daemons
@ -255,7 +264,6 @@ interface for storing and accessing per-user session data.
%patch1 -p1 -b .apctl
%patch2 -p1 -b .apxs
%patch3 -p1 -b .deplibs
%patch4 -p1 -b .layout
%patch19 -p1 -b .detectsystemd
%patch20 -p1 -b .export
@ -279,12 +287,16 @@ interface for storing and accessing per-user session data.
%patch66 -p1 -b .r1842929+
%patch67 -p1 -b .r1825120
%patch68 -p1 -b .fipscore
%patch69 -p1 -b .statedir
%patch70 -p1 -b .r1840554
%patch71 -p1 -b .modmdperms
%patch72 -p1 -b .mimemagic
%patch200 -p1 -b .r1851471
%patch201 -p1 -b .CVE-2019-0211
%patch202 -p1 -b .CVE-2019-0215
%patch203 -p1 -b .CVE-2019-9511-and-9516-and-9517
%patch203 -p1 -b .CVE-2019-0217
%patch204 -p1 -b .CVE-2019-0220
%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -311,6 +323,9 @@ if test "x${vmmn}" != "x%{mmn}"; then
exit 1
fi
# Provide default layout
cp $RPM_SOURCE_DIR/config.layout .
sed '
s,@MPM@,%{mpm},g
s,@DOCROOT@,%{docroot},g
@ -334,7 +349,7 @@ autoheader && autoconf || exit 1
# Before configure; fix location of build dir in generated apxs
%{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \
support/apxs.in
support/apxs.in
export CFLAGS=$RPM_OPT_FLAGS
export LDFLAGS="-Wl,-z,relro,-z,now"
@ -512,6 +527,7 @@ ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# symlinks for /etc/httpd
rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run}
ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs
ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state
ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run
@ -520,11 +536,11 @@ ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules
# install http-ssl-pass-dialog
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog
# install http-ssl-gencerts
install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
$RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts
# Install action scripts
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd
@ -536,7 +552,7 @@ done
# Install logrotate config
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
$RPM_BUILD_ROOT/etc/logrotate.d/httpd
$RPM_BUILD_ROOT/etc/logrotate.d/httpd
# Install man pages
install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5
@ -789,18 +805,34 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-12
- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
* Thu Aug 29 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-16
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount
of data request leads to denial of service
- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length
headers leads to denial of service
- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request
for large response leads to denial of service
- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for
large response leads to denial of service
* Wed Apr 03 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation
* Tue Jul 16 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-15
- Resolves: #1730721 - absolute path used for default state and runtime dir by
default
* Thu Jun 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-14
- Resolves: #1724549 - httpd response contains garbage in Content-Type header
* Wed Jun 12 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-13
- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access
control bypass due to race condition
- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization
inconsistency
- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd
causes systemctl to hang
- Resolves: #1673022 - httpd can not be started with mod_md enabled
* Mon Apr 08 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-11
- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation
from modules scripts
- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control
bypass when using per-location client certification authentication
* Wed Feb 06 2019 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-10