From bc238b515be86003eba1375a9a6a5ac777d0f47f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Fri, 3 May 2024 13:51:17 +0200 Subject: [PATCH] new version 2.4.59 Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) --- .gitignore | 1 + httpd-2.4.43-r1861793+.patch | 271 ---- httpd-2.4.46-htcacheclean-dont-break.patch | 13 - httpd-2.4.48-r1828172+.patch | 1411 ----------------- httpd-2.4.51-r1811831.patch | 81 - httpd-2.4.51-r1877397.patch | 30 +- httpd-2.4.51-r1892413+.patch | 156 -- httpd-2.4.53-r1878890.patch | 116 -- httpd-2.4.57-CVE-2023-31122.patch | 11 - httpd-2.4.57-covscan.patch | 14 - httpd-2.4.57-davenoent.patch | 51 - httpd-2.4.57-gettid.patch | 81 - httpd-2.4.57-mod_status-duplicate-key.patch | 170 -- httpd-2.4.57-pr37355.patch | 143 -- httpd-2.4.57-r1825120.patch | 99 -- httpd-2.4.57-r1884505+.patch | 39 - httpd-2.4.57-r1912081.patch | 91 -- httpd-2.4.57-selinux.patch | 14 +- ...eplibs.patch => httpd-2.4.59-deplibs.patch | 4 +- httpd.spec | 113 +- sources | 4 +- 21 files changed, 64 insertions(+), 2849 deletions(-) delete mode 100644 httpd-2.4.43-r1861793+.patch delete mode 100644 httpd-2.4.46-htcacheclean-dont-break.patch delete mode 100644 httpd-2.4.48-r1828172+.patch delete mode 100644 httpd-2.4.51-r1811831.patch delete mode 100644 httpd-2.4.51-r1892413+.patch delete mode 100644 httpd-2.4.53-r1878890.patch delete mode 100644 httpd-2.4.57-CVE-2023-31122.patch delete mode 100644 httpd-2.4.57-covscan.patch delete mode 100644 httpd-2.4.57-davenoent.patch delete mode 100644 httpd-2.4.57-gettid.patch delete mode 100644 httpd-2.4.57-mod_status-duplicate-key.patch delete mode 100644 httpd-2.4.57-pr37355.patch delete mode 100644 httpd-2.4.57-r1825120.patch delete mode 100644 httpd-2.4.57-r1884505+.patch delete mode 100644 httpd-2.4.57-r1912081.patch rename httpd-2.4.43-deplibs.patch => httpd-2.4.59-deplibs.patch (87%) diff --git a/.gitignore b/.gitignore index fd136f8..c1cd9df 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,4 @@ x86_64 /httpd-2.4.51.tar.bz2.asc /httpd-2.4.53.tar.bz2.asc /httpd-2.4.57.tar.bz2.asc +/httpd-2.4.59.tar.bz2.asc diff --git a/httpd-2.4.43-r1861793+.patch b/httpd-2.4.43-r1861793+.patch deleted file mode 100644 index 08e96cb..0000000 --- a/httpd-2.4.43-r1861793+.patch +++ /dev/null @@ -1,271 +0,0 @@ -diff --git a/configure.in b/configure.in -index cb43246..0bb6b0d 100644 ---- httpd-2.4.43/configure.in.r1861793+ -+++ httpd-2.4.43/configure.in -@@ -465,6 +465,28 @@ - AC_SEARCH_LIBS(crypt, crypt) - CRYPT_LIBS="$LIBS" - APACHE_SUBST(CRYPT_LIBS) -+ -+if test "$ac_cv_search_crypt" != "no"; then -+ # Test crypt() with the SHA-512 test vector from https://akkadia.org/drepper/SHA-crypt.txt -+ AC_CACHE_CHECK([whether crypt() supports SHA-2], [ap_cv_crypt_sha2], [ -+ AC_RUN_IFELSE([AC_LANG_PROGRAM([[ -+#include -+#include -+#include -+ -+#define PASSWD_0 "Hello world!" -+#define SALT_0 "\$6\$saltstring" -+#define EXPECT_0 "\$6\$saltstring\$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu" \ -+ "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1" -+]], [char *result = crypt(PASSWD_0, SALT_0); -+ if (!result) return 1; -+ if (strcmp(result, EXPECT_0)) return 2; -+])], [ap_cv_crypt_sha2=yes], [ap_cv_crypt_sha2=no])]) -+ if test "$ap_cv_crypt_sha2" = yes; then -+ AC_DEFINE([HAVE_CRYPT_SHA2], 1, [Define if crypt() supports SHA-2 hashes]) -+ fi -+fi -+ - LIBS="$saved_LIBS" - - dnl See Comment #Spoon ---- httpd-2.4.43/docs/man/htpasswd.1.r1861793+ -+++ httpd-2.4.43/docs/man/htpasswd.1 -@@ -27,16 +27,16 @@ - .SH "SYNOPSIS" - - .PP --\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR\fR -+\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | -\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR\fR - - .PP --\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR -+\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | -\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR - - .PP --\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR -+\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fB2\fR | -\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR - - .PP --\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR -+\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fB2\fR | -\fB5\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBr\fR \fIrounds\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR - - - .SH "SUMMARY" -@@ -48,7 +48,7 @@ - Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBhtpasswd\fR\&. This program can only manage usernames and passwords stored in a flat-file\&. It can encrypt and display password information for use in other types of data stores, though\&. To use a DBM database see dbmmanage or htdbm\&. - - .PP --\fBhtpasswd\fR encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's \fBcrypt()\fR routine\&. Files managed by \fBhtpasswd\fR may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with \fBcrypt()\fR\&. -+\fBhtpasswd\fR encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA-1, or the system's \fBcrypt()\fR routine\&. SHA-2-based hashes (SHA-256 and SHA-512) are supported for \fBcrypt()\fR\&. Files managed by \fBhtpasswd\fR may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with \fBcrypt()\fR\&. - - .PP - This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. -@@ -73,17 +73,26 @@ - \fB-m\fR - Use MD5 encryption for passwords\&. This is the default (since version 2\&.2\&.18)\&. - .TP -+\fB-2\fR -+Use SHA-256 \fBcrypt()\fR based hashes for passwords\&. This is supported on most Unix platforms\&. -+.TP -+\fB-5\fR -+Use SHA-512 \fBcrypt()\fR based hashes for passwords\&. This is supported on most Unix platforms\&. -+.TP - \fB-B\fR - Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&. - .TP - \fB-C\fR - This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 17)\&. - .TP -+\fB-r\fR -+This flag is only allowed in combination with \fB-2\fR or \fB-5\fR\&. It sets the number of hash rounds used for the SHA-2 algorithms (higher is more secure but slower; the default is 5,000)\&. -+.TP - \fB-d\fR - Use \fBcrypt()\fR encryption for passwords\&. This is not supported by the httpd server on Windows and Netware\&. This algorithm limits the password length to 8 characters\&. This algorithm is \fBinsecure\fR by today's standards\&. It used to be the default algorithm until version 2\&.2\&.17\&. - .TP - \fB-s\fR --Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&. -+Use SHA-1 (160-bit) encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&. - .TP - \fB-p\fR - Use plaintext passwords\&. Though \fBhtpasswd\fR will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&. -@@ -152,10 +161,13 @@ - When using the \fBcrypt()\fR algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&. - - .PP --The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&. -+The SHA-1 encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&. -+ -+.PP -+The SHA-1 and \fBcrypt()\fR formats are insecure by today's standards\&. - - .PP --The SHA and \fBcrypt()\fR formats are insecure by today's standards\&. -+The SHA-2-based \fBcrypt()\fR formats (SHA-256 and SHA-512) are supported on most modern Unix systems, and follow the specification at https://www\&.akkadia\&.org/drepper/SHA-crypt\&.txt\&. - - .SH "RESTRICTIONS" - ---- httpd-2.4.43/support/htpasswd.c.r1861793+ -+++ httpd-2.4.43/support/htpasswd.c -@@ -109,17 +109,21 @@ - "for it." NL - " -i Read password from stdin without verification (for script usage)." NL - " -m Force MD5 encryption of the password (default)." NL -- " -B Force bcrypt encryption of the password (very secure)." NL -+ " -2 Force SHA-256 crypt() hash of the password (very secure)." NL -+ " -5 Force SHA-512 crypt() hash of the password (very secure)." NL -+ " -B Force bcrypt encryption of the password (very secure)." NL - " -C Set the computing time used for the bcrypt algorithm" NL - " (higher is more secure but slower, default: %d, valid: 4 to 17)." NL -+ " -r Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL -+ " (higher is more secure but slower, default: 5000)." NL - " -d Force CRYPT encryption of the password (8 chars max, insecure)." NL -- " -s Force SHA encryption of the password (insecure)." NL -+ " -s Force SHA-1 encryption of the password (insecure)." NL - " -p Do not encrypt the password (plaintext, insecure)." NL - " -D Delete the specified user." NL - " -v Verify password for the specified user." NL - "On other systems than Windows and NetWare the '-p' flag will " - "probably not work." NL -- "The SHA algorithm does not use a salt and is less secure than the " -+ "The SHA-1 algorithm does not use a salt and is less secure than the " - "MD5 algorithm." NL, - BCRYPT_DEFAULT_COST - ); -@@ -178,7 +182,7 @@ - if (rv != APR_SUCCESS) - exit(ERR_SYNTAX); - -- while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) { -+ while ((rv = apr_getopt(state, "cnmspdBbDi25C:r:v", &opt, &opt_arg)) == APR_SUCCESS) { - switch (opt) { - case 'c': - *mask |= APHTP_NEWFILE; ---- httpd-2.4.43/support/passwd_common.c.r1861793+ -+++ httpd-2.4.43/support/passwd_common.c -@@ -179,16 +179,21 @@ - int mkhash(struct passwd_ctx *ctx) - { - char *pw; -- char salt[16]; -+ char salt[17]; - apr_status_t rv; - int ret = 0; - #if CRYPT_ALGO_SUPPORTED - char *cbuf; - #endif -+#ifdef HAVE_CRYPT_SHA2 -+ const char *setting; -+ char method; -+#endif - -- if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT) { -+ if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT -+ && ctx->alg != ALG_CRYPT_SHA256 && ctx->alg != ALG_CRYPT_SHA512 ) { - apr_file_printf(errfile, -- "Warning: Ignoring -C argument for this algorithm." NL); -+ "Warning: Ignoring -C/-r argument for this algorithm." NL); - } - - if (ctx->passwd == NULL) { -@@ -246,6 +251,34 @@ - break; - #endif /* CRYPT_ALGO_SUPPORTED */ - -+#ifdef HAVE_CRYPT_SHA2 -+ case ALG_CRYPT_SHA256: -+ case ALG_CRYPT_SHA512: -+ ret = generate_salt(salt, 16, &ctx->errstr, ctx->pool); -+ if (ret != 0) -+ break; -+ -+ method = ctx->alg == ALG_CRYPT_SHA256 ? '5': '6'; -+ -+ if (ctx->cost) -+ setting = apr_psprintf(ctx->pool, "$%c$rounds=%d$%s", -+ method, ctx->cost, salt); -+ else -+ setting = apr_psprintf(ctx->pool, "$%c$%s", -+ method, salt); -+ -+ cbuf = crypt(pw, setting); -+ if (cbuf == NULL) { -+ rv = APR_FROM_OS_ERROR(errno); -+ ctx->errstr = apr_psprintf(ctx->pool, "crypt() failed: %pm", &rv); -+ ret = ERR_PWMISMATCH; -+ break; -+ } -+ -+ apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1); -+ break; -+#endif /* HAVE_CRYPT_SHA2 */ -+ - #if BCRYPT_ALGO_SUPPORTED - case ALG_BCRYPT: - rv = apr_generate_random_bytes((unsigned char*)salt, 16); -@@ -294,6 +327,19 @@ - case 's': - ctx->alg = ALG_APSHA; - break; -+#ifdef HAVE_CRYPT_SHA2 -+ case '2': -+ ctx->alg = ALG_CRYPT_SHA256; -+ break; -+ case '5': -+ ctx->alg = ALG_CRYPT_SHA512; -+ break; -+#else -+ case '2': -+ case '5': -+ ctx->errstr = "SHA-2 crypt() algorithms are not supported on this platform."; -+ return ERR_ALG_NOT_SUPP; -+#endif - case 'p': - ctx->alg = ALG_PLAIN; - #if !PLAIN_ALGO_SUPPORTED -@@ -324,11 +370,12 @@ - return ERR_ALG_NOT_SUPP; - #endif - break; -- case 'C': { -+ case 'C': -+ case 'r': { - char *endptr; - long num = strtol(opt_arg, &endptr, 10); - if (*endptr != '\0' || num <= 0) { -- ctx->errstr = "argument to -C must be a positive integer"; -+ ctx->errstr = "argument to -C/-r must be a positive integer"; - return ERR_SYNTAX; - } - ctx->cost = num; ---- httpd-2.4.43/support/passwd_common.h.r1861793+ -+++ httpd-2.4.43/support/passwd_common.h -@@ -28,6 +28,8 @@ - #include "apu_version.h" - #endif - -+#include "ap_config_auto.h" -+ - #define MAX_STRING_LEN 256 - - #define ALG_PLAIN 0 -@@ -35,6 +37,8 @@ - #define ALG_APMD5 2 - #define ALG_APSHA 3 - #define ALG_BCRYPT 4 -+#define ALG_CRYPT_SHA256 5 -+#define ALG_CRYPT_SHA512 6 - - #define BCRYPT_DEFAULT_COST 5 - -@@ -84,7 +88,7 @@ - apr_size_t out_len; - char *passwd; - int alg; -- int cost; -+ int cost; /* cost for bcrypt, rounds for SHA-2 */ - enum { - PW_PROMPT = 0, - PW_ARG, diff --git a/httpd-2.4.46-htcacheclean-dont-break.patch b/httpd-2.4.46-htcacheclean-dont-break.patch deleted file mode 100644 index e52318a..0000000 --- a/httpd-2.4.46-htcacheclean-dont-break.