From ff4c2c66c038359b913e47deec34e5ebf18e5877 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 7 Feb 2024 15:44:56 +0000 Subject: [PATCH] mod_xml2enc: fix media type handling --- .httpd.metadata | 3 +++ httpd-2.4.57-r1884505+.patch | 39 ++++++++++++++++++++++++++++++++++++ httpd.spec | 10 +++++++-- 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 .httpd.metadata create mode 100644 httpd-2.4.57-r1884505+.patch diff --git a/.httpd.metadata b/.httpd.metadata new file mode 100644 index 0000000..77f9cbd --- /dev/null +++ b/.httpd.metadata @@ -0,0 +1,3 @@ +01044512374941fad939ec4b1537428cc7edc769 httpd-2.4.57.tar.bz2 +5cac6152cf2f175cc35ca0cf9d00b797c949b273 httpd-2.4.57.tar.bz2.asc +b2457e3ce46a7634bf9272a92b4214974b9bc9e0 KEYS diff --git a/httpd-2.4.57-r1884505+.patch b/httpd-2.4.57-r1884505+.patch new file mode 100644 index 0000000..97bc6a8 --- /dev/null +++ b/httpd-2.4.57-r1884505+.patch @@ -0,0 +1,39 @@ +# ./pullrev.sh 1884505 1915625 +http://svn.apache.org/viewvc?view=revision&revision=1884505 +http://svn.apache.org/viewvc?view=revision&revision=1915625 + +--- httpd-2.4.57/modules/filters/mod_xml2enc.c ++++ httpd-2.4.57/modules/filters/mod_xml2enc.c +@@ -329,7 +329,7 @@ + apr_bucket* bstart; + apr_size_t insz = 0; + int pending_meta = 0; +- char *ctype; ++ char *mtype; + char *p; + + if (!ctx || !f->r->content_type) { +@@ -338,13 +338,17 @@ + return ap_pass_brigade(f->next, bb) ; + } + +- ctype = apr_pstrdup(f->r->pool, f->r->content_type); +- for (p = ctype; *p; ++p) +- if (isupper(*p)) +- *p = tolower(*p); ++ /* Extract the media type, ignoring parameters in content-type. */ ++ mtype = apr_pstrdup(f->r->pool, f->r->content_type); ++ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0'; ++ ap_str_tolower(mtype); + +- /* only act if starts-with "text/" or contains "xml" */ +- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) { ++ /* Accept text/ types, plus any XML media type per RFC 7303. */ ++ if (!(strncmp(mtype, "text/", 5) == 0 ++ || strcmp(mtype, "application/xml") == 0 ++ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */ ++ && (p = strstr(mtype, "+xml")) != NULL ++ && strlen(p) == 4 /* ensures +xml is a suffix */))) { + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb) ; + } diff --git a/httpd.spec b/httpd.spec index 37abc2d..27fa27e 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.57 -Release: 7%{?dist} +Release: 8%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -118,7 +118,8 @@ Patch69: httpd-2.4.57-covscan.patch Patch70: httpd-2.4.57-mod_status-duplicate-key.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2217726 Patch71: httpd-2.4.57-davenoent.patch - +# https://issues.redhat.com/browse/RHEL-17686 +Patch72: httpd-2.4.57-r1884505+.patch # Security fixes # https://bugzilla.redhat.com/show_bug.cgi?id=... @@ -295,6 +296,7 @@ written in the Lua programming language. %patch69 -p1 -b .covstan %patch70 -p1 -b .duplicate-key %patch71 -p1 -b .davenoent +%patch72 -p1 -b .r1884505+ %patch200 -p1 -b .CVE-2023-31122 @@ -857,6 +859,10 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Wed Feb 7 2024 Joe Orton - 2.4.57-8 +- mod_xml2enc: fix media type handling + Resolves: RHEL-17686 + * Mon Feb 05 2024 Luboš Uhliarik - 2.4.57-7 - Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)