diff --git a/httpd-2.4.37-CVE-2023-31122.patch b/httpd-2.4.37-CVE-2023-31122.patch new file mode 100644 index 0000000000000000000000000000000000000000..c2aa207940e9c2cc3ad8625c32e89d1e2509323f --- /dev/null +++ b/httpd-2.4.37-CVE-2023-31122.patch @@ -0,0 +1,11 @@ +--- a/modules/core/mod_macro.c 2023/10/16 06:19:16 1912992 ++++ b/modules/core/mod_macro.c 2023/10/16 06:38:32 1912993 +@@ -483,7 +483,7 @@ + for (i = 0; i < contents->nelts; i++) { + const char *errmsg; + /* copy the line and substitute macro parameters */ +- strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1); ++ apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN); + errmsg = substitute_macro_args(line, MAX_STRING_LEN, + macro, replacements, used); + if (errmsg) { diff --git a/httpd-2.4.57-r1884505+.patch b/httpd-2.4.57-r1884505+.patch new file mode 100644 index 0000000000000000000000000000000000000000..97bc6a810668b4e85ccdf1e8df6d8a3f5efed9e1 --- /dev/null +++ b/httpd-2.4.57-r1884505+.patch @@ -0,0 +1,39 @@ +# ./pullrev.sh 1884505 1915625 +http://svn.apache.org/viewvc?view=revision&revision=1884505 +http://svn.apache.org/viewvc?view=revision&revision=1915625 + +--- httpd-2.4.57/modules/filters/mod_xml2enc.c ++++ httpd-2.4.57/modules/filters/mod_xml2enc.c +@@ -329,7 +329,7 @@ + apr_bucket* bstart; + apr_size_t insz = 0; + int pending_meta = 0; +- char *ctype; ++ char *mtype; + char *p; + + if (!ctx || !f->r->content_type) { +@@ -338,13 +338,17 @@ + return ap_pass_brigade(f->next, bb) ; + } + +- ctype = apr_pstrdup(f->r->pool, f->r->content_type); +- for (p = ctype; *p; ++p) +- if (isupper(*p)) +- *p = tolower(*p); ++ /* Extract the media type, ignoring parameters in content-type. */ ++ mtype = apr_pstrdup(f->r->pool, f->r->content_type); ++ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0'; ++ ap_str_tolower(mtype); + +- /* only act if starts-with "text/" or contains "xml" */ +- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) { ++ /* Accept text/ types, plus any XML media type per RFC 7303. */ ++ if (!(strncmp(mtype, "text/", 5) == 0 ++ || strcmp(mtype, "application/xml") == 0 ++ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */ ++ && (p = strstr(mtype, "+xml")) != NULL ++ && strlen(p) == 4 /* ensures +xml is a suffix */))) { + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb) ; + } diff --git a/httpd.spec b/httpd.spec index 620596f1df5d20c00d690ba110ea25ac92344356..6a5efee09f5ee621d367ba5d304dffec3e407056 100644 --- a/httpd.spec +++ b/httpd.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.3 +%define anolis_release .0.1 %define contentdir %{_datadir}/httpd %define docroot /var/www %define suexec_caller apache @@ -11,250 +11,254 @@ %global mpm prefork %endif -Summary: Apache HTTP Server -Name: httpd -Version: 2.4.37 -Release: 62%{anolis_release}%{?dist} -URL: https://httpd.apache.org/ -Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 -Source2: httpd.logrotate -Source3: instance.conf -Source4: httpd-ssl-pass-dialog -Source5: httpd.tmpfiles -Source6: httpd.service -Source7: action-graceful.sh -Source8: action-configtest.sh -Source10: httpd.conf -Source11: 00-base.conf -Source12: 00-mpm.conf -Source13: 00-lua.conf -Source14: 01-cgi.conf -Source15: 00-dav.conf -Source16: 00-proxy.conf -Source17: 00-ssl.conf -Source18: 01-ldap.conf -Source19: 00-proxyhtml.conf -Source20: userdir.conf -Source21: ssl.conf -Source22: welcome.conf -Source23: manual.conf -Source24: 00-systemd.conf -Source25: 01-session.conf -Source26: 10-listen443.conf -Source27: httpd.socket -Source28: 00-optional.conf +Summary: Apache HTTP Server +Name: httpd +Version: 2.4.37 +Release: 64%{anolis_release}%{?dist} +URL: https://httpd.apache.org/ +Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 +Source2: httpd.logrotate +Source3: instance.conf +Source4: httpd-ssl-pass-dialog +Source5: httpd.tmpfiles +Source6: httpd.service +Source7: action-graceful.sh +Source8: action-configtest.sh +Source10: httpd.conf +Source11: 00-base.conf +Source12: 00-mpm.conf +Source13: 00-lua.conf +Source14: 01-cgi.conf +Source15: 00-dav.conf +Source16: 00-proxy.conf +Source17: 00-ssl.conf +Source18: 01-ldap.conf +Source19: 00-proxyhtml.conf +Source20: userdir.conf +Source21: ssl.conf +Source22: welcome.conf +Source23: manual.conf +Source24: 00-systemd.conf +Source25: 01-session.conf +Source26: 10-listen443.conf +Source27: httpd.socket +Source28: 00-optional.conf # Documentation -Source30: README.confd -Source31: README.confmod -Source32: httpd.service.xml -Source33: htcacheclean.service.xml -Source34: httpd.conf.xml -Source40: htcacheclean.service -Source41: htcacheclean.sysconf -Source42: httpd-init.service -Source43: httpd-ssl-gencerts -Source44: httpd@.service -Source45: config.layout -Source46: apache-poweredby.png +Source30: README.confd +Source31: README.confmod +Source32: httpd.service.xml +Source33: htcacheclean.service.xml +Source34: httpd.conf.xml +Source40: htcacheclean.service +Source41: htcacheclean.sysconf +Source42: httpd-init.service +Source43: httpd-ssl-gencerts +Source44: httpd@.service +Source45: config.layout +Source46: apache-poweredby.png # build/scripts patches # http://bugzilla.redhat.com/show_bug.cgi?id=1231924 # http://bugzilla.redhat.com/show_bug.cgi?id=842736 # http://bugzilla.redhat.com/show_bug.cgi?id=1214401 -Patch1: httpd-2.4.35-apachectl.patch -Patch2: httpd-2.4.28-apxs.patch -Patch3: httpd-2.4.35-deplibs.patch +Patch1: httpd-2.4.35-apachectl.patch +Patch2: httpd-2.4.28-apxs.patch +Patch3: httpd-2.4.35-deplibs.patch # Needed for socket activation and mod_systemd patch -Patch19: httpd-2.4.35-detect-systemd.patch +Patch19: httpd-2.4.35-detect-systemd.patch # Features/functional changes -Patch20: httpd-2.4.32-export.patch -Patch21: httpd-2.4.35-corelimit.patch -Patch22: httpd-2.4.35-selinux.patch +Patch20: httpd-2.4.32-export.patch +Patch21: httpd-2.4.35-corelimit.patch +Patch22: httpd-2.4.35-selinux.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1170215 -Patch23: httpd-2.4.28-icons.patch -Patch24: httpd-2.4.35-systemd.patch -Patch25: httpd-2.4.35-cachehardmax.patch -Patch26: httpd-2.4.28-socket-activation.patch +Patch23: httpd-2.4.28-icons.patch +Patch24: httpd-2.4.35-systemd.patch +Patch25: httpd-2.4.35-cachehardmax.patch +Patch26: httpd-2.4.28-socket-activation.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1109119 -Patch27: httpd-2.4.35-sslciphdefault.patch +Patch27: httpd-2.4.35-sslciphdefault.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1332242 -Patch28: httpd-2.4.28-statements-comment.patch +Patch28: httpd-2.4.28-statements-comment.patch # https://bugzilla.redhat.com/show_bug.cgi?id=811714 -Patch29: httpd-2.4.35-full-release.patch -Patch30: httpd-2.4.35-freebind.patch -Patch31: httpd-2.4.35-r1830819+.patch +Patch29: httpd-2.4.35-full-release.patch +Patch30: httpd-2.4.35-freebind.patch +Patch31: httpd-2.4.35-r1830819+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1638738 -Patch32: httpd-2.4.37-sslprotdefault.patch +Patch32: httpd-2.4.37-sslprotdefault.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1747898 -Patch33: httpd-2.4.37-mod-md-mod-ssl-hooks.patch +Patch33: httpd-2.4.37-mod-md-mod-ssl-hooks.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1725031 -Patch34: httpd-2.4.37-r1861793+.patch +Patch34: httpd-2.4.37-r1861793+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1704317 -Patch35: httpd-2.4.37-sslkeylogfile-support.patch +Patch35: httpd-2.4.37-sslkeylogfile-support.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1794728 -Patch36: httpd-2.4.37-session-expiry-updt-int.patch +Patch36: httpd-2.4.37-session-expiry-updt-int.