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/support/htcacheclean.c b/support/htcacheclean.c -index 958ba6d..0a7fe3c 100644 ---- a/support/htcacheclean.c -+++ b/support/htcacheclean.c -@@ -557,8 +557,6 @@ static int list_urls(char *path, apr_pool_t *pool, apr_off_t round) - } - } - } -- -- break; - } - } - } diff --git a/httpd-2.4.48-r1828172+.patch b/httpd-2.4.48-r1828172+.patch deleted file mode 100644 index 2b99d69..0000000 --- a/httpd-2.4.48-r1828172+.patch +++ /dev/null @@ -1,1411 +0,0 @@ ---- httpd-2.4.48/modules/generators/cgi_common.h.r1828172+ -+++ httpd-2.4.48/modules/generators/cgi_common.h -@@ -0,0 +1,366 @@ -+/* Licensed to the Apache Software Foundation (ASF) under one or more -+ * contributor license agreements. See the NOTICE file distributed with -+ * this work for additional information regarding copyright ownership. -+ * The ASF licenses this file to You under the Apache License, Version 2.0 -+ * (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+#include "apr.h" -+#include "apr_strings.h" -+#include "apr_buckets.h" -+#include "apr_lib.h" -+#include "apr_poll.h" -+ -+#define APR_WANT_STRFUNC -+#define APR_WANT_MEMFUNC -+#include "apr_want.h" -+ -+#include "httpd.h" -+#include "util_filter.h" -+ -+static void discard_script_output(apr_bucket_brigade *bb) -+{ -+ apr_bucket *e; -+ const char *buf; -+ apr_size_t len; -+ -+ for (e = APR_BRIGADE_FIRST(bb); -+ e != APR_BRIGADE_SENTINEL(bb) && !APR_BUCKET_IS_EOS(e); -+ e = APR_BRIGADE_FIRST(bb)) -+ { -+ if (apr_bucket_read(e, &buf, &len, APR_BLOCK_READ)) { -+ break; -+ } -+ apr_bucket_delete(e); -+ } -+} -+ -+#ifdef WANT_CGI_BUCKET -+/* A CGI bucket type is needed to catch any output to stderr from the -+ * script; see PR 22030. */ -+static const apr_bucket_type_t bucket_type_cgi; -+ -+struct cgi_bucket_data { -+ apr_pollset_t *pollset; -+ request_rec *r; -+ apr_interval_time_t timeout; -+}; -+ -+/* Create a CGI bucket using pipes from script stdout 'out' -+ * and stderr 'err', for request 'r'. */ -+static apr_bucket *cgi_bucket_create(request_rec *r, -+ apr_interval_time_t timeout, -+ apr_file_t *out, apr_file_t *err, -+ apr_bucket_alloc_t *list) -+{ -+ apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); -+ apr_status_t rv; -+ apr_pollfd_t fd; -+ struct cgi_bucket_data *data = apr_palloc(r->pool, sizeof *data); -+ -+ /* Disable APR timeout handling since we'll use poll() entirely. */ -+ apr_file_pipe_timeout_set(out, 0); -+ apr_file_pipe_timeout_set(err, 0); -+ -+ APR_BUCKET_INIT(b); -+ b->free = apr_bucket_free; -+ b->list = list; -+ b->type = &bucket_type_cgi; -+ b->length = (apr_size_t)(-1); -+ b->start = -1; -+ -+ /* Create the pollset */ -+ rv = apr_pollset_create(&data->pollset, 2, r->pool, 0); -+ if (rv != APR_SUCCESS) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01217) -+ "apr_pollset_create(); check system or user limits"); -+ return NULL; -+ } -+ -+ fd.desc_type = APR_POLL_FILE; -+ fd.reqevents = APR_POLLIN; -+ fd.p = r->pool; -+ fd.desc.f = out; /* script's stdout */ -+ fd.client_data = (void *)1; -+ rv = apr_pollset_add(data->pollset, &fd); -+ if (rv != APR_SUCCESS) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01218) -+ "apr_pollset_add(); check system or user limits"); -+ return NULL; -+ } -+ -+ fd.desc.f = err; /* script's stderr */ -+ fd.client_data = (void *)2; -+ rv = apr_pollset_add(data->pollset, &fd); -+ if (rv != APR_SUCCESS) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01219) -+ "apr_pollset_add(); check system or user limits"); -+ return NULL; -+ } -+ -+ data->r = r; -+ data->timeout = timeout; -+ b->data = data; -+ return b; -+} -+ -+/* Create a duplicate CGI bucket using given bucket data */ -+static apr_bucket *cgi_bucket_dup(struct cgi_bucket_data *data, -+ apr_bucket_alloc_t *list) -+{ -+ apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); -+ APR_BUCKET_INIT(b); -+ b->free = apr_bucket_free; -+ b->list = list; -+ b->type = &bucket_type_cgi; -+ b->length = (apr_size_t)(-1); -+ b->start = -1; -+ b->data = data; -+ return b; -+} -+ -+/* Handle stdout from CGI child. Duplicate of logic from the _read -+ * method of the real APR pipe bucket implementation. */ -+static apr_status_t cgi_read_stdout(apr_bucket *a, apr_file_t *out, -+ const char **str, apr_size_t *len) -+{ -+ char *buf; -+ apr_status_t rv; -+ -+ *str = NULL; -+ *len = APR_BUCKET_BUFF_SIZE; -+ buf = apr_bucket_alloc(*len, a->list); /* XXX: check for failure? */ -+ -+ rv = apr_file_read(out, buf, len); -+ -+ if (rv != APR_SUCCESS && rv != APR_EOF) { -+ apr_bucket_free(buf); -+ return rv; -+ } -+ -+ if (*len > 0) { -+ struct cgi_bucket_data *data = a->data; -+ apr_bucket_heap *h; -+ -+ /* Change the current bucket to refer to what we read */ -+ a = apr_bucket_heap_make(a, buf, *len, apr_bucket_free); -+ h = a->data; -+ h->alloc_len = APR_BUCKET_BUFF_SIZE; /* note the real buffer size */ -+ *str = buf; -+ APR_BUCKET_INSERT_AFTER(a, cgi_bucket_dup(data, a->list)); -+ } -+ else { -+ apr_bucket_free(buf); -+ a = apr_bucket_immortal_make(a, "", 0); -+ *str = a->data; -+ } -+ return rv; -+} -+ -+/* Read method of CGI bucket: polls on stderr and stdout of the child, -+ * sending any stderr output immediately away to the error log. */ -+static apr_status_t cgi_bucket_read(apr_bucket *b, const char **str, -+ apr_size_t *len, apr_read_type_e block) -+{ -+ struct cgi_bucket_data *data = b->data; -+ apr_interval_time_t timeout = 0; -+ apr_status_t rv; -+ int gotdata = 0; -+ -+ if (block != APR_NONBLOCK_READ) { -+ timeout = data->timeout > 0 ? data->timeout : data->r->server->timeout; -+ } -+ -+ do { -+ const apr_pollfd_t *results; -+ apr_int32_t num; -+ -+ rv = apr_pollset_poll(data->pollset, timeout, &num, &results); -+ if (APR_STATUS_IS_TIMEUP(rv)) { -+ if (timeout) { -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, data->r, APLOGNO(01220) -+ "Timeout waiting for output from CGI script %s", -+ data->r->filename); -+ return rv; -+ } -+ else { -+ return APR_EAGAIN; -+ } -+ } -+ else if (APR_STATUS_IS_EINTR(rv)) { -+ continue; -+ } -+ else if (rv != APR_SUCCESS) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, data->r, APLOGNO(01221) -+ "poll failed waiting for CGI child"); -+ return rv; -+ } -+ -+ for (; num; num--, results++) { -+ if (results[0].client_data == (void *)1) { -+ /* stdout */ -+ rv = cgi_read_stdout(b, results[0].desc.f, str, len); -+ if (APR_STATUS_IS_EOF(rv)) { -+ rv = APR_SUCCESS; -+ } -+ gotdata = 1; -+ } else { -+ /* stderr */ -+ apr_status_t rv2 = log_script_err(data->r, results[0].desc.f); -+ if (APR_STATUS_IS_EOF(rv2)) { -+ apr_pollset_remove(data->pollset, &results[0]); -+ } -+ } -+ } -+ -+ } while (!gotdata); -+ -+ return rv; -+} -+ -+static const apr_bucket_type_t bucket_type_cgi = { -+ "CGI", 5, APR_BUCKET_DATA, -+ apr_bucket_destroy_noop, -+ cgi_bucket_read, -+ apr_bucket_setaside_notimpl, -+ apr_bucket_split_notimpl, -+ apr_bucket_copy_notimpl -+}; -+ -+#endif /* WANT_CGI_BUCKET */ -+ -+/* Handle the CGI response output, having set up the brigade with the -+ * CGI or PIPE bucket as appropriate. */ -+static int cgi_handle_response(request_rec *r, int nph, apr_bucket_brigade *bb, -+ apr_interval_time_t timeout, cgi_server_conf *conf, -+ char *logdata, apr_file_t *script_err) -+{ -+ apr_status_t rv; -+ -+ /* Handle script return... */ -+ if (!nph) { -+ const char *location; -+ char sbuf[MAX_STRING_LEN]; -+ int ret; -+ -+ if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf, -+ APLOG_MODULE_INDEX))) -+ { -+ /* In the case of a timeout reading script output, clear -+ * the brigade to avoid a second attempt to read the -+ * output. */ -+ if (ret == HTTP_GATEWAY_TIME_OUT) { -+ apr_brigade_cleanup(bb); -+ } -+ -+ ret = log_script(r, conf, ret, logdata, sbuf, bb, script_err); -+ -+ /* -+ * ret could be HTTP_NOT_MODIFIED in the case that the CGI script -+ * does not set an explicit status and ap_meets_conditions, which -+ * is called by ap_scan_script_header_err_brigade, detects that -+ * the conditions of the requests are met and the response is -+ * not modified. -+ * In this case set r->status and return OK in order to prevent -+ * running through the error processing stack as this would -+ * break with mod_cache, if the conditions had been set by -+ * mod_cache itself to validate a stale entity. -+ * BTW: We circumvent the error processing stack anyway if the -+ * CGI script set an explicit status code (whatever it is) and -+ * the only possible values for ret here are: -+ * -+ * HTTP_NOT_MODIFIED (set by ap_meets_conditions) -+ * HTTP_PRECONDITION_FAILED (set by ap_meets_conditions) -+ * HTTP_INTERNAL_SERVER_ERROR (if something went wrong during the -+ * processing of the response of the CGI script, e.g broken headers -+ * or a crashed CGI process). -+ */ -+ if (ret == HTTP_NOT_MODIFIED) { -+ r->status = ret; -+ return OK; -+ } -+ -+ return ret; -+ } -+ -+ location = apr_table_get(r->headers_out, "Location"); -+ -+ if (location && r->status == 200) { -+ /* For a redirect whether internal or not, discard any -+ * remaining stdout from the script, and log any remaining -+ * stderr output, as normal. */ -+ discard_script_output(bb); -+ apr_brigade_destroy(bb); -+ -+ if (script_err) { -+ apr_file_pipe_timeout_set(script_err, timeout); -+ log_script_err(r, script_err); -+ } -+ } -+ -+ if (location && location[0] == '/' && r->status == 200) { -+ /* This redirect needs to be a GET no matter what the original -+ * method was. -+ */ -+ r->method = "GET"; -+ r->method_number = M_GET; -+ -+ /* We already read the message body (if any), so don't allow -+ * the redirected request to think it has one. We can ignore -+ * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR. -+ */ -+ apr_table_unset(r->headers_in, "Content-Length"); -+ -+ ap_internal_redirect_handler(location, r); -+ return OK; -+ } -+ else if (location && r->status == 200) { -+ /* XXX: Note that if a script wants to produce its own Redirect -+ * body, it now has to explicitly *say* "Status: 302" -+ */ -+ discard_script_output(bb); -+ apr_brigade_destroy(bb); -+ return HTTP_MOVED_TEMPORARILY; -+ } -+ -+ rv = ap_pass_brigade(r->output_filters, bb); -+ } -+ else /* nph */ { -+ struct ap_filter_t *cur; -+ -+ /* get rid of all filters up through protocol... since we -+ * haven't parsed off the headers, there is no way they can -+ * work -+ */ -+ -+ cur = r->proto_output_filters; -+ while (cur && cur->frec->ftype < AP_FTYPE_CONNECTION) { -+ cur = cur->next; -+ } -+ r->output_filters = r->proto_output_filters = cur; -+ -+ rv = ap_pass_brigade(r->output_filters, bb); -+ } -+ -+ /* don't soak up script output if errors occurred writing it -+ * out... otherwise, we prolong the life of the script when the -+ * connection drops or we stopped sending output for some other -+ * reason */ -+ if (script_err && rv == APR_SUCCESS && !r->connection->aborted) { -+ apr_file_pipe_timeout_set(script_err, timeout); -+ log_script_err(r, script_err); -+ } -+ -+ if (script_err) apr_file_close(script_err); -+ -+ return OK; /* NOT r->status, even if it has changed. */ -+} ---- httpd-2.4.48/modules/generators/config5.m4.r1828172+ -+++ httpd-2.4.48/modules/generators/config5.m4 -@@ -78,4 +78,15 @@ - - APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) - -+AC_ARG_ENABLE(cgid-fdpassing, -+ [APACHE_HELP_STRING(--enable-cgid-fdpassing,Enable experimental mod_cgid support for fd passing)], -+ [if test "$enableval" = "yes"; then -+ AC_CHECK_DECL(CMSG_DATA, -+ [AC_DEFINE([HAVE_CGID_FDPASSING], 1, [Enable FD passing support in mod_cgid])], -+ [AC_MSG_ERROR([cannot support mod_cgid fd-passing on this system])], [ -+#include -+#include ]) -+ fi -+]) -+ - APACHE_MODPATH_FINISH ---- httpd-2.4.48/modules/generators/mod_cgi.c.r1828172+ -+++ httpd-2.4.48/modules/generators/mod_cgi.c -@@ -92,6 +92,10 @@ - apr_size_t bufbytes; - } cgi_server_conf; - -+typedef struct { -+ apr_interval_time_t timeout; -+} cgi_dirconf; -+ - static void *create_cgi_config(apr_pool_t *p, server_rec *s) - { - cgi_server_conf *c = -@@ -112,6 +116,12 @@ - return overrides->logname ? overrides : base; - } - -+static void *create_cgi_dirconf(apr_pool_t *p, char *dummy) -+{ -+ cgi_dirconf *c = (cgi_dirconf *) apr_pcalloc(p, sizeof(cgi_dirconf)); -+ return c; -+} -+ - static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg) - { - server_rec *s = cmd->server; -@@ -150,6 +160,17 @@ - return NULL; - } - -+static const char *set_script_timeout(cmd_parms *cmd, void *dummy, const char *arg) -+{ -+ cgi_dirconf *dc = dummy; -+ -+ if (ap_timeout_parameter_parse(arg, &dc->timeout, "s") != APR_SUCCESS) { -+ return "CGIScriptTimeout has wrong format"; -+ } -+ -+ return NULL; -+} -+ - static const command_rec cgi_cmds[] = - { - AP_INIT_TAKE1("ScriptLog", set_scriptlog, NULL, RSRC_CONF, -@@ -158,6 +179,9 @@ - "the maximum length (in bytes) of the script debug log"), - AP_INIT_TAKE1("ScriptLogBuffer", set_scriptlog_buffer, NULL, RSRC_CONF, - "the maximum size (in bytes) to record of a POST request"), -+AP_INIT_TAKE1("CGIScriptTimeout", set_script_timeout, NULL, RSRC_CONF | ACCESS_CONF, -+ "The amount of time to wait between successful reads from " -+ "the CGI script, in seconds."), - {NULL} - }; - -@@ -466,23 +490,26 @@ - apr_filepath_name_get(r->filename)); - } - else { -+ cgi_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgi_module); -+ apr_interval_time_t timeout = dc->timeout > 0 ? dc->timeout : r->server->timeout; -+ - apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT); - - *script_in = procnew->out; - if (!*script_in) - return APR_EBADF; -- apr_file_pipe_timeout_set(*script_in, r->server->timeout); -+ apr_file_pipe_timeout_set(*script_in, timeout); - - if (e_info->prog_type == RUN_AS_CGI) { - *script_out = procnew->in; - if (!*script_out) - return APR_EBADF; -- apr_file_pipe_timeout_set(*script_out, r->server->timeout); -+ apr_file_pipe_timeout_set(*script_out, timeout); - - *script_err = procnew->err; - if (!*script_err) - return APR_EBADF; -- apr_file_pipe_timeout_set(*script_err, r->server->timeout); -+ apr_file_pipe_timeout_set(*script_err, timeout); - } - } - } -@@ -536,209 +563,12 @@ - return APR_SUCCESS; - } - --static void discard_script_output(apr_bucket_brigade *bb) --{ -- apr_bucket *e; -- const char *buf; -- apr_size_t len; -- -- for (e = APR_BRIGADE_FIRST(bb); -- e != APR_BRIGADE_SENTINEL(bb) && !APR_BUCKET_IS_EOS(e); -- e = APR_BRIGADE_FIRST(bb)) -- { -- if (apr_bucket_read(e, &buf, &len, APR_BLOCK_READ)) { -- break; -- } -- apr_bucket_delete(e); -- } --} -- - #if APR_FILES_AS_SOCKETS -- --/* A CGI bucket type is needed to catch any output to stderr from the -- * script; see PR 22030. */ --static const apr_bucket_type_t bucket_type_cgi; -- --struct cgi_bucket_data { -- apr_pollset_t *pollset; -- request_rec *r; --}; -- --/* Create a CGI bucket using pipes from script stdout 'out' -- * and stderr 'err', for request 'r'. */ --static apr_bucket *cgi_bucket_create(request_rec *r, -- apr_file_t *out, apr_file_t *err, -- apr_bucket_alloc_t *list) --{ -- apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); -- apr_status_t rv; -- apr_pollfd_t fd; -- struct cgi_bucket_data *data = apr_palloc(r->pool, sizeof *data); -- -- APR_BUCKET_INIT(b); -- b->free = apr_bucket_free; -- b->list = list; -- b->type = &bucket_type_cgi; -- b->length = (apr_size_t)(-1); -- b->start = -1; -- -- /* Create the pollset */ -- rv = apr_pollset_create(&data->pollset, 2, r->pool, 0); -- if (rv != APR_SUCCESS) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01217) -- "apr_pollset_create(); check system or user limits"); -- return NULL; -- } -- -- fd.desc_type = APR_POLL_FILE; -- fd.reqevents = APR_POLLIN; -- fd.p = r->pool; -- fd.desc.f = out; /* script's stdout */ -- fd.client_data = (void *)1; -- rv = apr_pollset_add(data->pollset, &fd); -- if (rv != APR_SUCCESS) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01218) -- "apr_pollset_add(); check system or user limits"); -- return NULL; -- } -- -- fd.desc.f = err; /* script's stderr */ -- fd.client_data = (void *)2; -- rv = apr_pollset_add(data->pollset, &fd); -- if (rv != APR_SUCCESS) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01219) -- "apr_pollset_add(); check system or user limits"); -- return NULL; -- } -- -- data->r = r; -- b->data = data; -- return b; --} -- --/* Create a duplicate CGI bucket using given bucket data */ --static apr_bucket *cgi_bucket_dup(struct cgi_bucket_data *data, -- apr_bucket_alloc_t *list) --{ -- apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); -- APR_BUCKET_INIT(b); -- b->free = apr_bucket_free; -- b->list = list; -- b->type = &bucket_type_cgi; -- b->length = (apr_size_t)(-1); -- b->start = -1; -- b->data = data; -- return b; --} -- --/* Handle stdout from CGI child. Duplicate of logic from the _read -- * method of the real APR pipe bucket implementation. */ --static apr_status_t cgi_read_stdout(apr_bucket *a, apr_file_t *out, -- const char **str, apr_size_t *len) --{ -- char *buf; -- apr_status_t rv; -- -- *str = NULL; -- *len = APR_BUCKET_BUFF_SIZE; -- buf = apr_bucket_alloc(*len, a->list); /* XXX: check for failure? */ -- -- rv = apr_file_read(out, buf, len); -- -- if (rv != APR_SUCCESS && rv != APR_EOF) { -- apr_bucket_free(buf); -- return rv; -- } -- -- if (*len > 0) { -- struct cgi_bucket_data *data = a->data; -- apr_bucket_heap *h; -- -- /* Change the current bucket to refer to what we read */ -- a = apr_bucket_heap_make(a, buf, *len, apr_bucket_free); -- h = a->data; -- h->alloc_len = APR_BUCKET_BUFF_SIZE; /* note the real buffer size */ -- *str = buf; -- APR_BUCKET_INSERT_AFTER(a, cgi_bucket_dup(data, a->list)); -- } -- else { -- apr_bucket_free(buf); -- a = apr_bucket_immortal_make(a, "", 0); -- *str = a->data; -- } -- return rv; --} -- --/* Read method of CGI bucket: polls on stderr and stdout of the child, -- * sending any stderr output immediately away to the error log. */ --static apr_status_t cgi_bucket_read(apr_bucket *b, const char **str, -- apr_size_t *len, apr_read_type_e block) --{ -- struct cgi_bucket_data *data = b->data; -- apr_interval_time_t timeout; -- apr_status_t rv; -- int gotdata = 0; -- -- timeout = block == APR_NONBLOCK_READ ? 0 : data->r->server->timeout; -- -- do { -- const apr_pollfd_t *results; -- apr_int32_t num; -- -- rv = apr_pollset_poll(data->pollset, timeout, &num, &results); -- if (APR_STATUS_IS_TIMEUP(rv)) { -- if (timeout) { -- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, data->r, APLOGNO(01220) -- "Timeout waiting for output from CGI script %s", -- data->r->filename); -- return rv; -- } -- else { -- return APR_EAGAIN; -- } -- } -- else if (APR_STATUS_IS_EINTR(rv)) { -- continue; -- } -- else if (rv != APR_SUCCESS) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, data->r, APLOGNO(01221) -- "poll failed waiting for CGI child"); -- return rv; -- } -- -- for (; num; num--, results++) { -- if (results[0].client_data == (void *)1) { -- /* stdout */ -- rv = cgi_read_stdout(b, results[0].desc.f, str, len); -- if (APR_STATUS_IS_EOF(rv)) { -- rv = APR_SUCCESS; -- } -- gotdata = 1; -- } else { -- /* stderr */ -- apr_status_t rv2 = log_script_err(data->r, results[0].desc.f); -- if (APR_STATUS_IS_EOF(rv2)) { -- apr_pollset_remove(data->pollset, &results[0]); -- } -- } -- } -- -- } while (!gotdata); -- -- return rv; --} -- --static const apr_bucket_type_t bucket_type_cgi = { -- "CGI", 5, APR_BUCKET_DATA, -- apr_bucket_destroy_noop, -- cgi_bucket_read, -- apr_bucket_setaside_notimpl, -- apr_bucket_split_notimpl, -- apr_bucket_copy_notimpl --}; -- -+#define WANT_CGI_BUCKET - #endif - -+#include "cgi_common.h" -+ - static int cgi_handler(request_rec *r) - { - int nph; -@@ -757,6 +587,8 @@ - apr_status_t rv; - cgi_exec_info_t e_info; - conn_rec *c; -+ cgi_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgi_module); -+ apr_interval_time_t timeout = dc->timeout > 0 ? dc->timeout : r->server->timeout; - - if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) { - return DECLINED; -@@ -916,10 +748,7 @@ - AP_DEBUG_ASSERT(script_in != NULL); - - #if APR_FILES_AS_SOCKETS -- apr_file_pipe_timeout_set(script_in, 0); -- apr_file_pipe_timeout_set(script_err, 0); -- -- b = cgi_bucket_create(r, script_in, script_err, c->bucket_alloc); -+ b = cgi_bucket_create(r, dc->timeout, script_in, script_err, c->bucket_alloc); - if (b == NULL) - return HTTP_INTERNAL_SERVER_ERROR; - #else -@@ -929,111 +758,7 @@ - b = apr_bucket_eos_create(c->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, b); - -- /* Handle script return... */ -- if (!nph) { -- const char *location; -- char sbuf[MAX_STRING_LEN]; -- int ret; -- -- if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf, -- APLOG_MODULE_INDEX))) -- { -- ret = log_script(r, conf, ret, dbuf, sbuf, bb, script_err); -- -- /* -- * ret could be HTTP_NOT_MODIFIED in the case that the CGI script -- * does not set an explicit status and ap_meets_conditions, which -- * is called by ap_scan_script_header_err_brigade, detects that -- * the conditions of the requests are met and the response is -- * not modified. -- * In this case set r->status and return OK in order to prevent -- * running through the error processing stack as this would -- * break with mod_cache, if the conditions had been set by -- * mod_cache itself to validate a stale entity. -- * BTW: We circumvent the error processing stack anyway if the -- * CGI script set an explicit status code (whatever it is) and -- * the only possible values for ret here are: -- * -- * HTTP_NOT_MODIFIED (set by ap_meets_conditions) -- * HTTP_PRECONDITION_FAILED (set by ap_meets_conditions) -- * HTTP_INTERNAL_SERVER_ERROR (if something went wrong during the -- * processing of the response of the CGI script, e.g broken headers -- * or a crashed CGI process). -- */ -- if (ret == HTTP_NOT_MODIFIED) { -- r->status = ret; -- return OK; -- } -- -- return ret; -- } -- -- location = apr_table_get(r->headers_out, "Location"); -- -- if (location && r->status == 200) { -- /* For a redirect whether internal or not, discard any -- * remaining stdout from the script, and log any remaining -- * stderr output, as normal. */ -- discard_script_output(bb); -- apr_brigade_destroy(bb); -- apr_file_pipe_timeout_set(script_err, r->server->timeout); -- log_script_err(r, script_err); -- } -- -- if (location && location[0] == '/' && r->status == 200) { -- /* This redirect needs to be a GET no matter what the original -- * method was. -- */ -- r->method = "GET"; -- r->method_number = M_GET; -- -- /* We already read the message body (if any), so don't allow -- * the redirected request to think it has one. We can ignore -- * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR. -- */ -- apr_table_unset(r->headers_in, "Content-Length"); -- -- ap_internal_redirect_handler(location, r); -- return OK; -- } -- else if (location && r->status == 200) { -- /* XXX: Note that if a script wants to produce its own Redirect -- * body, it now has to explicitly *say* "Status: 302" -- */ -- return HTTP_MOVED_TEMPORARILY; -- } -- -- rv = ap_pass_brigade(r->output_filters, bb); -- } -- else /* nph */ { -- struct ap_filter_t *cur; -- -- /* get rid of all filters up through protocol... since we -- * haven't parsed off the headers, there is no way they can -- * work -- */ -- -- cur = r->proto_output_filters; -- while (cur && cur->frec->ftype < AP_FTYPE_CONNECTION) { -- cur = cur->next; -- } -- r->output_filters = r->proto_output_filters = cur; -- -- rv = ap_pass_brigade(r->output_filters, bb); -- } -- -- /* don't soak up script output if errors occurred writing it -- * out... otherwise, we prolong the life of the script when the -- * connection drops or we stopped sending output for some other -- * reason */ -- if (rv == APR_SUCCESS && !r->connection->aborted) { -- apr_file_pipe_timeout_set(script_err, r->server->timeout); -- log_script_err(r, script_err); -- } -- -- apr_file_close(script_err); -- -- return OK; /* NOT r->status, even if it has changed. */ -+ return cgi_handle_response(r, nph, bb, timeout, conf, dbuf, script_err); - } - - /*============================================================================ -@@ -1268,7 +993,7 @@ - AP_DECLARE_MODULE(cgi) = - { - STANDARD20_MODULE_STUFF, -- NULL, /* dir config creater */ -+ create_cgi_dirconf, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - create_cgi_config, /* server config */ - merge_cgi_config, /* merge server config */ ---- httpd-2.4.48/modules/generators/mod_cgid.c.r1828172+ -+++ httpd-2.4.48/modules/generators/mod_cgid.c -@@ -342,15 +342,19 @@ - return close(fd); - } - --/* deal with incomplete reads and signals -- * assume you really have to read buf_size bytes -- */ --static apr_status_t sock_read(int fd, void *vbuf, size_t buf_size) -+/* Read from the socket dealing with incomplete messages and signals. -+ * Returns 0 on success or errno on failure. Stderr fd passed as -+ * auxiliary data from other end is written to *errfd, or else stderr -+ * fileno if not present. */ -+static apr_status_t sock_readhdr(int fd, int *errfd, void *vbuf, size_t buf_size) - { -- char *buf = vbuf; - int rc; -+#ifndef HAVE_CGID_FDPASSING -+ char *buf = vbuf; - size_t bytes_read = 0; - -+ if (errfd) *errfd = 0; -+ - do { - do { - rc = read(fd, buf + bytes_read, buf_size - bytes_read); -@@ -365,9 +369,60 @@ - } - } while (bytes_read < buf_size); - -+ -+#else /* with FD passing */ -+ struct msghdr msg = {0}; -+ struct iovec vec = {vbuf, buf_size}; -+ struct cmsghdr *cmsg; -+ union { /* union to ensure alignment */ -+ struct cmsghdr cm; -+ char buf[CMSG_SPACE(sizeof(int))]; -+ } u; -+ -+ msg.msg_iov = &vec; -+ msg.msg_iovlen = 1; -+ -+ if (errfd) { -+ msg.msg_control = u.buf; -+ msg.msg_controllen = sizeof(u.buf); -+ *errfd = 0; -+ } -+ -+ /* use MSG_WAITALL to skip loop on truncated reads */ -+ do { -+ rc = recvmsg(fd, &msg, MSG_WAITALL); -+ } while (rc < 0 && errno == EINTR); -+ -+ if (rc == 0) { -+ return ECONNRESET; -+ } -+ else if (rc < 0) { -+ return errno; -+ } -+ else if (rc != buf_size) { -+ /* MSG_WAITALL should ensure the recvmsg blocks until the -+ * entire length is read, but let's be paranoid. */ -+ return APR_INCOMPLETE; -+ } -+ -+ if (errfd -+ && (cmsg = CMSG_FIRSTHDR(&msg)) != NULL -+ && cmsg->cmsg_len == CMSG_LEN(sizeof(*errfd)) -+ && cmsg->cmsg_level == SOL_SOCKET -+ && cmsg->cmsg_type == SCM_RIGHTS) { -+ *errfd = *((int *) CMSG_DATA(cmsg)); -+ } -+#endif -+ - return APR_SUCCESS; - } - -+/* As sock_readhdr but without auxiliary fd passing. */ -+static apr_status_t sock_read(int fd, void *vbuf, size_t buf_size) -+{ -+ return sock_readhdr(fd, NULL, vbuf, buf_size); -+} -+ - /* deal with signals - */ - static apr_status_t sock_write(int fd, const void *buf, size_t buf_size) -@@ -384,7 +439,7 @@ - return APR_SUCCESS; - } - --static apr_status_t sock_writev(int fd, request_rec *r, int count, ...) -+static apr_status_t sock_writev(int fd, int auxfd, request_rec *r, int count, ...) - { - va_list ap; - int rc; -@@ -399,9 +454,39 @@ - } - va_end(ap); - -+#ifndef HAVE_CGID_FDPASSING - do { - rc = writev(fd, vec, count); - } while (rc < 0 && errno == EINTR); -+#else -+ { -+ struct msghdr msg = { 0 }; -+ struct cmsghdr *cmsg; -+ union { /* union for alignment */ -+ char buf[CMSG_SPACE(sizeof(int))]; -+ struct cmsghdr align; -+ } u; -+ -+ msg.msg_iov = vec; -+ msg.msg_iovlen = count; -+ -+ if (auxfd) { -+ msg.msg_control = u.buf; -+ msg.msg_controllen = sizeof(u.buf); -+ -+ cmsg = CMSG_FIRSTHDR(&msg); -+ cmsg->cmsg_level = SOL_SOCKET; -+ cmsg->cmsg_type = SCM_RIGHTS; -+ cmsg->cmsg_len = CMSG_LEN(sizeof(int)); -+ *((int *) CMSG_DATA(cmsg)) = auxfd; -+ } -+ -+ do { -+ rc = sendmsg(fd, &msg, 0); -+ } while (rc < 0 && errno == EINTR); -+ } -+#endif -+ - if (rc < 0) { - return errno; - } -@@ -410,7 +495,7 @@ - } - - static apr_status_t get_req(int fd, request_rec *r, char **argv0, char ***env, -- cgid_req_t *req) -+ int *errfd, cgid_req_t *req) - { - int i; - char **environ; -@@ -421,7 +506,7 @@ - r->server = apr_pcalloc(r->pool, sizeof(server_rec)); - - /* read the request header */ -- stat = sock_read(fd, req, sizeof(*req)); -+ stat = sock_readhdr(fd, errfd, req, sizeof(*req)); - if (stat != APR_SUCCESS) { - return stat; - } -@@ -479,14 +564,15 @@ - return APR_SUCCESS; - } - --static apr_status_t send_req(int fd, request_rec *r, char *argv0, char **env, -- int req_type) -+static apr_status_t send_req(int fd, apr_file_t *errpipe, request_rec *r, -+ char *argv0, char **env, int req_type) - { - int i; - cgid_req_t req = {0}; - apr_status_t stat; - ap_unix_identity_t * ugid = ap_run_get_suexec_identity(r); - core_dir_config *core_conf = ap_get_core_module_config(r->per_dir_config); -+ int errfd; - - - if (ugid == NULL) { -@@ -507,16 +593,21 @@ - req.args_len = r->args ? strlen(r->args) : 0; - req.loglevel = r->server->log.level; - -+ if (errpipe) -+ apr_os_file_get(&errfd, errpipe); -+ else -+ errfd = 0; -+ - /* Write the request header */ - if (req.args_len) { -- stat = sock_writev(fd, r, 5, -+ stat = sock_writev(fd, errfd, r, 5, - &req, sizeof(req), - r->filename, req.filename_len, - argv0, req.argv0_len, - r->uri, req.uri_len, - r->args, req.args_len); - } else { -- stat = sock_writev(fd, r, 4, -+ stat = sock_writev(fd, errfd, r, 4, - &req, sizeof(req), - r->filename, req.filename_len, - argv0, req.argv0_len, -@@ -531,7 +622,7 @@ - for (i = 0; i < req.env_count; i++) { - apr_size_t curlen = strlen(env[i]); - -- if ((stat = sock_writev(fd, r, 2, &curlen, sizeof(curlen), -+ if ((stat = sock_writev(fd, 0, r, 2, &curlen, sizeof(curlen), - env[i], curlen)) != APR_SUCCESS) { - return stat; - } -@@ -582,20 +673,34 @@ - } - } - -+/* Callback executed in the forked child process if exec of the CGI -+ * script fails. For the fd-passing case, output to stderr goes to -+ * the client (request handling thread) and is logged via -+ * ap_log_rerror there. For the non-fd-passing case, the "fake" -+ * request_rec passed via userdata is used to log. */ - static void cgid_child_errfn(apr_pool_t *pool, apr_status_t err, - const char *description) - { -- request_rec *r; - void *vr; - - apr_pool_userdata_get(&vr, ERRFN_USERDATA_KEY, pool); -- r = vr; -- -- /* sure we got r, but don't call ap_log_rerror() because we don't -- * have r->headers_in and possibly other storage referenced by -- * ap_log_rerror() -- */ -- ap_log_error(APLOG_MARK, APLOG_ERR, err, r->server, APLOGNO(01241) "%s", description); -+ if (vr) { -+ request_rec *r = vr; -+ -+ /* sure we got r, but don't call ap_log_rerror() because we don't -+ * have r->headers_in and possibly other storage referenced by -+ * ap_log_rerror() -+ */ -+ ap_log_error(APLOG_MARK, APLOG_ERR, err, r->server, APLOGNO(01241) "%s", description); -+ } -+ else { -+ const char *logstr; -+ -+ logstr = apr_psprintf(pool, APLOGNO(01241) "error spawning CGI child: %s (%pm)\n", -+ description, &err); -+ fputs(logstr, stderr); -+ fflush(stderr); -+ } - } - - static int cgid_server(void *data) -@@ -670,7 +775,7 @@ - } - - while (!daemon_should_exit) { -- int errfileno = STDERR_FILENO; -+ int errfileno; - char *argv0 = NULL; - char **env = NULL; - const char * const *argv; -@@ -710,7 +815,7 @@ - r = apr_pcalloc(ptrans, sizeof(request_rec)); - procnew = apr_pcalloc(ptrans, sizeof(*procnew)); - r->pool = ptrans; -- stat = get_req(sd2, r, &argv0, &env, &cgid_req); -+ stat = get_req(sd2, r, &argv0, &env, &errfileno, &cgid_req); - if (stat != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, stat, - main_server, APLOGNO(01248) -@@ -742,6 +847,16 @@ - continue; - } - -+ if (errfileno == 0) { -+ errfileno = STDERR_FILENO; -+ } -+ else { -+ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, main_server, -+ "using passed fd %d as stderr", errfileno); -+ /* Limit the received fd lifetime to pool lifetime */ -+ apr_pool_cleanup_register(ptrans, (void *)((long)errfileno), -+ close_unix_socket, close_unix_socket); -+ } - apr_os_file_put(&r->server->error_log, &errfileno, 0, r->pool); - apr_os_file_put(&inout, &sd2, 0, r->pool); - -@@ -801,7 +916,10 @@ - close(sd2); - } - else { -- apr_pool_userdata_set(r, ERRFN_USERDATA_KEY, apr_pool_cleanup_null, ptrans); -+ if (errfileno == STDERR_FILENO) { -+ /* Used by cgid_child_errfn without fd-passing. */ -+ apr_pool_userdata_set(r, ERRFN_USERDATA_KEY, apr_pool_cleanup_null, ptrans); -+ } - - argv = (const char * const *)create_argv(r->pool, NULL, NULL, NULL, argv0, r->args); - -@@ -1101,6 +1219,33 @@ - return ret; - } - -+/* Soak up stderr from a script and redirect it to the error log. -+ * TODO: log_scripterror() and this could move to cgi_common.h. */ -+static apr_status_t log_script_err(request_rec *r, apr_file_t *script_err) -+{ -+ char argsbuffer[HUGE_STRING_LEN]; -+ char *newline; -+ apr_status_t rv; -+ cgid_server_conf *conf = ap_get_module_config(r->server->module_config, &cgid_module); -+ -+ while ((rv = apr_file_gets(argsbuffer, HUGE_STRING_LEN, -+ script_err)) == APR_SUCCESS) { -+ -+ newline = strchr(argsbuffer, '\n'); -+ if (newline) { -+ char *prev = newline - 1; -+ if (prev >= argsbuffer && *prev == '\r') { -+ newline = prev; -+ } -+ -+ *newline = '\0'; -+ } -+ log_scripterror(r, conf, r->status, 0, argsbuffer); -+ } -+ -+ return rv; -+} -+ - static int log_script(request_rec *r, cgid_server_conf * conf, int ret, - char *dbuf, const char *sbuf, apr_bucket_brigade *bb, - apr_file_t *script_err) -@@ -1206,6 +1351,13 @@ - return ret; - } - -+/* Pull in CGI bucket implementation. */ -+#define cgi_server_conf cgid_server_conf -+#ifdef HAVE_CGID_FDPASSING -+#define WANT_CGI_BUCKET -+#endif -+#include "cgi_common.h" -+ - static int connect_to_daemon(int *sdptr, request_rec *r, - cgid_server_conf *conf) - { -@@ -1272,23 +1424,6 @@ - return OK; - } - --static void discard_script_output(apr_bucket_brigade *bb) --{ -- apr_bucket *e; -- const char *buf; -- apr_size_t len; -- -- for (e = APR_BRIGADE_FIRST(bb); -- e != APR_BRIGADE_SENTINEL(bb) && !APR_BUCKET_IS_EOS(e); -- e = APR_BRIGADE_FIRST(bb)) -- { -- if (apr_bucket_read(e, &buf, &len, APR_BLOCK_READ)) { -- break; -- } -- apr_bucket_delete(e); -- } --} -- - /**************************************************************** - * - * Actual cgid handling... -@@ -1393,6 +1528,7 @@ - - static int cgid_handler(request_rec *r) - { -+ conn_rec *c = r->connection; - int retval, nph, dbpos; - char *argv0, *dbuf; - apr_bucket_brigade *bb; -@@ -1402,10 +1538,11 @@ - int seen_eos, child_stopped_reading; - int sd; - char **env; -- apr_file_t *tempsock; -+ apr_file_t *tempsock, *script_err, *errpipe_out; - struct cleanup_script_info *info; - apr_status_t rv; - cgid_dirconf *dc; -+ apr_interval_time_t timeout; - - if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) { - return DECLINED; -@@ -1414,7 +1551,7 @@ - conf = ap_get_module_config(r->server->module_config, &cgid_module); - dc = ap_get_module_config(r->per_dir_config, &cgid_module); - -- -+ timeout = dc->timeout > 0 ? dc->timeout : r->server->timeout; - is_included = !strcmp(r->protocol, "INCLUDED"); - - if ((argv0 = strrchr(r->filename, '/')) != NULL) { -@@ -1467,6 +1604,17 @@ - } - */ - -+#ifdef HAVE_CGID_FDPASSING -+ rv = apr_file_pipe_create(&script_err, &errpipe_out, r->pool); -+ if (rv) { -+ return log_scripterror(r, conf, HTTP_SERVICE_UNAVAILABLE, rv, APLOGNO(10176) -+ "could not create pipe for stderr"); -+ } -+#else -+ script_err = NULL; -+ errpipe_out = NULL; -+#endif -+ - /* - * httpd core function used to add common environment variables like - * DOCUMENT_ROOT. -@@ -1479,12 +1627,16 @@ - return retval; - } - -- rv = send_req(sd, r, argv0, env, CGI_REQ); -+ rv = send_req(sd, errpipe_out, r, argv0, env, CGI_REQ); - if (rv != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01268) - "write to cgi daemon process"); - } - -+ /* The write-end of the pipe is only used by the server, so close -+ * it here. */ -+ if (errpipe_out) apr_file_close(errpipe_out); -+ - info = apr_palloc(r->pool, sizeof(struct cleanup_script_info)); - info->conf = conf; - info->r = r; -@@ -1506,12 +1658,7 @@ - */ - - apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool); -- if (dc->timeout > 0) { -- apr_file_pipe_timeout_set(tempsock, dc->timeout); -- } -- else { -- apr_file_pipe_timeout_set(tempsock, r->server->timeout); -- } -+ apr_file_pipe_timeout_set(tempsock, timeout); - apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket); - - /* Transfer any put/post args, CERN style... -@@ -1603,114 +1750,19 @@ - */ - shutdown(sd, 1); - -- /* Handle script return... */ -- if (!nph) { -- conn_rec *c = r->connection; -- const char *location; -- char sbuf[MAX_STRING_LEN]; -- int ret; -- -- bb = apr_brigade_create(r->pool, c->bucket_alloc); -- b = apr_bucket_pipe_create(tempsock, c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(bb, b); -- b = apr_bucket_eos_create(c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(bb, b); -- -- if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf, -- APLOG_MODULE_INDEX))) -- { -- ret = log_script(r, conf, ret, dbuf, sbuf, bb, NULL); -- -- /* -- * ret could be HTTP_NOT_MODIFIED in the case that the CGI script -- * does not set an explicit status and ap_meets_conditions, which -- * is called by ap_scan_script_header_err_brigade, detects that -- * the conditions of the requests are met and the response is -- * not modified. -- * In this case set r->status and return OK in order to prevent -- * running through the error processing stack as this would -- * break with mod_cache, if the conditions had been set by -- * mod_cache itself to validate a stale entity. -- * BTW: We circumvent the error processing stack anyway if the -- * CGI script set an explicit status code (whatever it is) and -- * the only possible values for ret here are: -- * -- * HTTP_NOT_MODIFIED (set by ap_meets_conditions) -- * HTTP_PRECONDITION_FAILED (set by ap_meets_conditions) -- * HTTP_INTERNAL_SERVER_ERROR (if something went wrong during the -- * processing of the response of the CGI script, e.g broken headers -- * or a crashed CGI process). -- */ -- if (ret == HTTP_NOT_MODIFIED) { -- r->status = ret; -- return OK; -- } -- -- return ret; -- } -- -- location = apr_table_get(r->headers_out, "Location"); -- -- if (location && location[0] == '/' && r->status == 200) { -- -- /* Soak up all the script output */ -- discard_script_output(bb); -- apr_brigade_destroy(bb); -- /* This redirect needs to be a GET no matter what the original -- * method was. -- */ -- r->method = "GET"; -- r->method_number = M_GET; -- -- /* We already read the message body (if any), so don't allow -- * the redirected request to think it has one. We can ignore -- * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR. -- */ -- apr_table_unset(r->headers_in, "Content-Length"); -- -- ap_internal_redirect_handler(location, r); -- return OK; -- } -- else if (location && r->status == 200) { -- /* XXX: Note that if a script wants to produce