!163 Next补丁归一,增加SP1相关补丁

From: @panchenbo 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw

backport-Check-before-forwarding-that-a-nocanon-path-has-not-been-rewritten.patch

@@ -0,0 +1,288 @@
+From  fd92481223a0d213f1dc2f96745f495efcf33eca Mon Sep 17 00:00:00 2001
+From: Ruediger Pluem <rpluem@apache.org>
+Date: Fri, 31 Mar 2023 10:37:34 PM GMT+0800
+Subject: [PATCH] mod_proxy:Check before forwarding that a nocanon path has not been
+                           rewritten with spaces during processing
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/fd92481223a0d213f1dc2f96745f495efcf33eca
+
+---
+ modules/http2/mod_proxy_http2.c    | 31 +++++++++++++++++------------
+ modules/proxy/mod_proxy_ajp.c      | 19 ++++++++++++------
+ modules/proxy/mod_proxy_balancer.c | 19 ++++++++++++------
+ modules/proxy/mod_proxy_fcgi.c     | 15 ++++++++++++--
+ modules/proxy/mod_proxy_http.c     | 32 ++++++++++++++++++------------
+ modules/proxy/mod_proxy_uwsgi.c    | 14 +++++++++++--
+ modules/proxy/mod_proxy_wstunnel.c | 19 ++++++++++++------
+ 7 files changed, 101 insertions(+), 48 deletions(-)
+
+diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
+index 77e2641..957c7ba 100644
+--- a/modules/http2/mod_proxy_http2.c
++++ b/modules/http2/mod_proxy_http2.c
+@@ -164,26 +164,31 @@ static int proxy_http2_canon(request_rec *r, char *url)
+ 
+             path = ap_proxy_canonenc_ex(r->pool, url, (int)strlen(url),
+                                         enc_path, flags, r->proxyreq);
++            if (!path) {
++                return HTTP_BAD_REQUEST;
++            }
+             search = r->args;
+         }
+-        if (search && *(ap_scan_vchar_obstext(search))) {
+-            /*
+-             * We have a raw control character or a ' ' in r->args.
+-             * Correct encoding was missed.
+-             */
+-             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+-                           "To be forwarded query string contains control "
+-                           "characters or spaces");
+-             return HTTP_FORBIDDEN;
+-        }
+         break;
+     case PROXYREQ_PROXY:
+         path = url;
+         break;
+     }
+-
+-    if (path == NULL) {
+-        return HTTP_BAD_REQUEST;
++    /*
++     * If we have a raw control character or a ' ' in nocanon path or
++     * r->args, correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10420)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
++    }
++    if (search && *ap_scan_vchar_obstext(search)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
++                      "To be forwarded query string contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
+     }
+ 
+     if (port != def_port) {
+diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
+index 747f928..4446c5e 100644
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -75,20 +75,27 @@ static int proxy_ajp_canon(request_rec *r, char *url)
+ 
+         path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+                                     r->proxyreq);
++        if (!path) {
++            return HTTP_BAD_REQUEST;
++        }
+         search = r->args;
+     }
++    /*
++     * If we have a raw control character or a ' ' in nocanon path or
++     * r->args, correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10418)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
++    }
+     if (search && *(ap_scan_vchar_obstext(search))) {
+-        /*
+-         * We have a raw control character or a ' ' in r->args.
+-         * Correct encoding was missed.
+-         */
+          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
+                        "To be forwarded query string contains control "
+                        "characters or spaces");
+          return HTTP_FORBIDDEN;
+     }
+-    if (path == NULL)
+-        return HTTP_BAD_REQUEST;
+ 
+     if (port != def_port)
+          apr_snprintf(sport, sizeof(sport), ":%d", port);
+diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
+index de31749..d175fcf 100644
+--- a/modules/proxy/mod_proxy_balancer.c
++++ b/modules/proxy/mod_proxy_balancer.c
+@@ -112,20 +112,27 @@ static int proxy_balancer_canon(request_rec *r, char *url)
+ 
+         path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+                                     r->proxyreq);
++        if (!path) {
++            return HTTP_BAD_REQUEST;
++        }
+         search = r->args;
+     }
++    /*
++     * If we have a raw control character or a ' ' in nocanon path or
++     * r->args, correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10416)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
++    }
+     if (search && *(ap_scan_vchar_obstext(search))) {
+-        /*
+-         * We have a raw control character or a ' ' in r->args.
+-         * Correct encoding was missed.
+-         */
+          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
+                        "To be forwarded query string contains control "
+                        "characters or spaces");
+          return HTTP_FORBIDDEN;
+     }
+-    if (path == NULL)
+-        return HTTP_BAD_REQUEST;
+ 
+     r->filename = apr_pstrcat(r->pool, "proxy:" BALANCER_PREFIX, host,
+             "/", path, (search) ? "?" : "", (search) ? search : "", NULL);
+diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
+index a422b4e..831bd15 100644
+--- a/modules/proxy/mod_proxy_fcgi.c
++++ b/modules/proxy/mod_proxy_fcgi.c
+@@ -102,9 +102,20 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
+ 
+         path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+                                     r->proxyreq);
++        if (!path) {
++            return HTTP_BAD_REQUEST;
++        }
++    }
++    /*
++     * If we have a raw control character or a ' ' in nocanon path,
++     * correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
+     }
+-    if (path == NULL)
+-        return HTTP_BAD_REQUEST;
+ 
+     r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/",
+                               path, NULL);
+diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
+index fca8d5d..40f0787 100644
+--- a/modules/proxy/mod_proxy_http.c
++++ b/modules/proxy/mod_proxy_http.c
+@@ -131,26 +131,32 @@ static int proxy_http_canon(request_rec *r, char *url)
+ 
+             path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path,
+                                         flags, r->proxyreq);
++            if (!path) {
++                return HTTP_BAD_REQUEST;
++            }
+             search = r->args;
+         }
+-        if (search && *(ap_scan_vchar_obstext(search))) {
+-            /*
+-             * We have a raw control character or a ' ' in r->args.
+-             * Correct encoding was missed.
+-             */
+-             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+-                           "To be forwarded query string contains control "
+-                           "characters or spaces");
+-             return HTTP_FORBIDDEN;
+-        }
+         break;
+     case PROXYREQ_PROXY:
+         path = url;
+         break;
+     }
+-
+-    if (path == NULL)
+-        return HTTP_BAD_REQUEST;
++    /*
++     * If we have a raw control character or a ' ' in nocanon path or
++     * r->args, correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10415)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
++    }
++    if (search && *ap_scan_vchar_obstext(search)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
++                      "To be forwarded query string contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
++    }
+ 
+     if (port != def_port)
+         apr_snprintf(sport, sizeof(sport), ":%d", port);
+diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
+index 771fcea..f0cbb5d 100644
+--- a/modules/proxy/mod_proxy_uwsgi.c
++++ b/modules/proxy/mod_proxy_uwsgi.c
+@@ -94,9 +94,19 @@ static int uwsgi_canon(request_rec *r, char *url)
+ 
+         path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+                                     r->proxyreq);
++        if (!path) {
++            return HTTP_BAD_REQUEST;
++        }
+     }
+-    if (!path) {
+-        return HTTP_BAD_REQUEST;
++    /*
++     * If we have a raw control character or a ' ' in nocanon path,
++     * correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10417)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
+     }
+ 
+     r->filename =
+diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
+index a44bb44..227dba4 100644
+--- a/modules/proxy/mod_proxy_wstunnel.c
++++ b/modules/proxy/mod_proxy_wstunnel.c
+@@ -120,20 +120,27 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
+ 
+         path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+                                     r->proxyreq);
++        if (!path) {
++            return HTTP_BAD_REQUEST;
++        }
+         search = r->args;
+     }
++    /*
++     * If we have a raw control character or a ' ' in nocanon path or
++     * r->args, correct encoding was missed.
++     */
++    if (path == url && *ap_scan_vchar_obstext(path)) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10419)
++                      "To be forwarded path contains control "
++                      "characters or spaces");
++        return HTTP_FORBIDDEN;
++    }
+     if (search && *(ap_scan_vchar_obstext(search))) {
+-        /*
+-         * We have a raw control character or a ' ' in r->args.
+-         * Correct encoding was missed.
+-         */
+          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
+                        "To be forwarded query string contains control "
+                        "characters or spaces");
+          return HTTP_FORBIDDEN;
+     }
+-    if (path == NULL)
+-        return HTTP_BAD_REQUEST;
+ 
+     if (port != def_port)
+         apr_snprintf(sport, sizeof(sport), ":%d", port);
+-- 
+2.27.0
+

backport-Do-not-double-encode-encoded-slashes.patch

@@ -0,0 +1,322 @@
+From 9b8cf1746bb004050b02a30bf0222479fbe405c2 Mon Sep 17 00:00:00 2001
+From: Ruediger Pluem <rpluem@apache.org>
+Date: Fri, 31 Mar 2023 10:33:47 PM GMT+0800
+Subject: [PATCH] mod_proxy:In case that AllowEncodedSlashes is set to NoDecode do not   
+                           double encode encoded slashes in the URL sent by the reverse proxy to the  
+                           backend
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/9b8cf1746bb004050b02a30bf0222479fbe405c2
+
+---
+ include/ap_mmn.h                   |  3 ++-
+ modules/http2/mod_proxy_http2.c    |  7 ++++--
+ modules/proxy/mod_proxy.h          |  6 +++++
+ modules/proxy/mod_proxy_ajp.c      |  7 ++++--
+ modules/proxy/mod_proxy_balancer.c |  7 ++++--
+ modules/proxy/mod_proxy_fcgi.c     |  7 ++++--
+ modules/proxy/mod_proxy_ftp.c      |  5 +++-
+ modules/proxy/mod_proxy_http.c     |  7 ++++--
+ modules/proxy/mod_proxy_scgi.c     |  6 +++--
+ modules/proxy/mod_proxy_uwsgi.c    |  7 ++++--
+ modules/proxy/mod_proxy_wstunnel.c |  7 ++++--
+ modules/proxy/proxy_util.c         | 39 ++++++++++++++++++++++++++----
+ 12 files changed, 85 insertions(+), 23 deletions(-)
+
+diff --git a/include/ap_mmn.h b/include/ap_mmn.h
+index a6d47a2..dd469f3 100644
+--- a/include/ap_mmn.h
++++ b/include/ap_mmn.h
+@@ -582,6 +582,7 @@
+  * 20120211.118 (2.4.51-dev) Add ap_unescape_url_ex() and deprecate
+  *                           AP_NORMALIZE_DROP_PARAMETERS
+  * 20120211.121 (2.4.51-dev) Add ap_post_read_request()
++ * 20120211.122 (2.4.51-dev) Add ap_proxy_canonenc_ex
+  * 
+  */
+ 
+@@ -590,7 +591,7 @@
+ #ifndef MODULE_MAGIC_NUMBER_MAJOR
+ #define MODULE_MAGIC_NUMBER_MAJOR 20120211
+ #endif
+-#define MODULE_MAGIC_NUMBER_MINOR 118                 /* 0...n */
++#define MODULE_MAGIC_NUMBER_MINOR 122                 /* 0...n */
+ 
+ /**
+  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
+diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
+index 9b741e1..77e2641 100644
+--- a/modules/http2/mod_proxy_http2.c
++++ b/modules/http2/mod_proxy_http2.c
+@@ -159,8 +159,11 @@ static int proxy_http2_canon(request_rec *r, char *url)
+             search = r->args;
+         }
+         else {
+-            path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
+-                                     enc_path, 0, r->proxyreq);
++            core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++            int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++            path = ap_proxy_canonenc_ex(r->pool, url, (int)strlen(url),
++                                        enc_path, flags, r->proxyreq);
+             search = r->args;
+         }
+         if (search && *(ap_scan_vchar_obstext(search))) {
+diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
+index 47899d7..ce8183a 100644
+--- a/modules/proxy/mod_proxy.h
++++ b/modules/proxy/mod_proxy.h
+@@ -76,6 +76,10 @@ enum enctype {
+     enc_path, enc_search, enc_user, enc_fpath, enc_parm
+ };
+ 
++/* Flags for ap_proxy_canonenc_ex */
++#define PROXY_CANONENC_FORCEDEC 0x01
++#define PROXY_CANONENC_NOENCODEDSLASHENCODING 0x02
++
+ typedef enum {
+     NONE, TCP, OPTIONS, HEAD, GET, CPING, PROVIDER, EOT
+ } hcmethod_t;
+@@ -669,6 +673,8 @@ PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src,
+                                              apr_size_t dlen);
+ PROXY_DECLARE(int) ap_proxy_hex2c(const char *x);
+ PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x);
++PROXY_DECLARE(char *)ap_proxy_canonenc_ex(apr_pool_t *p, const char *x, int len, enum enctype t,
++                                          int flags, int proxyreq);
+ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
+                                        int forcedec, int proxyreq);
+ PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
+diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
+index 731e4ed..747f928 100644
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -70,8 +70,11 @@ static int proxy_ajp_canon(request_rec *r, char *url)
+         search = r->args;
+     }
+     else {
+-        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                                 r->proxyreq);
++        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
++                                    r->proxyreq);
+         search = r->args;
+     }
+     if (search && *(ap_scan_vchar_obstext(search))) {
+diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
+index 719a99e..de31749 100644
+--- a/modules/proxy/mod_proxy_balancer.c
++++ b/modules/proxy/mod_proxy_balancer.c
+@@ -107,8 +107,11 @@ static int proxy_balancer_canon(request_rec *r, char *url)
+         search = r->args;
+     }
+     else {
+-        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                                 r->proxyreq);
++        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
++                                    r->proxyreq);
+         search = r->args;
+     }
+     if (search && *(ap_scan_vchar_obstext(search))) {
+diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
+index a89b9a9..a422b4e 100644
+--- a/modules/proxy/mod_proxy_fcgi.c
++++ b/modules/proxy/mod_proxy_fcgi.c
+@@ -97,8 +97,11 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
+         path = url;   /* this is the raw/encoded path */
+     }
+     else {
+-        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                             r->proxyreq);
++        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
++                                    r->proxyreq);
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c
+index a559528..e40d17c 100644
+--- a/modules/proxy/mod_proxy_ftp.c
++++ b/modules/proxy/mod_proxy_ftp.c
+@@ -294,6 +294,8 @@ static int proxy_ftp_canon(request_rec *r, char *url)
+     apr_pool_t *p = r->pool;
+     const char *err;
+     apr_port_t port, def_port;
++    core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++    int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+ 
+     /* */
+     if (ap_cstr_casecmpn(url, "ftp:", 4) == 0) {
+@@ -332,7 +334,8 @@ static int proxy_ftp_canon(request_rec *r, char *url)
+     else
+         parms = "";
+ 
+-    path = ap_proxy_canonenc(p, url, strlen(url), enc_path, 0, r->proxyreq);
++    path = ap_proxy_canonenc_ex(p, url, strlen(url), enc_path, flags,
++                                r->proxyreq);
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+     if (!ftp_check_string(path))
+diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
+index 4d0f8de..fca8d5d 100644
+--- a/modules/proxy/mod_proxy_http.c
++++ b/modules/proxy/mod_proxy_http.c
+@@ -126,8 +126,11 @@ static int proxy_http_canon(request_rec *r, char *url)
+             search = r->args;
+         }
+         else {
+-            path = ap_proxy_canonenc(r->pool, url, strlen(url),
+-                                     enc_path, 0, r->proxyreq);
++            core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++            int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++            path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path,
++                                        flags, r->proxyreq);
+             search = r->args;
+         }
+         if (search && *(ap_scan_vchar_obstext(search))) {
+diff --git a/modules/proxy/mod_proxy_scgi.c b/modules/proxy/mod_proxy_scgi.c
+index 493757d..5444a5c 100644
+--- a/modules/proxy/mod_proxy_scgi.c
++++ b/modules/proxy/mod_proxy_scgi.c
+@@ -179,6 +179,8 @@ static int scgi_canon(request_rec *r, char *url)
+     char *host, sport[sizeof(":65535")];
+     const char *err, *path;
+     apr_port_t port, def_port;
++    core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++    int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+ 
+     if (ap_cstr_casecmpn(url, SCHEME "://", sizeof(SCHEME) + 2)) {
+         return DECLINED;
+@@ -205,8 +207,8 @@ static int scgi_canon(request_rec *r, char *url)
+         host = apr_pstrcat(r->pool, "[", host, "]", NULL);
+     }
+ 
+-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                             r->proxyreq);
++    path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
++                                r->proxyreq);
+     if (!path) {
+         return HTTP_BAD_REQUEST;
+     }
+diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
+index 71c6ebb..771fcea 100644
+--- a/modules/proxy/mod_proxy_uwsgi.c
++++ b/modules/proxy/mod_proxy_uwsgi.c
+@@ -89,8 +89,11 @@ static int uwsgi_canon(request_rec *r, char *url)
+         path = url;   /* this is the raw/encoded path */
+     }
+     else {
+-        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                                 r->proxyreq);
++        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
++                                    r->proxyreq);
+     }
+     if (!path) {
+         return HTTP_BAD_REQUEST;
+diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
+index 3f8de25..a44bb44 100644
+--- a/modules/proxy/mod_proxy_wstunnel.c
++++ b/modules/proxy/mod_proxy_wstunnel.c
+@@ -115,8 +115,11 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
+             search = r->args;
+         }
+     else {
+-        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                                 r->proxyreq);
++        core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
++        int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
++
++        path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
++                                    r->proxyreq);
+         search = r->args;
+     }
+     if (search && *(ap_scan_vchar_obstext(search))) {
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index 669b672..2dee743 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -205,14 +205,16 @@ PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
+  * and encodes those which must be encoded, and does not touch
+  * those which must not be touched.
+  */
+-PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
+-                                       enum enctype t, int forcedec,
+-                                       int proxyreq)
++PROXY_DECLARE(char *)ap_proxy_canonenc_ex(apr_pool_t *p, const char *x, int len,
++                                          enum enctype t, int flags,
++                                          int proxyreq)
+ {
+     int i, j, ch;
+     char *y;
+     char *allowed;  /* characters which should not be encoded */
+     char *reserved; /* characters which much not be en/de-coded */
++    int forcedec = flags & PROXY_CANONENC_FORCEDEC;
++    int noencslashesenc = flags & PROXY_CANONENC_NOENCODEDSLASHENCODING;
+ 
+ /*
+  * N.B. in addition to :@&=, this allows ';' in an http path
+@@ -261,7 +263,8 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
+  * decode it if not already done. do not decode reverse proxied URLs
+  * unless specifically forced
+  */
+-        if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
++        if ((forcedec || noencslashesenc
++            || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
+             if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
+                 return NULL;
+             }
+@@ -272,7 +275,17 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
+                 y[j] = x[i];
+                 continue;
+             }
+-            i += 2;
++            if (noencslashesenc && !forcedec && (proxyreq == PROXYREQ_REVERSE)) {
++                /*
++                 * In the reverse proxy case when we only want to keep encoded
++                 * slashes untouched revert back to '%' which will cause
++                 * '%' to be encoded in the following.
++                 */
++                ch = '%';
++            }
++            else {
++                i += 2;
++            }
+         }
+ /* recode it, if necessary */
+         if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
+@@ -287,6 +300,22 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
+     return y;
+ }
+ 
++/*
++ * Convert a URL-encoded string to canonical form.
++ * It decodes characters which need not be encoded,
++ * and encodes those which must be encoded, and does not touch
++ * those which must not be touched.
++ */
++PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
++                                       enum enctype t, int forcedec,
++                                       int proxyreq)
++{
++    int flags;
++
++    flags = forcedec ? PROXY_CANONENC_FORCEDEC : 0;
++    return ap_proxy_canonenc_ex(p, x, len, t, flags, proxyreq);
++}
++
+ /*
+  * Parses network-location.
+  *    urlp           on input the URL; on output the path, after the leading /
+-- 
+2.27.0
+

backport-Fix-double-encoding-of-the-uri-path-of-the-request.patch

@@ -0,0 +1,258 @@
+From a356fdbfb93c59a4e359f0a81b38aef31ddd856e Mon Sep 17 00:00:00 2001
+From: Eric covener <covener@apache.org>
+Date: Mon, 20 Mar 2023 05:29:03 AM GMT+0800
+Subject: [PATCH] mod_proxy: Fix double encoding of the uri-path of the request forwarded 
+                            to the origin server, when using mapping=encoded|servlet
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/a356fdbfb93c59a4e359f0a81b38aef31ddd856e
+
+---
+ modules/http2/mod_proxy_http2.c    | 20 ++++++++++----------
+ modules/proxy/mod_proxy.c          | 17 +++++++++++------
+ modules/proxy/mod_proxy_ajp.c      | 20 ++++++++++----------
+ modules/proxy/mod_proxy_balancer.c | 20 ++++++++++----------
+ modules/proxy/mod_proxy_fcgi.c     |  5 +++--
+ modules/proxy/mod_proxy_http.c     | 20 ++++++++++----------
+ modules/proxy/mod_proxy_uwsgi.c    | 10 ++++++++--
+ modules/proxy/mod_proxy_wstunnel.c | 20 ++++++++++----------
+ 8 files changed, 72 insertions(+), 60 deletions(-)
+
+diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
+index 753f7f4..9b741e1 100644
+--- a/modules/http2/mod_proxy_http2.c
++++ b/modules/http2/mod_proxy_http2.c
+@@ -162,16 +162,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
+             path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
+                                      enc_path, 0, r->proxyreq);
+             search = r->args;
+-            if (search && *(ap_scan_vchar_obstext(search))) {
+-                /*
+-                 * We have a raw control character or a ' ' in r->args.
+-                 * Correct encoding was missed.
+-                 */
+-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+-                              "To be forwarded query string contains control "
+-                              "characters or spaces");
+-                return HTTP_FORBIDDEN;
+-            }
++        }
++        if (search && *(ap_scan_vchar_obstext(search))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
++                           "To be forwarded query string contains control "
++                           "characters or spaces");
++             return HTTP_FORBIDDEN;
+         }
+         break;
+     case PROXYREQ_PROXY:
+diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
+index f8a4db6..6717782 100644
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -960,6 +960,8 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
+     }
+ 
+     if (found) {
++        unsigned int encoded = ent->flags & PROXYPASS_MAP_ENCODED;
++
+         /* A proxy module is assigned this URL, check whether it's interested
+          * in the request itself (e.g. proxy_wstunnel cares about Upgrade
+          * requests only, and could hand over to proxy_http otherwise).
+@@ -979,6 +981,9 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
+         if (ent->flags & PROXYPASS_NOQUERY) {
+             apr_table_setn(r->notes, "proxy-noquery", "1");
+         }
++        if (encoded) {
++            apr_table_setn(r->notes, "proxy-noencode", "1");
++        }
+ 
+         if (servlet_uri) {
+             ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(10248)
+@@ -992,13 +997,13 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
+              */
+             AP_DEBUG_ASSERT(strlen(r->uri) >= strlen(servlet_uri));
+             strcpy(r->uri, servlet_uri);
+-            return DONE;
+         }
+-
+-        ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03464)
+-                      "URI path '%s' matches proxy handler '%s'", r->uri,
+-                      found);
+-        return OK;
++        else {
++            ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03464)
++                          "URI path '%s' matches proxy handler '%s'", r->uri,
++                          found);
++        }
++        return (encoded) ? DONE : OK;
+     }
+ 
+     return HTTP_CONTINUE;
+diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
+index ba41fbd..731e4ed 100644
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -73,16 +73,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                  r->proxyreq);
+         search = r->args;
+-        if (search && *(ap_scan_vchar_obstext(search))) {
+-            /*
+-             * We have a raw control character or a ' ' in r->args.
+-             * Correct encoding was missed.
+-             */
+-             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
+-                           "To be forwarded query string contains control "
+-                           "characters or spaces");
+-             return HTTP_FORBIDDEN;
+-        }
++    }
++    if (search && *(ap_scan_vchar_obstext(search))) {
++        /*
++         * We have a raw control character or a ' ' in r->args.
++         * Correct encoding was missed.
++         */
++         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
++                       "To be forwarded query string contains control "
++                       "characters or spaces");
++         return HTTP_FORBIDDEN;
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
+index c8bba0f..719a99e 100644
+--- a/modules/proxy/mod_proxy_balancer.c
++++ b/modules/proxy/mod_proxy_balancer.c
+@@ -110,16 +110,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                  r->proxyreq);
+         search = r->args;
+-        if (search && *(ap_scan_vchar_obstext(search))) {
+-            /*
+-             * We have a raw control character or a ' ' in r->args.
+-             * Correct encoding was missed.
+-             */
+-             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
+-                           "To be forwarded query string contains control "
+-                           "characters or spaces");
+-             return HTTP_FORBIDDEN;
+-        }
++    }
++    if (search && *(ap_scan_vchar_obstext(search))) {
++        /*
++         * We have a raw control character or a ' ' in r->args.
++         * Correct encoding was missed.
++         */
++         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
++                       "To be forwarded query string contains control "
++                       "characters or spaces");
++         return HTTP_FORBIDDEN;
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
+index 3382b9b..a89b9a9 100644
+--- a/modules/proxy/mod_proxy_fcgi.c
++++ b/modules/proxy/mod_proxy_fcgi.c
+@@ -92,8 +92,9 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
+         host = apr_pstrcat(r->pool, "[", host, "]", NULL);
+     }
+ 
+-    if (apr_table_get(r->notes, "proxy-nocanon")) {
+-        path = url;   /* this is the raw path */
++    if (apr_table_get(r->notes, "proxy-nocanon")
++        || apr_table_get(r->notes, "proxy-noencode")) {
++        path = url;   /* this is the raw/encoded path */
+     }
+     else {
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
+index 09269b2..4d0f8de 100644
+--- a/modules/proxy/mod_proxy_http.c
++++ b/modules/proxy/mod_proxy_http.c
+@@ -129,16 +129,16 @@ static int proxy_http_canon(request_rec *r, char *url)
+             path = ap_proxy_canonenc(r->pool, url, strlen(url),
+                                      enc_path, 0, r->proxyreq);
+             search = r->args;
+-            if (search && *(ap_scan_vchar_obstext(search))) {
+-                /*
+-                 * We have a raw control character or a ' ' in r->args.
+-                 * Correct encoding was missed.
+-                 */
+-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+-                              "To be forwarded query string contains control "
+-                              "characters or spaces");
+-                return HTTP_FORBIDDEN;
+-            }
++        }
++        if (search && *(ap_scan_vchar_obstext(search))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
++                           "To be forwarded query string contains control "
++                           "characters or spaces");
++             return HTTP_FORBIDDEN;
+         }
+         break;
+     case PROXYREQ_PROXY:
+diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
+index cc21e38..71c6ebb 100644
+--- a/modules/proxy/mod_proxy_uwsgi.c
++++ b/modules/proxy/mod_proxy_uwsgi.c
+@@ -84,8 +84,14 @@ static int uwsgi_canon(request_rec *r, char *url)
+         host = apr_pstrcat(r->pool, "[", host, "]", NULL);
+     }
+ 
+-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+-                             r->proxyreq);
++    if (apr_table_get(r->notes, "proxy-nocanon")
++        || apr_table_get(r->notes, "proxy-noencode")) {
++        path = url;   /* this is the raw/encoded path */
++    }
++    else {
++        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
++                                 r->proxyreq);
++    }
+     if (!path) {
+         return HTTP_BAD_REQUEST;
+     }
+diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
+index e2fcba2..3f8de25 100644
+--- a/modules/proxy/mod_proxy_wstunnel.c
++++ b/modules/proxy/mod_proxy_wstunnel.c
+@@ -118,16 +118,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                  r->proxyreq);
+         search = r->args;
+-        if (search && *(ap_scan_vchar_obstext(search))) {
+-            /*
+-             * We have a raw control character or a ' ' in r->args.
+-             * Correct encoding was missed.
+-             */
+-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
+-                          "To be forwarded query string contains control "
+-                          "characters or spaces");
+-            return HTTP_FORBIDDEN;
+-        }
++    }
++    if (search && *(ap_scan_vchar_obstext(search))) {
++        /*
++         * We have a raw control character or a ' ' in r->args.
++         * Correct encoding was missed.
++         */
++         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
++                       "To be forwarded query string contains control "
++                       "characters or spaces");
++         return HTTP_FORBIDDEN;
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+-- 
+2.27.0
+

backport-do-not-match-the-extention-against-possible-query-string.patch

@@ -0,0 +1,72 @@
+From 11d58d4a43939ccd6f0ab3e4bf762c6a9bc8e0a7 Mon Sep 17 00:00:00 2001
+From: Eric covener <covener@apache.org>
+Date: Mon, 20 Mar 2023 05:33:57 AM GMT+0800
+Subject: [PATCH] mod_mime: Do not match the extention against possible query string
+                           parameters in case ProxyPass was used with the nocanon option.
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/11d58d4a43939ccd6f0ab3e4bf762c6a9bc8e0a7
+
+---
+ modules/http/mod_mime.c    | 15 ++++++++++++++-
+ modules/proxy/proxy_util.c |  7 ++++---
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c
+index 03d1c41..700f824 100644
+--- a/modules/http/mod_mime.c
++++ b/modules/http/mod_mime.c
+@@ -755,7 +755,7 @@ static int find_ct(request_rec *r)
+     mime_dir_config *conf;
+     apr_array_header_t *exception_list;
+     char *ext;
+-    const char *fn, *fntmp, *type, *charset = NULL, *resource_name;
++    const char *fn, *fntmp, *type, *charset = NULL, *resource_name, *qm;
+     int found_metadata = 0;
+ 
+     if (r->finfo.filetype == APR_DIR) {
+@@ -775,6 +775,19 @@ static int find_ct(request_rec *r)
+     if (conf->use_path_info & 1) {
+         resource_name = apr_pstrcat(r->pool, r->filename, r->path_info, NULL);
+     }
++    /*
++     * In the reverse proxy case r->filename might contain a query string if
++     * the nocanon option was used with ProxyPass.
++     * If this is the case cut off the query string as the last parameter in
++     * this query string might end up on an extension we take care about, but
++     * we only want to match against path components not against query
++     * parameters.
++     */
++    else if ((r->proxyreq == PROXYREQ_REVERSE)
++             && (apr_table_get(r->notes, "proxy-nocanon"))
++             && ((qm = ap_strchr_c(r->filename, '?')) != NULL)) {
++        resource_name = apr_pstrmemdup(r->pool, r->filename, qm - r->filename);
++    }
+     else {
+         resource_name = r->filename;
+     }
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index 3d324cb..d824fb0 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -266,12 +266,13 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
+                 return NULL;
+             }
+             ch = ap_proxy_hex2c(&x[i + 1]);
+-            i += 2;
+             if (ch != 0 && strchr(reserved, ch)) {  /* keep it encoded */
+-                ap_proxy_c2hex(ch, &y[j]);
+-                j += 2;
++                y[j++] = x[i++];
++                y[j++] = x[i++];
++                y[j] = x[i];
+                 continue;
+             }
++            i += 2;
+         }
+ /* recode it, if necessary */
+         if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
+-- 
+2.33.0
+
+

httpd.spec

@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.51
-Release:          16
+Release:          18
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -68,7 +68,7 @@ Patch14:          backport-layout_add_openEuler.patch
 Patch15:          backport-httpd-2.4.43-gettid.patch
 Patch16:          backport-httpd-2.4.43-r1861793+.patch
 Patch17:          backport-httpd-2.4.48-r1828172+.patch
-Patch18:          backport-httpd-2.4.46-htcacheclean-dont-break.patch 
+Patch18:          backport-httpd-2.4.46-htcacheclean-dont-break.patch
 Patch19:          backport-CVE-2022-22719.patch
 Patch20:          backport-CVE-2022-22720.patch
 Patch21:          backport-CVE-2022-22721.patch
@@ -76,7 +76,7 @@ Patch22:          backport-001-CVE-2022-23943.patch
 Patch23:          backport-002-CVE-2022-23943.patch
 Patch24:          backport-CVE-2021-44790.patch
 Patch25:          backport-001-CVE-2021-44224.patch
-Patch26:          backport-002-CVE-2021-44224.patch 
+Patch26:          backport-002-CVE-2021-44224.patch
 Patch27:          backport-Switch-from-PCRE-to-PCRE2.patch
 Patch28:          backport-CVE-2022-28615.patch
 Patch29:          backport-CVE-2022-31813.patch
@@ -104,6 +104,10 @@ Patch50:          backport-Report-an-error-if-the-AJP-backend-sends-an-invalid-n
 Patch51:          backport-handled-a-negative-value-when-parsing-the-config.patch
 Patch52:          backport-avoid-delimiting-the-query-with-a-backreference.patch
 Patch53:          backport-fix-missing-APLOGNO.patch
+Patch54:          backport-Fix-double-encoding-of-the-uri-path-of-the-request.patch
+Patch55:          backport-do-not-match-the-extention-against-possible-query-string.patch
+Patch56:          backport-Do-not-double-encode-encoded-slashes.patch
+Patch57:          backport-Check-before-forwarding-that-a-nocanon-path-has-not-been-rewritten.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -220,6 +224,10 @@ sed 's/@MPM@/%{mpm}/' < $RPM_SOURCE_DIR/httpd.service.xml \
 xmlto man ./httpd.service.xml
 
 %build
+%ifarch loongarch64 sw_64
+%_update_config_guess
+%_update_config_sub
+%endif
 rm -rf srclib/{apr,apr-util,pcre}
 
 autoheader && autoconf || exit 1
@@ -536,6 +544,21 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Aug 09 2023 panchenbo <panchenbo@kylinsec.com.cn> - 2.4.51-18
+- Type:bugfix
+- ID:
+- SUG:NA
+- DESC:add sw_64 support,optimize sw build patch,add loongarch64 support
+
+* Wed May 24 2023 chengyechun <chengyechun1@huawei.com> - 2.4.51-17
+- Type:bugfix
+- ID:
+- SUG:restart
+- DESC:Fix double encoding of the uri-path of the request
+       Do not match the extention against possible query string
+       Do not double encode slashes
+       Check before forwarding that a nocanon path has not been rewriteen
+
 * Fri Apr 14 2023 chengyechun <chengyehcun1@huawei.com> - 2.4.51-16
 - Type:bugfix
 - ID:
@@ -544,7 +567,7 @@ exit $rv
        handled a negative value when parsing the config
        avoid delimiting the query with a backreference
        fix missing APLOGNO
-       
+
 * Fri Mar 10 2023 chengyechun <chengyechun1@huawei.com> - 2.4.51-15
 - Type:CVE
 - ID:CVE-2023-27522, CVE-2023-25690
@@ -736,7 +759,7 @@ exit $rv
 - Type:bugfix
 - ID:NA
 - SUG:NA
-- DESC:add SSLCipherSuite 
+- DESC:add SSLCipherSuite
 
 * Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.4.34-13
 - Type:NA