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1209162 -Patch37: httpd-2.4.37-logjournal.patch +Patch37: httpd-2.4.37-logjournal.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1869576 -Patch38: httpd-2.4.37-pr37355.patch +Patch38: httpd-2.4.37-pr37355.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1896176 -Patch39: httpd-2.4.37-proxy-ws-idle-timeout.patch +Patch39: httpd-2.4.37-proxy-ws-idle-timeout.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1883648 -Patch40: httpd-2.4.37-ssl-proxy-chains.patch +Patch40: httpd-2.4.37-ssl-proxy-chains.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1935742 -Patch41: httpd-2.4.37-usertrack-samesite.patch +Patch41: httpd-2.4.37-usertrack-samesite.patch # Bug fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 -Patch61: httpd-2.4.35-r1738878.patch +Patch61: httpd-2.4.35-r1738878.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1170206 -Patch62: httpd-2.4.35-r1633085.patch +Patch62: httpd-2.4.35-r1633085.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1448892 -Patch63: httpd-2.4.28-r1811831.patch +Patch63: httpd-2.4.28-r1811831.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1602548 -Patch65: httpd-2.4.35-r1842888.patch +Patch65: httpd-2.4.35-r1842888.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1653009 # https://bugzilla.redhat.com/show_bug.cgi?id=1672977 # https://bugzilla.redhat.com/show_bug.cgi?id=1673022 -Patch66: httpd-2.4.37-r1842929+.patch +Patch66: httpd-2.4.37-r1842929+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1630432 -Patch67: httpd-2.4.35-r1825120.patch +Patch67: httpd-2.4.35-r1825120.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1670716 -Patch68: httpd-2.4.37-fips-segfault.patch +Patch68: httpd-2.4.37-fips-segfault.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1669221 -Patch70: httpd-2.4.37-r1840554.patch +Patch70: httpd-2.4.37-r1840554.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1673022 -Patch71: httpd-2.4.37-mod-md-perms.patch +Patch71: httpd-2.4.37-mod-md-perms.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1724549 -Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch +Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1724034 -Patch73: httpd-2.4.35-ocsp-wrong-ctx.patch +Patch73: httpd-2.4.35-ocsp-wrong-ctx.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1633224 -Patch74: httpd-2.4.37-r1828172+.patch +Patch74: httpd-2.4.37-r1828172+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1775158 -Patch75: httpd-2.4.37-r1870095+.patch +Patch75: httpd-2.4.37-r1870095+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1771847 -Patch76: httpd-2.4.37-proxy-continue.patch -Patch77: httpd-2.4.37-balancer-failover.patch +Patch76: httpd-2.4.37-proxy-continue.patch +Patch77: httpd-2.4.37-balancer-failover.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1875844 -Patch78: httpd-2.4.37-r1881459.patch +Patch78: httpd-2.4.37-r1881459.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1891829 -Patch79: httpd-2.4.37-r1864000.patch +Patch79: httpd-2.4.37-r1864000.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1868608 -Patch80: httpd-2.4.37-r1872790.patch +Patch80: httpd-2.4.37-r1872790.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1861380 -Patch81: httpd-2.4.37-r1879224.patch +Patch81: httpd-2.4.37-r1879224.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1680118 -Patch82: httpd-2.4.37-r1877397.patch +Patch82: httpd-2.4.37-r1877397.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1847585 -Patch83: httpd-2.4.37-r1878890.patch +Patch83: httpd-2.4.37-r1878890.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1918741 -Patch84: httpd-2.4.37-r1878280.patch +Patch84: httpd-2.4.37-r1878280.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1891594 -Patch85: httpd-2.4.37-htcacheclean-dont-break.patch +Patch85: httpd-2.4.37-htcacheclean-dont-break.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1937334 -Patch86: httpd-2.4.37-r1873907.patch +Patch86: httpd-2.4.37-r1873907.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1680111 -Patch87: httpd-2.4.37-reply-two-tls-rec.patch +Patch87: httpd-2.4.37-reply-two-tls-rec.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1905613 -Patch88: httpd-2.4.37-r1845768+.patch +Patch88: httpd-2.4.37-r1845768+.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2001046 -Patch89: httpd-2.4.37-r1862410.patch +Patch89: httpd-2.4.37-r1862410.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1984828 -Patch90: httpd-2.4.37-hcheck-mem-issues.patch +Patch90: httpd-2.4.37-hcheck-mem-issues.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2017543 -Patch91: httpd-2.4.37-add-SNI-support.patch +Patch91: httpd-2.4.37-add-SNI-support.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2159603 -Patch92: httpd-2.4.37-mod_status-duplicate-key.patch +Patch92: httpd-2.4.37-mod_status-duplicate-key.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2221083 -Patch93: httpd-2.4.37-r1885607.patch +Patch93: httpd-2.4.37-r1885607.patch +# https://issues.redhat.com/browse/RHEL-14321 +Patch94: httpd-2.4.57-r1884505+.patch # Security fixes -Patch200: httpd-2.4.37-r1851471.patch +Patch200: httpd-2.4.37-r1851471.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1694980 -Patch201: httpd-2.4.37-CVE-2019-0211.patch +Patch201: httpd-2.4.37-CVE-2019-0211.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1695025 -Patch202: httpd-2.4.37-CVE-2019-0215.patch +Patch202: httpd-2.4.37-CVE-2019-0215.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1696141 -Patch203: httpd-2.4.37-CVE-2019-0217.patch +Patch203: httpd-2.4.37-CVE-2019-0217.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1696097 -Patch204: httpd-2.4.37-CVE-2019-0220.patch +Patch204: httpd-2.4.37-CVE-2019-0220.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1741860 # https://bugzilla.redhat.com/show_bug.cgi?id=1741864 # https://bugzilla.redhat.com/show_bug.cgi?id=1741868 -Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch +Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1823259 # https://bugzilla.redhat.com/show_bug.cgi?id=1747284 # fixes both CVE-2020-1927 and CVE-2019-10098 -Patch206: httpd-2.4.37-CVE-2019-10098.patch +Patch206: httpd-2.4.37-CVE-2019-10098.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1747281 -Patch207: httpd-2.4.37-CVE-2019-10092.patch +Patch207: httpd-2.4.37-CVE-2019-10092.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1747291 -Patch208: httpd-2.4.37-CVE-2019-10097.patch +Patch208: httpd-2.4.37-CVE-2019-10097.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1820772 -Patch209: httpd-2.4.37-CVE-2020-1934.patch +Patch209: httpd-2.4.37-CVE-2020-1934.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1668493 -Patch210: httpd-2.4.37-CVE-2018-17199.patch +Patch210: httpd-2.4.37-CVE-2018-17199.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1866563 -Patch211: httpd-2.4.37-CVE-2020-11984.patch +Patch211: httpd-2.4.37-CVE-2020-11984.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1972500 -Patch212: httpd-2.4.37-CVE-2021-30641.patch +Patch212: httpd-2.4.37-CVE-2021-30641.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1968307 -Patch213: httpd-2.4.37-CVE-2021-26690.patch +Patch213: httpd-2.4.37-CVE-2021-26690.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2005117 -Patch214: httpd-2.4.37-CVE-2021-40438.patch +Patch214: httpd-2.4.37-CVE-2021-40438.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1966732 -Patch215: httpd-2.4.37-CVE-2021-26691.patch +Patch215: httpd-2.4.37-CVE-2021-26691.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1968278 -Patch216: httpd-2.4.37-CVE-2020-35452.patch +Patch216: httpd-2.4.37-CVE-2020-35452.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2005128 -Patch217: httpd-2.4.37-CVE-2021-34798.patch +Patch217: httpd-2.4.37-CVE-2021-34798.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2005119 -Patch218: httpd-2.4.37-CVE-2021-39275.patch +Patch218: httpd-2.4.37-CVE-2021-39275.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2005124 -Patch219: httpd-2.4.37-CVE-2021-36160.patch +Patch219: httpd-2.4.37-CVE-2021-36160.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1966728 -Patch220: httpd-2.4.37-CVE-2021-33193.patch +Patch220: httpd-2.4.37-CVE-2021-33193.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2034674 -Patch221: httpd-2.4.37-CVE-2021-44790.patch +Patch221: httpd-2.4.37-CVE-2021-44790.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2034672 -Patch222: httpd-2.4.37-CVE-2021-44224.patch +Patch222: httpd-2.4.37-CVE-2021-44224.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2064321 -Patch223: httpd-2.4.37-CVE-2022-22720.patch +Patch223: httpd-2.4.37-CVE-2022-22720.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1966738 -Patch224: httpd-2.4.37-CVE-2020-13950.patch +Patch224: httpd-2.4.37-CVE-2020-13950.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2064322 -Patch225: httpd-2.4.37-CVE-2022-22719.patch +Patch225: httpd-2.4.37-CVE-2022-22719.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2064320 -Patch226: httpd-2.4.37-CVE-2022-22721.patch +Patch226: httpd-2.4.37-CVE-2022-22721.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2065324 -Patch227: httpd-2.4.37-CVE-2022-23943.patch +Patch227: httpd-2.4.37-CVE-2022-23943.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2095002 -Patch228: httpd-2.4.37-CVE-2022-28614.patch +Patch228: httpd-2.4.37-CVE-2022-28614.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2095006 -Patch229: httpd-2.4.37-CVE-2022-28615.patch +Patch229: httpd-2.4.37-CVE-2022-28615.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2095015 -Patch230: httpd-2.4.37-CVE-2022-30522.patch +Patch230: httpd-2.4.37-CVE-2022-30522.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2095018 -Patch231: httpd-2.4.37-CVE-2022-30556.patch +Patch231: httpd-2.4.37-CVE-2022-30556.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2095020 -Patch232: httpd-2.4.37-CVE-2022-31813.patch +Patch232: httpd-2.4.37-CVE-2022-31813.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2095012 -Patch233: httpd-2.4.37-CVE-2022-29404.patch +Patch233: httpd-2.4.37-CVE-2022-29404.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2094997 -Patch234: httpd-2.4.37-CVE-2022-26377.patch +Patch234: httpd-2.4.37-CVE-2022-26377.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2161773 -Patch235: httpd-2.4.37-CVE-2022-37436.patch +Patch235: httpd-2.4.37-CVE-2022-37436.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2161774 -Patch236: httpd-2.4.37-CVE-2006-20001.patch +Patch236: httpd-2.4.37-CVE-2006-20001.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2161777 -Patch237: httpd-2.4.37-CVE-2022-36760.patch +Patch237: httpd-2.4.37-CVE-2022-36760.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2176209 -Patch238: httpd-2.4.37-CVE-2023-25690.patch +Patch238: httpd-2.4.37-CVE-2023-25690.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2176211 -Patch239: httpd-2.4.37-CVE-2023-27522.patch +Patch239: httpd-2.4.37-CVE-2023-27522.patch +# https://issues.redhat.com/browse/RHEL-14448 +Patch240: httpd-2.4.37-CVE-2023-31122.patch # Add by Anolis Patch1000: 1000-httpd-anolis-rebrand.patch @@ -262,38 +266,38 @@ Patch1001: 1001-httpd-anolis-support-loongarch64.patch Patch2000: httpd-2.4.37-sw.patch # End -License: ASL 2.0 -Group: System Environment/Daemons -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root -BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto -BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel -BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 -BuildRequires: systemd-devel +License: ASL 2.0 +Group: System Environment/Daemons +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root +BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto +BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel +BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 +BuildRequires: systemd-devel # web server testpage added to redhat-logos in 82.0 (rhbz1896319) # new logo requires new footer copyring which was added in rhbz1934800 -Requires: /etc/mime.types, system-logos-httpd -Obsoletes: httpd-suexec -Provides: webserver -Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release} -Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa} -Requires: httpd-tools = %{version}-%{release} -Requires: httpd-filesystem = %{version}-%{release} -Requires: mod_http2 >= 1.15.7-5 +Requires: /etc/mime.types, system-logos-httpd +Obsoletes: httpd-suexec +Provides: webserver +Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release} +Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa} +Requires: httpd-tools = %{version}-%{release} +Requires: httpd-filesystem = %{version}-%{release} +Requires: mod_http2 >= 1.15.7-5 Requires(pre): httpd-filesystem Requires(preun): systemd-units Requires(postun): systemd-units Requires(post): systemd-units -Conflicts: apr < 1.5.0-1 +Conflicts: apr < 1.5.0-1 %description The Apache HTTP Server is a powerful, efficient, and extensible web server. %package devel -Group: Development/Libraries -Summary: Development interfaces for the Apache HTTP server -Requires: apr-devel, apr-util-devel, pkgconfig -Requires: httpd = %{version}-%{release} +Group: Development/Libraries +Summary: Development interfaces for the Apache HTTP server +Requires: apr-devel, apr-util-devel, pkgconfig +Requires: httpd = %{version}-%{release} %description devel The httpd-devel package contains the APXS binary and other files @@ -305,11 +309,11 @@ able to compile or develop additional modules for Apache, you need to install this package. %package manual -Group: Documentation -Summary: Documentation for the Apache HTTP server -Requires: httpd = %{version}-%{release} -Obsoletes: secureweb-manual, apache-manual -BuildArch: noarch +Group: Documentation +Summary: Documentation for the Apache HTTP server +Requires: httpd = %{version}-%{release} +Obsoletes: secureweb-manual, apache-manual +BuildArch: noarch %description manual The httpd-manual package contains the complete manual and @@ -317,9 +321,9 @@ reference guide for the Apache HTTP server. The information can also be found at http://httpd.apache.org/docs/2.2/. %package filesystem -Group: System Environment/Daemons -Summary: The basic directory layout for the Apache HTTP server -BuildArch: noarch +Group: System Environment/Daemons +Summary: The basic directory layout for the Apache HTTP server +BuildArch: noarch Requires(pre): /usr/sbin/useradd %description filesystem @@ -328,24 +332,24 @@ for the Apache HTTP server including the correct permissions for the directories. %package tools -Group: System Environment/Daemons -Summary: Tools for use with the Apache HTTP Server +Group: System Environment/Daemons +Summary: Tools for use with the Apache HTTP Server %description tools The httpd-tools package contains tools which can be used with the Apache HTTP Server. %package -n mod_ssl -Group: System Environment/Daemons -Summary: SSL/TLS module for the Apache HTTP Server -Epoch: 1 -BuildRequires: openssl-devel +Group: System Environment/Daemons +Summary: SSL/TLS module for the Apache HTTP Server +Epoch: 1 +BuildRequires: openssl-devel Requires(pre): httpd-filesystem -Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} -Requires: sscg >= 