its own Redirect -- * body, it now has to explicitly *say* "Status: 302" -- */ -- discard_script_output(bb); -- apr_brigade_destroy(bb); -- return HTTP_MOVED_TEMPORARILY; -- } -- -- rv = ap_pass_brigade(r->output_filters, bb); -- if (rv != APR_SUCCESS) { -- ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r, -- "Failed to flush CGI output to client"); -- } -- } -- -- if (nph) { -- conn_rec *c = r->connection; -- struct ap_filter_t *cur; -- -- /* get rid of all filters up through protocol... since we -- * haven't parsed off the headers, there is no way they can -- * work -- */ -- -- cur = r->proto_output_filters; -- while (cur && cur->frec->ftype < AP_FTYPE_CONNECTION) { -- cur = cur->next; -- } -- r->output_filters = r->proto_output_filters = cur; -- -- bb = apr_brigade_create(r->pool, c->bucket_alloc); -- b = apr_bucket_pipe_create(tempsock, c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(bb, b); -- b = apr_bucket_eos_create(c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(bb, b); -- ap_pass_brigade(r->output_filters, bb); -- } -+ bb = apr_brigade_create(r->pool, c->bucket_alloc); -+#ifdef HAVE_CGID_FDPASSING -+ b = cgi_bucket_create(r, dc->timeout, tempsock, script_err, c->bucket_alloc); -+ if (b == NULL) -+ return HTTP_INTERNAL_SERVER_ERROR; /* should call log_scripterror() w/ _UNAVAILABLE? */ -+#else -+ b = apr_bucket_pipe_create(tempsock, c->bucket_alloc); -+#endif -+ APR_BRIGADE_INSERT_TAIL(bb, b); -+ b = apr_bucket_eos_create(c->bucket_alloc); -+ APR_BRIGADE_INSERT_TAIL(bb, b); - -- return OK; /* NOT r->status, even if it has changed. */ -+ return cgi_handle_response(r, nph, bb, timeout, conf, dbuf, script_err); - } - - -@@ -1827,7 +1879,7 @@ - return retval; - } - -- send_req(sd, r, command, env, SSI_REQ); -+ send_req(sd, NULL, r, command, env, SSI_REQ); - - info = apr_palloc(r->pool, sizeof(struct cleanup_script_info)); - info->conf = conf; diff --git a/httpd-2.4.51-r1811831.patch b/httpd-2.4.51-r1811831.patch deleted file mode 100644 index b8d8215..0000000 --- a/httpd-2.4.51-r1811831.patch +++ /dev/null @@ -1,81 +0,0 @@ -diff --git a/server/util_script.c b/server/util_script.c -index 4121ae0..b7f8674 100644 ---- a/server/util_script.c -+++ b/server/util_script.c -@@ -92,9 +92,21 @@ static void add_unless_null(apr_table_t *table, const char *name, const char *va - } - } - --static void env2env(apr_table_t *table, const char *name) -+/* Sets variable @name in table @dest from r->subprocess_env if -+ * available, else from the environment, else from @fallback if -+ * non-NULL. */ -+static void env2env(apr_table_t *dest, request_rec *r, -+ const char *name, const char *fallback) - { -- add_unless_null(table, name, getenv(name)); -+ const char *val; -+ -+ val = apr_table_get(r->subprocess_env, name); -+ if (!val) -+ val = apr_pstrdup(r->pool, getenv(name)); -+ if (!val) -+ val = apr_pstrdup(r->pool, fallback); -+ if (val) -+ apr_table_addn(dest, name, val); - } - - AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) -@@ -211,37 +223,29 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) - add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val); - } - -- env_temp = apr_table_get(r->subprocess_env, "PATH"); -- if (env_temp == NULL) { -- env_temp = getenv("PATH"); -- } -- if (env_temp == NULL) { -- env_temp = DEFAULT_PATH; -- } -- apr_table_addn(e, "PATH", apr_pstrdup(r->pool, env_temp)); -- -+ env2env(e, r, "PATH", DEFAULT_PATH); - #if defined(WIN32) -- env2env(e, "SystemRoot"); -- env2env(e, "COMSPEC"); -- env2env(e, "PATHEXT"); -- env2env(e, "WINDIR"); -+ env2env(e, r, "SystemRoot", NULL); -+ env2env(e, r, "COMSPEC", NULL); -+ env2env(e, r, "PATHEXT", NULL); -+ env2env(e, r, "WINDIR", NULL); - #elif defined(OS2) -- env2env(e, "COMSPEC"); -- env2env(e, "ETC"); -- env2env(e, "DPATH"); -- env2env(e, "PERLLIB_PREFIX"); -+ env2env(e, r, "COMSPEC", NULL); -+ env2env(e, r, "ETC", NULL); -+ env2env(e, r, "DPATH", NULL); -+ env2env(e, r, "PERLLIB_PREFIX", NULL); - #elif defined(BEOS) -- env2env(e, "LIBRARY_PATH"); -+ env2env(e, r, "LIBRARY_PATH", NULL); - #elif defined(DARWIN) -- env2env(e, "DYLD_LIBRARY_PATH"); -+ env2env(e, r, "DYLD_LIBRARY_PATH", NULL); - #elif defined(_AIX) -- env2env(e, "LIBPATH"); -+ env2env(e, r, "LIBPATH", NULL); - #elif defined(__HPUX__) - /* HPUX PARISC 2.0W knows both, otherwise redundancy is harmless */ -- env2env(e, "SHLIB_PATH"); -- env2env(e, "LD_LIBRARY_PATH"); -+ env2env(e, r, "SHLIB_PATH", NULL); -+ env2env(e, r, "LD_LIBRARY_PATH", NULL); - #else /* Some Unix */ -- env2env(e, "LD_LIBRARY_PATH"); -+ env2env(e, r, "LD_LIBRARY_PATH", NULL); - #endif - - apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r)); diff --git a/httpd-2.4.51-r1877397.patch b/httpd-2.4.51-r1877397.patch index f629317..f72990a 100644 --- a/httpd-2.4.51-r1877397.patch +++ b/httpd-2.4.51-r1877397.patch @@ -1,9 +1,9 @@ diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c -index 211ebff..c8cb1af 100644 +index 376b8ab..950dc2b 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c -@@ -871,6 +871,13 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, - SSL_CTX_set_keylog_callback(ctx, modssl_callback_keylog); +@@ -887,6 +887,13 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, + SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); } #endif + @@ -16,7 +16,7 @@ index 211ebff..c8cb1af 100644 return APR_SUCCESS; } -@@ -892,6 +899,14 @@ static void ssl_init_ctx_session_cache(server_rec *s, +@@ -908,6 +915,14 @@ static void ssl_init_ctx_session_cache(server_rec *s, } } @@ -31,7 +31,7 @@ index 211ebff..c8cb1af 100644 static void ssl_init_ctx_callbacks(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, -@@ -905,7 +920,13 @@ static void ssl_init_ctx_callbacks(server_rec *s, +@@ -921,7 +936,13 @@ static void ssl_init_ctx_callbacks(server_rec *s, SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); #endif @@ -47,10 +47,10 @@ index 211ebff..c8cb1af 100644 #ifdef HAVE_TLS_ALPN SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c -index 79b9a70..3a0c22a 100644 +index b91f784..9c7d216 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c -@@ -209,11 +209,13 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl) +@@ -208,11 +208,13 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl) BIO_clear_retry_flags(bio); @@ -64,7 +64,7 @@ index 79b9a70..3a0c22a 100644 ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c, "bio_filter_out_write: %i bytes", inl); -@@ -474,11 +476,13 @@ static int bio_filter_in_read(BIO *bio, char *in, int inlen) +@@ -473,11 +475,13 @@ static int bio_filter_in_read(BIO *bio, char *in, int inlen) BIO_clear_retry_flags(bio); @@ -79,7 +79,7 @@ index 79b9a70..3a0c22a 100644 if (!inctx->bb) { inctx->rc = APR_EOF; diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c -index 591f6ae..8416864 100644 +index fe0496f..fa1b3a8 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -992,7 +992,7 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo @@ -167,10 +167,10 @@ index 591f6ae..8416864 100644 s = mySrvFromConn(c); if (s && APLOGdebug(s)) { diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h -index a329d99..7666c31 100644 +index 859e932..25d79ce 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h -@@ -512,6 +512,16 @@ typedef struct { +@@ -549,6 +549,16 @@ typedef struct { apr_time_t source_mtime; } ssl_asn1_t; @@ -187,7 +187,7 @@ index a329d99..7666c31 100644 /** * Define the mod_ssl per-module configuration structure * (i.e. the global configuration for each httpd process) -@@ -543,18 +553,13 @@ typedef struct { +@@ -580,18 +590,13 @@ typedef struct { NON_SSL_SET_ERROR_MSG /* Need to set the error message */ } non_ssl_request; @@ -213,7 +213,7 @@ index a329d99..7666c31 100644 server_rec *server; SSLDirConfigRec *dc; -@@ -1158,6 +1163,9 @@ int ssl_is_challenge(conn_rec *c, const char *servername, +@@ -1198,6 +1203,9 @@ int ssl_is_challenge(conn_rec *c, const char *servername, * the configured ENGINE. */ int modssl_is_engine_id(const char *name); @@ -224,10 +224,10 @@ index a329d99..7666c31 100644 /** @} */ diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c -index 38079a9..dafb833 100644 +index 44930b7..8bd9c8a 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c -@@ -589,3 +589,19 @@ cleanup: +@@ -612,3 +612,19 @@ cleanup: } return rv; } diff --git a/httpd-2.4.51-r1892413+.patch b/httpd-2.4.51-r1892413+.patch deleted file mode 100644 index 59e2319..0000000 --- a/httpd-2.4.51-r1892413+.patch +++ /dev/null @@ -1,156 +0,0 @@ -# ./pullrev.sh 1892413 1895552 - -https://bugzilla.redhat.com/show_bug.cgi?id=1938740 - -http://svn.apache.org/viewvc?view=revision&revision=1892413 -http://svn.apache.org/viewvc?view=revision&revision=1895552 - -- also mod_cgi/mod_cgid log_flags fix from r1881559 - ---- httpd-2.4.51/modules/filters/mod_deflate.c.r1892413+ -+++ httpd-2.4.51/modules/filters/mod_deflate.c -@@ -1275,44 +1275,46 @@ - if (APR_BUCKET_IS_FLUSH(bkt)) { - apr_bucket *tmp_b; - -- ctx->inflate_total += ctx->stream.avail_out; -- zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH); -- ctx->inflate_total -= ctx->stream.avail_out; -- if (zRC != Z_OK) { -- inflateEnd(&ctx->stream); -- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01391) -- "Zlib error %d inflating data (%s)", zRC, -- ctx->stream.msg); -- return APR_EGENERAL; -- } -+ if (!ctx->done) { -+ ctx->inflate_total += ctx->stream.avail_out; -+ zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH); -+ ctx->inflate_total -= ctx->stream.avail_out; -+ if (zRC != Z_OK) { -+ inflateEnd(&ctx->stream); -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01391) -+ "Zlib error %d inflating data (%s)", zRC, -+ ctx->stream.msg); -+ return APR_EGENERAL; -+ } - -- if (inflate_limit && ctx->inflate_total > inflate_limit) { -- inflateEnd(&ctx->stream); -- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647) -- "Inflated content length of %" APR_OFF_T_FMT -- " is larger than the configured limit" -- " of %" APR_OFF_T_FMT, -- ctx->inflate_total, inflate_limit); -- return APR_ENOSPC; -- } -+ if (inflate_limit && ctx->inflate_total > inflate_limit) { -+ inflateEnd(&ctx->stream); -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647) -+ "Inflated content length of %" APR_OFF_T_FMT -+ " is larger than the configured limit" -+ " of %" APR_OFF_T_FMT, -+ ctx->inflate_total, inflate_limit); -+ return APR_ENOSPC; -+ } - -- if (!check_ratio(r, ctx, dc)) { -- inflateEnd(&ctx->stream); -- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02805) -- "Inflated content ratio is larger than the " -- "configured limit %i by %i time(s)", -- dc->ratio_limit, dc->ratio_burst); -- return APR_EINVAL; -- } -+ if (!check_ratio(r, ctx, dc)) { -+ inflateEnd(&ctx->stream); -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02805) -+ "Inflated content ratio is larger than the " -+ "configured limit %i by %i time(s)", -+ dc->ratio_limit, dc->ratio_burst); -+ return APR_EINVAL; -+ } - -- len = c->bufferSize - ctx->stream.avail_out; -- ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len); -- tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len, -- NULL, f->c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(ctx->proc_bb, tmp_b); -+ len = c->bufferSize - ctx->stream.avail_out; -+ ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len); -+ tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len, -+ NULL, f->c->bucket_alloc); -+ APR_BRIGADE_INSERT_TAIL(ctx->proc_bb, tmp_b); - -- ctx->stream.next_out = ctx->buffer; -- ctx->stream.avail_out = c->bufferSize; -+ ctx->stream.next_out = ctx->buffer; -+ ctx->stream.avail_out = c->bufferSize; -+ } - - /* Flush everything so far in the returning brigade, but continue - * reading should EOS/more follow (don't lose them). ---- httpd-2.4.51/modules/generators/mod_cgi.c.r1892413+ -+++ httpd-2.4.51/modules/generators/mod_cgi.c -@@ -191,11 +191,10 @@ - apr_file_t *f = NULL; - apr_finfo_t finfo; - char time_str[APR_CTIME_LEN]; -- int log_flags = rv ? APLOG_ERR : APLOG_ERR; - - /* Intentional no APLOGNO */ - /* Callee provides APLOGNO in error text */ -- ap_log_rerror(APLOG_MARK, log_flags, rv, r, -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, - "%s%s: %s", logno ? logno : "", error, r->filename); - - /* XXX Very expensive mainline case! Open, then getfileinfo! */ ---- httpd-2.4.51/modules/generators/mod_cgid.c.r1892413+ -+++ httpd-2.4.51/modules/generators/mod_cgid.c -@@ -1190,11 +1190,10 @@ - apr_file_t *f = NULL; - struct stat finfo; - char time_str[APR_CTIME_LEN]; -- int log_flags = rv ? APLOG_ERR : APLOG_ERR; - - /* Intentional no APLOGNO */ - /* Callee provides APLOGNO in error text */ -- ap_log_rerror(APLOG_MARK, log_flags, rv, r, -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, - "%s: %s", error, r->filename); - - /* XXX Very expensive mainline case! Open, then getfileinfo! */ ---- httpd-2.4.51/server/mpm_unix.c.r1892413+ -+++ httpd-2.4.51/server/mpm_unix.c -@@ -259,10 +259,12 @@ - while (cur_extra) { - ap_generation_t old_gen; - extra_process_t *next = cur_extra->next; -+ pid_t pid = cur_extra->pid; - -- if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) { -- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) { -- mpm_callback(-1, cur_extra->pid, old_gen); -+ if (reclaim_one_pid(pid, action_table[cur_action].action)) { -+ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) { -+ /* cur_extra dangling pointer from here. */ -+ mpm_callback(-1, pid, old_gen); - } - else { - AP_DEBUG_ASSERT(1 == 0); -@@ -307,10 +309,12 @@ - while (cur_extra) { - ap_generation_t old_gen; - extra_process_t *next = cur_extra->next; -+ pid_t pid = cur_extra->pid; - -- if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) { -- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) { -- mpm_callback(-1, cur_extra->pid, old_gen); -+ if (reclaim_one_pid(pid, DO_NOTHING)) { -+ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) { -+ /* cur_extra dangling pointer from here. */ -+ mpm_callback(-1, pid, old_gen); - } - else { - AP_DEBUG_ASSERT(1 == 0); diff --git a/httpd-2.4.53-r1878890.patch b/httpd-2.4.53-r1878890.patch deleted file mode 100644 index 945c498..0000000 --- a/httpd-2.4.53-r1878890.patch +++ /dev/null @@ -1,116 +0,0 @@ -diff --git a/include/util_ldap.h b/include/util_ldap.h -index 28e0760..edb8a81 100644 ---- a/include/util_ldap.h -+++ b/include/util_ldap.h -@@ -32,7 +32,6 @@ - #if APR_MAJOR_VERSION < 2 - /* The LDAP API is currently only present in APR 1.x */ - #include "apr_ldap.h" --#include "apr_ldap_rebind.h" - #else - #define APR_HAS_LDAP 0 - #endif -diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c -index 4d92ec9..864bd62 100644 ---- a/modules/ldap/util_ldap.c -+++ b/modules/ldap/util_ldap.c -@@ -154,6 +154,38 @@ static int util_ldap_handler(request_rec *r) - return OK; - } - -+/* For OpenLDAP with the 3-arg version of ldap_set_rebind_proc(), use -+ * a simpler rebind callback than the implementation in APR-util. -+ * Testing for API version >= 3001 appears safe although OpenLDAP -+ * 2.1.x (API version = 2004) also has the 3-arg API. */ -+#if APR_HAS_OPENLDAP_LDAPSDK && defined(LDAP_API_VERSION) && LDAP_API_VERSION >= 3001 -+ -+#define uldap_rebind_init(p) APR_SUCCESS /* noop */ -+ -+static int uldap_rebind_proc(LDAP *ld, const char *url, ber_tag_t request, -+ ber_int_t msgid, void *params) -+{ -+ util_ldap_connection_t *ldc = params; -+ -+ return ldap_bind_s(ld, ldc->binddn, ldc->bindpw, LDAP_AUTH_SIMPLE); -+} -+ -+static apr_status_t uldap_rebind_add(util_ldap_connection_t *ldc) -+{ -+ ldap_set_rebind_proc(ldc->ldap, uldap_rebind_proc, ldc); -+ return APR_SUCCESS; -+} -+ -+#else /* !APR_HAS_OPENLDAP_LDAPSDK */ -+ -+#define USE_APR_LDAP_REBIND -+#include -+ -+#define uldap_rebind_init(p) apr_ldap_rebind_init(p) -+#define uldap_rebind_add(ldc) apr_ldap_rebind_add((ldc)->rebind_pool, \ -+ (ldc)->ldap, (ldc)->binddn, \ -+ (ldc)->bindpw) -+#endif - - - /* ------------------------------------------------------------------ */ -@@ -195,6 +227,13 @@ static apr_status_t uldap_connection_unbind(void *param) - util_ldap_connection_t *ldc = param; - - if (ldc) { -+#ifdef USE_APR_LDAP_REBIND -+ /* forget the rebind info for this conn */ -+ if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { -+ apr_pool_clear(ldc->rebind_pool); -+ } -+#endif -+ - if (ldc->ldap) { - if (ldc->r) { - ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp unbind", ldc); -@@ -203,12 +242,6 @@ static apr_status_t uldap_connection_unbind(void *param) - ldc->ldap = NULL; - } - ldc->bound = 0; -- -- /* forget the rebind info for this conn */ -- if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { -- apr_ldap_rebind_remove(ldc->ldap); -- apr_pool_clear(ldc->rebind_pool); -- } - } - - return APR_SUCCESS; -@@ -344,7 +377,7 @@ static int uldap_connection_init(request_rec *r, - - if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { - /* Now that we have an ldap struct, add it to the referral list for rebinds. */ -- rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw); -+ rc = uldap_rebind_add(ldc); - if (rc != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server, APLOGNO(01277) - "LDAP: Unable to add rebind cross reference entry. Out of memory?"); -@@ -870,6 +903,7 @@ static util_ldap_connection_t * - /* whether or not to keep this connection in the pool when it's returned */ - l->keep = (st->connection_pool_ttl == 0) ? 0 : 1; - -+#ifdef USE_APR_LDAP_REBIND - if (l->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { - if (apr_pool_create(&(l->rebind_pool), l->pool) != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01286) -@@ -881,6 +915,7 @@ static util_ldap_connection_t * - } - apr_pool_tag(l->rebind_pool, "util_ldap_rebind"); - } -+#endif - - if (p) { - p->next = l; -@@ -3068,7 +3103,7 @@ static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, - } - - /* Initialize the rebind callback's cross reference list. */ -- apr_ldap_rebind_init (p); -+ (void) uldap_rebind_init(p); - - #ifdef AP_LDAP_OPT_DEBUG - if (st->debug_level > 0) { diff --git a/httpd-2.4.57-CVE-2023-31122.patch b/httpd-2.4.57-CVE-2023-31122.patch deleted file mode 100644 index c2aa207..0000000 --- a/httpd-2.4.57-CVE-2023-31122.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/modules/core/mod_macro.c 2023/10/16 06:19:16 1912992 -+++ b/modules/core/mod_macro.c 2023/10/16 06:38:32 1912993 -@@ -483,7 +483,7 @@ - for (i = 0; i < contents->nelts; i++) { - const char *errmsg; - /* copy the line and substitute macro parameters */ -- strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1); -+ apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN); - errmsg = substitute_macro_args(line, MAX_STRING_LEN, - macro, replacements, used); - if (errmsg) { diff --git a/httpd-2.4.57-covscan.patch b/httpd-2.4.57-covscan.patch deleted file mode 100644 index 6a65ee1..0000000 --- a/httpd-2.4.57-covscan.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c -index f93f23f..4be51de 100644 ---- a/modules/mappers/mod_rewrite.c -+++ b/modules/mappers/mod_rewrite.c -@@ -4758,8 +4758,8 @@ static int hook_uri2file(request_rec *r) - } - - if (rulestatus) { -- unsigned skip_absolute = is_absolute_uri(r->filename, NULL); - apr_size_t flen = r->filename ? strlen(r->filename) : 0; -+ unsigned skip_absolute = flen ? is_absolute_uri(r->filename, NULL) : 0; - int to_proxyreq = (flen > 6 && strncmp(r->filename, "proxy:", 6) == 0); - int will_escape = skip_absolute && (rulestatus != ACTION_NOESCAPE); - diff --git a/httpd-2.4.57-davenoent.patch b/httpd-2.4.57-davenoent.patch deleted file mode 100644 index 874f766..0000000 --- a/httpd-2.4.57-davenoent.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- httpd-2.4.57/modules/dav/fs/repos.c.davenoent -+++ httpd-2.4.57/modules/dav/fs/repos.c -@@ -35,6 +35,7 @@ - #include "mod_dav.h" - #include "repos.h" - -+APLOG_USE_MODULE(dav_fs); - - /* to assist in debugging mod_dav's GET handling */ - #define DEBUG_GET_HANDLER 0 -@@ -1586,6 +1587,19 @@ - status = apr_stat(&fsctx->info1.finfo, fsctx->path1.buf, - DAV_FINFO_MASK, pool); - if (status != APR_SUCCESS && status != APR_INCOMPLETE) { -+ dav_resource_private *ctx = params->root->info; -+ -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, ctx->r, -+ APLOGNO(10472) "could not access file (%s) during directory walk", -+ fsctx->path1.buf); -+ -+ /* If being tolerant, ignore failure due to losing a race -+ * with some other process deleting files out from under -+ * the directory walk. */ -+ if ((params->walk_type & DAV_WALKTYPE_TOLERANT) -+ && APR_STATUS_IS_ENOENT(status)) { -+ continue; -+ } - /* woah! where'd it go? */ - /* ### should have a better error here */ - err = dav_new_error(pool, HTTP_NOT_FOUND, 0, status, NULL); ---- httpd-2.4.57/modules/dav/main/mod_dav.c.davenoent -+++ httpd-2.4.57/modules/dav/main/mod_dav.c -@@ -2187,7 +2187,7 @@ - return HTTP_BAD_REQUEST; - } - -- ctx.w.walk_type = DAV_WALKTYPE_NORMAL | DAV_WALKTYPE_AUTH; -+ ctx.w.walk_type = DAV_WALKTYPE_NORMAL | DAV_WALKTYPE_AUTH | DAV_WALKTYPE_TOLERANT; - ctx.w.func = dav_propfind_walker; - ctx.w.walk_ctx = &ctx; - ctx.w.pool = r->pool; ---- httpd-2.4.57/modules/dav/main/mod_dav.h.davenoent -+++ httpd-2.4.57/modules/dav/main/mod_dav.h -@@ -1823,6 +1823,7 @@ - #define DAV_WALKTYPE_AUTH 0x0001 /* limit to authorized files */ - #define DAV_WALKTYPE_NORMAL 0x0002 /* walk normal files */ - #define DAV_WALKTYPE_LOCKNULL 0x0004 /* walk locknull resources */ -+#define DAV_WALKTYPE_TOLERANT 0x0008 /* tolerate non-fatal errors */ - - /* callback function and a client context for the walk */ - dav_error * (*func)(dav_walk_resource *wres, int calltype); diff --git a/httpd-2.4.57-gettid.patch b/httpd-2.4.57-gettid.patch deleted file mode 100644 index 7530449..0000000 --- a/httpd-2.4.57-gettid.patch +++ /dev/null @@ -1,81 +0,0 @@ -diff --git a/configure.in b/configure.in -index a3c994b..9a4351a 100644 ---- a/configure.in -+++ b/configure.in -@@ -524,7 +524,8 @@ prctl \ - timegm \ - getpgid \ - fopen64 \ --getloadavg -+getloadavg \ -+gettid - ) - - dnl confirm that a void pointer is large enough to store a long integer -@@ -535,16 +536,19 @@ AC_CHECK_LIB(selinux, is_selinux_enabled, [ - APR_ADDTO(HTTPD_LIBS, [-lselinux]) - ]) - --AC_CACHE_CHECK([for gettid()], ac_cv_gettid, -+if test $ac_cv_func_gettid = no; then -+ # On Linux before glibc 2.30, gettid() is only usable via syscall() -+ AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include - #include - #include - int main(int argc, char **argv) { - pid_t t = syscall(SYS_gettid); return t == -1 ? 1 : 0; }, --[ac_cv_gettid=yes], [ac_cv_gettid=no], [ac_cv_gettid=no])]) --if test "$ac_cv_gettid" = "yes"; then -- AC_DEFINE(HAVE_GETTID, 1, [Define if you have gettid()]) -+ [ap_cv_gettid=yes], [ap_cv_gettid=no], [ap_cv_gettid=no])]) -+ if test "$ap_cv_gettid" = "yes"; then -+ AC_DEFINE(HAVE_SYS_GETTID, 1, [Define if you have gettid() via syscall()]) -+ fi - fi - - dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs -diff --git a/server/log.c b/server/log.c -index cc04c38..ed3b920 100644 ---- a/server/log.c -+++ b/server/log.c -@@ -55,7 +55,7 @@ - #include "ap_mpm.h" - #include "ap_listen.h" - --#if HAVE_GETTID -+#if HAVE_SYS_GETTID - #include - #include - #endif -@@ -627,14 +627,18 @@ static int log_tid(const ap_errorlog_info *info, const char *arg, - #if APR_HAS_THREADS - int result; - #endif --#if HAVE_GETTID -+#if defined(HAVE_GETTID) || defined(HAVE_SYS_GETTID) - if (arg && *arg == 'g') { -+#ifdef HAVE_GETTID -+ pid_t tid = gettid(); -+#else - pid_t tid = syscall(SYS_gettid); -+#endif - if (tid == -1) - return 0; - return apr_snprintf(buf, buflen, "%"APR_PID_T_FMT, tid); - } --#endif -+#endif /* HAVE_GETTID || HAVE_SYS_GETTID */ - #if APR_HAS_THREADS - if (ap_mpm_query(AP_MPMQ_IS_THREADED, &result) == APR_SUCCESS - && result != AP_MPMQ_NOT_SUPPORTED) -@@ -968,7 +972,7 @@ static int do_errorlog_default(const ap_errorlog_info *info, char *buf, - #if APR_HAS_THREADS - field_start = len; - len += cpystrn(buf + len, ":tid ", buflen - len); -- item_len = log_tid(info, NULL, buf + len, buflen - len); -+ item_len = log_tid(info, "g", buf + len, buflen - len); - if (!item_len) - len = field_start; - else diff --git a/httpd-2.4.57-mod_status-duplicate-key.patch b/httpd-2.4.57-mod_status-duplicate-key.patch deleted file mode 100644 index 57b3726..0000000 --- a/httpd-2.4.57-mod_status-duplicate-key.patch +++ /dev/null @@ -1,170 +0,0 @@ -commit af065bb14238c2877f16dc955f6db69579d45b03 -Author: Tomas Korbar -Date: Thu Jul 20 09:48:17 2023 +0200 - - Fix duplicate presence of keys printed by mod_status - -diff --git a/modules/generators/mod_status.c b/modules/generators/mod_status.c -index 5917953..5bada07 100644 ---- a/modules/generators/mod_status.c -+++ b/modules/generators/mod_status.c -@@ -186,7 +186,8 @@ static int status_handler(request_rec *r) - apr_uint32_t up_time; - ap_loadavg_t t; - int j, i, res, written; -- int ready; -+ int idle; -+ int graceful; - int busy; - unsigned long count; - unsigned long lres, my_lres, conn_lres; -@@ -203,6 +204,7 @@ static int status_handler(request_rec *r) - char *stat_buffer; - pid_t *pid_buffer, worker_pid; - int *thread_idle_buffer = NULL; -+ int *thread_graceful_buffer = NULL; - int *thread_busy_buffer = NULL; - clock_t tu, ts, tcu, tcs; - clock_t gu, gs, gcu, gcs; -@@ -231,7 +233,8 @@ static int status_handler(request_rec *r) - #endif - #endif - -- ready = 0; -+ idle = 0; -+ graceful = 0; - busy = 0; - count = 0; - bcount = 0; -@@ -250,6 +253,7 @@ static int status_handler(request_rec *r) - stat_buffer = apr_palloc(r->pool, server_limit * thread_limit * sizeof(char)); - if (is_async) { - thread_idle_buffer = apr_palloc(r->pool, server_limit * sizeof(int)); -+ thread_graceful_buffer = apr_palloc(r->pool, server_limit * sizeof(int)); - thread_busy_buffer = apr_palloc(r->pool, server_limit * sizeof(int)); - } - -@@ -318,6 +322,7 @@ static int status_handler(request_rec *r) - ps_record = ap_get_scoreboard_process(i); - if (is_async) { - thread_idle_buffer[i] = 0; -+ thread_graceful_buffer[i] = 0; - thread_busy_buffer[i] = 0; - } - for (j = 0; j < thread_limit; ++j) { -@@ -336,18 +341,20 @@ static int status_handler(request_rec *r) - && ps_record->pid) { - if (res == SERVER_READY) { - if (ps_record->generation == mpm_generation) -- ready++; -+ idle++; - if (is_async) - thread_idle_buffer[i]++; - } - else if (res != SERVER_DEAD && - res != SERVER_STARTING && - res != SERVER_IDLE_KILL) { -- busy++; -- if (is_async) { -- if (res == SERVER_GRACEFUL) -- thread_idle_buffer[i]++; -- else -+ if (res == SERVER_GRACEFUL) { -+ graceful++; -+ if (is_async) -+ thread_graceful_buffer[i]++; -+ } else { -+ busy++; -+ if (is_async) - thread_busy_buffer[i]++; - } - } -@@ -548,10 +555,10 @@ static int status_handler(request_rec *r) - } /* ap_extended_status */ - - if (!short_report) -- ap_rprintf(r, "
%d requests currently being processed, " -- "%d idle workers
\n", busy, ready); -+ ap_rprintf(r, "
%d requests currently being processed, %d workers gracefully restarting, " -+ "%d idle workers
\n", busy, graceful, idle); - else -- ap_rprintf(r, "BusyWorkers: %d\nIdleWorkers: %d\n", busy, ready); -+ ap_rprintf(r, "BusyWorkers: %d\nGracefulWorkers: %d\nIdleWorkers: %d\n", busy, graceful, idle); - - if (!short_report) - ap_rputs("", r); -@@ -559,11 +566,6 @@ static int status_handler(request_rec *r) - if (is_async) { - int write_completion = 0, lingering_close = 0, keep_alive = 0, - connections = 0, stopping = 0, procs = 0; -- /* -- * These differ from 'busy' and 'ready' in how gracefully finishing -- * threads are counted. XXX: How to make this clear in the html? -- */ -- int busy_workers = 0, idle_workers = 0; - if (!short_report) - ap_rputs("\n\n\n" - "" -@@ -573,7 +575,7 @@ static int status_handler(request_rec *r) - "" - "\n" - "" -- "" -+ "" - "\n", r); - for (i = 0; i < server_limit; ++i) { - ps_record = ap_get_scoreboard_process(i); -@@ -582,8 +584,6 @@ static int status_handler(request_rec *r) - write_completion += ps_record->write_completion; - keep_alive += ps_record->keep_alive; - lingering_close += ps_record->lingering_close; -- busy_workers += thread_busy_buffer[i]; -- idle_workers += thread_idle_buffer[i]; - procs++; - if (ps_record->quiescing) { - stopping++; -@@ -599,7 +599,7 @@ static int status_handler(request_rec *r) - ap_rprintf(r, "" - "" - "" -- "" -+ "" - "" - "\n", - i, ps_record->pid, -@@ -607,6 +607,7 @@ static int status_handler(request_rec *r) - ps_record->connections, - ps_record->not_accepting ? "no" : "yes", - thread_busy_buffer[i], -+ thread_graceful_buffer[i], - thread_idle_buffer[i], - ps_record->write_completion, - ps_record->keep_alive, -@@ -618,25 +619,22 @@ static int status_handler(request_rec *r) - ap_rprintf(r, "" - "" - "" -- "" -+ "" - "" - "\n
SlotThreadsAsync connections
totalacceptingbusyidlebusygracefulidlewritingkeep-aliveclosing
%u%" APR_PID_T_FMT "%s%s%u%s%u%u%u%u%u%u%u%u
Sum%d%d%d %d%d%d%d%d%d%d%d
\n", - procs, stopping, - connections, -- busy_workers, idle_workers, -+ busy, graceful, idle, - write_completion, keep_alive, lingering_close); - } - else { - ap_rprintf(r, "Processes: %d\n" - "Stopping: %d\n" -- "BusyWorkers: %d\n" -- "IdleWorkers: %d\n" - "ConnsTotal: %d\n" - "ConnsAsyncWriting: %d\n" - "ConnsAsyncKeepAlive: %d\n" - "ConnsAsyncClosing: %d\n", - procs, stopping, -- busy_workers, idle_workers, - connections, - write_completion, keep_alive, lingering_close); - } diff --git a/httpd-2.4.57-pr37355.patch b/httpd-2.4.57-pr37355.patch deleted file mode 100644 index 7f57e2b..0000000 --- a/httpd-2.4.57-pr37355.patch +++ /dev/null @@ -1,143 +0,0 @@ -diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c -index 537c3c2..596320d 100644 ---- a/modules/proxy/mod_proxy.c -+++ b/modules/proxy/mod_proxy.c -@@ -1460,11 +1460,20 @@ static int proxy_handler(request_rec *r) - /* handle the scheme */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01142) - "Trying to run scheme_handler against proxy"); -+ -+ if (ents[i].creds) { -+ apr_table_set(r->notes, "proxy-basic-creds", ents[i].creds); -+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, -+ "Using proxy auth creds %s", ents[i].creds); -+ } -+ - access_status = proxy_run_scheme_handler(r, worker, - conf, url, - ents[i].hostname, - ents[i].port); - -+ if (ents[i].creds) apr_table_unset(r->notes, "proxy-basic-creds"); -+ - /* Did the scheme handler process the request? */ - if (access_status != DECLINED) { - const char *cl_a; -@@ -1902,8 +1911,8 @@ static void *merge_proxy_dir_config(apr_pool_t *p, void *basev, void *addv) - return new; - } - --static const char * -- add_proxy(cmd_parms *cmd, void *dummy, const char *f1, const char *r1, int regex) -+static const char *add_proxy(cmd_parms *cmd, void *dummy, const char *f1, -+ const char *r1, const char *creds, int regex) - { - server_rec *s = cmd->server; - proxy_server_conf *conf = -@@ -1961,19 +1970,24 @@ static const char * - new->port = port; - new->regexp = reg; - new->use_regex = regex; -+ if (creds) { -+ new->creds = apr_pstrcat(cmd->pool, "Basic ", -+ ap_pbase64encode(cmd->pool, (char *)creds), -+ NULL); -+ } - return NULL; - } - --static const char * -- add_proxy_noregex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1) -+static const char *add_proxy_noregex(cmd_parms *cmd, void *dummy, const char *f1, -+ const char *r1, const char *creds) - { -- return add_proxy(cmd, dummy, f1, r1, 0); -+ return add_proxy(cmd, dummy, f1, r1, creds, 0); - } - --static const char * -- add_proxy_regex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1) -+static const char *add_proxy_regex(cmd_parms *cmd, void *dummy, const char *f1, -+ const char *r1, const char *creds) - { -- return add_proxy(cmd, dummy, f1, r1, 1); -+ return add_proxy(cmd, dummy, f1, r1, creds, 1); - } - - PROXY_DECLARE(const char *) ap_proxy_de_socketfy(apr_pool_t *p, const char *url) -@@ -3012,9 +3026,9 @@ static const command_rec proxy_cmds[] = - "location, in regular expression syntax"), - AP_INIT_FLAG("ProxyRequests", set_proxy_req, NULL, RSRC_CONF, - "on if the true proxy requests should be accepted"), -- AP_INIT_TAKE2("ProxyRemote", add_proxy_noregex, NULL, RSRC_CONF, -+ AP_INIT_TAKE23("ProxyRemote", add_proxy_noregex, NULL, RSRC_CONF, - "a scheme, partial URL or '*' and a proxy server"), -- AP_INIT_TAKE2("ProxyRemoteMatch", add_proxy_regex, NULL, RSRC_CONF, -+ AP_INIT_TAKE23("ProxyRemoteMatch", add_proxy_regex, NULL, RSRC_CONF, - "a regex pattern and a proxy server"), - AP_INIT_FLAG("ProxyPassInterpolateEnv", ap_set_flag_slot_char, - (void*)APR_OFFSETOF(proxy_dir_conf, interpolate_env), -diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h -index c51145e..eaf431d 100644 ---- a/modules/proxy/mod_proxy.h -+++ b/modules/proxy/mod_proxy.h -@@ -121,6 +121,7 @@ struct proxy_remote { - const char *protocol; /* the scheme used to talk to this proxy */ - const char *hostname; /* the hostname of this proxy */ - ap_regex_t *regexp; /* compiled regex (if any) for the remote */ -+ const char *creds; /* auth credentials (if any) for the proxy */ - int use_regex; /* simple boolean. True if we have a regex pattern */ - apr_port_t port; /* the port for this proxy */ - }; -diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c -index caafde0..ea36465 100644 ---- a/modules/proxy/proxy_util.c -+++ b/modules/proxy/proxy_util.c -@@ -2708,11 +2708,14 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r, - * So let's make it configurable by env. - * The logic here is the same used in mod_proxy_http. - */ -- proxy_auth = apr_table_get(r->headers_in, "Proxy-Authorization"); -+ proxy_auth = apr_table_get(r->notes, "proxy-basic-creds"); -+ if (proxy_auth == NULL) -+ proxy_auth = apr_table_get(r->headers_in, "Proxy-Authorization"); -+ - if (proxy_auth != NULL && - proxy_auth[0] != '\0' && -- r->user == NULL && /* we haven't yet authenticated */ -- apr_table_get(r->subprocess_env, "Proxy-Chain-Auth")) { -+ (r->user == NULL /* we haven't yet authenticated */ -+ || apr_table_get(r->subprocess_env, "Proxy-Chain-Auth"))) { - forward->proxy_auth = apr_pstrdup(conn->pool, proxy_auth); - } - } -@@ -2948,7 +2951,8 @@ static apr_status_t send_http_connect(proxy_conn_rec *backend, - nbytes = apr_snprintf(buffer, sizeof(buffer), - "CONNECT %s:%d HTTP/1.0" CRLF, - forward->target_host, forward->target_port); -- /* Add proxy authorization from the initial request if necessary */ -+ /* Add proxy authorization from the configuration, or initial -+ * request if necessary */ - if (forward->proxy_auth != NULL) { - nbytes += apr_snprintf(buffer + nbytes, sizeof(buffer) - nbytes, - "Proxy-Authorization: %s" CRLF, -@@ -3909,6 +3913,7 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, - int force10 = 0, do_100_continue = 0; - conn_rec *origin = p_conn->connection; - const char *host, *val; -+ const char *creds; - proxy_dir_conf *dconf = ap_get_module_config(r->per_dir_config, &proxy_module); - - /* -@@ -4131,6 +4136,11 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p, - /* run hook to fixup the request we are about to send */ - proxy_run_fixups(r); - -+ creds = apr_table_get(r->notes, "proxy-basic-creds"); -+ if (creds) { -+ apr_table_mergen(r->headers_in, "Proxy-Authorization", creds); -+ } -+ - /* We used to send `Host: ` always first, so let's keep it that - * way. No telling which legacy backend is relying on this. - * If proxy_run_fixups() changed the value, use it (though removal diff --git a/httpd-2.4.57-r1825120.patch b/httpd-2.4.57-r1825120.patch deleted file mode 100644 index 4eb0a59..0000000 --- a/httpd-2.4.57-r1825120.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c -index 4e2e80d..10a2c86 100644 ---- a/modules/ssl/ssl_engine_init.c -+++ b/modules/ssl/ssl_engine_init.c -@@ -2256,51 +2256,6 @@ int ssl_proxy_section_post_config(apr_pool_t *p, apr_pool_t *plog, - return OK; - } - --static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a, -- const X509_NAME * const *b) --{ -- return(X509_NAME_cmp(*a, *b)); --} -- --static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list, -- server_rec *s, apr_pool_t *ptemp, -- const char *file) --{ -- int n; -- STACK_OF(X509_NAME) *sk; -- -- sk = (STACK_OF(X509_NAME) *) -- SSL_load_client_CA_file(file); -- -- if (!sk) { -- return; -- } -- -- for (n = 0; n < sk_X509_NAME_num(sk); n++) { -- X509_NAME *name = sk_X509_NAME_value(sk, n); -- -- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209) -- "CA certificate: %s", -- modssl_X509_NAME_to_string(ptemp, name, 0)); -- -- /* -- * note that SSL_load_client_CA_file() checks for duplicates, -- * but since we call it multiple times when reading a directory -- * we must also check for duplicates ourselves. -- */ -- -- if (sk_X509_NAME_find(ca_list, name) < 0) { -- /* this will be freed when ca_list is */ -- sk_X509_NAME_push(ca_list, name); -- } -- else { -- /* need to free this ourselves, else it will leak */ -- X509_NAME_free(name); -- } -- } -- -- sk_X509_NAME_free(sk); --} - - static apr_status_t ssl_init_ca_cert_path(server_rec *s, - apr_pool_t *ptemp, -@@ -2324,7 +2279,7 @@ static apr_status_t ssl_init_ca_cert_path(server_rec *s, - } - file = apr_pstrcat(ptemp, path, "/", direntry.name, NULL); - if (ca_list) { -- ssl_init_PushCAList(ca_list, s, ptemp, file); -+ SSL_add_file_cert_subjects_to_stack(ca_list, file); - } - if (xi_list) { - load_x509_info(ptemp, xi_list, file); -@@ -2341,19 +2296,13 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, - const char *ca_file, - const char *ca_path) - { -- STACK_OF(X509_NAME) *ca_list; -- -- /* -- * Start with a empty stack/list where new -- * entries get added in sorted order. -- */ -- ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp); -+ STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();; - - /* - * Process CA certificate bundle file - */ - if (ca_file) { -- ssl_init_PushCAList(ca_list, s, ptemp, ca_file); -+ SSL_add_file_cert_subjects_to_stack(ca_list, ca_file); - /* - * If ca_list is still empty after trying to load ca_file - * then the file failed to load, and users should hear about that. -@@ -2377,11 +2326,6 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, - return NULL; - } - -- /* -- * Cleanup -- */ -- (void) sk_X509_NAME_set_cmp_func(ca_list, NULL); -- - return ca_list; - } - diff --git a/httpd-2.4.57-r1884505+.patch b/httpd-2.4.57-r1884505+.patch deleted file mode 100644 index 97bc6a8..0000000 --- a/httpd-2.4.57-r1884505+.patch +++ /dev/null @@ -1,39 +0,0 @@ -# ./pullrev.sh 1884505 1915625 -http://svn.apache.org/viewvc?view=revision&revision=1884505 -http://svn.apache.org/viewvc?view=revision&revision=1915625 - ---- httpd-2.4.57/modules/filters/mod_xml2enc.c -+++ httpd-2.4.57/modules/filters/mod_xml2enc.c -@@ -329,7 +329,7 @@ - apr_bucket* bstart; - apr_size_t insz = 0; - int pending_meta = 0; -- char *ctype; -+ char *mtype; - char *p; - - if (!ctx || !f->r->content_type) { -@@ -338,13 +338,17 @@ - return ap_pass_brigade(f->next, bb) ; - } - -- ctype = apr_pstrdup(f->r->pool, f->r->content_type); -- for (p = ctype; *p; ++p) -- if (isupper(*p)) -- *p = tolower(*p); -+ /* Extract the media type, ignoring parameters in content-type. */ -+ mtype = apr_pstrdup(f->r->pool, f->r->content_type); -+ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0'; -+ ap_str_tolower(mtype); - -- /* only act if starts-with "text/" or contains "xml" */ -- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) { -+ /* Accept text/ types, plus any XML media type per RFC 7303. */ -+ if (!