Compare commits

...

No commits in common. "c8-stream-2.4" and "c8-beta-stream-2.4" have entirely different histories.

3 changed files with 65 additions and 1 deletions

View File

@ -0,0 +1,11 @@
--- a/modules/core/mod_macro.c 2023/10/16 06:19:16 1912992
+++ b/modules/core/mod_macro.c 2023/10/16 06:38:32 1912993
@@ -483,7 +483,7 @@
for (i = 0; i < contents->nelts; i++) {
const char *errmsg;
/* copy the line and substitute macro parameters */
- strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1);
+ apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
errmsg = substitute_macro_args(line, MAX_STRING_LEN,
macro, replacements, used);
if (errmsg) {

View File

@ -0,0 +1,39 @@
# ./pullrev.sh 1884505 1915625
http://svn.apache.org/viewvc?view=revision&revision=1884505
http://svn.apache.org/viewvc?view=revision&revision=1915625
--- httpd-2.4.57/modules/filters/mod_xml2enc.c
+++ httpd-2.4.57/modules/filters/mod_xml2enc.c
@@ -329,7 +329,7 @@
apr_bucket* bstart;
apr_size_t insz = 0;
int pending_meta = 0;
- char *ctype;
+ char *mtype;
char *p;
if (!ctx || !f->r->content_type) {
@@ -338,13 +338,17 @@
return ap_pass_brigade(f->next, bb) ;
}
- ctype = apr_pstrdup(f->r->pool, f->r->content_type);
- for (p = ctype; *p; ++p)
- if (isupper(*p))
- *p = tolower(*p);
+ /* Extract the media type, ignoring parameters in content-type. */
+ mtype = apr_pstrdup(f->r->pool, f->r->content_type);
+ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0';
+ ap_str_tolower(mtype);
- /* only act if starts-with "text/" or contains "xml" */
- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) {
+ /* Accept text/ types, plus any XML media type per RFC 7303. */
+ if (!(strncmp(mtype, "text/", 5) == 0
+ || strcmp(mtype, "application/xml") == 0
+ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */
+ && (p = strstr(mtype, "+xml")) != NULL
+ && strlen(p) == 4 /* ensures +xml is a suffix */))) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb) ;
}

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 62%{?dist}
Release: 64%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source2: httpd.logrotate
@ -169,6 +169,8 @@ Patch91: httpd-2.4.37-add-SNI-support.patch
Patch92: httpd-2.4.37-mod_status-duplicate-key.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2221083
Patch93: httpd-2.4.37-r1885607.patch
# https://issues.redhat.com/browse/RHEL-14321
Patch94: httpd-2.4.57-r1884505+.patch
# Security fixes
Patch200: httpd-2.4.37-r1851471.patch
@ -254,6 +256,8 @@ Patch237: httpd-2.4.37-CVE-2022-36760.patch
Patch238: httpd-2.4.37-CVE-2023-25690.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2176211
Patch239: httpd-2.4.37-CVE-2023-27522.patch
# https://issues.redhat.com/browse/RHEL-14448
Patch240: httpd-2.4.37-CVE-2023-31122.patch
License: ASL 2.0
Group: System Environment/Daemons
@ -437,6 +441,7 @@ interface for storing and accessing per-user session data.
%patch91 -p1 -b .SNI
%patch92 -p1 -b .mod_status-dupl
%patch93 -p1 -b .r1885607
%patch94 -p1 -b .r1884505+
%patch200 -p1 -b .r1851471
%patch201 -p1 -b .CVE-2019-0211
@ -478,6 +483,7 @@ interface for storing and accessing per-user session data.
%patch237 -p1 -b .CVE-2022-36760
%patch238 -p1 -b .CVE-2023-25690
%patch239 -p1 -b .CVE-2023-27522
%patch240 -p1 -b .CVE-2023-31122
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -983,6 +989,14 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Fri Feb 16 2024 Joe Orton <jorton@redhat.com> - 2.4.37-64
- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read
vulnerability (CVE-2023-31122)
* Wed Feb 14 2024 Joe Orton <jorton@redhat.com> - 2.4.37-63
- mod_xml2enc: fix media type handling
Resolves: RHEL-14321
* Thu Aug 17 2023 Johnny Hughes <jhughes@redhat.com> - 2.4.37-62
- change for CentOS Stream Branding