packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:bd3cede73f60a5f164dd645162a8112c85f0d76d
Branches Tags
packages:main
...
compare: packages:3f5f9d36d256cdaa477daabb2b84f96eb5714ca6
Branches Tags
packages:main

12 Commits
bd3cede73f ... 3f5f9d36d2

Author SHA1 Message Date
openeuler-ci-bot
3f5f9d36d2
!191 [sync] PR-188: fix CVE and sync some patches from upstream 
From: @openeuler-sync-bot 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2024-05-07 09:30:44 +00:00
chengyechun
59aad9d868 fix CVE-2024-24795,CVE-2023-38709,CVE-2024-27316 and sync some patches from upstream 
(cherry picked from commit 11c3c7ff1b51a52f430c7e0118be78c68e96de30)
 2024-05-07 11:37:56 +08:00
openeuler-ci-bot
2995823fc1
!176 [sync] PR-173: fix CVE-2023-45802 
From: @openeuler-sync-bot 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2023-11-03 08:50:23 +00:00
chengyechun
d805f1570c fix CVE-2023-45802 
(cherry picked from commit 734ae212ff681608e23b2d9b8d2dd893e55c72bc)
 2023-11-03 15:18:47 +08:00
openeuler-ci-bot
e400a32d71
!175 [sync] PR-170: fix CVE-2023-31122 
From: @openeuler-sync-bot 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2023-11-03 07:18:14 +00:00
chengyechun
e02039f699 fix CVE-2023-31122 
(cherry picked from commit 5e3ff35b4505aca9534c0ae8c64087eb3a67811c)
 2023-11-03 14:44:21 +08:00
openeuler-ci-bot
ceee8c4b8f
!163 Next补丁归一,增加SP1相关补丁 
From: @panchenbo 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2023-09-23 01:54:35 +00:00
openeuler-ci-bot
2313655f6c !153 backport some patches from upstream 
From: @chengyechun
Reviewed-by: @seuzw
Signed-off-by: @seuzw
 2023-09-22 15:13:30 +08:00
openeuler-ci-bot
1057b57363
!153 backport some patches from upstream 
From: @chengyechun 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
 2023-04-14 07:57:02 +00:00
chengyechun
e2bc40f24a sync some patches from upstream 2023-04-14 10:12:23 +08:00
openeuler-ci-bot
ed10813fa5
!148 fix CVE-2023-27522, CVE-2023-25690 
From: @chengyechun 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
 2023-03-10 02:28:57 +00:00
openeuler-ci-bot
0320942767
!146 update some patches from community 
From: @chengyechun 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
 2023-03-10 01:22:19 +00:00
18 changed files with 2058 additions and 4 deletions
Show Stats Expand all files Collapse all files

28
backport-CVE-2023-31122-out-of-bound-Read.patch Normal file
View File

@ -0,0 +1,28 @@
From c41eb3b14a3d1eb2e3c42c4728cc52a22748851a Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Mon, 16 Oct 2023 06:39:44 +0000
Subject: [PATCH] mod_macro: out of bounds Read
Conflict:NA
Reference:https://github.com/apache/httpd/commit/c41eb3b14a3d1eb2e3c42c4728cc52a22748851a
---
modules/core/mod_macro.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/core/mod_macro.c b/modules/core/mod_macro.c
index 04af43b..cc42d0b 100644
--- a/modules/core/mod_macro.c
+++ b/modules/core/mod_macro.c
@@ -465,7 +465,7 @@ static const char *process_content(apr_pool_t * pool,
for (i = 0; i < contents->nelts; i++) {
const char *errmsg;
/* copy the line and substitute macro parameters */
- strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1);
+ apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
errmsg = substitute_macro_args(line, MAX_STRING_LEN,
macro, replacements, used);
if (errmsg) {
--
2.23.0

97
backport-CVE-2023-38709-header-validation-after-content.patch Normal file
View File

@ -0,0 +1,97 @@
From ac20389f3c816d990aba21720f1492b69ac5cb44 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 3 Apr 2024 12:12:23 +0000
Subject: [PATCH] header validation after content-* are eval'ed
backport r1916770 from trunk
Submitted By: ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1916778 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44
---
modules/http/http_filters.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 3ad74dd..2e8fca6 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1362,6 +1362,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
*/
apr_table_clear(r->headers_out);
apr_table_clear(r->err_headers_out);
+ r->content_type = r->content_encoding = NULL;
+ r->content_languages = NULL;
+ r->clength = r->chunked = 0;
apr_brigade_cleanup(b);
/* Don't recall ap_die() if we come back here (from its own internal
@@ -1378,8 +1381,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
APR_BRIGADE_INSERT_TAIL(b, e);
e = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(b, e);
- r->content_type = r->content_encoding = NULL;
- r->content_languages = NULL;
ap_set_content_length(r, 0);
recursive_error = 1;
}
@@ -1406,6 +1407,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
if (!apr_is_empty_table(r->err_headers_out)) {
r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
r->headers_out);
+ apr_table_clear(r->err_headers_out);
}
/*
@@ -1425,6 +1427,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
fixup_vary(r);
}
+
+ /*
+ * Control cachability for non-cacheable responses if not already set by
+ * some other part of the server configuration.
+ */
+ if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
+ char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
+ ap_recent_rfc822_date(date, r->request_time);
+ apr_table_addn(r->headers_out, "Expires", date);
+ }
+
/*
* Now remove any ETag response header field if earlier processing
* says so (such as a 'FileETag None' directive).
@@ -1437,6 +1450,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
basic_http_header_check(r, &protocol);
ap_set_keepalive(r);
+ /* 204/304 responses don't have content related headers */
if (AP_STATUS_IS_HEADER_ONLY(r->status)) {
apr_table_unset(r->headers_out, "Transfer-Encoding");
apr_table_unset(r->headers_out, "Content-Length");
@@ -1479,16 +1493,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
apr_table_setn(r->headers_out, "Content-Language", field);
}
- /*
- * Control cachability for non-cacheable responses if not already set by
- * some other part of the server configuration.
- */
- if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
- char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
- ap_recent_rfc822_date(date, r->request_time);
- apr_table_addn(r->headers_out, "Expires", date);
- }
-
/* This is a hack, but I can't find anyway around it. The idea is that
* we don't want to send out 0 Content-Lengths if it is a head request.
* This happens when modules try to outsmart the server, and return
--
2.33.0

141
backport-CVE-2023-45802-improved-early-cleanup-of-streams.patch Normal file
View File

