diff --git a/httpd-2.4.37-mod_status-duplicate-key.patch b/httpd-2.4.37-mod_status-duplicate-key.patch
new file mode 100644
index 0000000..8702cb3
--- /dev/null
+++ b/httpd-2.4.37-mod_status-duplicate-key.patch
@@ -0,0 +1,162 @@
+--- a/modules/generators/mod_status.c 2023/04/26 08:30:14 1909428
++++ b/modules/generators/mod_status.c 2023/04/26 10:08:42 1909429
+@@ -186,7 +186,8 @@
+ apr_uint32_t up_time;
+ ap_loadavg_t t;
+ int j, i, res, written;
+- int ready;
++ int idle;
++ int graceful;
+ int busy;
+ unsigned long count;
+ unsigned long lres, my_lres, conn_lres;
+@@ -203,6 +204,7 @@
+ char *stat_buffer;
+ pid_t *pid_buffer, worker_pid;
+ int *thread_idle_buffer = NULL;
++ int *thread_graceful_buffer = NULL;
+ int *thread_busy_buffer = NULL;
+ clock_t tu, ts, tcu, tcs;
+ clock_t gu, gs, gcu, gcs;
+@@ -231,7 +233,8 @@
+ #endif
+ #endif
+
+- ready = 0;
++ idle = 0;
++ graceful = 0;
+ busy = 0;
+ count = 0;
+ bcount = 0;
+@@ -250,6 +253,7 @@
+ stat_buffer = apr_palloc(r->pool, server_limit * thread_limit * sizeof(char));
+ if (is_async) {
+ thread_idle_buffer = apr_palloc(r->pool, server_limit * sizeof(int));
++ thread_graceful_buffer = apr_palloc(r->pool, server_limit * sizeof(int));
+ thread_busy_buffer = apr_palloc(r->pool, server_limit * sizeof(int));
+ }
+
+@@ -318,6 +322,7 @@
+ ps_record = ap_get_scoreboard_process(i);
+ if (is_async) {
+ thread_idle_buffer[i] = 0;
++ thread_graceful_buffer[i] = 0;
+ thread_busy_buffer[i] = 0;
+ }
+ for (j = 0; j < thread_limit; ++j) {
+@@ -336,18 +341,20 @@
+ && ps_record->pid) {
+ if (res == SERVER_READY) {
+ if (ps_record->generation == mpm_generation)
+- ready++;
++ idle++;
+ if (is_async)
+ thread_idle_buffer[i]++;
+ }
+ else if (res != SERVER_DEAD &&
+ res != SERVER_STARTING &&
+ res != SERVER_IDLE_KILL) {
+- busy++;
+- if (is_async) {
+- if (res == SERVER_GRACEFUL)
+- thread_idle_buffer[i]++;
+- else
++ if (res == SERVER_GRACEFUL)
++ graceful++;
++ if (is_async) {
++ thread_graceful_buffer[i]++;
++ } else {
++ busy++;
++ if (is_async)
+ thread_busy_buffer[i]++;
+ }
+ }
+@@ -548,10 +555,10 @@
+ } /* ap_extended_status */
+
+ if (!short_report)
+- ap_rprintf(r, "%d requests currently being processed, "
+- "%d idle workers\n", busy, ready);
++ ap_rprintf(r, "%d requests currently being processed, %d workers gracefully restarting, "
++ "%d idle workers\n", busy, graceful, idle);
+ else
+- ap_rprintf(r, "BusyWorkers: %d\nIdleWorkers: %d\n", busy, ready);
++ ap_rprintf(r, "BusyWorkers: %d\nGracefulWorkers: %d\nIdleWorkers: %d\n", busy, graceful, idle);
+
+ if (!short_report)
+ ap_rputs("", r);
+@@ -559,11 +566,6 @@
+ if (is_async) {
+ int write_completion = 0, lingering_close = 0, keep_alive = 0,
+ connections = 0, stopping = 0, procs = 0;
+- /*
+- * These differ from 'busy' and 'ready' in how gracefully finishing
+- * threads are counted. XXX: How to make this clear in the html?
