Merge branch 'c8-stream-2.4' into a8-stream-2.4

This commit is contained in:
Andrew Lukoshko 2021-10-14 17:10:26 +00:00
commit 9b0dd37f86
3 changed files with 56 additions and 3 deletions

View File

@ -0,0 +1,13 @@
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 049255d..af70f6b 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -317,7 +317,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
static int identity_count(void *v, const char *key, const char *val)
{
int *count = v;
- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
+ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
return 1;
}

View File

@ -0,0 +1,29 @@
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index f383996..6a9ef55 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1717,7 +1717,8 @@ PROXY_DECLARE(const char *) ap_proxy_de_socketfy(apr_pool_t *p, const char *url)
* the UDS path... ignore it
*/
if (!strncasecmp(url, "unix:", 5) &&
- ((ptr = ap_strchr_c(url, '|')) != NULL)) {
+ ((ptr = ap_strchr_c(url + 5, '|')) != NULL)) {
+
/* move past the 'unix:...|' UDS path info */
const char *ret, *c;
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 7714b6c..421f910 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2090,8 +2090,8 @@ static void fix_uds_filename(request_rec *r, char **url)
if (!r || !r->filename) return;
if (!strncmp(r->filename, "proxy:", 6) &&
- (ptr2 = ap_strcasestr(r->filename, "unix:")) &&
- (ptr = ap_strchr(ptr2, '|'))) {
+ !ap_cstr_casecmpn(r->filename + 6, "unix:", 5) &&
+ (ptr2 = r->filename + 6 + 5, ptr = ap_strchr(ptr2, '|'))) {
apr_uri_t urisock;
apr_status_t rv;
*ptr = '\0';

View File

@ -1,4 +1,3 @@
%global dist %{?dist}.alma
%define contentdir %{_datadir}/httpd
%define docroot /var/www
%define suexec_caller apache
@ -14,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 39%{?dist}
Release: 39%{?dist}.1.alma
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source2: httpd.logrotate
@ -180,6 +179,10 @@ Patch209: httpd-2.4.37-CVE-2020-1934.patch
Patch210: httpd-2.4.37-CVE-2018-17199.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1866563
Patch211: httpd-2.4.37-CVE-2020-11984.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2005117
Patch212: httpd-2.4.37-CVE-2021-40438.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1966732
Patch213: httpd-2.4.37-CVE-2021-26691.patch
License: ASL 2.0
Group: System Environment/Daemons
@ -366,6 +369,8 @@ interface for storing and accessing per-user session data.
%patch209 -p1 -b .CVE-2020-1934
%patch210 -p1 -b .CVE-2018-17199
%patch211 -p1 -b .CVE-2020-11984
%patch212 -p1 -b .CVE-2021-40438
%patch213 -p1 -b .CVE-2021-26691
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -868,9 +873,15 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Tue Apr 20 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 2.4.37-39.alma
* Wed Oct 13 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 2.4.37-39.1.alma
- include AlmaLinux in version string
* Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-39.1
- Resolves: #2007234 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
a crafted request uri-path
- Resolves: #2007646 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
mod_session
* Tue Jan 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 2.4.37-39
- prevent htcacheclean from while break when first file processed