@ -0,0 +1,141 @@
From decce82a706abd78dfc32821a03ad93841d7758a Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Mon, 16 Oct 2023 09:05:00 +0000
Subject: [PATCH] mod_http2: improved early cleanup of streams
Conflict:Some features of mod_http2 are added and most code of mod_http2
is reconstructed in the pre-patch(9767274b884). Therefore, the pre-patch
is not integrated. As a result, We need context adaptation.
Reference:https://github.com/apache/httpd/commit/decce82a706abd78dfc32821a03ad93841d7758a
---
changes-entries/h2_cleanup.txt. | 2 ++
modules/http2/h2_mplx.c | 26 ++++++++++++++++++++++----
modules/http2/h2_mplx.h | 3 ++-
modules/http2/h2_session.c | 18 +++++++++++++++++-
modules/http2/h2_stream.c | 2 +-
5 files changed, 44 insertions(+), 7 deletions(-)
create mode 100644 changes-entries/h2_cleanup.txt.
diff --git a/changes-entries/h2_cleanup.txt. b/changes-entries/h2_cleanup.txt.
new file mode 100644
index 0000000..d330b6a
--- /dev/null
+++ b/changes-entries/h2_cleanup.txt.
@@ -0,0 +1,2 @@
+* mod_http2: import early cleanup of streams
+ [Stefan Eissing]
diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c
index e02ad4e..db8db8a 100644
--- a/modules/http2/h2_mplx.c
+++ b/modules/http2/h2_mplx.c
@@ -1158,14 +1158,32 @@ static int reset_is_acceptable(h2_stream *stream)
return 1; /* otherwise, be forgiving */
}
-apr_status_t h2_mplx_m_client_rst(h2_mplx *m, int stream_id)
+apr_status_t h2_mplx_m_client_rst(h2_mplx *m, int stream_id, h2_stream *stream)
{
- h2_stream *stream;
apr_status_t status = APR_SUCCESS;
+ int registered;
H2_MPLX_ENTER_ALWAYS(m);
- stream = h2_ihash_get(m->streams, stream_id);
- if (stream && !reset_is_acceptable(stream)) {
+ registered = (h2_ihash_get(m->streams, stream_id) != Null);
+ if (!stream) {
+ /* a RST might arrive so late, we have already forgotten
+ * about it. Seems ok. */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c1,
+ H2_MPLX_MSG(m, "RST on unknown stream %d"), stream_id);
+ AP_DEBUG_ASSERT(!registered);
+ }
+ else if (!registered) {
+ /* a RST on a stream that mplx has not been told about, but
+ * which the session knows. Very early and annoying. */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c1,
+ H2_STRM_MSG(stream, "very earyly RST, drop"));
+ h2_stream_set_monior(stream, NULL);
+ h2_stream_rst(stream, H2_ERR_STREAM_CLOSED);
+ h2_stream_dispatch(stream, H2_SEV_EOS_SENT);
+ m_stream_cleanup(m, stream);
+ m_be_annoyed(m);
+ }
+ else if (!reset_is_acceptable(stream)) {
status = m_be_annoyed(m);
}
H2_MPLX_LEAVE(m);
diff --git a/modules/http2/h2_mplx.h b/modules/http2/h2_mplx.h
index c61629d..4a05de2 100644
--- a/modules/http2/h2_mplx.h
+++ b/modules/http2/h2_mplx.h
@@ -187,7 +187,8 @@ typedef int h2_mplx_stream_cb(struct h2_stream *s, void *ctx);
apr_status_t h2_mplx_m_stream_do(h2_mplx *m, h2_mplx_stream_cb *cb, void *ctx);
-apr_status_t h2_mplx_m_client_rst(h2_mplx *m, int stream_id);
+apr_status_t h2_mplx_m_client_rst(h2_mplx *m, int stream_id,
+ struct h2_stream *stream);
/**
* Master connection has entered idle mode.
diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c
index dc883b5..afd9edb 100644
--- a/modules/http2/h2_session.c
+++ b/modules/http2/h2_session.c
@@ -391,6 +391,10 @@ static int on_frame_recv_cb(nghttp2_session *ng2s,
session->id, (int)frame->hd.stream_id,
(int)frame->rst_stream.error_code);
stream = get_stream(session, frame->hd.stream_id);
+ if (stream) {
+ rv = h2_stream_recv_frame(stream, NGHTTP2_RST_STREAM, frame->hd.flags,
+ frame->hd.length + H2_FRAME_HDR_LEN);
+ }
if (stream && stream->initiated_on) {
/* A stream reset on a request we sent it. Normal, when the
* client does not want it. */
@@ -399,7 +403,8 @@ static int on_frame_recv_cb(nghttp2_session *ng2s,
else {
/* A stream reset on a request it sent us. Could happen in a browser
* when the user navigates away or cancels loading - maybe. */
- h2_mplx_m_client_rst(session->mplx, frame->hd.stream_id);
+ h2_mplx_m_client_rst(session->mplx, frame->hd.stream_id,
+ stream);
++session->streams_reset;
}
break;
@@ -780,6 +785,17 @@ static apr_status_t session_cleanup(h2_session *session, const char *trigger)
"goodbye, clients will be confused, should not happen"));
}
+ if (!h2_iq_empty(seesion->ready_to_process)) {
+ int sid;
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ H2_SSSN_LOG(APLOG(), session,
+ "cleanup, resetting %d streams in ready-to-process"),
+ h2_iq_count(session->ready_to_process));
+ while ((sid = h2_iq_shift(session->ready_to_process)) > 0) {
+ h2_mplx_m_client_rst(session->mplx, sid, get_stream(session, sid));
+ }
+ }
+
transit(session, trigger, H2_SESSION_ST_CLEANUP);
h2_mplx_m_release_and_join(session->mplx, session->iowait);
session->mplx = NULL;
diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c
index 4fec537..49d89cb 100644
--- a/modules/http2/h2_stream.c
+++ b/modules/http2/h2_stream.c
@@ -120,7 +120,7 @@ static int trans_on_event[][H2_SS_MAX] = {
{ S_XXX, S_ERR, S_ERR, S_CL_L, S_CLS, S_XXX, S_XXX, S_XXX, },/* EV_CLOSED_L*/
{ S_ERR, S_ERR, S_ERR, S_CL_R, S_ERR, S_CLS, S_NOP, S_NOP, },/* EV_CLOSED_R*/
{ S_CLS, S_CLS, S_CLS, S_CLS, S_CLS, S_CLS, S_NOP, S_NOP, },/* EV_CANCELLED*/
-{ S_NOP, S_XXX, S_XXX, S_XXX, S_XXX, S_CLS, S_CLN, S_XXX, },/* EV_EOS_SENT*/
+{ S_NOP, S_XXX, S_XXX, S_XXX, S_XXX, S_CLS, S_CLN, S_NOP, },/* EV_EOS_SENT*/
};
static int on_map(h2_stream_state_t state, int map[H2_SS_MAX])
--
2.23.0

201
backport-CVE-2024-24795-let-httpd-handle-CL-TE-for-non-http-handlers.patch Normal file
View File

@ -0,0 +1,201 @@
From 61645eaac828e2603203d2dfafca938f22580655 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 3 Apr 2024 11:49:53 +0000
Subject: [PATCH] let httpd handle CL/TE for non-http handlers
Submitted By: ylavic, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916769 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/61645eaac828e2603203d2dfafca938f22580655
---
include/util_script.h | 2 ++
modules/aaa/mod_authnz_fcgi.c | 8 ++++++++
modules/generators/cgi_common.h | 16 +++++++++++++---
modules/http/http_filters.c | 12 ++++++++++++
modules/proxy/ajp_header.c | 10 ++++++++++
modules/proxy/mod_proxy_fcgi.c | 9 +++++++++
modules/proxy/mod_proxy_scgi.c | 8 ++++++++
modules/proxy/mod_proxy_uwsgi.c | 6 ++++++
8 files changed, 68 insertions(+), 3 deletions(-)
diff --git a/include/util_script.h b/include/util_script.h
index 3566bd3..0557c7f 100644
--- a/include/util_script.h
+++ b/include/util_script.h
@@ -225,6 +225,8 @@ AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer,
*/
AP_DECLARE(void) ap_args_to_table(request_rec *r, apr_table_t **table);
+#define AP_TRUST_CGILIKE_CL_ENVVAR "ap_trust_cgilike_cl"
+
#ifdef __cplusplus
}
#endif
diff --git a/modules/aaa/mod_authnz_fcgi.c b/modules/aaa/mod_authnz_fcgi.c
index 1aadcc2..69743f1 100644
--- a/modules/aaa/mod_authnz_fcgi.c
+++ b/modules/aaa/mod_authnz_fcgi.c
@@ -571,6 +571,14 @@ static apr_status_t handle_response(const fcgi_provider_conf *conf,
"parsing -> %d/%d",
fn, status, r->status);
+ /* FCGI has its own body framing mechanism which we don't
+ * match against any provided Content-Length, so let the
+ * core determine C-L vs T-E based on what's actually sent.
+ */
+ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Transfer-Encoding");
+
if (rspbuf) { /* caller wants to see response body,
* if any
*/
diff --git a/modules/generators/cgi_common.h b/modules/generators/cgi_common.h
index 69df73c..66f9418 100644
--- a/modules/generators/cgi_common.h
+++ b/modules/generators/cgi_common.h
@@ -26,6 +26,7 @@
#include "httpd.h"
#include "util_filter.h"
+#include "util_script.h"
static APR_OPTIONAL_FN_TYPE(ap_ssi_get_tag_and_value) *cgi_pfn_gtv;
static APR_OPTIONAL_FN_TYPE(ap_ssi_parse_string) *cgi_pfn_ps;
@@ -428,9 +429,18 @@ static int cgi_handle_response(request_rec *r, int nph, apr_bucket_brigade *bb,
char sbuf[MAX_STRING_LEN];
int ret;
- if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,
- APLOG_MODULE_INDEX)))
- {
+ ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,
+ APLOG_MODULE_INDEX);
+
+ /* xCGI has its own body framing mechanism which we don't
+ * match against any provided Content-Length, so let the
+ * core determine C-L vs T-E based on what's actually sent.
+ */
+ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Transfer-Encoding");
+
+ if (ret != OK) {
/* In the case of a timeout reading script output, clear
* the brigade to avoid a second attempt to read the
* output. */
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index c3eab95..3ad74dd 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -775,6 +775,18 @@ static APR_INLINE int check_headers(request_rec *r)
struct check_header_ctx ctx;
core_server_config *conf =
ap_get_core_module_config(r->server->module_config);
+ const char *val;
+
+ if ((val = apr_table_get(r->headers_out, "Transfer-Encoding"))) {
+ if (apr_table_get(r->headers_out, "Content-Length")) {
+ apr_table_unset(r->headers_out, "Content-Length");
+ r->connection->keepalive = AP_CONN_CLOSE;
+ }
+ if (!ap_is_chunked(r->pool, val)) {
+ r->connection->keepalive = AP_CONN_CLOSE;
+ return 0;
+ }
+ }
ctx.r = r;
ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index a09a2e4..0266a7d 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -17,6 +17,8 @@
#include "ajp_header.h"
#include "ajp.h"
+#include "util_script.h"
+
APLOG_USE_MODULE(proxy_ajp);
static const char *response_trans_headers[] = {
@@ -669,6 +671,14 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
}
}
+ /* AJP has its own body framing mechanism which we don't
+ * match against any provided Content-Length, so let the
+ * core determine C-L vs T-E based on what's actually sent.
+ */
+ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Transfer-Encoding");
+
return APR_SUCCESS;
}
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index 831bd15..d420df6 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -779,6 +779,15 @@ recv_again:
status = ap_scan_script_header_err_brigade_ex(r, ob,
NULL, APLOG_MODULE_INDEX);
+
+ /* FCGI has its own body framing mechanism which we don't
+ * match against any provided Content-Length, so let the
+ * core determine C-L vs T-E based on what's actually sent.
+ */
+ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Transfer-Encoding");
+
/* suck in all the rest */
if (status != OK) {
apr_bucket *tmp_b;
diff --git a/modules/proxy/mod_proxy_scgi.c b/modules/proxy/mod_proxy_scgi.c
index 5444a5c..d63c833 100644
--- a/modules/proxy/mod_proxy_scgi.c
+++ b/modules/proxy/mod_proxy_scgi.c
@@ -390,6 +390,14 @@ static int pass_response(request_rec *r, proxy_conn_rec *conn)
return status;
}
+ /* SCGI has its own body framing mechanism which we don't
+ * match against any provided Content-Length, so let the
+ * core determine C-L vs T-E based on what's actually sent.
+ */
+ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Transfer-Encoding");
+
conf = ap_get_module_config(r->per_dir_config, &proxy_scgi_module);
if (conf->sendfile && conf->sendfile != scgi_sendfile_off) {
short err = 1;
diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
index f0cbb5d..0ccf2ab 100644
--- a/modules/proxy/mod_proxy_uwsgi.c
+++ b/modules/proxy/mod_proxy_uwsgi.c
@@ -404,6 +404,12 @@ static int uwsgi_response(request_rec *r, proxy_conn_rec * backend,
return HTTP_BAD_GATEWAY;
}
+ /* T-E wins over C-L */
+ if (apr_table_get(r->headers_out, "Transfer-Encoding")) {
+ apr_table_unset(r->headers_out, "Content-Length");
+ backend->close = 1;
+ }
+
if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
ap_set_content_type(r, apr_pstrdup(r->pool, buf));
}
--
2.33.0

73
backport-CVE-2024-27316-bail-after-too-many-failed-reads.patch Normal file
View File

@ -0,0 +1,73 @@
From 0d73970ec161300a55b630f71bbf72b5c41f28b9 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 3 Apr 2024 12:12:55 +0000
Subject: [PATCH] Merge r1916771 from trunk:
bail after too many failed reads
Submitted By: icing
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1916779 13f79535-47bb-0310-9956-ffa450edef68
Conflict:The mod_http2 version upgrade (9767274) and new feature (06ceb22) are not integrated. As a result, context adaptation exists in h2_stream.h.
Reference:https://github.com/apache/httpd/commit/0d73970ec161300a55b630f71bbf72b5c41f28b9
---
modules/http2/h2_session.c | 10 +++++++---
modules/http2/h2_stream.c | 1 +
modules/http2/h2_stream.h | 3 ++-
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c
index afd9edb..308bc4a 100644
--- a/modules/http2/h2_session.c
+++ b/modules/http2/h2_session.c
@@ -311,9 +311,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
status = h2_stream_add_header(stream, (const char *)name, namelen,
(const char *)value, valuelen);
- if (status != APR_SUCCESS
- && (!stream->rtmp
- || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) {
+ if (status != APR_SUCCESS &&
+ (!stream->rtmp ||
+ stream->rtmp->http_status == H2_HTTP_STATUS_UNSET ||
+ /* We accept a certain amount of failures in order to reply
+ * with an informative HTTP error response like 413. But if the
+ * client is too wrong, we fail the request a RESET of the stream */
+ stream->request_headers_failed > 100)) {
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
}
return 0;
diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c
index 49d89cb..bde8609 100644
--- a/modules/http2/h2_stream.c
+++ b/modules/http2/h2_stream.c
@@ -764,6 +764,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
cleanup:
if (error) {
+ ++stream->request_headers_failed;
set_error_response(stream, error);
return APR_EINVAL;
}
diff --git a/modules/http2/h2_stream.h b/modules/http2/h2_stream.h
index 08f7888..1b89eaf 100644
--- a/modules/http2/h2_stream.h
+++ b/modules/http2/h2_stream.h
@@ -75,7 +75,8 @@ struct h2_stream {
struct h2_request *rtmp; /* request being assembled */
apr_table_t *trailers; /* optional incoming trailers */
int request_headers_added; /* number of request headers added */
-
+ int request_headers_failed; /* number of request headers failed to add */
+
struct h2_bucket_beam *input;
apr_bucket_brigade *in_buffer;
int in_window_size;
--
2.33.0

288
backport-Check-before-forwarding-that-a-nocanon-path-has-not-been-rewritten.patch Normal file
View File

@ -0,0 +1,288 @@
From fd92481223a0d213f1dc2f96745f495efcf33eca Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 31 Mar 2023 10:37:34 PM GMT+0800
Subject: [PATCH] mod_proxy:Check before forwarding that a nocanon path has not been
rewritten with spaces during processing
Conflict:NA
Reference:https://github.com/apache/httpd/commit/fd92481223a0d213f1dc2f96745f495efcf33eca
---
modules/http2/mod_proxy_http2.c | 31 +++++++++++++++++------------
modules/proxy/mod_proxy_ajp.c | 19 ++++++++++++------
modules/proxy/mod_proxy_balancer.c | 19 ++++++++++++------
modules/proxy/mod_proxy_fcgi.c | 15 ++++++++++++--
modules/proxy/mod_proxy_http.c | 32 ++++++++++++++++++------------
modules/proxy/mod_proxy_uwsgi.c | 14 +++++++++++--
modules/proxy/mod_proxy_wstunnel.c | 19 ++++++++++++------
7 files changed, 101 insertions(+), 48 deletions(-)
diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
index 77e2641..957c7ba 100644
--- a/modules/http2/mod_proxy_http2.c
+++ b/modules/http2/mod_proxy_http2.c
@@ -164,26 +164,31 @@ static int proxy_http2_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, (int)strlen(url),
enc_path, flags, r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
break;
case PROXYREQ_PROXY:
path = url;
break;
}
-
- if (path == NULL) {
- return HTTP_BAD_REQUEST;
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10420)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
+ if (search && *ap_scan_vchar_obstext(search)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
if (port != def_port) {
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 747f928..4446c5e 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -75,20 +75,27 @@ static int proxy_ajp_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10418)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
if (port != def_port)
apr_snprintf(sport, sizeof(sport), ":%d", port);
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index de31749..d175fcf 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -112,20 +112,27 @@ static int proxy_balancer_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10416)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
r->filename = apr_pstrcat(r->pool, "proxy:" BALANCER_PREFIX, host,
"/", path, (search) ? "?" : "", (search) ? search : "", NULL);
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index a422b4e..831bd15 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -102,9 +102,20 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
+ }
+ /*
+ * If we have a raw control character or a ' ' in nocanon path,
+ * correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/",
path, NULL);
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index fca8d5d..40f0787 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -131,26 +131,32 @@ static int proxy_http_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path,
flags, r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
break;
case PROXYREQ_PROXY:
path = url;
break;
}
-
- if (path == NULL)
- return HTTP_BAD_REQUEST;
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10415)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
+ if (search && *ap_scan_vchar_obstext(search)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (port != def_port)
apr_snprintf(sport, sizeof(sport), ":%d", port);
diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
index 771fcea..f0cbb5d 100644
--- a/modules/proxy/mod_proxy_uwsgi.c
+++ b/modules/proxy/mod_proxy_uwsgi.c
@@ -94,9 +94,19 @@ static int uwsgi_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
}
- if (!path) {
- return HTTP_BAD_REQUEST;
+ /*
+ * If we have a raw control character or a ' ' in nocanon path,
+ * correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10417)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
r->filename =
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
index a44bb44..227dba4 100644
--- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c
@@ -120,20 +120,27 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10419)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
if (port != def_port)
apr_snprintf(sport, sizeof(sport), ":%d", port);
--
2.27.0

