packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!93 fix CVE-2022-28615

Browse Source 
From: @chengyechun 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
This commit is contained in:
openeuler-ci-bot 2022-06-20 07:55:35 +00:00 committed by Gitee
commit 76462f93f8
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2022-28615.patch Normal file
View File

@ -0,0 +1,34 @@
From 929c7156cefdd2f74f83dcab2b15b2d09e80ec82 Mon Sep 17 00:00:00 2001
From: covener <covener@apache.org>
Date: Wed Jun 1 12:20:56 2022 UTC
Subject: [PATCH] ap_strcasecmp_match/ap_strcmp_match:fix types
---
server/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/util.c b/server/util.c
index 633648c..09ac0c5 100644
--- a/server/util.c
+++ b/server/util.c
@@ -185,7 +185,7 @@ AP_DECLARE(char *) ap_ht_time(apr_pool_t *p, apr_time_t t, const char *fmt,
*/
AP_DECLARE(int) ap_strcmp_match(const char *str, const char *expected)
{
- int x, y;
+ apr_size_t x, y;
for (x = 0, y = 0; expected[y]; ++y, ++x) {
if (expected[y] == '*') {
@@ -209,7 +209,7 @@ AP_DECLARE(int) ap_strcmp_match(const char *str, const char *expected)
AP_DECLARE(int) ap_strcasecmp_match(const char *str, const char *expected)
{
- int x, y;
+ apr_size_t x, y;
for (x = 0, y = 0; expected[y]; ++y, ++x) {
if (!str[x] && expected[y] != '*')
--
1.8.3.1

9
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd Name: httpd
Summary: Apache HTTP Server Summary: Apache HTTP Server
Version: 2.4.51 Version: 2.4.51
Release: 6 Release: 7
License: ASL 2.0 License: ASL 2.0
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -78,6 +78,7 @@ Patch24: backport-CVE-2021-44790.patch
Patch25: backport-001-CVE-2021-44224.patch Patch25: backport-001-CVE-2021-44224.patch
Patch26: backport-002-CVE-2021-44224.patch Patch26: backport-002-CVE-2021-44224.patch
Patch27: backport-Switch-from-PCRE-to-PCRE2.patch Patch27: backport-Switch-from-PCRE-to-PCRE2.patch
Patch28: backport-CVE-2022-28615.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -510,6 +511,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Fri Jun 17 2022 chengyechun <chengyechun1@huawei.com> - 2.4.51-7
- Type:CVE
- ID:NA
- SUG:restart
- DESC:fix CVE-2022-28615
* Mon May 30 2022 chengyechun <chengyechun1@huawei.com> - 2.4.51-6 * Mon May 30 2022 chengyechun <chengyechun1@huawei.com> - 2.4.51-6
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA