From c52d0d743c9b2934bd0a07deef849d04e02b588c Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Fri, 15 Aug 2025 02:02:54 +0000
Subject: [PATCH] fix CVE-2025-49630

---
 backport-CVE-2025-49630.patch | 43 +++++++++++++++++++++++++++++++++++
 mod_http2.spec                |  9 +++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-49630.patch

diff --git a/backport-CVE-2025-49630.patch b/backport-CVE-2025-49630.patch
new file mode 100644
index 0000000..ab1a2d7
--- /dev/null
+++ b/backport-CVE-2025-49630.patch
@@ -0,0 +1,43 @@
+From 88304321841a2fe8bd5eacc70e69418b0b545ca5 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 7 Jul 2025 12:05:49 +0000
+Subject: [PATCH] backport 1927036 from trunk
+
+  tolerate missing host header in h2 proxy
+
+Reviewed By: jorton, icing, rpluem
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927044 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/88304321841a2fe8bd5eacc70e69418b0b545ca5
+
+---
+ mod_http2/h2_proxy_session.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/mod_http2/h2_proxy_session.c b/mod_http2/h2_proxy_session.c
+index d5d0f9bc6bc..2cfbb5f5d4b 100644
+--- a/mod_http2/h2_proxy_session.c
++++ b/mod_http2/h2_proxy_session.c
+@@ -850,6 +850,18 @@ static apr_status_t open_stream(h2_proxy_session *session, const char *url,
+     dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
+     if (dconf->preserve_host) {
+         authority = orig_host;
++        if (!authority) {
++            /* Duplicate mod_proxy behaviour if ProxyPreserveHost is
++             * used but an "HTTP/0.9" request is received without a
++             * Host: header */
++            authority = r->server->server_hostname;
++            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10511)
++                          "HTTP/0.9 request (with no host line) "
++                          "on incoming request and preserve host set "
++                          "forcing hostname to be %s for uri %s",
++                          authority, r->uri);
++            apr_table_setn(r->headers_in, "Host", authority);
++        }
+     }
+     else {
+         authority = puri.hostname;
diff --git a/mod_http2.spec b/mod_http2.spec
index 52053e7..be3c8cc 100644
--- a/mod_http2.spec
+++ b/mod_http2.spec
@@ -2,7 +2,7 @@
 
 Name:           mod_http2
 Version:        2.0.25
-Release:        3
+Release:        4
 Summary:        Support for the HTTP/2 transport layer
 License:        ASL 2.0
 URL:            https://icing.github.io/mod_h2/
@@ -10,6 +10,7 @@ Source0:        https://github.com/icing/mod_h2/releases/download/v%{version}/%{
 
 Patch0:         backport-CVE-2024-27316.patch
 Patch1:         backport-CVE-2024-36387.patch
+Patch2:         backport-CVE-2025-49630.patch
 
 BuildRequires:  make gcc pkgconfig httpd-devel >= 2.4.20 libnghttp2-devel >= 1.7.0 openssl-devel >= 1.0.2 autoconf libtool hostname
 Requires:       httpd-mmn = %{_httpd_mmn}
@@ -51,6 +52,12 @@ make check
 %exclude /etc/httpd/share/doc/*
 
 %changelog
+* Fri Aug 15 2025 gaihuiying <eaglegai@163.com> - 2.0.25-4
+- Type:cves
+- CVE:CVE-2025-49630
+- SUG:NA
+- DESC:fix CVE-2025-49630
+
 * Mon Jul 08 2024 zhangxianting <zhangxianting@uniontech.com> - 2.0.25-3
 - Type:cves
 - CVE:CVE-2024-36387
-- 
Gitee