322
backport-Do-not-double-encode-encoded-slashes.patch Normal file
View File

@ -0,0 +1,322 @@
From 9b8cf1746bb004050b02a30bf0222479fbe405c2 Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 31 Mar 2023 10:33:47 PM GMT+0800
Subject: [PATCH] mod_proxy:In case that AllowEncodedSlashes is set to NoDecode do not
double encode encoded slashes in the URL sent by the reverse proxy to the
backend
Conflict:NA
Reference:https://github.com/apache/httpd/commit/9b8cf1746bb004050b02a30bf0222479fbe405c2
---
include/ap_mmn.h | 3 ++-
modules/http2/mod_proxy_http2.c | 7 ++++--
modules/proxy/mod_proxy.h | 6 +++++
modules/proxy/mod_proxy_ajp.c | 7 ++++--
modules/proxy/mod_proxy_balancer.c | 7 ++++--
modules/proxy/mod_proxy_fcgi.c | 7 ++++--
modules/proxy/mod_proxy_ftp.c | 5 +++-
modules/proxy/mod_proxy_http.c | 7 ++++--
modules/proxy/mod_proxy_scgi.c | 6 +++--
modules/proxy/mod_proxy_uwsgi.c | 7 ++++--
modules/proxy/mod_proxy_wstunnel.c | 7 ++++--
modules/proxy/proxy_util.c | 39 ++++++++++++++++++++++++++----
12 files changed, 85 insertions(+), 23 deletions(-)
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index a6d47a2..dd469f3 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -582,6 +582,7 @@
* 20120211.118 (2.4.51-dev) Add ap_unescape_url_ex() and deprecate
* AP_NORMALIZE_DROP_PARAMETERS
* 20120211.121 (2.4.51-dev) Add ap_post_read_request()
+ * 20120211.122 (2.4.51-dev) Add ap_proxy_canonenc_ex
*
*/
@@ -590,7 +591,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20120211
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 122 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
index 9b741e1..77e2641 100644
--- a/modules/http2/mod_proxy_http2.c
+++ b/modules/http2/mod_proxy_http2.c
@@ -159,8 +159,11 @@ static int proxy_http2_canon(request_rec *r, char *url)
search = r->args;
}
else {
- path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
- enc_path, 0, r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, (int)strlen(url),
+ enc_path, flags, r->proxyreq);
search = r->args;
}
if (search && *(ap_scan_vchar_obstext(search))) {
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index 47899d7..ce8183a 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -76,6 +76,10 @@ enum enctype {
enc_path, enc_search, enc_user, enc_fpath, enc_parm
};
+/* Flags for ap_proxy_canonenc_ex */
+#define PROXY_CANONENC_FORCEDEC 0x01
+#define PROXY_CANONENC_NOENCODEDSLASHENCODING 0x02
+
typedef enum {
NONE, TCP, OPTIONS, HEAD, GET, CPING, PROVIDER, EOT
} hcmethod_t;
@@ -669,6 +673,8 @@ PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src,
apr_size_t dlen);
PROXY_DECLARE(int) ap_proxy_hex2c(const char *x);
PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x);
+PROXY_DECLARE(char *)ap_proxy_canonenc_ex(apr_pool_t *p, const char *x, int len, enum enctype t,
+ int flags, int proxyreq);
PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
int forcedec, int proxyreq);
PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index 731e4ed..747f928 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -70,8 +70,11 @@ static int proxy_ajp_canon(request_rec *r, char *url)
search = r->args;
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
search = r->args;
}
if (search && *(ap_scan_vchar_obstext(search))) {
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index 719a99e..de31749 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -107,8 +107,11 @@ static int proxy_balancer_canon(request_rec *r, char *url)
search = r->args;
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
search = r->args;
}
if (search && *(ap_scan_vchar_obstext(search))) {
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index a89b9a9..a422b4e 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -97,8 +97,11 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
path = url; /* this is the raw/encoded path */
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
}
if (path == NULL)
return HTTP_BAD_REQUEST;
diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c
index a559528..e40d17c 100644
--- a/modules/proxy/mod_proxy_ftp.c
+++ b/modules/proxy/mod_proxy_ftp.c
@@ -294,6 +294,8 @@ static int proxy_ftp_canon(request_rec *r, char *url)
apr_pool_t *p = r->pool;
const char *err;
apr_port_t port, def_port;
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
/* */
if (ap_cstr_casecmpn(url, "ftp:", 4) == 0) {
@@ -332,7 +334,8 @@ static int proxy_ftp_canon(request_rec *r, char *url)
else
parms = "";
- path = ap_proxy_canonenc(p, url, strlen(url), enc_path, 0, r->proxyreq);
+ path = ap_proxy_canonenc_ex(p, url, strlen(url), enc_path, flags,
+ r->proxyreq);
if (path == NULL)
return HTTP_BAD_REQUEST;
if (!ftp_check_string(path))
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 4d0f8de..fca8d5d 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -126,8 +126,11 @@ static int proxy_http_canon(request_rec *r, char *url)
search = r->args;
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url),
- enc_path, 0, r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path,
+ flags, r->proxyreq);
search = r->args;
}
if (search && *(ap_scan_vchar_obstext(search))) {
diff --git a/modules/proxy/mod_proxy_scgi.c b/modules/proxy/mod_proxy_scgi.c
index 493757d..5444a5c 100644
--- a/modules/proxy/mod_proxy_scgi.c
+++ b/modules/proxy/mod_proxy_scgi.c
@@ -179,6 +179,8 @@ static int scgi_canon(request_rec *r, char *url)
char *host, sport[sizeof(":65535")];
const char *err, *path;
apr_port_t port, def_port;
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
if (ap_cstr_casecmpn(url, SCHEME "://", sizeof(SCHEME) + 2)) {
return DECLINED;
@@ -205,8 +207,8 @@ static int scgi_canon(request_rec *r, char *url)
host = apr_pstrcat(r->pool, "[", host, "]", NULL);
}
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
if (!path) {
return HTTP_BAD_REQUEST;
}
diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
index 71c6ebb..771fcea 100644
--- a/modules/proxy/mod_proxy_uwsgi.c
+++ b/modules/proxy/mod_proxy_uwsgi.c
@@ -89,8 +89,11 @@ static int uwsgi_canon(request_rec *r, char *url)
path = url; /* this is the raw/encoded path */
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
}
if (!path) {
return HTTP_BAD_REQUEST;
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
index 3f8de25..a44bb44 100644
--- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c
@@ -115,8 +115,11 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
search = r->args;
}
else {
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
+ int flags = d->allow_encoded_slashes && !d->decode_encoded_slashes ? PROXY_CANONENC_NOENCODEDSLASHENCODING : 0;
+
+ path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
+ r->proxyreq);
search = r->args;
}
if (search && *(ap_scan_vchar_obstext(search))) {
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 669b672..2dee743 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -205,14 +205,16 @@ PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
* and encodes those which must be encoded, and does not touch
* those which must not be touched.
*/
-PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
- enum enctype t, int forcedec,
- int proxyreq)
+PROXY_DECLARE(char *)ap_proxy_canonenc_ex(apr_pool_t *p, const char *x, int len,
+ enum enctype t, int flags,
+ int proxyreq)
{
int i, j, ch;
char *y;
char *allowed; /* characters which should not be encoded */
char *reserved; /* characters which much not be en/de-coded */
+ int forcedec = flags & PROXY_CANONENC_FORCEDEC;
+ int noencslashesenc = flags & PROXY_CANONENC_NOENCODEDSLASHENCODING;
/*
* N.B. in addition to :@&=, this allows ';' in an http path
@@ -261,7 +263,8 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
* decode it if not already done. do not decode reverse proxied URLs
* unless specifically forced
*/
- if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
+ if ((forcedec || noencslashesenc
+ || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
return NULL;
}
@@ -272,7 +275,17 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
y[j] = x[i];
continue;
}
- i += 2;
+ if (noencslashesenc && !forcedec && (proxyreq == PROXYREQ_REVERSE)) {
+ /*
+ * In the reverse proxy case when we only want to keep encoded
+ * slashes untouched revert back to '%' which will cause
+ * '%' to be encoded in the following.
+ */
+ ch = '%';
+ }
+ else {
+ i += 2;
+ }
}
/* recode it, if necessary */
if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
@@ -287,6 +300,22 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
return y;
}
+/*
+ * Convert a URL-encoded string to canonical form.
+ * It decodes characters which need not be encoded,
+ * and encodes those which must be encoded, and does not touch
+ * those which must not be touched.
+ */
+PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
+ enum enctype t, int forcedec,
+ int proxyreq)
+{
+ int flags;
+
+ flags = forcedec ? PROXY_CANONENC_FORCEDEC : 0;
+ return ap_proxy_canonenc_ex(p, x, len, t, flags, proxyreq);
+}
+
/*
* Parses network-location.
* urlp on input the URL; on output the path, after the leading /
--
2.27.0

258
backport-Fix-double-encoding-of-the-uri-path-of-the-request.patch Normal file
View File

@ -0,0 +1,258 @@
From a356fdbfb93c59a4e359f0a81b38aef31ddd856e Mon Sep 17 00:00:00 2001
From: Eric covener <covener@apache.org>
Date: Mon, 20 Mar 2023 05:29:03 AM GMT+0800
Subject: [PATCH] mod_proxy: Fix double encoding of the uri-path of the request forwarded
to the origin server, when using mapping=encoded|servlet
Conflict:NA
Reference:https://github.com/apache/httpd/commit/a356fdbfb93c59a4e359f0a81b38aef31ddd856e
---
modules/http2/mod_proxy_http2.c | 20 ++++++++++----------
modules/proxy/mod_proxy.c | 17 +++++++++++------
modules/proxy/mod_proxy_ajp.c | 20 ++++++++++----------
modules/proxy/mod_proxy_balancer.c | 20 ++++++++++----------
modules/proxy/mod_proxy_fcgi.c | 5 +++--
modules/proxy/mod_proxy_http.c | 20 ++++++++++----------
modules/proxy/mod_proxy_uwsgi.c | 10 ++++++++--
modules/proxy/mod_proxy_wstunnel.c | 20 ++++++++++----------
8 files changed, 72 insertions(+), 60 deletions(-)
diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
index 753f7f4..9b741e1 100644
--- a/modules/http2/mod_proxy_http2.c
+++ b/modules/http2/mod_proxy_http2.c
@@ -162,16 +162,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
+ }
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
break;
case PROXYREQ_PROXY:
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index f8a4db6..6717782 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -960,6 +960,8 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
}
if (found) {
+ unsigned int encoded = ent->flags & PROXYPASS_MAP_ENCODED;
+
/* A proxy module is assigned this URL, check whether it's interested
* in the request itself (e.g. proxy_wstunnel cares about Upgrade
* requests only, and could hand over to proxy_http otherwise).
@@ -979,6 +981,9 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
if (ent->flags & PROXYPASS_NOQUERY) {
apr_table_setn(r->notes, "proxy-noquery", "1");
}
+ if (encoded) {
+ apr_table_setn(r->notes, "proxy-noencode", "1");
+ }
if (servlet_uri) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(10248)
@@ -992,13 +997,13 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
*/
AP_DEBUG_ASSERT(strlen(r->uri) >= strlen(servlet_uri));
strcpy(r->uri, servlet_uri);
- return DONE;
}
-
- ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03464)
- "URI path '%s' matches proxy handler '%s'", r->uri,
- found);
- return OK;
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, APLOGNO(03464)
+ "URI path '%s' matches proxy handler '%s'", r->uri,
+ found);
+ }
+ return (encoded) ? DONE : OK;
}
return HTTP_CONTINUE;
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index ba41fbd..731e4ed 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -73,16 +73,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
+ }
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
if (path == NULL)
return HTTP_BAD_REQUEST;
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index c8bba0f..719a99e 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -110,16 +110,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
+ }
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
if (path == NULL)
return HTTP_BAD_REQUEST;
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index 3382b9b..a89b9a9 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -92,8 +92,9 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
host = apr_pstrcat(r->pool, "[", host, "]", NULL);
}
- if (apr_table_get(r->notes, "proxy-nocanon")) {
- path = url; /* this is the raw path */
+ if (apr_table_get(r->notes, "proxy-nocanon")
+ || apr_table_get(r->notes, "proxy-noencode")) {
+ path = url; /* this is the raw/encoded path */
}
else {
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 09269b2..4d0f8de 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -129,16 +129,16 @@ static int proxy_http_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
+ }
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
break;
case PROXYREQ_PROXY:
diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
index cc21e38..71c6ebb 100644
--- a/modules/proxy/mod_proxy_uwsgi.c
+++ b/modules/proxy/mod_proxy_uwsgi.c
@@ -84,8 +84,14 @@ static int uwsgi_canon(request_rec *r, char *url)
host = apr_pstrcat(r->pool, "[", host, "]", NULL);
}
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
+ if (apr_table_get(r->notes, "proxy-nocanon")
+ || apr_table_get(r->notes, "proxy-noencode")) {
+ path = url; /* this is the raw/encoded path */
+ }
+ else {
+ path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+ r->proxyreq);
+ }
if (!path) {
return HTTP_BAD_REQUEST;
}
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
index e2fcba2..3f8de25 100644
--- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c
@@ -118,16 +118,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
- if (search && *(ap_scan_vchar_obstext(search))) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
+ }
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
if (path == NULL)
return HTTP_BAD_REQUEST;
--
2.27.0

74
backport-Fix-use-after-free-warning-with-gcc-fanalyzer.patch Normal file
View File

@ -0,0 +1,74 @@
From 8fe3cc79d1bcb4a20a0c56853d82e85c8a88b8f5 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Mon, 20 Nov 2023 13:17:25 +0000
Subject: [PATCH] Backport to v2.4:
*) core: Fix use after free warning with gcc -fanalyzer.
trunk patch: http://svn.apache.org/r1892413
2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-use-after-free.patch
+1: minfrin, ylavic, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1913983 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/8fe3cc79d1bcb4a20a0c56853d82e85c8a88b8f5
---
CHANGES | 2 ++
server/mpm_unix.c | 16 ++++++++++------
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/CHANGES b/CHANGES
index 4cce3c0..e689384 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.59
+ *) core: Fix use after free warning with gcc -fanalyzer. [Joe Orton]
+
*) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
Changes with Apache 2.4.51
diff --git a/server/mpm_unix.c b/server/mpm_unix.c
index 8c4d233..ed4555a 100644
--- a/server/mpm_unix.c
+++ b/server/mpm_unix.c
@@ -259,10 +259,12 @@ AP_DECLARE(void) ap_reclaim_child_processes(int terminate,
while (cur_extra) {
ap_generation_t old_gen;
extra_process_t *next = cur_extra->next;
+ pid_t pid = cur_extra->pid;
- if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) {
- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
- mpm_callback(-1, cur_extra->pid, old_gen);
+ if (reclaim_one_pid(pid, action_table[cur_action].action)) {
+ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
+ /* cur_extra dangling pointer from here. */
+ mpm_callback(-1, pid, old_gen);
}
else {
AP_DEBUG_ASSERT(1 == 0);
@@ -307,10 +309,12 @@ AP_DECLARE(void) ap_relieve_child_processes(ap_reclaim_callback_fn_t *mpm_callba
while (cur_extra) {
ap_generation_t old_gen;
extra_process_t *next = cur_extra->next;
+ pid_t pid = cur_extra->pid;
- if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) {
- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
- mpm_callback(-1, cur_extra->pid, old_gen);
+ if (reclaim_one_pid(pid, DO_NOTHING)) {
+ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
+ /* cur_extra dangling pointer from here. */
+ mpm_callback(-1, pid, old_gen);
}
else {
AP_DEBUG_ASSERT(1 == 0);
--
2.33.0

36
backport-Report-an-error-if-the-AJP-backend-sends-an-invalid-number-of-headers.patch Normal file
View File

@ -0,0 +1,36 @@
From 296a99c3102e4dd91153a8fb732275b804f001fc Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 23 Jan 2023 04:59:22 PM GMT+0800
Subject: [PATCH] Report an error if the AJP backend sends an invalid number of headers
Conflict:NA
Reference:https://github.com/apache/httpd/commit/296a99c3102e4dd91153a8fb732275b804f001fc
---
modules/proxy/ajp_header.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index b4dc47c..a09a2e4 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -584,8 +584,15 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
r->headers_out = save_table;
}
else {
- r->headers_out = NULL;
+ /*
+ * Reset headers, but not to NULL because things below the chain expect
+ * this to be non NULL e.g. the ap_content_length_filter.
+ */
+ r->headers_out = apr_table_make(r->pool, 1);
num_headers = 0;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10405)
+ "ajp_unmarshal_response: Bad number of headers");
+ return rc;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r,
--
2.27.0

55
backport-Use-ap_os_is_path_absolute-to-make-it-portable.patch Normal file
View File

@ -0,0 +1,55 @@
From 32881a76e31f8bafa498999bae5237c3a6418317 Mon Sep 17 00:00:00 2001
From: Jean-Frederic Clere <jfclere@apache.org>
Date: Wed, 14 Feb 2024 14:27:03 +0000
Subject: [PATCH] * mod_slotmem_shm: Use ap_os_is_path_absolute() to make it
portable.
Reviewed by: jfclere, jorton, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1915791 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/32881a76e31f8bafa498999bae5237c3a6418317
---
changes-entries/mod_slotmem_shm.txt | 3 +++
modules/slotmem/mod_slotmem_shm.c | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
create mode 100644 changes-entries/mod_slotmem_shm.txt
diff --git a/changes-entries/mod_slotmem_shm.txt b/changes-entries/mod_slotmem_shm.txt
new file mode 100644
index 0000000..767711f
--- /dev/null
+++ b/changes-entries/mod_slotmem_shm.txt
@@ -0,0 +1,3 @@
+ *) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
+ [Jean-Frederic Clere]
+
diff --git a/modules/slotmem/mod_slotmem_shm.c b/modules/slotmem/mod_slotmem_shm.c
index f4eaa84..4d14faf 100644
--- a/modules/slotmem/mod_slotmem_shm.c
+++ b/modules/slotmem/mod_slotmem_shm.c
@@ -92,7 +92,7 @@ static int slotmem_filenames(apr_pool_t *pool,
const char *fname = NULL, *pname = NULL;
if (slotname && *slotname && strcasecmp(slotname, "none") != 0) {
- if (slotname[0] != '/') {
+ if (!ap_os_is_path_absolute(pool, slotname)) {
/* Each generation needs its own file name. */
int generation = 0;
ap_mpm_query(AP_MPMQ_GENERATION, &generation);
@@ -109,7 +109,7 @@ static int slotmem_filenames(apr_pool_t *pool,
if (persistname) {
/* Persisted file names are immutable... */
- if (slotname[0] != '/') {
+ if (!ap_os_is_path_absolute(pool, slotname)) {
pname = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX,
slotname, DEFAULT_SLOTMEM_SUFFIX,
DEFAULT_SLOTMEM_PERSIST_SUFFIX,
--
2.33.0

152
backport-avoid-delimiting-the-query-with-a-backreference.patch Normal file
View File

@ -0,0 +1,152 @@
From 9282a06e55cb142666d6ed565c9031e728b7d537 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 6 Mar 2023 04:31:19 AM GMT+0800
Subject: [PATCH] avoid delimiting the query with a backreference
Conflict:NA
Reference:https://github.com/apache/httpd/commit/9282a06e55cb142666d6ed565c9031e728b7d537
---
modules/mappers/mod_rewrite.c | 44 +++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 7faaeb7..e539a44 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -167,6 +167,7 @@ static const char* really_last_key = "rewrite_really_last";
#define RULEFLAG_END (1<<17)
#define RULEFLAG_ESCAPENOPLUS (1<<18)
#define RULEFLAG_QSLAST (1<<19)
+#define RULEFLAG_QSNONE (1<<20) /* programattic only */
/* return code of the rewrite rule
* the result may be escaped - or not
@@ -763,11 +764,19 @@ static char *escape_absolute_uri(apr_pool_t *p, char *uri, unsigned scheme)
* split out a QUERY_STRING part from
* the current URI string
*/
-static void splitout_queryargs(request_rec *r, int qsappend, int qsdiscard,
- int qslast)
+static void splitout_queryargs(request_rec *r, int flags)
{
char *q;
int split, skip;
+ int qsappend = flags & RULEFLAG_QSAPPEND;
+ int qsdiscard = flags & RULEFLAG_QSDISCARD;
+ int qslast = flags & RULEFLAG_QSLAST;
+
+ if (flags & RULEFLAG_QSNONE) {
+ rewritelog((r, 2, NULL, "discarding query string, no parse from substitution"));
+ r->args = NULL;
+ return;
+ }
/* don't touch, unless it's a scheme for which a query string makes sense.
* See RFC 1738 and RFC 2368.
@@ -792,7 +801,7 @@ static void splitout_queryargs(request_rec *r, int qsappend, int qsdiscard,
olduri = apr_pstrdup(r->pool, r->filename);
*q++ = '\0';
if (qsappend) {
- if (*q) {
+ if (*q) {
r->args = apr_pstrcat(r->pool, q, "&" , r->args, NULL);
}
}
@@ -800,7 +809,7 @@ static void splitout_queryargs(request_rec *r, int qsappend, int qsdiscard,
r->args = apr_pstrdup(r->pool, q);
}
- if (r->args) {
+ if (r->args) {
len = strlen(r->args);
if (!len) {
@@ -2735,7 +2744,8 @@ static apr_status_t rewritelock_remove(void *data)
* XXX: what an inclined parser. Seems we have to leave it so
* for backwards compat. *sigh*
*/
-static int parseargline(char *str, char **a1, char **a2, char **a3)
+static char *parseargline(apr_pool_t *p, char *str, char **a1,
+ char **a2, char **a2_end, char **a3)
{
char quote;
@@ -2786,8 +2796,10 @@ static int parseargline(char *str, char **a1, char **a2, char **a3)
if (!*str) {
*a3 = NULL; /* 3rd argument is optional */
+ *a2_end = str;
return 0;
}
+ *a2_end = str;
*str++ = '\0';
while (apr_isspace(*str)) {
@@ -3327,7 +3339,7 @@ static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf,
rewrite_server_conf *sconf;
rewritecond_entry *newcond;
ap_regex_t *regexp;
- char *a1 = NULL, *a2 = NULL, *a3 = NULL;
+ char *a1 = NULL, *a2 = NULL, *a2_end, *a3 = NULL;
const char *err;
sconf = ap_get_module_config(cmd->server->module_config, &rewrite_module);
@@ -3345,7 +3357,7 @@ static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf,
* of the argument line. So we can use a1 .. a3 without
* copying them again.
*/
- if (parseargline(str, &a1, &a2, &a3)) {
+ if ((err = parseargline(cmd->pool, str, &a1, &a2, &a2_end, &a3))) {
return apr_pstrcat(cmd->pool, "RewriteCond: bad argument line '", str,
"'", NULL);
}
@@ -3753,7 +3765,7 @@ static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
rewrite_server_conf *sconf;
rewriterule_entry *newrule;
ap_regex_t *regexp;
- char *a1 = NULL, *a2 = NULL, *a3 = NULL;
+ char *a1 = NULL, *a2 = NULL, *a2_end, *a3 = NULL;
const char *err;
sconf = ap_get_module_config(cmd->server->module_config, &rewrite_module);
@@ -3767,7 +3779,7 @@ static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
}
/* parse the argument line ourself */
- if (parseargline(str, &a1, &a2, &a3)) {
+ if ((err = parseargline(cmd->pool, str, &a1, &a2, &a2_end, &a3))) {
return apr_pstrcat(cmd->pool, "RewriteRule: bad argument line '", str,
"'", NULL);
}
@@ -3814,6 +3826,16 @@ static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
newrule->flags |= RULEFLAG_NOSUB;
}
+ if (*(a2_end-1) == '?') {
+ /* a literal ? at the end of the unsubstituted rewrite rule */
+ newrule->flags |= RULEFLAG_QSNONE;
+ }
+ else if (newrule->flags & RULEFLAG_QSDISCARD) {
+ if (NULL == ap_strchr(newrule->output, '?')) {
+ newrule->flags |= RULEFLAG_QSNONE;
+ }
+ }
+
/* now, if the server or per-dir config holds an
* array of RewriteCond entries, we take it for us
* and clear the array
@@ -4219,9 +4241,7 @@ static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)
r->path_info = NULL;
}
- splitout_queryargs(r, p->flags & RULEFLAG_QSAPPEND,
- p->flags & RULEFLAG_QSDISCARD,
- p->flags & RULEFLAG_QSLAST);
+ splitout_queryargs(r, p->flags);
/* Add the previously stripped per-directory location prefix, unless
* (1) it's an absolute URL path and
--
2.27.0

72
backport-do-not-match-the-extention-against-possible-query-string.patch Normal file
View File

@ -0,0 +1,72 @@
From 11d58d4a43939ccd6f0ab3e4bf762c6a9bc8e0a7 Mon Sep 17 00:00:00 2001
From: Eric covener <covener@apache.org>
Date: Mon, 20 Mar 2023 05:33:57 AM GMT+0800
Subject: [PATCH] mod_mime: Do not match the extention against possible query string
parameters in case ProxyPass was used with the nocanon option.
Conflict:NA
Reference:https://github.com/apache/httpd/commit/11d58d4a43939ccd6f0ab3e4bf762c6a9bc8e0a7
---
modules/http/mod_mime.c | 15 ++++++++++++++-
modules/proxy/proxy_util.c | 7 ++++---
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c
index 03d1c41..700f824 100644
--- a/modules/http/mod_mime.c
+++ b/modules/http/mod_mime.c
@@ -755,7 +755,7 @@ static int find_ct(request_rec *r)
mime_dir_config *conf;
apr_array_header_t *exception_list;
char *ext;
- const char *fn, *fntmp, *type, *charset = NULL, *resource_name;
+ const char *fn, *fntmp, *type, *charset = NULL, *resource_name, *qm;
int found_metadata = 0;
if (r->finfo.filetype == APR_DIR) {
@@ -775,6 +775,19 @@ static int find_ct(request_rec *r)
if (conf->use_path_info & 1) {
resource_name = apr_pstrcat(r->pool, r->filename, r->path_info, NULL);
}
+ /*
+ * In the reverse proxy case r->filename might contain a query string if
+ * the nocanon option was used with ProxyPass.
+ * If this is the case cut off the query string as the last parameter in
+ * this query string might end up on an extension we take care about, but
+ * we only want to match against path components not against query
+ * parameters.
+ */
+ else if ((r->proxyreq == PROXYREQ_REVERSE)
+ && (apr_table_get(r->notes, "proxy-nocanon"))
+ && ((qm = ap_strchr_c(r->filename, '?')) != NULL)) {
+ resource_name = apr_pstrmemdup(r->pool, r->filename, qm - r->filename);
+ }
else {
resource_name = r->filename;
}
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 3d324cb..d824fb0 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -266,12 +266,13 @@ PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
return NULL;
}
ch = ap_proxy_hex2c(&x[i + 1]);
- i += 2;
if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
- ap_proxy_c2hex(ch, &y[j]);
- j += 2;
+ y[j++] = x[i++];
+ y[j++] = x[i++];
+ y[j] = x[i];
continue;
}
+ i += 2;
}
/* recode it, if necessary */
if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
--
2.33.0

27
backport-fix-memory-leak-in-calc_sha256_hash.patch Normal file
View File

@ -0,0 +1,27 @@
From ff558f52f528dd21eb0a77de74d828e1459cdd62 Mon Sep 17 00:00:00 2001
From: Joe Orton <notroj@redhat.com>
Date: Fri, 7 Jul 2023 08:04:38 PM GMT+0800
Subject: [PATCH] fix memory leak in calc_sha256_hash
Conflict:NA
Reference:https://github.com/apache/httpd/commmit/ff558f52f528dd21eb0a77de74d828e1459cdd62
---
modules/http2/h2_push.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/http2/h2_push.c b/modules/http2/h2_push.c
index 462c470..dd0928b 100644
--- a/modules/http2/h2_push.c
+++ b/modules/http2/h2_push.c
@@ -502,6 +502,7 @@ static void calc_sha256_hash(h2_push_diary *diary, apr_uint64_t *phash, h2_push
sha256_update(md, push->req->authority);
sha256_update(md, push->req->path);
EVP_DigestFinal(md, hash, &len);
+ EVP_MD_CTX_destroy(md);
val = 0;
for (i = 0; i != len; ++i)
--
2.23.0

28
backport-fix-missing-APLOGNO.patch Normal file
View File

@ -0,0 +1,28 @@
From 1061b64bb7da5339b037f936169a088150427bd1 Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Mon, 6 Mar 2023 05:25:17 PM GMT+0800
Subject: [PATCH] modules/http2/mod_proxy_http2.c: Fix missing APLOGNO
Conflict:NA
Reference:https://github.com/apache/httpd/commit/1061b64bb7da5339b037f936169a088150427bd1
---
modules/http2/mod_proxy_http2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
index d8a77c8..753f7f4 100644
--- a/modules/http2/mod_proxy_http2.c
+++ b/modules/http2/mod_proxy_http2.c
@@ -167,7 +167,7 @@ static int proxy_http2_canon(request_rec *r, char *url)
* We have a raw control character or a ' ' in r->args.
* Correct encoding was missed.
*/
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
--
2.27.0

38
backport-handled-a-negative-value-when-parsing-the-config.patch Normal file
View File

@ -0,0 +1,38 @@
From b2d18fb704c64ce7767e07fe546eecec98c91b50 Mon Sep 17 00:00:00 2001
From: Eirc Covener <covener@apache.org>
Date: Fri, 27 Jan 2023 08:58:03 PM GMT+0800
Subject: [PATCH] mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
allow connections of any age to be reused. Up to now, a negative value
was handled as an error when parsing the configuration file
Conflict:NA
Reference:https://github.com/apache/httpd/commit/b2d18fb704c64ce7767e07fe546eecec98c91b50
---
modules/ldap/util_ldap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 4d92ec9..14b774a 100644
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -2752,12 +2752,14 @@ static const char *util_ldap_set_conn_ttl(cmd_parms *cmd,
void *dummy,
const char *val)
{
- apr_interval_time_t timeout;
+ apr_interval_time_t timeout = -1;
util_ldap_state_t *st =
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
&ldap_module);
- if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS) {
+ /* Negative values mean AP_LDAP_CONNPOOL_INFINITE */
+ if (val[0] != '-' &&
+ ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS) {
return "LDAPConnectionPoolTTL has wrong format";
}
--
2.27.0

101
backport-release-memory-to-the-OS-when-needed.patch Normal file
View File

@ -0,0 +1,101 @@
From 80560d29c8bc6dac44c8a7f7767e54e0ec52c5e6 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Sat, 18 Nov 2023 11:20:14 +0000
Subject: [PATCH] Backport to v2.4:
*) mod_ssl: release memory to the OS when needed
Trunk version of patch:
https://svn.apache.org/r1898410
https://svn.apache.org/r1898366
svn merge -c 1898366 ^/httpd/httpd/trunk .
svn merge -c 1898410 ^/httpd/httpd/trunk .
+1: gbechis, ylavic, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1913909 13f79535-47bb-0310-9956-ffa450edef68
Conflict:The changelog contains context adaptation and does not contain the STATUS file
Reference:https://github.com/apache/httpd/commit/80560d29c8bc6dac44c8a7f7767e54e0ec52c5e6
---
CHANGES | 4 ++++
modules/ssl/ssl_engine_init.c | 7 ++++++-
modules/ssl/ssl_util_ocsp.c | 5 ++++-
modules/ssl/ssl_util_stapling.c | 4 +++-
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/CHANGES b/CHANGES
index 093d46f..4cce3c0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.59
+
+ *) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
+
Changes with Apache 2.4.51
*) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 8b8ede0..beb5dac 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1696,6 +1696,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02208)
"SSL proxy client cert initialization failed");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+ sk_X509_INFO_free(sk);
return ssl_die(s);
}
@@ -1705,7 +1706,11 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s,
int i;
X509_INFO *inf = sk_X509_INFO_value(pkp->certs, n);
- X509_STORE_CTX_init(sctx, store, inf->x509, NULL);
+ if (!X509_STORE_CTX_init(sctx, store, inf->x509, NULL)) {
+ sk_X509_INFO_free(sk);
+ X509_STORE_CTX_free(sctx);
+ return ssl_die(s);
+ }
/* Attempt to verify the client cert */
if (X509_verify_cert(sctx) != 1) {
diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index b9c8a0b..a202a72 100644
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -370,8 +370,11 @@ static STACK_OF(X509) *modssl_read_ocsp_certificates(const char *file)
while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
if (!other_certs) {
other_certs = sk_X509_new_null();
- if (!other_certs)
+ if (!other_certs) {
+ X509_free(x509);
+ BIO_free(bio);
return NULL;
+ }
}
if (!sk_X509_push(other_certs, x509)) {
diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c
index ab77e4a..25f2758 100644
--- a/modules/ssl/ssl_util_stapling.c
+++ b/modules/ssl/ssl_util_stapling.c
@@ -117,8 +117,10 @@ static X509 *stapling_get_issuer(modssl_ctx_t *mctx, X509 *x)
}
inctx = X509_STORE_CTX_new();
- if (!X509_STORE_CTX_init(inctx, st, NULL, NULL))
+ if (!X509_STORE_CTX_init(inctx, st, NULL, NULL)) {
+ X509_STORE_CTX_free(inctx);
return 0;
+ }
if (X509_STORE_CTX_get1_issuer(&issuer, inctx, x) <= 0)
issuer = NULL;
X509_STORE_CTX_cleanup(inctx);
--
2.33.0

71
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd
Summary: Apache HTTP Server
Version: 2.4.51
Release: 15
Release: 21
License: ASL 2.0
URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -68,7 +68,7 @@ Patch14: backport-layout_add_openEuler.patch
Patch15: backport-httpd-2.4.43-gettid.patch
Patch16: backport-httpd-2.4.43-r1861793+.patch
Patch17: backport-httpd-2.4.48-r1828172+.patch
Patch18: backport-httpd-2.4.46-htcacheclean-dont-break.patch
Patch18: backport-httpd-2.4.46-htcacheclean-dont-break.patch
Patch19: backport-CVE-2022-22719.patch
Patch20: backport-CVE-2022-22720.patch
Patch21: backport-CVE-2022-22721.patch
@ -76,7 +76,7 @@ Patch22: backport-001-CVE-2022-23943.patch
Patch23: backport-002-CVE-2022-23943.patch
Patch24: backport-CVE-2021-44790.patch
Patch25: backport-001-CVE-2021-44224.patch
Patch26: backport-002-CVE-2021-44224.patch
Patch26: backport-002-CVE-2021-44224.patch
Patch27: backport-Switch-from-PCRE-to-PCRE2.patch
Patch28: backport-CVE-2022-28615.patch
Patch29: backport-CVE-2022-31813.patch
@ -100,6 +100,23 @@ Patch46: backport-CVE-2022-37436.patch
Patch47: backport-open-the-lock-database-read-only-when-possible.patch
Patch48: backport-CVE-2023-27522.patch
Patch49: backport-CVE-2023-25690.patch
Patch50: backport-Report-an-error-if-the-AJP-backend-sends-an-invalid-number-of-headers.patch
Patch51: backport-handled-a-negative-value-when-parsing-the-config.patch
Patch52: backport-avoid-delimiting-the-query-with-a-backreference.patch
Patch53: backport-fix-missing-APLOGNO.patch
Patch54: backport-Fix-double-encoding-of-the-uri-path-of-the-request.patch
Patch55: backport-do-not-match-the-extention-against-possible-query-string.patch
Patch56: backport-Do-not-double-encode-encoded-slashes.patch
Patch57: backport-Check-before-forwarding-that-a-nocanon-path-has-not-been-rewritten.patch
Patch58: backport-fix-memory-leak-in-calc_sha256_hash.patch
Patch59: backport-CVE-2023-31122-out-of-bound-Read.patch
Patch60: backport-CVE-2023-45802-improved-early-cleanup-of-streams.patch
Patch61: backport-release-memory-to-the-OS-when-needed.patch
Patch62: backport-Fix-use-after-free-warning-with-gcc-fanalyzer.patch
Patch63: backport-Use-ap_os_is_path_absolute-to-make-it-portable.patch
Patch64: backport-CVE-2024-24795-let-httpd-handle-CL-TE-for-non-http-handlers.patch
Patch65: backport-CVE-2023-38709-header-validation-after-content.patch
Patch66: backport-CVE-2024-27316-bail-after-too-many-failed-reads.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -216,6 +233,10 @@ sed 's/@MPM@/%{mpm}/' < $RPM_SOURCE_DIR/httpd.service.xml \
xmlto man ./httpd.service.xml
%build
%ifarch loongarch64 sw_64
%_update_config_guess
%_update_config_sub
%endif
rm -rf srclib/{apr,apr-util,pcre}
autoheader && autoconf || exit 1
@ -532,6 +553,48 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Tue May 07 2024 chengyechun <chengyechun1@huaiwe.com> - 2.4.51-21
- Type:CVE
- ID:CVE-2024-24795,CVE-2023-38709,CVE-2024-27316
- SUG:NA
- DESC:fix CVE-2024-24795,CVE-2023-38709,CVE-2024-27316 and sync some patches from upstream
* Fri Nov 03 2023 chengyechun <chengyechun1@huawei.com> - 2.4.51-20
- Type:CVE
- ID:CVE-2023-45802
- SUG:NA
- DESC:fix CVE-2023-45802
* Fri Nov 03 2023 chengyechun <chengyechun1@huawei.com> - 2.4.51-19
- Type:CVE
- ID:CVE-2023-31122
- SUG:NA
- DESC:fix CVE-2023-31122
* Wed Aug 09 2023 panchenbo <panchenbo@kylinsec.com.cn> - 2.4.51-18
- Type:bugfix
- ID:
- SUG:NA
- DESC:add sw_64 support,optimize sw build patch,add loongarch64 support
* Wed May 24 2023 chengyechun <chengyechun1@huawei.com> - 2.4.51-17
- Type:bugfix
- ID:
- SUG:restart
- DESC:Fix double encoding of the uri-path of the request
Do not match the extention against possible query string
Do not double encode slashes
Check before forwarding that a nocanon path has not been rewriteen
* Fri Apr 14 2023 chengyechun <chengyehcun1@huawei.com> - 2.4.51-16
- Type:bugfix
- ID:
- SUG:restart
- DESC:Report an error if the AJP backend sends an invalid number of headers
handled a negative value when parsing the config
avoid delimiting the query with a backreference
fix missing APLOGNO
* Fri Mar 10 2023 chengyechun <chengyechun1@huawei.com> - 2.4.51-15
- Type:CVE
- ID:CVE-2023-27522, CVE-2023-25690
@ -723,7 +786,7 @@ exit $rv
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add SSLCipherSuite
- DESC:add SSLCipherSuite
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.4.34-13
- Type:NA