Compare commits
2 Commits
a59cbbaa74
...
ff4c2c66c0
| Author | SHA1 | Date | |
|---|---|---|---|
|
ff4c2c66c0 | ||
|
df3e6a5147 |
3
.httpd.metadata
Normal file
3
.httpd.metadata
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
01044512374941fad939ec4b1537428cc7edc769 httpd-2.4.57.tar.bz2
|
||||||
|
5cac6152cf2f175cc35ca0cf9d00b797c949b273 httpd-2.4.57.tar.bz2.asc
|
||||||
|
b2457e3ce46a7634bf9272a92b4214974b9bc9e0 KEYS
|
||||||
11
httpd-2.4.57-CVE-2023-31122.patch
Normal file
11
httpd-2.4.57-CVE-2023-31122.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- a/modules/core/mod_macro.c 2023/10/16 06:19:16 1912992
|
||||||
|
+++ b/modules/core/mod_macro.c 2023/10/16 06:38:32 1912993
|
||||||
|
@@ -483,7 +483,7 @@
|
||||||
|
for (i = 0; i < contents->nelts; i++) {
|
||||||
|
const char *errmsg;
|
||||||
|
/* copy the line and substitute macro parameters */
|
||||||
|
- strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1);
|
||||||
|
+ apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
|
||||||
|
errmsg = substitute_macro_args(line, MAX_STRING_LEN,
|
||||||
|
macro, replacements, used);
|
||||||
|
if (errmsg) {
|
||||||
39
httpd-2.4.57-r1884505+.patch
Normal file
39
httpd-2.4.57-r1884505+.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# ./pullrev.sh 1884505 1915625
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1884505
|
||||||
|
http://svn.apache.org/viewvc?view=revision&revision=1915625
|
||||||
|
|
||||||
|
--- httpd-2.4.57/modules/filters/mod_xml2enc.c
|
||||||
|
+++ httpd-2.4.57/modules/filters/mod_xml2enc.c
|
||||||
|
@@ -329,7 +329,7 @@
|
||||||
|
apr_bucket* bstart;
|
||||||
|
apr_size_t insz = 0;
|
||||||
|
int pending_meta = 0;
|
||||||
|
- char *ctype;
|
||||||
|
+ char *mtype;
|
||||||
|
char *p;
|
||||||
|
|
||||||
|
if (!ctx || !f->r->content_type) {
|
||||||
|
@@ -338,13 +338,17 @@
|
||||||
|
return ap_pass_brigade(f->next, bb) ;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ctype = apr_pstrdup(f->r->pool, f->r->content_type);
|
||||||
|
- for (p = ctype; *p; ++p)
|
||||||
|
- if (isupper(*p))
|
||||||
|
- *p = tolower(*p);
|
||||||
|
+ /* Extract the media type, ignoring parameters in content-type. */
|
||||||
|
+ mtype = apr_pstrdup(f->r->pool, f->r->content_type);
|
||||||
|
+ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0';
|
||||||
|
+ ap_str_tolower(mtype);
|
||||||
|
|
||||||
|
- /* only act if starts-with "text/" or contains "xml" */
|
||||||
|
- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) {
|
||||||
|
+ /* Accept text/ types, plus any XML media type per RFC 7303. */
|
||||||
|
+ if (!(strncmp(mtype, "text/", 5) == 0
|
||||||
|
+ || strcmp(mtype, "application/xml") == 0
|
||||||
|
+ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */
|
||||||
|
+ && (p = strstr(mtype, "+xml")) != NULL
|
||||||
|
+ && strlen(p) == 4 /* ensures +xml is a suffix */))) {
|
||||||
|
ap_remove_output_filter(f);
|
||||||
|
return ap_pass_brigade(f->next, bb) ;
|
||||||
|
}
|
||||||
20
httpd.spec
20
httpd.spec
@ -13,7 +13,7 @@
|
|||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Name: httpd
|
Name: httpd
|
||||||
Version: 2.4.57
|
Version: 2.4.57
|
||||||
Release: 6%{?dist}
|
Release: 8%{?dist}
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
||||||
@ -118,11 +118,15 @@ Patch69: httpd-2.4.57-covscan.patch
|
|||||||
Patch70: httpd-2.4.57-mod_status-duplicate-key.patch
|
Patch70: httpd-2.4.57-mod_status-duplicate-key.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2217726
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2217726
|
||||||
Patch71: httpd-2.4.57-davenoent.patch
|
Patch71: httpd-2.4.57-davenoent.patch
|
||||||
|
# https://issues.redhat.com/browse/RHEL-17686
|
||||||
|
Patch72: httpd-2.4.57-r1884505+.patch
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=...
|
# https://bugzilla.redhat.com/show_bug.cgi?id=...
|
||||||
# Patch200: ...
|
#
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2245332
|
||||||
|
Patch200: httpd-2.4.57-CVE-2023-31122.patch
|
||||||
|
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
|
BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
|
||||||
@ -292,7 +296,9 @@ written in the Lua programming language.
|
|||||||
%patch69 -p1 -b .covstan
|
%patch69 -p1 -b .covstan
|
||||||
%patch70 -p1 -b .duplicate-key
|
%patch70 -p1 -b .duplicate-key
|
||||||
%patch71 -p1 -b .davenoent
|
%patch71 -p1 -b .davenoent
|
||||||
|
%patch72 -p1 -b .r1884505+
|
||||||
|
|
||||||
|
%patch200 -p1 -b .CVE-2023-31122
|
||||||
|
|
||||||
# Patch in the vendor string
|
# Patch in the vendor string
|
||||||
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
|
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
|
||||||
@ -853,6 +859,14 @@ exit $rv
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 7 2024 Joe Orton <jorton@redhat.com> - 2.4.57-8
|
||||||
|
- mod_xml2enc: fix media type handling
|
||||||
|
Resolves: RHEL-17686
|
||||||
|
|
||||||
|
* Mon Feb 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-7
|
||||||
|
- Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read
|
||||||
|
vulnerability (CVE-2023-31122)
|
||||||
|
|
||||||
* Wed Oct 4 2023 Joe Orton <jorton@redhat.com> - 2.4.57-6
|
* Wed Oct 4 2023 Joe Orton <jorton@redhat.com> - 2.4.57-6
|
||||||
- Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
|
- Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
|
||||||
- mod_dav_fs: add global mutex around lockdb interaction
|
- mod_dav_fs: add global mutex around lockdb interaction
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user