rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI httpd-2.4.63-13.el10

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-05-19 19:13:51 -04:00
parent 6eba40cb97
commit d5ea165b32
8 changed files with 289 additions and 8825 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
KEYS
apache-poweredby.png
httpd-2.4.63.tar.bz2

8818
KEYS
View File

File diff suppressed because it is too large Load Diff

74
httpd-2.4.63-err-page-handling.patch Normal file
View File

@ -0,0 +1,74 @@
From d56df32f2cb71de3762747aec70bef03d79096b6 Mon Sep 17 00:00:00 2001
From: Jean-Frederic Clere <jfclere@gmail.com>
Date: Tue, 5 Mar 2024 10:34:50 +0100
Subject: [PATCH] When the error is broken (like missing error file) make sure
the error displays the right method and the correct Additionally message.
---
modules/http/http_protocol.c | 11 +++++++----
modules/http/http_request.c | 1 +
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index f1ed1f6cc20..fbec4e61c65 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -963,6 +963,9 @@ static const char *get_canned_error_string(int status,
{
apr_pool_t *p = r->pool;
const char *error_notes, *h1, *s1;
+ const char *method = r->method;
+ if (r->subprocess_env && apr_table_get(r->subprocess_env, "REQUEST_METHOD"))
+ method = apr_table_get(r->subprocess_env, "REQUEST_METHOD");
switch (status) {
case HTTP_MOVED_PERMANENTLY:
@@ -1007,7 +1010,7 @@ static const char *get_canned_error_string(int status,
case HTTP_METHOD_NOT_ALLOWED:
return(apr_pstrcat(p,
"<p>The requested method ",
- ap_escape_html(r->pool, r->method),
+ ap_escape_html(r->pool, method),
" is not allowed for this URL.</p>\n",
NULL));
case HTTP_NOT_ACCEPTABLE:
@@ -1020,7 +1023,7 @@ static const char *get_canned_error_string(int status,
case HTTP_LENGTH_REQUIRED:
s1 = apr_pstrcat(p,
"<p>A request of the requested method ",
- ap_escape_html(r->pool, r->method),
+ ap_escape_html(r->pool, method),
" requires a valid Content-length.<br />\n",
NULL);
return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
@@ -1030,7 +1033,7 @@ static const char *get_canned_error_string(int status,
case HTTP_NOT_IMPLEMENTED:
s1 = apr_pstrcat(p,
"<p>",
- ap_escape_html(r->pool, r->method),
+ ap_escape_html(r->pool, method),
" not supported for current URL.<br />\n",
NULL);
return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
@@ -1052,7 +1055,7 @@ static const char *get_canned_error_string(int status,
case HTTP_REQUEST_ENTITY_TOO_LARGE:
return(apr_pstrcat(p,
"The requested resource does not allow request data with ",
- ap_escape_html(r->pool, r->method),
+ ap_escape_html(r->pool, method),
" requests, or the amount of data provided in\n"
"the request exceeds the capacity limit.\n",
NULL));
diff --git a/modules/http/http_request.c b/modules/http/http_request.c
index cb7af9cafb1..115f7035cf1 100644
--- a/modules/http/http_request.c
+++ b/modules/http/http_request.c
@@ -127,6 +127,7 @@ static void ap_die_r(int type, request_rec *r, int recursive_error)
*/
update_r_in_filters(r_1st_err->proto_output_filters, r, r_1st_err);
update_r_in_filters(r_1st_err->input_filters, r, r_1st_err);
+ recursive_error = type;
}
custom_response = NULL; /* Do NOT retry the custom thing! */

66
httpd-2.4.63-hcheck-stuck.patch Normal file
View File

@ -0,0 +1,66 @@
--- a/modules/proxy/mod_proxy_hcheck.c
+++ b/modules/proxy/mod_proxy_hcheck.c
@@ -989,12 +989,30 @@ static apr_status_t hc_watchdog_callback(int state
sctx_t *ctx = (sctx_t *)data;
server_rec *s = ctx->s;
proxy_server_conf *conf;
+ proxy_worker **workers;
+ proxy_worker *worker;
+ apr_time_t now;
+ int i, n;
+ conf = (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
+ balancer = (proxy_balancer *)conf->balancers->elts;
+
switch (state) {
case AP_WATCHDOG_STATE_STARTING:
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(03258)
"%s watchdog started.",
HCHECK_WATHCHDOG_NAME);
+ /* set last update time for all workers */
+ now = apr_time_now();
+ for (i = 0; i < conf->balancers->nelts; i++, balancer++) {
+ workers = (proxy_worker **)balancer->workers->elts;
+ for (n = 0; n < balancer->workers->nelts; n++, ++workers) {
+ worker = *workers;
+ if (worker->s->updated == 0) {
+ worker->s->updated = now;
+ }
+ }
+ }
#if HC_USE_THREADS
if (tpsize && hctp == NULL) {
rv = apr_thread_pool_create(&hctp, tpsize,
@@ -1020,21 +1038,13 @@ static apr_status_t hc_watchdog_callback(int state
case AP_WATCHDOG_STATE_RUNNING:
/* loop thru all workers */
- if (s) {
- int i;
- conf = (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
- balancer = (proxy_balancer *)conf->balancers->elts;
- ctx->s = s;
+ {
+ now = apr_time_now();
for (i = 0; i < conf->balancers->nelts; i++, balancer++) {
- int n;
- apr_time_t now;
- proxy_worker **workers;
- proxy_worker *worker;
/* Have any new balancers or workers been added dynamically? */
ap_proxy_sync_balancer(balancer, s, conf);
workers = (proxy_worker **)balancer->workers->elts;
- now = apr_time_now();
- for (n = 0; n < balancer->workers->nelts; n++) {
+ for (n = 0; n < balancer->workers->nelts; n++, workers++) {
worker = *workers;
if (!PROXY_WORKER_IS(worker, PROXY_WORKER_STOPPED) &&
(worker->s->method != NONE) &&
@@ -1074,7 +1084,6 @@ static apr_status_t hc_watchdog_callback(int state
hc_check(NULL, baton);
}
}
- workers++;
}
}
}

