[packages/apache] Up to 2.4.55; fixes CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
arekm
arekm at pld-linux.org
Thu Jan 26 08:01:17 CET 2023
commit 213941685021c4022ecdfa1a2844a57602c09ff6
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Jan 26 07:57:53 2023 +0100
Up to 2.4.55; fixes CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
apache.spec | 6 ++++--
http2-500.patch | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 2 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 390fece..ead015a 100644
--- a/apache.spec
+++ b/apache.spec
@@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.4.54
+Version: 2.4.55
Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 861b43073ab416d689f1fc4dfa087711
+# Source0-md5: b6a8b9d8741db43cf5b4dd8e9bdb0ce7
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
@@ -79,6 +79,7 @@ Patch2: %{name}-suexec.patch
Patch3: %{name}-branding.patch
Patch4: %{name}-apr.patch
Patch7: %{name}-syslibs.patch
+Patch8: http2-500.patch
Patch10: httpd-2.0.46-dav401dest.patch
Patch14: httpd-2.0.48-corelimit.patch
@@ -2692,6 +2693,7 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
%patch4 -p1
%patch7 -p1
+%patch8 -p1
%patch10 -p1
diff --git a/http2-500.patch b/http2-500.patch
new file mode 100644
index 0000000..e75fbef
--- /dev/null
+++ b/http2-500.patch
@@ -0,0 +1,35 @@
+commit a829ac7f3f543ce6849d563aed4b6d602a7ca0e7
+Author: Stefan Eissing <icing at apache.org>
+Date: Wed Jan 18 20:02:25 2023 +0000
+
+ *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
+ reported in access logs and error documents. The processing of the
+ reset was correct, only unneccesary reporting was caused.
+
+
+
+ git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906775 13f79535-47bb-0310-9956-ffa450edef68
+
+diff --git a/changes-entries/h2-rst-access-500-fix.txt b/changes-entries/h2-rst-access-500-fix.txt
+new file mode 100644
+index 0000000000..d165fa3bc8
+--- /dev/null
++++ b/changes-entries/h2-rst-access-500-fix.txt
+@@ -0,0 +1,4 @@
++ *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
++ reported in access logs and error documents. The processing of the
++ reset was correct, only unneccesary reporting was caused.
++ [Stefan Eissing]
+diff --git a/modules/http2/h2_c2_filter.c b/modules/http2/h2_c2_filter.c
+index f537a19f07..37254fc1d7 100644
+--- a/modules/http2/h2_c2_filter.c
++++ b/modules/http2/h2_c2_filter.c
+@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f, apr_bucket_brigade* bb)
+ ap_assert(conn_ctx);
+ H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
+
+- if (!conn_ctx->has_final_response) {
++ if (!f->c->aborted && !conn_ctx->has_final_response) {
+ if (!parser) {
+ parser = apr_pcalloc(f->c->pool, sizeof(*parser));
+ parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, conn_ctx->stream_id);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/213941685021c4022ecdfa1a2844a57602c09ff6
More information about the pld-cvs-commit
mailing list