3.0.0-7, /usr/bin/hostname -Obsoletes: stronghold-mod_ssl +Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} +Requires: sscg >= 3.0.0-7, /usr/bin/hostname +Obsoletes: stronghold-mod_ssl # Require an OpenSSL which supports PROFILE=SYSTEM -Conflicts: openssl-libs < 1:1.0.1h-4 +Conflicts: openssl-libs < 1:1.0.1h-4 %description -n mod_ssl The mod_ssl module provides strong cryptography for the Apache Web @@ -353,31 +357,31 @@ server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. %package -n mod_proxy_html -Group: System Environment/Daemons -Summary: HTML and XML content filters for the Apache HTTP Server -Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} -BuildRequires: libxml2-devel -Epoch: 1 -Obsoletes: mod_proxy_html < 1:2.4.1-2 +Group: System Environment/Daemons +Summary: HTML and XML content filters for the Apache HTTP Server +Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} +BuildRequires: libxml2-devel +Epoch: 1 +Obsoletes: mod_proxy_html < 1:2.4.1-2 %description -n mod_proxy_html The mod_proxy_html and mod_xml2enc modules provide filters which can transform and modify HTML and XML content. %package -n mod_ldap -Group: System Environment/Daemons -Summary: LDAP authentication modules for the Apache HTTP Server -Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} -Requires: apr-util-ldap +Group: System Environment/Daemons +Summary: LDAP authentication modules for the Apache HTTP Server +Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} +Requires: apr-util-ldap %description -n mod_ldap The mod_ldap and mod_authnz_ldap modules add support for LDAP authentication to the Apache HTTP Server. %package -n mod_session -Group: System Environment/Daemons -Summary: Session interface for the Apache HTTP Server -Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} +Group: System Environment/Daemons +Summary: Session interface for the Apache HTTP Server +Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} %description -n mod_session The mod_session module and associated backends provide an abstract @@ -444,6 +448,7 @@ interface for storing and accessing per-user session data. %patch91 -p1 -b .SNI %patch92 -p1 -b .mod_status-dupl %patch93 -p1 -b .r1885607 +%patch94 -p1 -b .r1884505+ %patch200 -p1 -b .r1851471 %patch201 -p1 -b .CVE-2019-0211 @@ -485,6 +490,7 @@ interface for storing and accessing per-user session data. %patch237 -p1 -b .CVE-2022-36760 %patch238 -p1 -b .CVE-2023-25690 %patch239 -p1 -b .CVE-2023-27522 +%patch240 -p1 -b .CVE-2023-31122 # Add by Anolis %patch1000 -p1 @@ -996,18 +1002,24 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog -* Mon Mar 25 2024 wxiat 2.4.37-62.0.3 -- cherry-pick `add sw patch #400077d851a81ce23aa39db271e26c3df254ae53`. -- cherry-pick `change sw patch #bdacf2efe00d8445328f798df8c5520728801e8c`. - -* Tue Jan 30 2024 Zhao Hang - 2.4.37-62.0.2 +* Wed Jun 12 2024 zhangbinchen - 2.4.37-64.0.1 +- Rebrand for Anolis OS - Requires system-logos-httpd - -* Thu Dec 14 2023 zhangbinchen - 2.4.37-62.0.1 -- Rebrand for Anolis OS(Binchen Zhang) -- Requires system-logos-httpd(Binchen Zhang) - Support loongarch64 platform(Liwei Ge) - add patch for CVE-2023-27522(guo.chuang@zte.com.cn) +- cherry-pick `add sw patch #400077d851a81ce23aa39db271e26c3df254ae53`. (nijie@wxiat.com) +- cherry-pick `change sw patch #bdacf2efe00d8445328f798df8c5520728801e8c`. (nijie@wxiat.com) + +* Fri Feb 16 2024 Joe Orton - 2.4.37-64 +- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read + vulnerability (CVE-2023-31122) + +* Wed Feb 14 2024 Joe Orton - 2.4.37-63 +- mod_xml2enc: fix media type handling + Resolves: RHEL-14321 + +* Thu Aug 17 2023 Johnny Hughes - 2.4.37-62 +- change for CentOS Stream Branding * Thu Jul 27 2023 Luboš Uhliarik - 2.4.37-62 - Resolves: #2221083 - Apache Bug 57087: mod_proxy_fcgi doesn't send cgi