import UBI mod_http2-2.0.29-4.el10_2.2
This commit is contained in:
parent
dfa3be6e43
commit
936a9cfc37
16
mod_http2-2.0.29-CVE-2026-43951.patch
Normal file
16
mod_http2-2.0.29-CVE-2026-43951.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff --git a/mod_http2/h2_c2_filter.c b/mod_http2/h2_c2_filter.c
|
||||
index 523a941..d770fe9 100644
|
||||
--- a/mod_http2/h2_c2_filter.c
|
||||
+++ b/mod_http2/h2_c2_filter.c
|
||||
@@ -307,10 +307,10 @@ static h2_headers *create_response(request_rec *r)
|
||||
if (!apr_is_empty_array(r->content_languages)) {
|
||||
int i;
|
||||
char *token;
|
||||
- char **languages = (char **)(r->content_languages->elts);
|
||||
const char *field = apr_table_get(r->headers_out, "Content-Language");
|
||||
|
||||
while (field && (token = ap_get_list_item(r->pool, &field)) != NULL) {
|
||||
+ char **languages = (char **)(r->content_languages->elts);
|
||||
for (i = 0; i < r->content_languages->nelts; ++i) {
|
||||
if (!ap_cstr_casecmp(token, languages[i]))
|
||||
break;
|
||||
24
mod_http2-2.0.29-CVE-2026-48913.patch
Normal file
24
mod_http2-2.0.29-CVE-2026-48913.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff --git a/mod_http2/h2_mplx.c b/mod_http2/h2_mplx.c
|
||||
index 71a7431..95be0d6 100644
|
||||
--- a/mod_http2/h2_mplx.c
|
||||
+++ b/mod_http2/h2_mplx.c
|
||||
@@ -866,9 +866,6 @@ static apr_status_t c2_setup_io(h2_mplx *m, conn_rec *c2, h2_stream *stream, h2_
|
||||
memset(&conn_ctx->pipe_in, 0, sizeof(conn_ctx->pipe_in));
|
||||
if (stream->input) {
|
||||
conn_ctx->beam_in = stream->input;
|
||||
- h2_beam_on_send(stream->input, c2_beam_input_write_notify, c2);
|
||||
- h2_beam_on_received(stream->input, c2_beam_input_read_notify, c2);
|
||||
- h2_beam_on_consumed(stream->input, c1_input_consumed, stream);
|
||||
#if H2_USE_PIPES
|
||||
action = "create input write pipe";
|
||||
rv = apr_file_pipe_create_pools(&conn_ctx->pipe_in[H2_PIPE_OUT],
|
||||
@@ -877,6 +874,9 @@ static apr_status_t c2_setup_io(h2_mplx *m, conn_rec *c2, h2_stream *stream, h2_
|
||||
c2->pool, c2->pool);
|
||||
if (APR_SUCCESS != rv) goto cleanup;
|
||||
#endif
|
||||
+ h2_beam_on_send(stream->input, c2_beam_input_write_notify, c2);
|
||||
+ h2_beam_on_received(stream->input, c2_beam_input_read_notify, c2);
|
||||
+ h2_beam_on_consumed(stream->input, c1_input_consumed, stream);
|
||||
h2_beam_on_eagain(stream->input, c2_beam_input_read_eagain, c2);
|
||||
if (!h2_beam_empty(stream->input))
|
||||
c2_beam_input_write_notify(c2, stream->input);
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: mod_http2
|
||||
Version: 2.0.29
|
||||
Release: 4%{?dist}.1
|
||||
Release: 4%{?dist}.2
|
||||
Summary: module implementing HTTP/2 for Apache 2
|
||||
License: Apache-2.0
|
||||
URL: https://icing.github.io/mod_h2/
|
||||
@ -25,6 +25,8 @@ Patch100: mod_http2-2.0.29-CVE-2025-49630.patch
|
||||
Patch101: mod_http2-2.0.29-CVE-2025-53020.patch
|
||||
# https://redhat.atlassian.net/browse/RHEL-182418
|
||||
Patch102: mod_http2-2.0.29-CVE-2026-49975.patch
|
||||
Patch103: mod_http2-2.0.29-CVE-2026-43951.patch
|
||||
Patch104: mod_http2-2.0.29-CVE-2026-48913.patch
|
||||
|
||||
%description
|
||||
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on
|
||||
@ -56,6 +58,9 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
|
||||
%{_httpd_moddir}/mod_proxy_http2.so
|
||||
|
||||
%changelog
|
||||
* Wed Jun 24 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.0.29-4.2
|
||||
- Resolves: RHEL-188008 - address CVE-2026-43951, CVE-2026-48913
|
||||
|
||||
* Fri Jun 05 2026 Luboš Uhliarik <luhliari@redhat.com> - 2.0.29-4.1
|
||||
- Resolves: RHEL-182410 - mod_http2: HTTP/2: Remote Denial of Service via
|
||||
compression bomb and Slowloris-style attack (CVE-2026-49975)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user