rpms
/
httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'c8-stream-2.4' into a8-stream-2.4

This commit is contained in:
eabdullin 2022-06-22 09:25:21 +00:00 committed by Stepan Oksanichenko
parent daf51ad347 eeec984029
commit d4da8c8e59
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SOURCES/httpd-2.4.37-CVE-2020-13950.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 5786ea8..7da9bde 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -637,7 +637,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
"chunked body with Content-Length (C-L ignored)",
c->client_ip, c->remote_host ? c->remote_host: "");
req->old_cl_val = NULL;
- origin->keepalive = AP_CONN_CLOSE;
p_conn->close = 1;
}

13
SPECS/httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 47%{?dist}.1.alma
Release: 47%{?dist}.2.alma
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source2: httpd.logrotate
@ -216,6 +216,8 @@ Patch221: httpd-2.4.37-CVE-2021-44790.patch
Patch222: httpd-2.4.37-CVE-2021-44224.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2064321
Patch223: httpd-2.4.37-CVE-2022-22720.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1966738
Patch224: httpd-2.4.37-CVE-2020-13950.patch
License: ASL 2.0
Group: System Environment/Daemons
@ -421,6 +423,7 @@ interface for storing and accessing per-user session data.
%patch221 -p1 -b .CVE-2021-44790
%patch222 -p1 -b .CVE-2021-44224
%patch223 -p1 -b .CVE-2022-22720
%patch224 -p1 -b .CVE-2020-13950
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -926,12 +929,12 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Tue May 10 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 2.4.37-47.1.alma
* Wed Jun 22 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 2.4.37-47.2.alma
- include AlmaLinux in version string
* Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-43.3
- Resolves: #2065247 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
* Wed Jun 15 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47.2
- Resolves: #2097247 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
dereference
* Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-47.1
- Resolves: #2065248 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling