mod_proxy_balancer: fix balancer-manager XSRF check (PR 63688)

httpd-2.4.41-r1865749.patch

@@ -0,0 +1,14 @@
+# ./pullrev.sh 1865749
+http://svn.apache.org/viewvc?view=revision&revision=1865749
+
+--- httpd-2.4.41/modules/proxy/mod_proxy_balancer.c.r1865749
++++ httpd-2.4.41/modules/proxy/mod_proxy_balancer.c
+@@ -1104,7 +1104,7 @@
+     if (apr_uri_parse(r->pool, ref, &uri) || !uri.hostname)
+         return 0;
+ 
+-    return strcmp(uri.hostname, ap_get_server_name(r)) == 0;
++    return strcasecmp(uri.hostname, ap_get_server_name(r)) == 0;
+ }
+ 
+ /* Manages the loadfactors and member status

httpd.spec

@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.41
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source2: httpd.logrotate
@@ -82,6 +82,7 @@ Patch42: httpd-2.4.41-r1828172+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
 Patch58: httpd-2.4.34-r1738878.patch
 Patch60: httpd-2.4.34-enable-sslv3.patch
+Patch61: httpd-2.4.41-r1865749.patch
 
 # Security fixes
 
@@ -220,6 +221,7 @@ interface for storing and accessing per-user session data.
 
 %patch58 -p1 -b .r1738878
 %patch60 -p1 -b .enable-sslv3
+%patch61 -p1 -b .r1865749
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -740,6 +742,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Thu Oct  3 2019 Joe Orton <jorton@redhat.com> - 2.4.41-5
+- mod_proxy_balancer: fix balancer-manager XSRF check (PR 63688)
+
 * Wed Oct  2 2019 Joe Orton <jorton@redhat.com> - 2.4.41-4
 - mod_cgid: possible stdout timeout handling fix (#1757683)