From d98263874999ae0e6d4d189adff0e13e4ca0bb9a Mon Sep 17 00:00:00 2001 From: Brian Stinson Date: Thu, 27 Apr 2023 18:19:09 -0500 Subject: [PATCH] resync Signed-off-by: Brian Stinson --- .gitignore | 3 +- gating.yaml | 10 ---- mod_http2-1.14.1-buildfix.patch | 14 ------ mod_http2-1.15.14-openssl30.patch | 65 -------------------------- mod_http2-1.15.19-CVE-2021-44224.patch | 13 ------ mod_http2-1.15.7-CVE-2023-25690.patch | 21 +++++++++ mod_http2.spec | 14 ++++-- 7 files changed, 32 insertions(+), 108 deletions(-) delete mode 100644 gating.yaml delete mode 100644 mod_http2-1.14.1-buildfix.patch delete mode 100644 mod_http2-1.15.14-openssl30.patch delete mode 100644 mod_http2-1.15.19-CVE-2021-44224.patch create mode 100644 mod_http2-1.15.7-CVE-2023-25690.patch diff --git a/.gitignore b/.gitignore index f5251e5..3cdf8ba 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -SOURCES/mod_http2-1.15.7.tar.gz -/mod_http2-1.15.7.tar.gz +/mod_http2-1.*.tar.gz diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 5ac9fdb..0000000 --- a/gating.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- !Policy -product_versions: - - rhel-9 -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier2.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier3.functional} - - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional} - diff --git a/mod_http2-1.14.1-buildfix.patch b/mod_http2-1.14.1-buildfix.patch deleted file mode 100644 index 25ff1fa..0000000 --- a/mod_http2-1.14.1-buildfix.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -uap mod_http2-1.14.0/mod_http2/h2_from_h1.c.buildfix mod_http2-1.14.0/mod_http2/h2_from_h1.c ---- mod_http2-1.14.0/mod_http2/h2_from_h1.c.buildfix 2019-02-12 13:30:56.000000000 +0000 -+++ mod_http2-1.14.0/mod_http2/h2_from_h1.c 2019-03-14 10:35:46.365678537 +0000 -@@ -35,6 +35,10 @@ - #include "h2_task.h" - #include "h2_util.h" - -+#ifndef AP_STATUS_IS_HEADER_ONLY -+#define AP_STATUS_IS_HEADER_ONLY(x) ((x) == HTTP_NO_CONTENT || \ -+ (x) == HTTP_NOT_MODIFIED) -+#endif - - /* This routine is called by apr_table_do and merges all instances of - * the passed field values into a single array that will be further diff --git a/mod_http2-1.15.14-openssl30.patch b/mod_http2-1.15.14-openssl30.patch deleted file mode 100644 index 69a28f4..0000000 --- a/mod_http2-1.15.14-openssl30.patch +++ /dev/null @@ -1,65 +0,0 @@ -commit 124c2ca0886b05d0871ee09466de555d757b72fc -Author: Joe Orton -Date: Fri May 7 10:58:18 2021 +0100 - - Switch to using OpenSSL EVP_* API to avoid deprecation warnings - with OpenSSL 3.0. - -diff --git a/mod_http2/h2_push.c b/mod_http2/h2_push.c -index 8ae0b49..0a90a5d 100644 ---- a/mod_http2/h2_push.c -+++ b/mod_http2/h2_push.c -@@ -23,7 +23,7 @@ - #include - - #ifdef H2_OPENSSL --#include -+#include - #endif - - #include -@@ -472,27 +472,32 @@ typedef struct h2_push_diary_entry { - - - #ifdef H2_OPENSSL --static void sha256_update(SHA256_CTX *ctx, const char *s) -+static void sha256_update(EVP_MD_CTX *ctx, const char *s) - { -- SHA256_Update(ctx, s, strlen(s)); -+ EVP_DigestUpdate(ctx, s, strlen(s)); - } - - static void calc_sha256_hash(h2_push_diary *diary, apr_uint64_t *phash, h2_push *push) - { -- SHA256_CTX sha256; -+ EVP_MD_CTX *md; - apr_uint64_t val; -- unsigned char hash[SHA256_DIGEST_LENGTH]; -+ unsigned char hash[EVP_MAX_MD_SIZE]; -+ unsigned len; - int i; -- -- SHA256_Init(&sha256); -- sha256_update(&sha256, push->req->scheme); -- sha256_update(&sha256, "://"); -- sha256_update(&sha256, push->req->authority); -- sha256_update(&sha256, push->req->path); -- SHA256_Final(hash, &sha256); -+ -+ md = EVP_MD_CTX_create(); -+ ap_assert(md != NULL); -+ -+ i = EVP_DigestInit_ex(md, EVP_sha256(), NULL); -+ ap_assert(i == 1); -+ sha256_update(md, push->req->scheme); -+ sha256_update(md, "://"); -+ sha256_update(md, push->req->authority); -+ sha256_update(md, push->req->path); -+ EVP_DigestFinal(md, hash, &len); - - val = 0; -- for (i = 0; i != sizeof(val); ++i) -+ for (i = 0; i != len; ++i) - val = val * 256 + hash[i]; - *phash = val >> (64 - diary->mask_bits); - } diff --git a/mod_http2-1.15.19-CVE-2021-44224.patch b/mod_http2-1.15.19-CVE-2021-44224.patch deleted file mode 100644 index 11252ec..0000000 --- a/mod_http2-1.15.19-CVE-2021-44224.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/mod_http2/h2_request.c b/mod_http2/h2_request.c -index 45df9b1..70241d4 100644 ---- a/mod_http2/h2_request.c -+++ b/mod_http2/h2_request.c -@@ -371,7 +371,7 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c) - ap_add_input_filter_handle(ap_http_input_filter_handle, - NULL, r, r->connection); - -- if ((access_status = ap_run_post_read_request(r))) { -+ if ((access_status = ap_post_read_request(r))) { - /* Request check post hooks failed. An example of this would be a - * request for a vhost where h2 is disabled --> 421. - */ diff --git a/mod_http2-1.15.7-CVE-2023-25690.patch b/mod_http2-1.15.7-CVE-2023-25690.patch new file mode 100644 index 0000000..249bf9e --- /dev/null +++ b/mod_http2-1.15.7-CVE-2023-25690.patch @@ -0,0 +1,21 @@ +diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c +index 2208707..844653e 100644 +--- a/mod_http2/mod_proxy_http2.c ++++ b/mod_http2/mod_proxy_http2.c +@@ -159,6 +159,16 @@ static int proxy_http2_canon(request_rec *r, char *url) + path = ap_proxy_canonenc(r->pool, url, (int)strlen(url), + enc_path, 0, r->proxyreq); + search = r->args; ++ if (search && *(ap_scan_vchar_obstext(search))) { ++ /* ++ * We have a raw control character or a ' ' in r->args. ++ * Correct encoding was missed. ++ */ ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412) ++ "To be forwarded query string contains control " ++ "characters or spaces"); ++ return HTTP_FORBIDDEN; ++ } + } + break; + case PROXYREQ_PROXY: diff --git a/mod_http2.spec b/mod_http2.spec index 2f1d8bc..be36599 100644 --- a/mod_http2.spec +++ b/mod_http2.spec @@ -3,7 +3,7 @@ Name: mod_http2 Version: 1.15.7 -Release: 7%{?dist} +Release: 8%{?dist}.3 Summary: module implementing HTTP/2 for Apache 2 Group: System Environment/Daemons License: ASL 2.0 @@ -14,11 +14,12 @@ Patch2: mod_http2-1.15.7-CVE-2020-11993.patch Patch3: mod_http2-1.15.7-CVE-2021-33193.patch Patch4: mod_http2-1.15.7-CVE-2021-44224.patch Patch5: mod_http2-1.15.7-SNI.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2176209 +Patch6: mod_http2-1.15.7-CVE-2023-25690.patch + BuildRequires: pkgconfig, httpd-devel >= 2.4.20, libnghttp2-devel >= 1.7.0, openssl-devel >= 1.0.2 Requires: httpd-mmn = %{_httpd_mmn} -Requires: httpd >= 2.4.37-47 -Conflicts: httpd < 2.4.25-8 - +Conflicts: httpd < 2.4.37-55 %description The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on @@ -31,6 +32,7 @@ top of libnghttp2 for httpd 2.4 servers. %patch3 -p1 -b .CVE-2021-33193 %patch4 -p1 -b .CVE-2021-44224 %patch5 -p1 -b .SNI +%patch6 -p1 -b .CVE-2023-25690 %build %configure @@ -57,6 +59,10 @@ make check %{_httpd_moddir}/mod_proxy_http2.so %changelog +* Sat Mar 18 2023 Luboš Uhliarik - 1.15.7-8.3 +- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting + with mod_rewrite and mod_proxy + * Thu Dec 08 2022 Luboš Uhliarik - 1.15.7-7 - Resolves: #2095650 - Dependency from mod_http2 on httpd broken