rpms/mod_md
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8s-stream-2.4
Branches Tags
rpms:c8-stream-2.4
rpms:c10
rpms:c9
rpms:stream-httpd-2.4-rhel-8.10.0
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:stream-httpd-2.4-rhel-8.9.0
rpms:c8-beta-stream-2.4
rpms:c8s-stream-2.4
rpms:imports/c10/mod_md-2.4.26-4.el10_1
rpms:imports/c9/mod_md-2.4.26-1.el9_7.1
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2
rpms:imports/c10/mod_md-2.4.26-3.el10_0
rpms:imports/c9/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-3.el10
rpms:imports/c9-beta/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-2.el10
rpms:imports/c9/mod_md-2.4.19-1.el9
rpms:imports/c9-beta/mod_md-2.4.19-1.el9
rpms:imports/c9/mod_md-2.4.0-3.el9
rpms:imports/c9-beta/mod_md-2.4.0-3.el9
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-6.module+el8.2.0+5146+97061b72
rpms:imports/c8s-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2
..
compare: rpms:c8-stream-2.4
Branches Tags
rpms:c10
rpms:c9
rpms:c8-stream-2.4
rpms:stream-httpd-2.4-rhel-8.10.0
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:stream-httpd-2.4-rhel-8.9.0
rpms:c8-beta-stream-2.4
rpms:c8s-stream-2.4
rpms:imports/c10/mod_md-2.4.26-4.el10_1
rpms:imports/c9/mod_md-2.4.26-1.el9_7.1
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2
rpms:imports/c10/mod_md-2.4.26-3.el10_0
rpms:imports/c9/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-3.el10
rpms:imports/c9-beta/mod_md-2.4.26-1.el9
rpms:imports/c10s/mod_md-2.4.26-2.el10
rpms:imports/c9/mod_md-2.4.19-1.el9
rpms:imports/c9-beta/mod_md-2.4.19-1.el9
rpms:imports/c9/mod_md-2.4.0-3.el9
rpms:imports/c9-beta/mod_md-2.4.0-3.el9
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-beta-stream-2.4/mod_md-2.0.8-6.module+el8.2.0+5146+97061b72
rpms:imports/c8s-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.9.0+19080+567b90f8
rpms:imports/c8-stream-2.4/mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611
rpms:imports/c8-stream-2.4/mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2

No commits in common. "c8s-stream-2.4" and "c8-stream-2.4" have entirely different histories.
c8s-stream ... c8-stream-

2 changed files with 29 additions and 1 deletions
Show Stats Expand all files Collapse all files

22
SOURCES/mod_md-2.0.8-CVE-2025-55753.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/src/mod_md_drive.c b/src/mod_md_drive.c
index 670c7e7..35ad58c 100644
--- a/src/mod_md_drive.c
+++ b/src/mod_md_drive.c
@@ -135,9 +135,14 @@ static apr_time_t calc_err_delay(int err_count)
if (err_count > 0) {
/* back off duration, depending on the errors we encounter in a row */
- delay = apr_time_from_sec(5 << (err_count - 1));
- if (delay > apr_time_from_sec(60*60)) {
- delay = apr_time_from_sec(60*60);
+ int i;
+ delay = 30;
+ for (i = 0; i < (err_count - 1); ++i) {
+ delay <<= 1;
+ if ((delay <= 0) || (delay > apr_time_from_sec(60*60))) {
+ delay = apr_time_from_sec(60*60);
+ break;
+ }
}
}
return delay;

8
SPECS/mod_md.spec
View File

@ -3,7 +3,7 @@
Name: mod_md
Version: 2.0.8
Release: 8%{?dist}
Release: 8%{?dist}.2
Summary: Certificate provisioning using ACME for the Apache HTTP Server
License: ASL 2.0
URL: https://icing.github.io/mod_md/
@ -13,6 +13,7 @@ Source10: a2md.xml
Patch1: mod_md-2.0.8-state_dir.patch
Patch2: mod_md-2.0.8-duptrim-seg.patch
Patch3: mod_md-2.0.8-tolerate-missing-res.patch
Patch4: mod_md-2.0.8-CVE-2025-55753.patch
BuildRequires: gcc
BuildRequires: pkgconfig, httpd-devel >= 2.4.37, openssl-devel >= 1.1.0, jansson-devel, libcurl-devel
BuildRequires: xmlto
@ -31,6 +32,7 @@ domains and their virtual hosts automatically, including at renewal.
%patch1 -p1 -b .state_dir
%patch2 -p1 -b .dup_trim
%patch3 -p1 -b .tol_missing_res
%patch4 -p1 -b .CVE-2025-55753
xmlto man $RPM_SOURCE_DIR/a2md.xml
@ -70,6 +72,10 @@ install -m 644 -p a2md.1 $RPM_BUILD_ROOT%{_mandir}/man1
%{_mandir}/man1/*
%changelog
* Tue Dec 09 2025 Luboš Uhliarik <luhliari@redhat.com> - 1:2.0.8-8.2
- Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME),
unintended retry intervals (CVE-2025-55753)
* Thu May 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 1:2.0.8-8
- Resolves: #1832844 - mod_md does not work with ACME server that does not
provide keyChange or revokeCert resources