diff --git a/CVE-2021-20718-pre1.patch b/CVE-2021-20718-pre1.patch new file mode 100644 index 0000000..d50ebd9 --- /dev/null +++ b/CVE-2021-20718-pre1.patch @@ -0,0 +1,43 @@ +From 9793565ade06dcea0626e8c05137725141ef827b Mon Sep 17 00:00:00 2001 +From: Hans Zandbelt +Date: Fri, 28 Aug 2020 19:05:52 +0200 +Subject: [PATCH] allow Content-Type check on backchannel logout to have postfixes utf-8 etc. ; bump to 2.4.4rc8 + +Signed-off-by: Hans Zandbelt +--- + configure.ac | 2 +- + src/util.c | 7 +++++-- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c976c5c..7e8353c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,4 +1,4 @@ +-AC_INIT([mod_auth_openidc],[2.4.0.3],[hans.zandbelt@zmartzone.eu]) ++AC_INIT([mod_auth_openidc],[2.4.4rc8],[hans.zandbelt@zmartzone.eu]) + + AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION()) + +diff --git a/src/util.c b/src/util.c +index 617136e..ca13512 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1526,9 +1526,12 @@ apr_byte_t oidc_util_read_post_params(request_rec *r, apr_table_t *table, + const char *content_type = NULL; + + content_type = oidc_util_hdr_in_content_type_get(r); +- if ((r->method_number != M_POST) || (apr_strnatcmp(content_type, +- OIDC_CONTENT_TYPE_FORM_ENCODED) != 0)) ++ if ((r->method_number != M_POST) || (strstr(content_type, ++ OIDC_CONTENT_TYPE_FORM_ENCODED) != content_type)) { ++ oidc_debug(r, "required content-type %s not found", ++ OIDC_CONTENT_TYPE_FORM_ENCODED); + goto end; ++ } + + if (oidc_util_read(r, &data) != TRUE) + goto end; +-- +2.23.0 + diff --git a/CVE-2021-20718.patch b/CVE-2021-20718.patch new file mode 100644 index 0000000..1101be9 --- /dev/null +++ b/CVE-2021-20718.patch @@ -0,0 +1,42 @@ +From 42a14e1d7a3fff62fc6b20df56f6dc38f086effd Mon Sep 17 00:00:00 2001 +From: Hans Zandbelt +Date: Fri, 30 Apr 2021 19:33:38 +0200 +Subject: [PATCH] fix potential crash when Content-Type is not set in +POST requests thanks JPCERT/CC; release 2.4.8 + +Signed-off-by: Hans Zandbelt +--- + configure.ac | 2 +- + src/util.c | 5 ++--- + 2 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 7e8353c..50b555f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,4 +1,4 @@ +-AC_INIT([mod_auth_openidc],[2.4.4rc8],[hans.zandbelt@zmartzone.eu]) ++AC_INIT([mod_auth_openidc],[2.4.8],[hans.zandbelt@zmartzone.eu]) + + AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION()) + +diff --git a/src/util.c b/src/util.c +index ca13512..2306c3a 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1526,10 +1526,9 @@ apr_byte_t oidc_util_read_post_params(request_rec *r, apr_table_t *table, + const char *content_type = NULL; + + content_type = oidc_util_hdr_in_content_type_get(r); +- if ((r->method_number != M_POST) || (strstr(content_type, ++ if ((r->method_number != M_POST) || (content_type == NULL) || (strstr(content_type, + OIDC_CONTENT_TYPE_FORM_ENCODED) != content_type)) { +- oidc_debug(r, "required content-type %s not found", +- OIDC_CONTENT_TYPE_FORM_ENCODED); ++ oidc_debug(r, "required content-type %s not found", OIDC_CONTENT_TYPE_FORM_ENCODED); + goto end; + } + +-- +2.23.0 + diff --git a/mod_auth_openidc.spec b/mod_auth_openidc.spec index a26b6e9..71f3d89 100644 --- a/mod_auth_openidc.spec +++ b/mod_auth_openidc.spec @@ -7,12 +7,14 @@ Name: mod_auth_openidc Version: 2.4.0.3 -Release: 3 +Release: 4 Summary: OpenID Connect Relying Party module for Apache 2.x HTTP Server License: ASL 2.0 URL: https://github.com/zmartzone/mod_auth_openidc Source0: https://github.com/zmartzone/mod_auth_openidc/archive/v%{version}.tar.gz Patch0000: CVE-2019-20479.patch +Patch0001: CVE-2021-20718-pre1.patch +Patch0002: CVE-2021-20718.patch BuildRequires: gcc httpd-devel openssl-devel curl-devel jansson-devel BuildRequires: pcre-devel autoconf automake cjose-devel jq-devel @@ -59,6 +61,9 @@ install -m 700 -d $RPM_BUILD_ROOT%{httpd_pkg_cache_dir}/{metadata,cache} %dir %attr(0700, apache, apache) %{httpd_pkg_cache_dir}/{metadata,cache} %changelog +* Thu Jun 10 2021 wangyue 2.4.0.3-4 +- Fix CVE-2021-20718 + * Fri Feb 19 2021 wangxiao 2.4.0.3-3 - Fix CVE-2019-20479