diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/httpd-2.4.37-CVE-2021-34798.patch b/SOURCES/httpd-2.4.37-CVE-2021-34798.patch new file mode 100644 index 0000000..4a03341 --- /dev/null +++ b/SOURCES/httpd-2.4.37-CVE-2021-34798.patch @@ -0,0 +1,13 @@ +diff --git a/server/scoreboard.c b/server/scoreboard.c +index 23e3d70..7b01bdf 100644 +--- a/server/scoreboard.c ++++ b/server/scoreboard.c +@@ -376,7 +376,7 @@ AP_DECLARE(void) ap_increment_counts(ap_sb_handle_t *sb, request_rec *r) + if (pfn_ap_logio_get_last_bytes != NULL) { + bytes = pfn_ap_logio_get_last_bytes(r->connection); + } +- else if (r->method_number == M_GET && r->method[0] == 'H') { ++ else if (r->method_number == M_GET && r->method && r->method[0] == 'H') { + bytes = 0; + } + else { diff --git a/SOURCES/httpd-2.4.37-CVE-2021-39275.patch b/SOURCES/httpd-2.4.37-CVE-2021-39275.patch new file mode 100644 index 0000000..590268f --- /dev/null +++ b/SOURCES/httpd-2.4.37-CVE-2021-39275.patch @@ -0,0 +1,21 @@ +diff --git a/server/util.c b/server/util.c +index e0c558c..2a5dd04 100644 +--- a/server/util.c ++++ b/server/util.c +@@ -2460,13 +2460,12 @@ AP_DECLARE(char *) ap_escape_quotes(apr_pool_t *p, const char *instring) + * in front of every " that doesn't already have one. + */ + while (*inchr != '\0') { +- if ((*inchr == '\\') && (inchr[1] != '\0')) { +- *outchr++ = *inchr++; +- *outchr++ = *inchr++; +- } + if (*inchr == '"') { + *outchr++ = '\\'; + } ++ if ((*inchr == '\\') && (inchr[1] != '\0')) { ++ *outchr++ = *inchr++; ++ } + if (*inchr != '\0') { + *outchr++ = *inchr++; + } diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec index c17c989..5bd64d6 100644 --- a/SPECS/httpd.spec +++ b/SPECS/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.37 -Release: 43%{?dist}.1 +Release: 43%{?dist}.2 URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source2: httpd.logrotate @@ -198,6 +198,10 @@ Patch214: httpd-2.4.37-CVE-2021-40438.patch Patch215: httpd-2.4.37-CVE-2021-26691.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2034674 Patch216: httpd-2.4.37-CVE-2021-44790.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2005128 +Patch217: httpd-2.4.37-CVE-2021-34798.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2005119 +Patch218: httpd-2.4.37-CVE-2021-39275.patch License: ASL 2.0 Group: System Environment/Daemons @@ -394,6 +398,8 @@ interface for storing and accessing per-user session data. %patch214 -p1 -b .CVE-2021-40438 %patch215 -p1 -b .CVE-2021-26691 %patch216 -p1 -b .CVE-2021-44790 +%patch217 -p1 -b .CVE-2021-34798 +%patch218 -p1 -b .CVE-2021-39275 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -899,8 +905,11 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog -* Tue Jan 25 2022 CentOS Sources - 2.4.37-43.el8.centos.1 -- Apply debranding changes +* Fri Feb 25 2022 Luboš Uhliarik - 2.4.37-43.2 +- Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference + via malformed requests +- Resolves: #2059257 - CVE-2021-39275 httpd:2.4/httpd: out-of-bounds write in + ap_escape_quotes() via malicious input * Mon Jan 10 2022 Luboš Uhliarik - 2.4.37-43.1 - Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer