From f6b3b5472d2060204647ee07a287a6d2143c20b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 28 Jan 2025 02:09:48 +0100
Subject: [PATCH] Resolves: RHEL-58454 - mod_proxy_http2 failures after
 CVE-2024-38477 fix

---
 mod_http2-1.15.7-r1918628.patch | 21 +++++++++++++++++++++
 mod_http2.spec                  |  8 +++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 mod_http2-1.15.7-r1918628.patch

diff --git a/mod_http2-1.15.7-r1918628.patch b/mod_http2-1.15.7-r1918628.patch
new file mode 100644
index 0000000..0d3e256
--- /dev/null
+++ b/mod_http2-1.15.7-r1918628.patch
@@ -0,0 +1,21 @@
+diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c
+index c3b2ad5..7443021 100644
+--- a/mod_http2/mod_proxy_http2.c
++++ b/mod_http2/mod_proxy_http2.c
+@@ -303,7 +303,7 @@ static int proxy_http2_handler(request_rec *r,
+                                apr_port_t proxyport)
+ {
+     const char *proxy_func, *task_id;
+-    char *locurl = url, *u;
++    char *locurl, *u;
+     apr_size_t slen;
+     int is_ssl = 0;
+     apr_status_t status;
+@@ -372,6 +372,7 @@ run_connect:
+         goto cleanup;
+     }
+ 
++    locurl = url;
+     ctx->p_conn->is_ssl = ctx->is_ssl;
+ 
+     /* Step One: Determine the URL to connect to (might be a proxy),
diff --git a/mod_http2.spec b/mod_http2.spec
index df68368..85d5968 100644
--- a/mod_http2.spec
+++ b/mod_http2.spec
@@ -3,7 +3,7 @@
 
 Name:		mod_http2
 Version:	1.15.7
-Release:	10%{?dist}.2
+Release:	10%{?dist}.3
 Summary:	module implementing HTTP/2 for Apache 2
 Group:		System Environment/Daemons
 License:	ASL 2.0
@@ -24,6 +24,8 @@ Patch8:		mod_http2-1.15.7-CVE-2024-27316.patch
 Patch9:		mod_http2-1.15.7-log-error-resp.patch
 # https://issues.redhat.com/browse/RHEL-71575
 Patch10:	mod_http2-1.15.7-wrong-cl-proxy-resp-handling.patch
+# https://issues.redhat.com/browse/RHEL-58454
+Patch11:	mod_http2-1.15.7-r1918628.patch
 
 BuildRequires:	pkgconfig, httpd-devel >= 2.4.20, libnghttp2-devel >= 1.7.0, openssl-devel >= 1.0.2
 Requires:	httpd-mmn = %{_httpd_mmn}
@@ -45,6 +47,7 @@ top of libnghttp2 for httpd 2.4 servers.
 %patch8 -p1 -b .CVE-2024-27316
 %patch9 -p1 -b .log-error-resp
 %patch10 -p1 -b .wrong-cl-proxy-resp-handling
+%patch11 -p1 -b .r1918628
 
 %build
 %configure
@@ -71,6 +74,9 @@ make check
 %{_httpd_moddir}/mod_proxy_http2.so
 
 %changelog
+* Tue Jan 28 2025 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10.3
+- Resolves: RHEL-58454 - mod_proxy_http2 failures after CVE-2024-38477 fix
+
 * Tue Jan 07 2025 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10.2
 - Resolves: RHEL-71575: Wrong Content-Type when proxying using H2 protocol