diff --git a/SOURCES/config.layout b/SOURCES/config.layout new file mode 100644 index 0000000..3a9f6c8 --- /dev/null +++ b/SOURCES/config.layout @@ -0,0 +1,24 @@ +# Layout used in Fedora httpd packaging. + + prefix: /etc/httpd + localstatedir: /var + exec_prefix: /usr + bindir: ${exec_prefix}/bin + sbindir: ${exec_prefix}/sbin + libdir: ${exec_prefix}/lib + libexecdir: ${exec_prefix}/libexec + mandir: ${exec_prefix}/man + sysconfdir: /etc/httpd/conf + datadir: ${exec_prefix}/share/httpd + installbuilddir: ${libdir}/httpd/build + errordir: ${datadir}/error + iconsdir: ${datadir}/icons + htdocsdir: ${localstatedir}/www/html + manualdir: ${datadir}/manual + cgidir: ${localstatedir}/www/cgi-bin + includedir: ${exec_prefix}/include/httpd + runtimedir: ${prefix}/run + logfiledir: ${localstatedir}/log/httpd + statedir: ${prefix}/state + proxycachedir: ${localstatedir}/cache/httpd/proxy + diff --git a/SOURCES/httpd-2.4.35-layout.patch b/SOURCES/httpd-2.4.35-layout.patch deleted file mode 100644 index 7633871..0000000 --- a/SOURCES/httpd-2.4.35-layout.patch +++ /dev/null @@ -1,35 +0,0 @@ - -Add layout for Fedora. - -diff --git a/config.layout b/config.layout -index 8579587..79fbce7 100644 ---- a/config.layout -+++ b/config.layout -@@ -394,3 +394,27 @@ - logfiledir: ${localstatedir}/log/httpd - proxycachedir: ${localstatedir}/cache/httpd - -+ -+# Fedora/RHEL layout -+ -+ prefix: /usr -+ exec_prefix: ${prefix} -+ bindir: ${prefix}/bin -+ sbindir: ${prefix}/sbin -+ libdir: ${prefix}/lib -+ libexecdir: ${prefix}/libexec -+ mandir: ${prefix}/man -+ sysconfdir: /etc/httpd/conf -+ datadir: ${prefix}/share/httpd -+ installbuilddir: ${libdir}/httpd/build -+ errordir: ${datadir}/error -+ iconsdir: ${datadir}/icons -+ htdocsdir: /var/www/html -+ manualdir: ${datadir}/manual -+ cgidir: /var/www/cgi-bin -+ includedir: ${prefix}/include/httpd -+ localstatedir: /var -+ runtimedir: /run/httpd -+ logfiledir: ${localstatedir}/log/httpd -+ proxycachedir: ${localstatedir}/cache/httpd/proxy -+ diff --git a/SOURCES/httpd-2.4.37-CVE-2019-0217.patch b/SOURCES/httpd-2.4.37-CVE-2019-0217.patch new file mode 100644 index 0000000..1614e72 --- /dev/null +++ b/SOURCES/httpd-2.4.37-CVE-2019-0217.patch @@ -0,0 +1,111 @@ +--- a/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:19 1855297 ++++ b/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:26 1855298 +@@ -92,7 +92,6 @@ + int check_nc; + const char *algorithm; + char *uri_list; +- const char *ha1; + } digest_config_rec; + + +@@ -153,6 +152,7 @@ + apr_time_t nonce_time; + enum hdr_sts auth_hdr_sts; + int needed_auth; ++ const char *ha1; + client_entry *client; + } digest_header_rec; + +@@ -1304,7 +1304,7 @@ + */ + + static authn_status get_hash(request_rec *r, const char *user, +- digest_config_rec *conf) ++ digest_config_rec *conf, const char **rethash) + { + authn_status auth_result; + char *password; +@@ -1356,7 +1356,7 @@ + } while (current_provider); + + if (auth_result == AUTH_USER_FOUND) { +- conf->ha1 = password; ++ *rethash = password; + } + + return auth_result; +@@ -1483,25 +1483,24 @@ + + /* RFC-2069 */ + static const char *old_digest(const request_rec *r, +- const digest_header_rec *resp, const char *ha1) ++ const digest_header_rec *resp) + { + const char *ha2; + + ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":", + resp->uri, NULL)); + return ap_md5(r->pool, +- (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, +- ":", ha2, NULL)); ++ (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":", ++ resp->nonce, ":", ha2, NULL)); + } + + /* RFC-2617 */ + static const char *new_digest(const request_rec *r, +- digest_header_rec *resp, +- const digest_config_rec *conf) ++ digest_header_rec *resp) + { + const char *ha1, *ha2, *a2; + +- ha1 = conf->ha1; ++ ha1 = resp->ha1; + + a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL); + ha2 = ap_md5(r->pool, (const unsigned char *)a2); +@@ -1514,7 +1513,6 @@ + NULL)); + } + +- + static void copy_uri_components(apr_uri_t *dst, + apr_uri_t *src, request_rec *r) { + if (src->scheme && src->scheme[0] != '\0') { +@@ -1759,7 +1757,7 @@ + return HTTP_UNAUTHORIZED; + } + +- return_code = get_hash(r, r->user, conf); ++ return_code = get_hash(r, r->user, conf, &resp->ha1); + + if (return_code == AUTH_USER_NOT_FOUND) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790) +@@ -1789,7 +1787,7 @@ + + if (resp->message_qop == NULL) { + /* old (rfc-2069) style digest */ +- if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) { ++ if (strcmp(resp->digest, old_digest(r, resp))) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792) + "user %s: password mismatch: %s", r->user, + r->uri); +@@ -1819,7 +1817,7 @@ + return HTTP_UNAUTHORIZED; + } + +- exp_digest = new_digest(r, resp, conf); ++ exp_digest = new_digest(r, resp); + if (!exp_digest) { + /* we failed to allocate a client struct */ + return HTTP_INTERNAL_SERVER_ERROR; +@@ -1903,7 +1901,7 @@ + + /* calculate rspauth attribute + */ +- ha1 = conf->ha1; ++ ha1 = resp->ha1; + + a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL); + ha2 = ap_md5(r->pool, (const unsigned char *)a2); diff --git a/SOURCES/httpd-2.4.37-CVE-2019-0220.patch b/SOURCES/httpd-2.4.37-CVE-2019-0220.patch new file mode 100644 index 0000000..1fcb68e --- /dev/null +++ b/SOURCES/httpd-2.4.37-CVE-2019-0220.patch @@ -0,0 +1,235 @@ +diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en +index 0a24bc8..20d1e5a 100644 +--- a/docs/manual/mod/core.html.en ++++ b/docs/manual/mod/core.html.en +@@ -97,6 +97,7 @@ available +
  • MaxRangeOverlaps
    • +
  • MaxRangeReversals
    • +
  • MaxRanges
    • ++
  • MergeSlashes
    • +
  • MergeTrailers
    • +
  • Mutex
    • +
  • NameVirtualHost
    • +@@ -3465,6 +3466,30 @@ resource + + +
    top
    ++

    MergeSlashes Directive

    ++ ++ ++ ++ ++ ++ ++ ++ ++
    Description:Controls whether the server merges consecutive slashes in URLs.
    Syntax:MergeSlashes ON | OFF
    Default:MergeSlashes ON
    Context:server config, virtual host
    Status:Core
    Module:core
    Compatibility:Available in Apache HTTP Server 2.4.6 in Red Hat Enterprise Linux 7
    ++

    By default, the server merges (or collapses) multiple consecutive slash ++ ('/') characters in the path component of the request URL.

    ++ ++

    When mapping URL's to the filesystem, these multiple slashes are not ++ significant. However, URL's handled other ways, such as by CGI or proxy, ++ might prefer to retain the significance of multiple consecutive slashes. ++ In these cases MergeSlashes can be set to ++ OFF to retain the multiple consecutive slashes. In these ++ configurations, regular expressions used in the configuration file that match ++ the path component of the URL (LocationMatch, ++ RewriteRule, ...) need to take into account multiple ++ consecutive slashes.

    ++
    ++
    top
    +

    MergeTrailers Directive

    + + +--- a/include/http_core.h 2019/03/18 08:49:19 1855736 ++++ b/include/http_core.h 2019/03/18 08:49:59 1855737 +@@ -740,7 +740,7 @@ + #define AP_HTTP_METHODS_LENIENT 1 + #define AP_HTTP_METHODS_REGISTERED 2 + char http_methods; +- ++ unsigned int merge_slashes; + } core_server_config; + + /* for AddOutputFiltersByType in core.c */ +diff --git a/include/httpd.h b/include/httpd.h +index 65392f8..99f7f04 100644 +--- a/include/httpd.h ++++ b/include/httpd.h +@@ -1697,11 +1697,21 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes); + AP_DECLARE(int) ap_unescape_urlencoded(char *query); + + /** +- * Convert all double slashes to single slashes +- * @param name The string to convert ++ * Convert all double slashes to single slashes, except where significant ++ * to the filesystem on the current platform. ++ * @param name The string to convert, assumed to be a filesystem path + */ + AP_DECLARE(void) ap_no2slash(char *name); + ++/** ++ * Convert all double slashes to single slashes, except where significant ++ * to the filesystem on the current platform. ++ * @param name The string to convert ++ * @param is_fs_path if set to 0, the significance of any double-slashes is ++ * ignored. ++ */ ++AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path); ++ + /** + * Remove all ./ and xx/../ substrings from a file name. Also remove + * any leading ../ or /../ substrings. +diff --git a/server/request.c b/server/request.c +index dbe3e07..d5c558a 100644 +--- a/server/request.c ++++ b/server/request.c +@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) + int file_req = (r->main && r->filename); + int access_status; + core_dir_config *d; ++ core_server_config *sconf = ++ ap_get_core_module_config(r->server->module_config); + + /* Ignore embedded %2F's in path for proxy requests */ + if (!r->proxyreq && r->parsed_uri.path) { +@@ -191,6 +193,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) + } + + ap_getparents(r->uri); /* OK --- shrinking transformations... */ ++ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { ++ ap_no2slash(r->uri); ++ if (r->parsed_uri.path) { ++ ap_no2slash(r->parsed_uri.path); ++ } ++ } + + /* All file subrequests are a huge pain... they cannot bubble through the + * next several steps. Only file subrequests are allowed an empty uri, +@@ -1411,20 +1419,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) + + cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r); + cached = (cache->cached != NULL); +- +- /* Location and LocationMatch differ on their behaviour w.r.t. multiple +- * slashes. Location matches multiple slashes with a single slash, +- * LocationMatch doesn't. An exception, for backwards brokenness is +- * absoluteURIs... in which case neither match multiple slashes. +- */ +- if (r->uri[0] != '/') { +- entry_uri = r->uri; +- } +- else { +- char *uri = apr_pstrdup(r->pool, r->uri); +- ap_no2slash(uri); +- entry_uri = uri; +- } ++ entry_uri = r->uri; + + /* If we have an cache->cached location that matches r->uri, + * and the vhost's list of locations hasn't changed, we can skip +@@ -1491,7 +1486,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) + pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t)); + } + +- if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) { ++ if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) { + continue; + } + +@@ -1501,7 +1496,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) + apr_table_setn(r->subprocess_env, + ((const char **)entry_core->refs->elts)[i], + apr_pstrndup(r->pool, +- r->uri + pmatch[i].rm_so, ++ entry_uri + pmatch[i].rm_so, + pmatch[i].rm_eo - pmatch[i].rm_so)); + } + } +diff --git a/server/util.c b/server/util.c +index fd7a0a1..e0c558c 100644 +--- a/server/util.c ++++ b/server/util.c +@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *name) + name[l] = '\0'; + } + } +- +-AP_DECLARE(void) ap_no2slash(char *name) ++AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path) + { ++ + char *d, *s; + ++ if (!*name) { ++ return; ++ } ++ + s = d = name; + + #ifdef HAVE_UNC_PATHS + /* Check for UNC names. Leave leading two slashes. */ +- if (s[0] == '/' && s[1] == '/') ++ if (is_fs_path && s[0] == '/' && s[1] == '/') + *d++ = *s++; + #endif + +@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name) + *d = '\0'; + } + ++AP_DECLARE(void) ap_no2slash(char *name) ++{ ++ ap_no2slash_ex(name, 1); ++} + + /* + * copy at most n leading directories of s into d +diff --git a/server/core.c b/server/core.c +index b5ab429..a31f1e4 100644 +--- a/server/core.c ++++ b/server/core.c +@@ -493,6 +493,7 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s) + */ + + conf->trace_enable = AP_TRACE_UNSET; ++ conf->merge_slashes = AP_CORE_CONFIG_UNSET; + + conf->protocols = apr_array_make(a, 5, sizeof(const char *)); + conf->protocols_honor_order = -1; +@@ -561,7 +562,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv) + conf->protocols_honor_order = ((virt->protocols_honor_order < 0)? + base->protocols_honor_order : + virt->protocols_honor_order); +- ++ ++ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt); ++ + return conf; + } + +@@ -1872,6 +1875,13 @@ static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag) + return NULL; + } + ++static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag) ++{ ++ core_server_config *conf = ++ ap_get_core_module_config(cmd->server->module_config); ++ return ap_set_flag_slot(cmd, conf, flag); ++} ++ + static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[]) + { + core_dir_config *d = d_; +@@ -4598,6 +4608,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CON + "'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"), + AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF, + "Registers non-standard HTTP methods"), ++AP_INIT_FLAG("MergeSlashes", set_core_server_flag, ++ (void *)APR_OFFSETOF(core_server_config, merge_slashes), ++ RSRC_CONF, ++ "Controls whether consecutive slashes in the URI path are merged"), + { NULL } + }; + diff --git a/SOURCES/httpd-2.4.37-mod-md-perms.patch b/SOURCES/httpd-2.4.37-mod-md-perms.patch new file mode 100644 index 0000000..78c0fc3 --- /dev/null +++ b/SOURCES/httpd-2.4.37-mod-md-perms.patch @@ -0,0 +1,44 @@ +diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c +index f96d566..8df0248 100644 +--- a/modules/md/mod_md_os.c ++++ b/modules/md/mod_md_os.c +@@ -41,14 +41,20 @@ + + apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool_t *p) + { +-#if AP_NEED_SET_MUTEX_PERMS +- if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) { +- apr_status_t rv = APR_FROM_OS_ERROR(errno); +- if (!APR_STATUS_IS_ENOENT(rv)) { +- ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082) +- "Can't change owner of %s", fname); ++#if AP_NEED_SET_MUTEX_PERMS && HAVE_UNISTD_H ++ /* Since we only switch user when running as root, we only need to chown directories ++ * in that case. Otherwise, the server will ignore any "user/group" directives and ++ * child processes have the same privileges as the parent. ++ */ ++ if (!geteuid()) { ++ if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) { ++ apr_status_t rv = APR_FROM_OS_ERROR(errno); ++ if (!APR_STATUS_IS_ENOENT(rv)) { ++ ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082) ++ "Can't change owner of %s", fname); ++ } ++ return rv; + } +- return rv; + } + return APR_SUCCESS; + #else +@@ -58,11 +64,7 @@ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool + + apr_status_t md_make_worker_accessible(const char *fname, apr_pool_t *p) + { +-#if AP_NEED_SET_MUTEX_PERMS + return md_try_chown(fname, ap_unixd_config.user_id, -1, p); +-#else +- return APR_ENOTIMPL; +-#endif + } + + #ifdef WIN32 diff --git a/SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch b/SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch new file mode 100644 index 0000000..e093818 --- /dev/null +++ b/SOURCES/httpd-2.4.37-mod-mime-magic-strdup.patch @@ -0,0 +1,24 @@ +diff --git a/docs/conf/magic b/docs/conf/magic +index 7c56119..bc891d9 100644 +--- a/docs/conf/magic ++++ b/docs/conf/magic +@@ -87,7 +87,7 @@ + # Microsoft WAVE format (*.wav) + # [GRR 950115: probably all of the shorts and longs should be leshort/lelong] + # Microsoft RIFF +-0 string RIFF audio/unknown ++0 string RIFF + # - WAVE format + >8 string WAVE audio/x-wav + # MPEG audio. +--- a/modules/metadata/mod_mime_magic.c 2013/06/11 07:36:13 1491699 ++++ b/modules/metadata/mod_mime_magic.c 2013/06/11 07:41:40 1491700 +@@ -606,7 +606,7 @@ + /* high overhead for 1 char - just hope they don't do this much */ + str[0] = c; + str[1] = '\0'; +- return magic_rsl_add(r, str); ++ return magic_rsl_add(r, apr_pstrdup(r->pool, str)); + } + + /* allocate and copy a contiguous string from a result string list */ diff --git a/SOURCES/httpd-2.4.37-r1840554.patch b/SOURCES/httpd-2.4.37-r1840554.patch new file mode 100644 index 0000000..7b379e1 --- /dev/null +++ b/SOURCES/httpd-2.4.37-r1840554.patch @@ -0,0 +1,35 @@ +diff --git a/modules/arch/unix/mod_systemd.c b/modules/arch/unix/mod_systemd.c +index 7a82a90..6c244b6 100644 +--- a/modules/arch/unix/mod_systemd.c ++++ b/modules/arch/unix/mod_systemd.c +@@ -100,6 +100,21 @@ static int systemd_post_config(apr_pool_t *pconf, apr_pool_t *plog, + return OK; + } + ++/* Report the service is ready in post_config, which could be during ++ * startup or after a reload. The server could still hit a fatal ++ * startup error after this point during ap_run_mpm(), so this is ++ * perhaps too early, but by post_config listen() has been called on ++ * the TCP ports so new connections will not be rejected. There will ++ * always be a possible async failure event simultaneous to the ++ * service reporting "ready", so this should be good enough. */ ++static int systemd_post_config_last(apr_pool_t *p, apr_pool_t *plog, ++ apr_pool_t *ptemp, server_rec *main_server) ++{ ++ sd_notify(0, "READY=1\n" ++ "STATUS=Configuration loaded.\n"); ++ return OK; ++} ++ + static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type) + { + int rv; +@@ -187,6 +202,8 @@ static void systemd_register_hooks(apr_pool_t *p) + ap_hook_pre_config(systemd_pre_config, NULL, NULL, APR_HOOK_LAST); + /* Grab the listener config. */ + ap_hook_post_config(systemd_post_config, NULL, NULL, APR_HOOK_LAST); ++ /* Signal service is ready. */ ++ ap_hook_post_config(systemd_post_config_last, NULL, NULL, APR_HOOK_REALLY_LAST); + /* We know the PID in this hook ... */ + ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST); + /* Used to update httpd's status line using sd_notifyf */ diff --git a/SOURCES/httpd-2.4.37-r1842929+.patch b/SOURCES/httpd-2.4.37-r1842929+.patch index c34697e..ab5bba6 100644 --- a/SOURCES/httpd-2.4.37-r1842929+.patch +++ b/SOURCES/httpd-2.4.37-r1842929+.patch @@ -1,10 +1,27 @@ -# ./pullrev.sh 1842929 1842931 +# ./pullrev.sh 1842929 1842931 1852982 1853631 1857731 http://svn.apache.org/viewvc?view=revision&revision=1842929 http://svn.apache.org/viewvc?view=revision&revision=1842931 +http://svn.apache.org/viewvc?view=revision&revision=1852982 +http://svn.apache.org/viewvc?view=revision&revision=1857731 +http://svn.apache.org/viewvc?view=revision&revision=1853631 ---- httpd-2.4.37/acinclude.m4.r1842929+ -+++ httpd-2.4.37/acinclude.m4 -@@ -45,6 +45,7 @@ +diff --git a/Makefile.in b/Makefile.in +index 06b8c5a..9eeb5c7 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -213,6 +213,7 @@ install-cgi: + install-other: + @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir) + @test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir) ++ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir) + @for ext in dll x; do \ + file=apachecore.