112
httpd-2.4.63-r1931452.patch Normal file
View File

@ -0,0 +1,112 @@
From d56527579e6a56ebfc265f3a059694a58e7e8c71 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Wed, 21 Jan 2026 11:05:12 +0000
Subject: [PATCH] core: Add millisecond support to ErrorLogFormat time
specifiers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
%{m} prints the timestamp in millisecond-resolution.
* include/util_time.h:
Define new AP_CTIME_OPTION_MSEC option for printing time in milliseconds
format.
* server/util_time.c (ap_recent_ctime_ex):
Handle AP_CTIME_OPTION_MSEC to print time in a millisecond format.
* server/log.c (log_ctime):
Recognize the m time option in both fast-path and composite %{...}t formats.
Submitted by: Luboš Uhliarik <luhliari redhat.com>
Github: closes #597
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1931452 13f79535-47bb-0310-9956-ffa450edef68
---
include/util_time.h | 2 ++
server/log.c | 8 +++++++-
server/util_time.c | 17 +++++++++++++++--
5 files changed, 30 insertions(+), 3 deletions(-)
create mode 100644 changes-entries/log-msec.txt
diff --git a/include/util_time.h b/include/util_time.h
index 1ba6353c025..c149e52166a 100644
--- a/include/util_time.h
+++ b/include/util_time.h
@@ -49,6 +49,8 @@ extern "C" {
#define AP_CTIME_OPTION_COMPACT 0x2
/* Add timezone offset from GMT ([+-]hhmm) */
#define AP_CTIME_OPTION_GMTOFF 0x4
+/* Add sub second timestamps with millisecond resolution */
+#define AP_CTIME_OPTION_MSEC 0x8
/**
diff --git a/server/log.c b/server/log.c
index 91dcf2c3eb0..d5236f45f86 100644
--- a/server/log.c
+++ b/server/log.c
@@ -585,9 +585,15 @@ static int log_ctime(const ap_errorlog_info *info, const char *arg,
if (arg[0] == 'u' && !arg[1]) { /* no ErrorLogFormat (fast path) */
option |= AP_CTIME_OPTION_USEC;
}
- else if (!ap_strchr_c(arg, '%')) { /* special "%{cuz}t" formats */
+ else if (arg[0] == 'm' && !arg[1]) { /* no ErrorLogFormat (fast path) - msec */
+ option |= AP_CTIME_OPTION_MSEC;
+ }
+ else if (!ap_strchr_c(arg, '%')) { /* special "%{mcuz}t" formats */
while (*arg) {
switch (*arg++) {
+ case 'm':
+ option |= AP_CTIME_OPTION_MSEC;
+ break;
case 'u':
option |= AP_CTIME_OPTION_USEC;
break;
diff --git a/server/util_time.c b/server/util_time.c
index 8dcf2fb293f..020fced8b10 100644
--- a/server/util_time.c
+++ b/server/util_time.c
@@ -24,6 +24,11 @@
* */
#define AP_CTIME_USEC_LENGTH 7
+/* Number of characters needed to format the millisecond part of a timestamp.
+ * Milliseconds have 3 digits plus one separator character makes 4.
+ * */
+#define AP_CTIME_MSEC_LENGTH 4
+
/* Length of ISO 8601 date/time (including trailing '\0') */
#define AP_CTIME_COMPACT_LEN 20
@@ -184,6 +189,9 @@ AP_DECLARE(apr_status_t) ap_recent_ctime_ex(char *date_str, apr_time_t t,
if (option & AP_CTIME_OPTION_USEC) {
needed += AP_CTIME_USEC_LENGTH;
}
+ else if (option & AP_CTIME_OPTION_MSEC) {
+ needed += AP_CTIME_MSEC_LENGTH;
+ }
if (option & AP_CTIME_OPTION_GMTOFF) {
needed += AP_CTIME_GMTOFF_LEN;
@@ -244,11 +252,16 @@ AP_DECLARE(apr_status_t) ap_recent_ctime_ex(char *date_str, apr_time_t t,
*date_str++ = ':';
*date_str++ = xt.tm_sec / 10 + '0';
*date_str++ = xt.tm_sec % 10 + '0';
- if (option & AP_CTIME_OPTION_USEC) {
+ if (option & (AP_CTIME_OPTION_USEC|AP_CTIME_OPTION_MSEC)) {
int div;
int usec = (int)xt.tm_usec;
*date_str++ = '.';
- for (div=100000; div>0; div=div/10) {
+ div = 100000;
+ if (!(option & AP_CTIME_OPTION_USEC)) {
+ usec = usec / 1000;
+ div = 100;
+ }
+ for (; div>0; div=div/10) {
*date_str++ = usec / div + '0';
usec = usec % div;
}

35
httpd.spec
View File

@ -25,7 +25,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.63
Release: 4%{?dist}.3
Release: 13%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -102,6 +102,8 @@ Patch34: httpd-2.4.62-proxy-ws-idle-timeout.patch
Patch35: httpd-2.4.63-r1926064.patch
# https://issues.redhat.com/browse/RHEL-106043
Patch36: httpd-2.4.63-r1926317.patch
# https://issues.redhat.com/browse/RHEL-145713
Patch37: httpd-2.4.63-r1931452.patch
# Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243
@ -109,6 +111,10 @@ Patch60: httpd-2.4.43-enable-sslv3.patch
Patch61: httpd-2.4.59-no-engine.patch
# https://issues.redhat.com/browse/RHEL-99815
Patch62: httpd-2.4.63-r1926107.patch
# https://issues.redhat.com/browse/RHEL-122290
Patch63: httpd-2.4.63-hcheck-stuck.patch
# https://issues.redhat.com/browse/RHEL-131829
Patch64: httpd-2.4.63-err-page-handling.patch
# Security fixes
#
@ -129,6 +135,7 @@ Patch205: httpd-2.4.63-CVE-2025-65082.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2419365
Patch206: httpd-2.4.63-CVE-2025-58098.patch
# Apache-2.0: everything
# BSD-3-Clause: util_pcre.c, ap_regex.h
# metamail AND HPND-sell-variant:: server/util_md5.c:
@ -849,18 +856,32 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Wed Dec 10 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-4.3
- Resolves: RHEL-135052 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
* Thu Feb 12 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-13
- Resolves: RHEL-145713 - [RFE] Need miliseconds time stamp in ErrorLogFormat
* Fri Jan 02 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-12
- Resolves: RHEL-135053 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135035 - httpd: Apache HTTP Server: CGI environment variable
- Resolves: RHEL-135036 - httpd: Apache HTTP Server: CGI environment variable
override (CVE-2025-65082)
- Resolves: RHEL-134467 - httpd: Apache HTTP Server: Server Side Includes adds
- Resolves: RHEL-134468 - httpd: Apache HTTP Server: Server Side Includes adds
query string to #exec cmd=... (CVE-2025-58098)
* Thu Nov 06 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-4.2
- Resolves: RHEL-125894 - mod_ssl: allow more fine grained SSL SNI vhost check
* Thu Dec 18 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-11
- Resolves: RHEL-131829 - Fix error page messaging when error handling fails
* Thu Nov 06 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-10
- Resolves: RHEL-125880 - mod_ssl: allow more fine grained SSL SNI vhost check
to avoid unnecessary 421 errors after CVE-2025-23048 fix
* Fri Oct 24 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-6
- Resolves: RHEL-122290 - mod_proxy_hcheck may stop healthchecks after a child
process is reclaimed
* Mon Sep 08 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-5
- Resolves: RHEL-92663 - Image mode: The dir /var/www is not created when
updating system in image mode
* Sat Aug 16 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.63-4
- Resolves: RHEL-99945 - httpd: HTTP Session Hijack via a TLS
upgrade (CVE-2025-49812)

7
httpd.tmpfiles
View File

@ -1,2 +1,9 @@
d /run/httpd 710 root apache
d /run/httpd/htcacheclean 700 apache apache
d /var/log/httpd 700 root root -
d /var/www 755 root root -
d /var/www/html 755 root root -
d /var/www/cgi-bin 755 root root -
d /var/lib/httpd 700 apache apache -
d /var/cache/httpd 700 apache apache -
d /var/cache/httpd/proxy 700 apache apache -

1
sources
View File

@ -1,2 +1,3 @@
SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192
SHA512 (apache-poweredby.png) = 51d2796ca0ed0f48c5aaaa207c3778ae99ff3652653099d65d30138ec4568f409db846943ed7c0e2d8a4e1aa29281e0d0daae24056c41cf49760dacba153eb00
SHA512 (httpd-2.4.63.tar.bz2) = a804ca564dfee5907fe4ce4f36884815bace0621bc7b8c9aa7c99472a954aa19cb13733f90678ff3d58ab3c76cc0e33a27e1035dc1d8cb597a9622154c59ef48