From 76352c0488ad3c24479c4f93b819c53526fe0d92 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 30 Apr 2024 16:10:28 +0000
Subject: [PATCH] import UBI mod_http2-2.0.26-2.el9_4

---
 .gitignore                                    |  2 +-
 .mod_http2.metadata                           |  2 +-
 SOURCES/mod_http2-1.14.1-buildfix.patch       | 14 ----
 SOURCES/mod_http2-1.15.14-openssl30.patch     | 65 -------------------
 .../mod_http2-1.15.19-CVE-2021-44224.patch    | 13 ----
 .../mod_http2-1.15.19-CVE-2023-25690.patch    | 30 ---------
 ... => mod_http2-2.0.26-CVE-2024-27316.patch} | 21 +++---
 SPECS/mod_http2.spec                          | 29 ++++-----
 8 files changed, 24 insertions(+), 152 deletions(-)
 delete mode 100644 SOURCES/mod_http2-1.14.1-buildfix.patch
 delete mode 100644 SOURCES/mod_http2-1.15.14-openssl30.patch
 delete mode 100644 SOURCES/mod_http2-1.15.19-CVE-2021-44224.patch
 delete mode 100644 SOURCES/mod_http2-1.15.19-CVE-2023-25690.patch
 rename SOURCES/{mod_http2-1.15.19-CVE-2024-27316.patch => mod_http2-2.0.26-CVE-2024-27316.patch} (80%)

diff --git a/.gitignore b/.gitignore
index e95623d..3ff9b43 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/mod_http2-1.15.19.tar.gz
+SOURCES/mod_http2-2.0.26.tar.gz
diff --git a/.mod_http2.metadata b/.mod_http2.metadata
index 6e7a106..7da7b2f 100644
--- a/.mod_http2.metadata
+++ b/.mod_http2.metadata
@@ -1 +1 @@
-90be4a24989a8e0041d9cc20f7db34a453e4fa9f SOURCES/mod_http2-1.15.19.tar.gz
+cbfe42690c6a382da29ab728b1aa757af552acbc SOURCES/mod_http2-2.0.26.tar.gz
diff --git a/SOURCES/mod_http2-1.14.1-buildfix.patch b/SOURCES/mod_http2-1.14.1-buildfix.patch
deleted file mode 100644
index 25ff1fa..0000000
--- a/SOURCES/mod_http2-1.14.1-buildfix.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -uap mod_http2-1.14.0/mod_http2/h2_from_h1.c.buildfix mod_http2-1.14.0/mod_http2/h2_from_h1.c
---- mod_http2-1.14.0/mod_http2/h2_from_h1.c.buildfix	2019-02-12 13:30:56.000000000 +0000
-+++ mod_http2-1.14.0/mod_http2/h2_from_h1.c	2019-03-14 10:35:46.365678537 +0000
-@@ -35,6 +35,10 @@
- #include "h2_task.h"
- #include "h2_util.h"
- 
-+#ifndef AP_STATUS_IS_HEADER_ONLY
-+#define AP_STATUS_IS_HEADER_ONLY(x) ((x) == HTTP_NO_CONTENT || \
-+                                     (x) == HTTP_NOT_MODIFIED)
-+#endif
- 
- /* This routine is called by apr_table_do and merges all instances of
-  * the passed field values into a single array that will be further
diff --git a/SOURCES/mod_http2-1.15.14-openssl30.patch b/SOURCES/mod_http2-1.15.14-openssl30.patch
deleted file mode 100644
index 69a28f4..0000000
--- a/SOURCES/mod_http2-1.15.14-openssl30.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-commit 124c2ca0886b05d0871ee09466de555d757b72fc
-Author: Joe Orton <jorton@redhat.com>
-Date:   Fri May 7 10:58:18 2021 +0100
-
-    Switch to using OpenSSL EVP_* API to avoid deprecation warnings
-    with OpenSSL 3.0.
-
-diff --git a/mod_http2/h2_push.c b/mod_http2/h2_push.c
-index 8ae0b49..0a90a5d 100644
---- a/mod_http2/h2_push.c
-+++ b/mod_http2/h2_push.c
-@@ -23,7 +23,7 @@
- #include <apr_time.h>
- 
- #ifdef H2_OPENSSL
--#include <openssl/sha.h>
-+#include <openssl/evp.h>
- #endif
- 
- #include <httpd.h>
-@@ -472,27 +472,32 @@ typedef struct h2_push_diary_entry {
- 
- 
- #ifdef H2_OPENSSL
--static void sha256_update(SHA256_CTX *ctx, const char *s)
-+static void sha256_update(EVP_MD_CTX *ctx, const char *s)
- {
--    SHA256_Update(ctx, s, strlen(s));
-+    EVP_DigestUpdate(ctx, s, strlen(s));
- }
- 
- static void calc_sha256_hash(h2_push_diary *diary, apr_uint64_t *phash, h2_push *push) 
- {
--    SHA256_CTX sha256;
-+    EVP_MD_CTX *md;
-     apr_uint64_t val;
--    unsigned char hash[SHA256_DIGEST_LENGTH];
-+    unsigned char hash[EVP_MAX_MD_SIZE];
-+    unsigned len;
-     int i;
--    
--    SHA256_Init(&sha256);
--    sha256_update(&sha256, push->req->scheme);
--    sha256_update(&sha256, "://");
--    sha256_update(&sha256, push->req->authority);
--    sha256_update(&sha256, push->req->path);
--    SHA256_Final(hash, &sha256);
-+
-+    md = EVP_MD_CTX_create();
-+    ap_assert(md != NULL);
-+
-+    i = EVP_DigestInit_ex(md, EVP_sha256(), NULL);
-+    ap_assert(i == 1);
-+    sha256_update(md, push->req->scheme);
-+    sha256_update(md, "://");
-+    sha256_update(md, push->req->authority);
-+    sha256_update(md, push->req->path);
-+    EVP_DigestFinal(md, hash, &len);
- 
-     val = 0;
--    for (i = 0; i != sizeof(val); ++i)
-+    for (i = 0; i != len; ++i)
-         val = val * 256 + hash[i];
-     *phash = val >> (64 - diary->mask_bits);
- }
diff --git a/SOURCES/mod_http2-1.15.19-CVE-2021-44224.patch b/SOURCES/mod_http2-1.15.19-CVE-2021-44224.patch
deleted file mode 100644
index 11252ec..0000000
--- a/SOURCES/mod_http2-1.15.19-CVE-2021-44224.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/mod_http2/h2_request.c b/mod_http2/h2_request.c
-index 45df9b1..70241d4 100644
---- a/mod_http2/h2_request.c
-+++ b/mod_http2/h2_request.c
-@@ -371,7 +371,7 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c)
-     ap_add_input_filter_handle(ap_http_input_filter_handle,
-                                NULL, r, r->connection);
-     
--    if ((access_status = ap_run_post_read_request(r))) {
-+    if ((access_status = ap_post_read_request(r))) {
-         /* Request check post hooks failed. An example of this would be a
-          * request for a vhost where h2 is disabled --> 421.
-          */
diff --git a/SOURCES/mod_http2-1.15.19-CVE-2023-25690.patch b/SOURCES/mod_http2-1.15.19-CVE-2023-25690.patch
deleted file mode 100644
index 824e81d..0000000
--- a/SOURCES/mod_http2-1.15.19-CVE-2023-25690.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c
-index 893aa8f..d52d5d9 100644
---- a/mod_http2/mod_proxy_http2.c
-+++ b/mod_http2/mod_proxy_http2.c
-@@ -154,11 +154,25 @@ static int proxy_http2_canon(request_rec *r, char *url)
-         if (apr_table_get(r->notes, "proxy-nocanon")) {
-             path = url;   /* this is the raw path */
-         }
-+        else if (apr_table_get(r->notes, "proxy-noencode")) {
-+            path = url;   /* this is the encoded path already */
-+            search = r->args;
-+        }
-         else {
-             path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
-                                      enc_path, 0, r->proxyreq);
-             search = r->args;
-         }
-+        if (search && *ap_scan_vchar_obstext(search)) {
-+            /*
-+             * We have a raw control character or a ' ' in r->args.
-+             * Correct encoding was missed.
-+             */
-+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
-+                          "To be forwarded query string contains control "
-+                          "characters or spaces");
-+            return HTTP_FORBIDDEN;
-+        }
-         break;
-     case PROXYREQ_PROXY:
-         path = url;
diff --git a/SOURCES/mod_http2-1.15.19-CVE-2024-27316.patch b/SOURCES/mod_http2-2.0.26-CVE-2024-27316.patch
similarity index 80%
rename from SOURCES/mod_http2-1.15.19-CVE-2024-27316.patch
rename to SOURCES/mod_http2-2.0.26-CVE-2024-27316.patch
index cdecf1e..ac52022 100644
--- a/SOURCES/mod_http2-1.15.19-CVE-2024-27316.patch
+++ b/SOURCES/mod_http2-2.0.26-CVE-2024-27316.patch
@@ -10,10 +10,10 @@ Subject: [PATCH] RESET stream after 100 failed incoming headers
  3 files changed, 9 insertions(+), 3 deletions(-)
 