$$ext; \ + if test -f $$file; then \ +diff --git a/acinclude.m4 b/acinclude.m4 +index 0ad0c13..a8c2804 100644 +--- a/acinclude.m4 ++++ b/acinclude.m4 +@@ -45,6 +45,7 @@ AC_DEFUN([APACHE_GEN_CONFIG_VARS],[ APACHE_SUBST(installbuilddir) APACHE_SUBST(runtimedir) APACHE_SUBST(proxycachedir) @@ -12,7 +29,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 APACHE_SUBST(other_targets) APACHE_SUBST(progname) APACHE_SUBST(prefix) -@@ -663,6 +664,7 @@ +@@ -663,6 +664,7 @@ AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[ APACHE_SUBST_EXPANDED_ARG(runtimedir) APACHE_SUBST_EXPANDED_ARG(logfiledir) APACHE_SUBST_EXPANDED_ARG(proxycachedir) @@ -20,131 +37,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 ]) dnl ---- httpd-2.4.37/config.layout.r1842929+ -+++ httpd-2.4.37/config.layout -@@ -29,6 +29,7 @@ - includedir: ${prefix}/include - localstatedir: ${prefix} - runtimedir: ${localstatedir}/logs -+ statedir: ${localstatedir}/state - logfiledir: ${localstatedir}/logs - proxycachedir: ${localstatedir}/proxy - -@@ -54,6 +55,7 @@ - includedir: ${prefix}/include+ - localstatedir: ${prefix}/var+ - runtimedir: ${localstatedir}/run -+ statedir: ${localstatedir}/state - logfiledir: ${localstatedir}/log - proxycachedir: ${localstatedir}/proxy - -@@ -78,6 +80,7 @@ - includedir: /System/Library/Frameworks/Apache.framework/Versions/2.0/Headers - localstatedir: /var - runtimedir: ${prefix}/Logs -+ statedir: ${prefix}/State - logfiledir: ${prefix}/Logs - proxycachedir: ${prefix}/ProxyCache - -@@ -102,6 +105,7 @@ - includedir: ${prefix}/include+ - localstatedir: /var - runtimedir: ${localstatedir}/run -+ statedir: ${localstatedir}/state - logfiledir: ${localstatedir}/log+ - proxycachedir: ${runtimedir}/proxy - -@@ -126,6 +130,7 @@ - includedir: ${prefix}/include/apache - localstatedir: /var - runtimedir: ${localstatedir}/run -+ statedir: ${localstatedir}/lib/httpd - logfiledir: ${localstatedir}/log/httpd - proxycachedir: ${localstatedir}/cache/httpd - -@@ -151,6 +156,7 @@ - includedir: ${prefix}/include/httpd - runtimedir: /run/httpd - logfiledir: ${localstatedir}/log/httpd -+ statedir: ${localstatedir}/lib/httpd - proxycachedir: ${localstatedir}/cache/httpd/proxy - - -@@ -175,6 +181,7 @@ - localstatedir: /var${prefix} - runtimedir: ${localstatedir}/run - logfiledir: ${localstatedir}/logs -+ statedir: ${localstatedir}/state - proxycachedir: ${localstatedir}/proxy - - -@@ -197,6 +204,7 @@ - cgidir: ${datadir}/cgi-bin - includedir: ${prefix}/include/apache - localstatedir: /var/lib/httpd -+ statedir: ${localstatedir} - runtimedir: /var/run - logfiledir: /var/log/httpd - proxycachedir: /var/cache/httpd -@@ -223,6 +231,7 @@ - localstatedir: /var - runtimedir: ${localstatedir}/run - logfiledir: ${localstatedir}/log/httpd -+ statedir: ${prefix}/state - proxycachedir: ${localstatedir}/proxy - - -@@ -246,6 +255,7 @@ - includedir: ${exec_prefix}/include - localstatedir: ${prefix} - runtimedir: /var/run -+ statedir: ${datadir}/state - logfiledir: ${datadir}/logs - proxycachedir: ${datadir}/proxy - -@@ -271,6 +281,7 @@ - localstatedir: ${prefix} - runtimedir: ${prefix}/logs - logfiledir: ${prefix}/logs -+ statedir: ${prefix}/state - proxycachedir: ${prefix}/proxy - - -@@ -315,6 +326,7 @@ - cgidir: ${prefix}/usr/lib/cgi-bin - includedir: ${exec_prefix}/include/apache2 - localstatedir: ${prefix}/var/lock/apache2 -+ statedir: ${prefix}/var/lib/apache2 - runtimedir: ${prefix}/var/run/apache2 - logfiledir: ${prefix}/var/log/apache2 - proxycachedir: ${prefix}/var/cache/apache2/proxy -@@ -343,6 +355,7 @@ - manualdir: ${datadir}/manual - cgidir: ${datadir}/cgi-bin - runtimedir: ${localstatedir}/run -+ runtimedir: ${localstatedir}/lib/httpd - logfiledir: ${localstatedir}/log/httpd - proxycachedir: ${localstatedir}/cache/httpd/cache-root - -@@ -366,6 +379,7 @@ - manualdir: ${prefix}/manual - includedir: ${prefix}/include - localstatedir: /var/httpd -+ statedir: ${localstatedir}/state - runtimedir: ${localstatedir}/run - logfiledir: ${localstatedir}/logs - proxycachedir: ${localstatedir}/proxy -@@ -391,6 +405,7 @@ - includedir: ${prefix}/include/httpd - localstatedir: /var - runtimedir: ${localstatedir}/run/httpd -+ statedir: ${localstatedir}/lib/httpd - logfiledir: ${localstatedir}/log/httpd - proxycachedir: ${localstatedir}/cache/httpd - ---- httpd-2.4.37/configure.in.r1842929+ -+++ httpd-2.4.37/configure.in -@@ -41,7 +41,7 @@ +diff --git a/configure.in b/configure.in +index a208b53..de6a8ad 100644 +--- a/configure.in ++++ b/configure.in +@@ -41,7 +41,7 @@ dnl Something seems broken here. AC_PREFIX_DEFAULT(/usr/local/apache2) dnl Get the layout here, so we can pass the required variables to apr @@ -153,8 +50,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 dnl reparse the configure arguments. APR_PARSE_ARGUMENTS ---- httpd-2.4.37/include/ap_config_layout.h.in.r1842929+ -+++ httpd-2.4.37/include/ap_config_layout.h.in +diff --git a/include/ap_config_layout.h.in b/include/ap_config_layout.h.in +index 2b4a70c..e076f41 100644 +--- a/include/ap_config_layout.h.in ++++ b/include/ap_config_layout.h.in @@ -60,5 +60,7 @@ #define