(strncmp(mtype, "text/", 5) == 0 -+ || strcmp(mtype, "application/xml") == 0 -+ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */ -+ && (p = strstr(mtype, "+xml")) != NULL -+ && strlen(p) == 4 /* ensures +xml is a suffix */))) { - ap_remove_output_filter(f); - return ap_pass_brigade(f->next, bb) ; - } diff --git a/httpd-2.4.57-r1912081.patch b/httpd-2.4.57-r1912081.patch deleted file mode 100644 index 111e5ac..0000000 --- a/httpd-2.4.57-r1912081.patch +++ /dev/null @@ -1,91 +0,0 @@ -# ./pullrev.sh 1912081 -http://svn.apache.org/viewvc?view=revision&revision=1912081 - -Upstream-Status: merged in 2.4.58 - ---- httpd-2.4.57/modules/dav/main/mod_dav.c -+++ httpd-2.4.57/modules/dav/main/mod_dav.c -@@ -81,6 +81,7 @@ - const char *provider_name; - const dav_provider *provider; - const char *dir; -+ const char *base; - int locktimeout; - int allow_depthinfinity; - int allow_lockdiscovery; -@@ -196,6 +197,7 @@ - - newconf->locktimeout = DAV_INHERIT_VALUE(parent, child, locktimeout); - newconf->dir = DAV_INHERIT_VALUE(parent, child, dir); -+ newconf->base = DAV_INHERIT_VALUE(parent, child, base); - newconf->allow_depthinfinity = DAV_INHERIT_VALUE(parent, child, - allow_depthinfinity); - newconf->allow_lockdiscovery = DAV_INHERIT_VALUE(parent, child, -@@ -283,6 +285,18 @@ - } - - /* -+ * Command handler for the DAVBasePath directive, which is TAKE1 -+ */ -+static const char *dav_cmd_davbasepath(cmd_parms *cmd, void *config, const char *arg1) -+{ -+ dav_dir_conf *conf = config; -+ -+ conf->base = arg1; -+ -+ return NULL; -+} -+ -+/* - * Command handler for the DAVDepthInfinity directive, which is FLAG. - */ - static const char *dav_cmd_davdepthinfinity(cmd_parms *cmd, void *config, -@@ -748,7 +762,7 @@ - int use_checked_in, dav_resource **res_p) - { - dav_dir_conf *conf; -- const char *label = NULL; -+ const char *label = NULL, *base; - dav_error *err; - - /* if the request target can be overridden, get any target selector */ -@@ -765,11 +779,27 @@ - ap_escape_html(r->pool, r->uri))); - } - -+ /* Take the repos root from DAVBasePath if configured, else the -+ * path of the enclosing section. */ -+ base = conf->base ? conf->base : conf->dir; -+ - /* resolve the resource */ -- err = (*conf->provider->repos->get_resource)(r, conf->dir, -+ err = (*conf->provider->repos->get_resource)(r, base, - label, use_checked_in, - res_p); - if (err != NULL) { -+ /* In the error path, give a hint that DavBasePath needs to be -+ * used if the location was configured via a regex match. */ -+ if (!conf->base) { -+ core_dir_config *cdc = ap_get_core_module_config(r->per_dir_config); -+ -+ if (cdc->r) { -+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, APLOGNO(10484) -+ "failed to find repository for location configured " -+ "via regex match - missing DAVBasePath?"); -+ } -+ } -+ - err = dav_push_error(r->pool, err->status, 0, - "Could not fetch resource information.", err); - return err; -@@ -5164,6 +5194,10 @@ - AP_INIT_TAKE1("DAV", dav_cmd_dav, NULL, ACCESS_CONF, - "specify the DAV provider for a directory or location"), - -+ /* per directory/location */ -+ AP_INIT_TAKE1("DAVBasePath", dav_cmd_davbasepath, NULL, ACCESS_CONF, -+ "specify the DAV repository base URL"), -+ - /* per directory/location, or per server */ - AP_INIT_TAKE1("DAVMinTimeout", dav_cmd_davmintimeout, NULL, - ACCESS_CONF|RSRC_CONF, diff --git a/httpd-2.4.57-selinux.patch b/httpd-2.4.57-selinux.patch index b28bcee..20babde 100644 --- a/httpd-2.4.57-selinux.patch +++ b/httpd-2.4.57-selinux.patch @@ -1,8 +1,8 @@ diff --git a/configure.in b/configure.in -index 1e342bb..a3c994b 100644 +index 3932407..00e2369 100644 --- a/configure.in +++ b/configure.in -@@ -530,6 +530,11 @@ getloadavg +@@ -531,6 +531,11 @@ gettid dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN @@ -11,11 +11,11 @@ index 1e342bb..a3c994b 100644 + APR_ADDTO(HTTPD_LIBS, [-lselinux]) +]) + - AC_CACHE_CHECK([for gettid()], ac_cv_gettid, - [AC_TRY_RUN(#define _GNU_SOURCE - #include + if test $ac_cv_func_gettid = no; then + # On Linux before glibc 2.30, gettid() is only usable via syscall() + AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, diff --git a/server/core.c b/server/core.c -index ca33d94..41e9bdc 100644 +index 8970a50..ff1024d 100644 --- a/server/core.c +++ b/server/core.c @@ -65,6 +65,10 @@ @@ -29,7 +29,7 @@ index ca33d94..41e9bdc 100644 /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ -@@ -5157,6 +5161,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte +@@ -5170,6 +5174,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif diff --git a/httpd-2.4.43-deplibs.patch b/httpd-2.4.59-deplibs.patch similarity index 87% rename from httpd-2.4.43-deplibs.patch rename to httpd-2.4.59-deplibs.patch index c60f5a5..fc730ab 100644 --- a/httpd-2.4.43-deplibs.patch +++ b/httpd-2.4.59-deplibs.patch @@ -1,8 +1,8 @@ diff --git a/configure.in b/configure.in -index f8f9442..f276550 100644 +index 7194de5..00e2369 100644 --- a/configure.in +++ b/configure.in -@@ -786,9 +786,9 @@ APACHE_SUBST(INSTALL_SUEXEC) +@@ -843,9 +843,9 @@ APACHE_SUBST(INSTALL_SUEXEC) dnl APR should go after the other libs, so the right symbols can be picked up if test x${apu_found} != xobsolete; then diff --git a/httpd.spec b/httpd.spec index 48dc06c..38d3bfa 100644 --- a/httpd.spec +++ b/httpd.spec @@ -12,8 +12,8 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.57 -Release: 8%{?dist} +Version: 2.4.59 +Release: 1%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -65,7 +65,7 @@ Source48: apache-poweredby.png # build/scripts patches Patch2: httpd-2.4.43-apxs.patch -Patch3: httpd-2.4.43-deplibs.patch +Patch3: httpd-2.4.59-deplibs.patch # Needed for socket activation and mod_systemd patch Patch19: httpd-2.4.53-detect-systemd.patch # Features/functional changes @@ -74,60 +74,31 @@ Patch22: httpd-2.4.43-mod_systemd.patch Patch23: httpd-2.4.48-export.patch Patch24: httpd-2.4.43-corelimit.patch Patch25: httpd-2.4.57-selinux.patch -Patch26: httpd-2.4.57-gettid.patch -Patch27: httpd-2.4.53-icons.patch -Patch30: httpd-2.4.43-cachehardmax.patch -Patch34: httpd-2.4.43-socket-activation.patch -Patch38: httpd-2.4.43-sslciphdefault.patch -Patch39: httpd-2.4.43-sslprotdefault.patch -Patch41: httpd-2.4.43-r1861793+.patch -Patch42: httpd-2.4.48-r1828172+.patch -Patch45: httpd-2.4.43-logjournal.patch -Patch46: httpd-2.4.48-proxy-ws-idle-timeout.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1949969 -Patch47: httpd-2.4.57-pr37355.patch +Patch26: httpd-2.4.53-icons.patch +Patch27: httpd-2.4.43-cachehardmax.patch +Patch28: httpd-2.4.43-socket-activation.patch +Patch29: httpd-2.4.43-sslciphdefault.patch +Patch30: httpd-2.4.43-sslprotdefault.patch +Patch31: httpd-2.4.43-logjournal.patch +Patch32: httpd-2.4.48-proxy-ws-idle-timeout.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1949606 -Patch48: httpd-2.4.46-freebind.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1950021 -Patch49: httpd-2.4.48-ssl-proxy-chains.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2004143 -Patch50: httpd-2.4.57-r1825120.patch +Patch33: httpd-2.4.46-freebind.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2065677 -Patch52: httpd-2.4.53-separate-systemd-fns.patch +Patch34: httpd-2.4.53-separate-systemd-fns.patch # https://issues.redhat.com/browse/RHEL-5071 -Patch53: httpd-2.4.57-r1912477+.patch -# https://issues.redhat.com/browse/RHEL-6600 -Patch54: httpd-2.4.57-r1912081.patch - +Patch35: httpd-2.4.57-r1912477+.patch # Bug fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 -Patch60: httpd-2.4.43-enable-sslv3.patch -Patch61: httpd-2.4.46-htcacheclean-dont-break.patch +Patch100: httpd-2.4.43-enable-sslv3.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1932442 -Patch64: httpd-2.4.48-full-release.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1950011 -Patch65: httpd-2.4.51-r1877397.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1938740 -Patch66: httpd-2.4.51-r1892413+.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2073459 -Patch67: httpd-2.4.51-r1811831.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2098056 -Patch68: httpd-2.4.53-r1878890.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2186645 -Patch69: httpd-2.4.57-covscan.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2222001 -Patch70: httpd-2.4.57-mod_status-duplicate-key.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2217726 -Patch71: httpd-2.4.57-davenoent.patch -# https://issues.redhat.com/browse/RHEL-17686 -Patch72: httpd-2.4.57-r1884505+.patch +Patch101: httpd-2.4.48-full-release.patch # Security fixes # https://bugzilla.redhat.com/show_bug.cgi?id=... # -# https://bugzilla.redhat.com/show_bug.cgi?id=2245332 -Patch200: httpd-2.4.57-CVE-2023-31122.patch +# https://bugzilla.redhat.com/show_bug.cgi?id= +# Patch200: httpd-2.4.X-CVE-XXXX-YYYYY.patch License: ASL 2.0 @@ -271,37 +242,19 @@ written in the Lua programming language. %patch23 -p1 -b .export %patch24 -p1 -b .corelimit %patch25 -p1 -b .selinux -%patch26 -p1 -b .gettid -%patch27 -p1 -b .icons -%patch30 -p1 -b .cachehardmax -%patch34 -p1 -b .socketactivation -%patch38 -p1 -b .sslciphdefault -%patch39 -p1 -b .sslprotdefault -%patch41 -p1 -b .r1861793+ -%patch42 -p1 -b .r1828172+ -%patch45 -p1 -b .logjournal -%patch46 -p1 -b .proxy-ws-idle-timeout -%patch47 -p1 -b .pr37355 -%patch48 -p1 -b .freebind -%patch49 -p1 -b .ssl-proxy-chains -%patch50 -p1 -b .r1825120 -%patch52 -p1 -b .separatesystemd -%patch53 -p1 -b .r1912477+ -%patch54 -p1 -b .r1912081 +%patch26 -p1 -b .icons +%patch27 -p1 -b .cachehardmax +%patch28 -p1 -b .socketactivation +%patch29 -p1 -b .sslciphdefault +%patch30 -p1 -b .sslprotdefault +%patch31 -p1 -b .logjournal +%patch32 -p1 -b .proxy-ws-idle-timeout +%patch33 -p1 -b .freebind +%patch34 -p1 -b .separatesystemd +%patch35 -p1 -b .r1912477+ -%patch60 -p1 -b .enable-sslv3 -%patch61 -p1 -b .htcacheclean-dont-break -%patch64 -p1 -b .full-release -%patch65 -p1 -b .r1877397 -%patch66 -p1 -b .r1892413+ -%patch67 -p1 -b .r1811831 -%patch68 -p1 -b .r1878890 -%patch69 -p1 -b .covstan -%patch70 -p1 -b .duplicate-key -%patch71 -p1 -b .davenoent -%patch72 -p1 -b .r1884505+ - -%patch200 -p1 -b .CVE-2023-31122 +%patch100 -p1 -b .enable-sslv3 +%patch101 -p1 -b .full-release # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -862,6 +815,14 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Fri May 03 2024 Luboš Uhliarik - 2.4.59-1 +- new version 2.4.59 +- Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 +- Resolves: RHEL-31856 - httpd: HTTP response splitting + (CVE-2023-38709) +- Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple + modules (CVE-2024-24795) + * Wed Feb 7 2024 Joe Orton - 2.4.57-8 - mod_xml2enc: fix media type handling Resolves: RHEL-17686 diff --git a/sources b/sources index ceb40e4..38e0e4e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (httpd-2.4.57.tar.bz2) = 4d1e0a274ee90bdfb5f38d4a7d73a7367ed1c6388e26280e640014e49abc0df03683705b88dcfe2ec2da313dda4c7b4a3b86daffa1911f58e224eba89d82d155 -SHA512 (httpd-2.4.57.tar.bz2.asc) = 3d40491da7610b91894ea24d011da213c0ba4c04dbf3d5dbefac704ba55d9a56acf375dd61363f50291a748ef5f14e7d2dcba96b15a8ce448267bfeb26bf7ecd +SHA512 (httpd-2.4.59.tar.bz2) = 209da0bbac5e2564d4590302515b35495be6402273ff4024aa93e85e44554c95e053201d606383936425a41e1b5b97e6b40055dcbb385eb691a5029a6f3158c2 +SHA512 (httpd-2.4.59.tar.bz2.asc) = 85237e204e57d930e2b7a85a21f8d593e81895f96350c3a345978538a536f3c0614ba89256905c0aa558880fc6fb10608b8dd7cbd026af326b1d83601c267f2d SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192