 diff --git a/mod_http2/h2_session.c b/mod_http2/h2_session.c
-index 1915855..d9c077a 100644
+index 1e560e47..6d379cc5 100644
 --- a/mod_http2/h2_session.c
 +++ b/mod_http2/h2_session.c
-@@ -311,9 +311,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
+@@ -319,9 +319,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
      
      status = h2_stream_add_header(stream, (const char *)name, namelen,
                                    (const char *)value, valuelen);
@@ -31,10 +31,10 @@ index 1915855..d9c077a 100644
      }
      return 0;
 diff --git a/mod_http2/h2_stream.c b/mod_http2/h2_stream.c
-index 4fec537..2b2caaf 100644
+index f6c92024..ee87555f 100644
 --- a/mod_http2/h2_stream.c
 +++ b/mod_http2/h2_stream.c
-@@ -764,6 +764,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
+@@ -813,6 +813,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
      
  cleanup:
      if (error) {
@@ -43,14 +43,15 @@ index 4fec537..2b2caaf 100644
          return APR_EINVAL; 
      }
 diff --git a/mod_http2/h2_stream.h b/mod_http2/h2_stream.h
-index 08f7888..baf8b50 100644
+index d68d4260..405978a4 100644
 --- a/mod_http2/h2_stream.h
 +++ b/mod_http2/h2_stream.h
-@@ -75,6 +75,7 @@ struct h2_stream {
+@@ -91,6 +91,7 @@ struct h2_stream {
      struct h2_request *rtmp;    /* request being assembled */
-     apr_table_t *trailers;      /* optional incoming trailers */
+     apr_table_t *trailers_in;   /* optional, incoming trailers */
      int request_headers_added;  /* number of request headers added */
 +    int request_headers_failed; /* number of request headers failed to add */
-     
-     struct h2_bucket_beam *input;
-     apr_bucket_brigade *in_buffer;
+ 
+ #if AP_HAS_RESPONSE_BUCKETS
+     ap_bucket_response *response; /* the final, non-interim response or NULL */
+
diff --git a/SPECS/mod_http2.spec b/SPECS/mod_http2.spec
index f21d9da..113fbc6 100644
--- a/SPECS/mod_http2.spec
+++ b/SPECS/mod_http2.spec
@@ -2,22 +2,18 @@
 %{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)}
 
 Name:		mod_http2
-Version:	1.15.19
-Release:	5%{?dist}.1
+Version:	2.0.26
+Release:	2%{?dist}
 Summary:	module implementing HTTP/2 for Apache 2
 License:	ASL 2.0
 URL:		https://icing.github.io/mod_h2/
 Source0:	https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2-%{version}.tar.gz
-Patch1:         mod_http2-1.14.1-buildfix.patch
-Patch2:         mod_http2-1.15.14-openssl30.patch
+# Patch1:       ...
 
 # Security patches:
-# https://bugzilla.redhat.com/show_bug.cgi?id=2034672
-Patch100:       mod_http2-1.15.19-CVE-2021-44224.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2176209
-Patch101:       mod_http2-1.15.19-CVE-2023-25690.patch
+#
 # https://bugzilla.redhat.com/show_bug.cgi?id=2268277
-Patch102:       mod_http2-1.15.19-CVE-2024-27316.patch
+Patch100:      mod_http2-2.0.26-CVE-2024-27316.patch
 
 BuildRequires: make
 BuildRequires:  gcc
@@ -32,13 +28,7 @@ The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on
 top of libnghttp2 for httpd 2.4 servers.
 
 %prep
-%setup -q
-%patch1 -p1 -b .buildfix
-%patch2 -p1 -b .openssl30
-
-%patch100 -p1 -b .CVE-2021-44224
-%patch101 -p1 -b .CVE-2023-25690
-%patch102 -p1 -b .CVE-2024-27316
+%autosetup -p1
 
 %build
 autoreconf -i
@@ -63,10 +53,13 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
 %{_httpd_moddir}/mod_proxy_http2.so
 
 %changelog
-* Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.19-5.1
-- Resolves: RHEL-29826 - mod_http2: httpd: CONTINUATION frames
+* Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-2
+- Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames
   DoS (CVE-2024-27316)
 
+* Thu Jan 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-1
+- Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26
+
 * Wed Aug 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.15.19-5
 - Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
   mod_rewrite and mod_proxy