DEFAULT_REL_LOGFILEDIR "@rel_logfiledir@" #define DEFAULT_EXP_PROXYCACHEDIR "@exp_proxycachedir@" @@ -163,9 +62,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 +#define DEFAULT_REL_STATEDIR "@rel_statedir@" #endif /* AP_CONFIG_LAYOUT_H */ ---- httpd-2.4.37/include/http_config.h.r1842929+ -+++ httpd-2.4.37/include/http_config.h -@@ -757,6 +757,14 @@ +diff --git a/include/http_config.h b/include/http_config.h +index adc5825..effccc1 100644 +--- a/include/http_config.h ++++ b/include/http_config.h +@@ -757,6 +757,14 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *fname); */ AP_DECLARE(char *) ap_runtime_dir_relative(apr_pool_t *p, const char *fname); @@ -180,19 +81,11 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 /* Finally, the hook for dynamically loading modules in... */ /** ---- httpd-2.4.37/Makefile.in.r1842929+ -+++ httpd-2.4.37/Makefile.in -@@ -213,6 +213,7 @@ - install-other: - @test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir) - @test -d $(DESTDIR)$(runtimedir) || $(MKINSTALLDIRS) $(DESTDIR)$(runtimedir) -+ @test -d $(DESTDIR)$(statedir) || $(MKINSTALLDIRS) $(DESTDIR)$(statedir) - @for ext in dll x; do \ - file=apachecore.$$ext; \ - if test -f $$file; then \ ---- httpd-2.4.37/modules/dav/fs/mod_dav_fs.c.r1842929+ -+++ httpd-2.4.37/modules/dav/fs/mod_dav_fs.c -@@ -29,6 +29,10 @@ +diff --git a/modules/dav/fs/mod_dav_fs.c b/modules/dav/fs/mod_dav_fs.c +index addfd7e..2389f8f 100644 +--- a/modules/dav/fs/mod_dav_fs.c ++++ b/modules/dav/fs/mod_dav_fs.c +@@ -29,6 +29,10 @@ typedef struct { extern module AP_MODULE_DECLARE_DATA dav_fs_module; @@ -203,22 +96,45 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 const char *dav_get_lockdb_path(const request_rec *r) { dav_fs_server_conf *conf; -@@ -39,7 +43,11 @@ - - static void *dav_fs_create_server_config(apr_pool_t *p, server_rec *s) - { -- return apr_pcalloc(p, sizeof(dav_fs_server_conf)); -+ dav_fs_server_conf *conf = apr_pcalloc(p, sizeof(dav_fs_server_conf)); -+ -+ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB); -+ -+ return conf; +@@ -57,6 +61,24 @@ static void *dav_fs_merge_server_config(apr_pool_t *p, + return newconf; } - static void *dav_fs_merge_server_config(apr_pool_t *p, ---- httpd-2.4.37/modules/md/mod_md_config.c.r1842929+ -+++ httpd-2.4.37/modules/md/mod_md_config.c -@@ -54,10 +54,14 @@ ++static apr_status_t dav_fs_post_config(apr_pool_t *p, apr_pool_t *plog, ++ apr_pool_t *ptemp, server_rec *base_server) ++{ ++ server_rec *s; ++ ++ for (s = base_server; s; s = s->next) { ++ dav_fs_server_conf *conf; ++ ++ conf = ap_get_module_config(s->module_config, &dav_fs_module); ++ ++ if (!conf->lockdb_path) { ++ conf->lockdb_path = ap_state_dir_relative(p, DEFAULT_DAV_LOCKDB); ++ } ++ } ++ ++ return OK; ++} ++ + /* + * Command handler for the DAVLockDB directive, which is TAKE1 + */ +@@ -87,6 +109,8 @@ static const command_rec dav_fs_cmds[] = + + static void register_hooks(apr_pool_t *p) + { ++ ap_hook_post_config(dav_fs_post_config, NULL, NULL, APR_HOOK_MIDDLE); ++ + dav_hook_gather_propsets(dav_fs_gather_propsets, NULL, NULL, + APR_HOOK_MIDDLE); + dav_hook_find_liveprop(dav_fs_find_liveprop, NULL, NULL, APR_HOOK_MIDDLE); +diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c +index 336a21b..4d50e26 100644 +--- a/modules/md/mod_md_config.c ++++ b/modules/md/mod_md_config.c +@@ -54,10 +54,18 @@ #define DEF_VAL (-1) @@ -230,21 +146,32 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 static md_mod_conf_t defmc = { NULL, - "md", -+ NULL, ++#if 1 ++ NULL, /* apply default state-dir-relative */ ++#else ++ MD_DEFAULT_BASE_DIR, ++#endif NULL, NULL, 80, -@@ -112,6 +116,7 @@ - memcpy(mod_md_config, &defmc, sizeof(*mod_md_config)); - mod_md_config->mds = apr_array_make(pool, 5, sizeof(const md_t *)); - mod_md_config->unused_names = apr_array_make(pool, 5, sizeof(const md_t *)); -+ mod_md_config->base_dir = ap_state_dir_relative(pool, MD_DEFAULT_BASE_DIR); - - apr_pool_cleanup_register(pool, NULL, cleanup_mod_config, apr_pool_cleanup_null); +@@ -864,6 +872,12 @@ apr_status_t md_config_post_config(server_rec *s, apr_pool_t *p) + if (mc->hsts_max_age > 0) { + mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age); } ---- httpd-2.4.37/server/core.c.r1842929+ -+++ httpd-2.4.37/server/core.c -@@ -129,6 +129,8 @@ ++ ++#if 1 ++ if (mc->base_dir == NULL) { ++ mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR); ++ } ++#endif + + return APR_SUCCESS; + } +diff --git a/server/core.c b/server/core.c +index bbe52e0..b5ab429 100644 +--- a/server/core.c ++++ b/server/core.c +@@ -133,6 +133,8 @@ AP_DECLARE_DATA int ap_main_state = AP_SQ_MS_INITIAL_STARTUP; AP_DECLARE_DATA int ap_run_mode = AP_SQ_RM_UNKNOWN; AP_DECLARE_DATA int ap_config_generation = 0; @@ -253,7 +180,25 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 static void *create_core_dir_config(apr_pool_t *a, char *dir) { core_dir_config *conf; -@@ -3104,6 +3106,24 @@ +@@ -1411,12 +1413,15 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word) + return res_buf; + } + +-static int reset_config_defines(void *dummy) ++/* pconf cleanup - clear global variables set from config here. */ ++static apr_status_t reset_config(void *dummy) + { + ap_server_config_defines = saved_server_config_defines; + saved_server_config_defines = NULL; + server_config_defined_vars = NULL; +- return OK; ++ core_state_dir = NULL; ++ ++ return APR_SUCCESS; + } + + /* +@@ -3108,6 +3113,24 @@ static const char *set_runtime_dir(cmd_parms *cmd, void *dummy, const char *arg) return NULL; } @@ -278,7 +223,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 static const char *set_timeout(cmd_parms *cmd, void *dummy, const char *arg) { const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT); -@@ -4398,6 +4418,8 @@ +@@ -4409,6 +4432,8 @@ AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ, "Common directory of server-related files (logs, confs, etc.)"), AP_INIT_TAKE1("DefaultRuntimeDir", set_runtime_dir, NULL, RSRC_CONF | EXEC_ON_READ, "Common directory for run-time files (shared memory, locks, etc.)"), @@ -287,7 +232,17 @@ http://svn.apache.org/viewvc?view=revision&revision=1842931 AP_INIT_TAKE1("ErrorLog", set_server_string_slot, (void *)APR_OFFSETOF(server_rec, error_fname), RSRC_CONF, "The filename of the error log"), -@@ -5150,6 +5172,27 @@ +@@ -4932,8 +4957,7 @@ static int core_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptem + + if (!saved_server_config_defines) + init_config_defines(pconf); +- apr_pool_cleanup_register(pconf, NULL, reset_config_defines, +- apr_pool_cleanup_null); ++ apr_pool_cleanup_register(pconf, NULL, reset_config, apr_pool_cleanup_null); + + ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY); + +@@ -5202,6 +5226,27 @@ AP_DECLARE(int) ap_state_query(int query) } } diff --git a/SOURCES/httpd-2.4.37-state-dir.patch b/SOURCES/httpd-2.4.37-state-dir.patch deleted file mode 100644 index e6962c1..0000000 --- a/SOURCES/httpd-2.4.37-state-dir.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/server/core.c 2019/02/05 09:44:29 1852981 -+++ b/server/core.c 2019/02/05 10:11:44 1852982 -@@ -5293,6 +5293,7 @@ - ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY); - - mpm_common_pre_config(pconf); -+ core_state_dir = NULL; - - return OK; - } diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec index 0709068..295e757 100644 --- a/SPECS/httpd.spec +++ b/SPECS/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.37 -Release: 12%{?dist} +Release: 16%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -55,6 +55,7 @@ Source41: htcacheclean.sysconf Source42: httpd-init.service Source43: httpd-ssl-gencerts Source44: httpd@.service +Source45: config.layout # build/scripts patches # http://bugzilla.redhat.com/show_bug.cgi?id=1231924 @@ -63,7 +64,6 @@ Source44: httpd@.service Patch1: httpd-2.4.35-apachectl.patch Patch2: httpd-2.4.28-apxs.patch Patch3: httpd-2.4.35-deplibs.patch -Patch4: httpd-2.4.35-layout.patch # Needed for socket activation and mod_systemd patch Patch19: httpd-2.4.35-detect-systemd.patch @@ -98,14 +98,19 @@ Patch63: httpd-2.4.28-r1811831.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1602548 Patch65: httpd-2.4.35-r1842888.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1653009 +# https://bugzilla.redhat.com/show_bug.cgi?id=1672977 +# https://bugzilla.redhat.com/show_bug.cgi?id=1673022 Patch66: httpd-2.4.37-r1842929+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1630432 Patch67: httpd-2.4.35-r1825120.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1670716 Patch68: httpd-2.4.37-fips-segfault.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1672977 -Patch69: httpd-2.4.37-state-dir.patch - +# https://bugzilla.redhat.com/show_bug.cgi?id=1669221 +Patch70: httpd-2.4.37-r1840554.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1673022 +Patch71: httpd-2.4.37-mod-md-perms.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1724549 +Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch # Security fixes Patch200: httpd-2.4.37-r1851471.patch @@ -113,10 +118,14 @@ Patch200: httpd-2.4.37-r1851471.patch Patch201: httpd-2.4.37-CVE-2019-0211.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1695025 Patch202: httpd-2.4.37-CVE-2019-0215.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1696141 +Patch203: httpd-2.4.37-CVE-2019-0217.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1696097 +Patch204: httpd-2.4.37-CVE-2019-0220.