+- */
+- int busy_workers = 0, idle_workers = 0;
+ if (!short_report)
+ ap_rputs("\n\n\n"
+ "| Slot | "
+@@ -573,7 +575,7 @@
+ "Threads | "
+ "Async connections |
|---|
\n"
+ "| total | accepting | "
+- "busy | idle | "
++ "busy | graceful | idle | "
+ "writing | keep-alive | closing |
|---|
\n", r);
+ for (i = 0; i < server_limit; ++i) {
+ ps_record = ap_get_scoreboard_process(i);
+@@ -582,8 +584,6 @@
+ write_completion += ps_record->write_completion;
+ keep_alive += ps_record->keep_alive;
+ lingering_close += ps_record->lingering_close;
+- busy_workers += thread_busy_buffer[i];
+- idle_workers += thread_idle_buffer[i];
+ procs++;
+ if (ps_record->quiescing) {
+ stopping++;
+@@ -599,7 +599,7 @@
+ ap_rprintf(r, "| %u | %" APR_PID_T_FMT " | "
+ "%s%s | "
+ "%u | %s | "
+- "%u | %u | "
++ "%u | %u | %u | "
+ "%u | %u | %u | "
+ "
\n",
+ i, ps_record->pid,
+@@ -607,6 +607,7 @@
+ ps_record->connections,
+ ps_record->not_accepting ? "no" : "yes",
+ thread_busy_buffer[i],
++ thread_graceful_buffer[i],
+ thread_idle_buffer[i],
+ ps_record->write_completion,
+ ps_record->keep_alive,
+@@ -618,25 +619,22 @@
+ ap_rprintf(r, "| Sum | "
+ "%d | %d | "
+ "%d | | "
+- "%d | %d | "
++ "%d | %d | %d | "
+ "%d | %d | %d | "
+ "
\n
\n",
+ procs, stopping,
+ connections,
+- busy_workers, idle_workers,
++ busy, graceful, idle,
+ write_completion, keep_alive, lingering_close);
+ }
+ else {
+ ap_rprintf(r, "Processes: %d\n"
+ "Stopping: %d\n"
+- "BusyWorkers: %d\n"
+- "IdleWorkers: %d\n"
+ "ConnsTotal: %d\n"
+ "ConnsAsyncWriting: %d\n"
+ "ConnsAsyncKeepAlive: %d\n"
+ "ConnsAsyncClosing: %d\n",
+ procs, stopping,
+- busy_workers, idle_workers,
+ connections,
+ write_completion, keep_alive, lingering_close);
+ }
diff --git a/httpd.spec b/httpd.spec
index c163274..c0d26c2 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
-Release: 57%{?dist}
+Release: 58%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source2: httpd.logrotate
@@ -165,6 +165,8 @@ Patch89: httpd-2.4.37-r1862410.patch
Patch90: httpd-2.4.37-hcheck-mem-issues.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2017543
Patch91: httpd-2.4.37-add-SNI-support.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2159603
+Patch92: httpd-2.4.37-mod_status-duplicate-key.patch
# Security fixes
Patch200: httpd-2.4.37-r1851471.patch
@@ -431,6 +433,7 @@ interface for storing and accessing per-user session data.
%patch89 -p1 -b .r1862410
%patch90 -p1 -b .hcheck-mem-issues
%patch91 -p1 -b .SNI
+%patch92 -p1 -b .mod_status-dupl
%patch200 -p1 -b .r1851471
%patch201 -p1 -b .CVE-2019-0211
@@ -977,6 +980,9 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
+* Mon Jul 17 2023 Tomas Korbar - 2.4.37-58
+- Resolves: #2159603 - mod_status lists BusyWorkers IdleWorkers keys twice
+
* Thu May 25 2023 Luboš Uhliarik - 2.4.37-57
- Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP
response splitting