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1741860 # https://bugzilla.redhat.com/show_bug.cgi?id=1741864 # https://bugzilla.redhat.com/show_bug.cgi?id=1741868 -Patch203: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch +Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch License: ASL 2.0 Group: System Environment/Daemons @@ -255,7 +264,6 @@ interface for storing and accessing per-user session data. %patch1 -p1 -b .apctl %patch2 -p1 -b .apxs %patch3 -p1 -b .deplibs -%patch4 -p1 -b .layout %patch19 -p1 -b .detectsystemd %patch20 -p1 -b .export @@ -279,12 +287,16 @@ interface for storing and accessing per-user session data. %patch66 -p1 -b .r1842929+ %patch67 -p1 -b .r1825120 %patch68 -p1 -b .fipscore -%patch69 -p1 -b .statedir +%patch70 -p1 -b .r1840554 +%patch71 -p1 -b .modmdperms +%patch72 -p1 -b .mimemagic %patch200 -p1 -b .r1851471 %patch201 -p1 -b .CVE-2019-0211 %patch202 -p1 -b .CVE-2019-0215 -%patch203 -p1 -b .CVE-2019-9511-and-9516-and-9517 +%patch203 -p1 -b .CVE-2019-0217 +%patch204 -p1 -b .CVE-2019-0220 +%patch205 -p1 -b .CVE-2019-9511-and-9516-and-9517 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -311,6 +323,9 @@ if test "x${vmmn}" != "x%{mmn}"; then exit 1 fi +# Provide default layout +cp $RPM_SOURCE_DIR/config.layout . + sed ' s,@MPM@,%{mpm},g s,@DOCROOT@,%{docroot},g @@ -334,7 +349,7 @@ autoheader && autoconf || exit 1 # Before configure; fix location of build dir in generated apxs %{__perl} -pi -e "s:\@exp_installbuilddir\@:%{_libdir}/httpd/build:g" \ - support/apxs.in + support/apxs.in export CFLAGS=$RPM_OPT_FLAGS export LDFLAGS="-Wl,-z,relro,-z,now" @@ -512,6 +527,7 @@ ln -s ../../pixmaps/poweredby.png \ $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png # symlinks for /etc/httpd +rmdir $RPM_BUILD_ROOT/etc/httpd/{state,run} ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs ln -s ../..%{_localstatedir}/lib/httpd $RPM_BUILD_ROOT/etc/httpd/state ln -s /run/httpd $RPM_BUILD_ROOT/etc/httpd/run @@ -520,11 +536,11 @@ ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules # install http-ssl-pass-dialog mkdir -p $RPM_BUILD_ROOT%{_libexecdir} install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \ - $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog + $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-pass-dialog # install http-ssl-gencerts install -m755 $RPM_SOURCE_DIR/httpd-ssl-gencerts \ - $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts + $RPM_BUILD_ROOT%{_libexecdir}/httpd-ssl-gencerts # Install action scripts mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/initscripts/legacy-actions/httpd @@ -536,7 +552,7 @@ done # Install logrotate config mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \ - $RPM_BUILD_ROOT/etc/logrotate.d/httpd + $RPM_BUILD_ROOT/etc/logrotate.d/httpd # Install man pages install -d $RPM_BUILD_ROOT%{_mandir}/man8 $RPM_BUILD_ROOT%{_mandir}/man5 @@ -789,18 +805,34 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog -* Thu Aug 29 2019 Lubos Uhliarik - 2.4.37-12 -- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount +* Thu Aug 29 2019 Lubos Uhliarik - 2.4.37-16 +- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service -- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length +- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service -- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request - for large response leads to denial of service +- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for + large response leads to denial of service -* Wed Apr 03 2019 Lubos Uhliarik - 2.4.37-11 -- Resolves: #1695431 - CVE-2019-0211 httpd: privilege escalation +* Tue Jul 16 2019 Lubos Uhliarik - 2.4.37-15 +- Resolves: #1730721 - absolute path used for default state and runtime dir by + default + +* Thu Jun 27 2019 Lubos Uhliarik - 2.4.37-14 +- Resolves: #1724549 - httpd response contains garbage in Content-Type header + +* Wed Jun 12 2019 Lubos Uhliarik - 2.4.37-13 +- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access + control bypass due to race condition +- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization + inconsistency +- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd + causes systemctl to hang +- Resolves: #1673022 - httpd can not be started with mod_md enabled + +* Mon Apr 08 2019 Lubos Uhliarik - 2.4.37-11 +- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation from modules scripts -- Resolves: #1696090 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control +- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control bypass when using per-location client certification authentication * Wed Feb 06 2019 Lubos Uhliarik - 2.4.37-10
    Description:Determines whether trailers are merged into headers