diff --git a/centos-noindex.tar.gz b/centos-noindex.tar.gz deleted file mode 100644 index a67601ac501d9183e063e6d88e86a286646247de..0000000000000000000000000000000000000000 Binary files a/centos-noindex.tar.gz and /dev/null differ diff --git a/httpd-2.4.6-CVE-2021-40438.patch b/httpd-2.4.6-CVE-2021-40438.patch new file mode 100644 index 0000000000000000000000000000000000000000..0b532442296f367d7faff05631e2793f1a8ec5a2 --- /dev/null +++ b/httpd-2.4.6-CVE-2021-40438.patch @@ -0,0 +1,100 @@ +diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c +index c4109d6..b89d3e4 100644 +--- a/modules/mappers/mod_rewrite.c ++++ b/modules/mappers/mod_rewrite.c +@@ -599,6 +599,13 @@ static unsigned is_absolute_uri(char *uri, int *supportsqs) + return 6; + } + break; ++ ++ case 'u': ++ case 'U': ++ if (!ap_cstr_casecmpn(uri, "nix:", 4)) { /* unix: */ ++ *sqs = 1; ++ return (uri[4] == '/' && uri[5] == '/') ? 7 : 5; ++ } + } + + return 0; +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c +index 506a046..29a39f8 100644 +--- a/modules/proxy/mod_proxy.c ++++ b/modules/proxy/mod_proxy.c +@@ -1442,7 +1442,7 @@ static char *de_socketfy(apr_pool_t *p, char *url) + * the UDS path... ignore it + */ + if (!strncasecmp(url, "unix:", 5) && +- ((ptr = ap_strchr(url, '|')) != NULL)) { ++ ((ptr = ap_strchr_c(url + 5, '|')) != NULL)) { + /* move past the 'unix:...|' UDS path info */ + char *ret, *c; + +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c +index ca6cb87..e5862f8 100644 +--- a/modules/proxy/proxy_util.c ++++ b/modules/proxy/proxy_util.c +@@ -2010,8 +2010,7 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker, + } + else if (r->proxyreq == PROXYREQ_REVERSE) { + if (conf->reverse) { +- char *ptr; +- char *ptr2; ++ char *uds_url = r->filename + 6, *origin_url; + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, + "*: found reverse proxy worker for %s", *url); + *balancer = NULL; +@@ -2032,25 +2031,38 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker, + * check to see if r->filename starts with 'proxy:' + */ + if (apr_table_get(r->notes, "rewrite-proxy") && +- (ptr2 = ap_strcasestr(r->filename, "unix:")) && +- (ptr = ap_strchr(ptr2, '|'))) { ++ !ap_cstr_casecmpn(uds_url, "unix:", 5) && ++ (origin_url = ap_strchr(uds_url + 5, '|'))) { ++ ++ char *uds_path = NULL; ++ apr_size_t url_len; + apr_uri_t urisock; + apr_status_t rv; +- *ptr = '\0'; +- rv = apr_uri_parse(r->pool, ptr2, &urisock); +- if (rv == APR_SUCCESS) { +- char *rurl = ptr+1; +- char *sockpath = ap_runtime_dir_relative(r->pool, urisock.path); +- apr_table_setn(r->notes, "uds_path", sockpath); +- *url = apr_pstrdup(r->pool, rurl); /* so we get the scheme for the uds */ +- /* r->filename starts w/ "proxy:", so add after that */ +- memmove(r->filename+6, rurl, strlen(rurl)+1); +- ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, +- "*: rewrite of url due to UDS(%s): %s (%s)", +- sockpath, *url, r->filename); ++ ++ *origin_url = '\0'; ++ rv = apr_uri_parse(r->pool, uds_url, &urisock); ++ *origin_url++ = '|'; ++ ++ if (rv == APR_SUCCESS && urisock.path && (!urisock.hostname ++ || !urisock.hostname[0])) { ++ uds_path = ap_runtime_dir_relative(r->pool, urisock.path); + } +- else { +- *ptr = '|'; ++ ++ if (!uds_path) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10292) ++ "Invalid proxy UDS filename (%s)", r->filename); ++ access_status = HTTP_INTERNAL_SERVER_ERROR; ++ } else { ++ apr_table_setn(r->notes, "uds_path", uds_path); ++ ++ /* Remove the UDS path from *url and r->filename */ ++ url_len = strlen(origin_url); ++ *url = apr_pstrmemdup(r->pool, origin_url, url_len); ++ memcpy(uds_url, *url, url_len + 1); ++ ++ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, ++ "*: rewrite of url due to UDS(%s): %s (%s)", ++ uds_path, *url, r->filename); + } + } + } diff --git a/httpd-2.4.6-r1872790.patch b/httpd-2.4.6-r1872790.patch new file mode 100644 index 0000000000000000000000000000000000000000..a707b4fcdd9003d87bb867690cee54e29eef291e --- /dev/null +++ b/httpd-2.4.6-r1872790.patch @@ -0,0 +1,337 @@ +# ./pullrev.sh 1872790 + +http://svn.apache.org/viewvc?view=revision&revision=1872790 + +- Adjusted to remove (pointless-for-RHEL) additions of #if APR_HAS_THREADS. +- merged a previous change to connection_destructor in mod_proxy_balancer.c +- s/hostname_ex/hostname since 2.4.6 doesn't have hostname_ex + +--- httpd-2.4.6/modules/proxy/mod_proxy_balancer.c.r1872790 ++++ httpd-2.4.6/modules/proxy/mod_proxy_balancer.c +@@ -1229,12 +1229,23 @@ + bsel->wupdated = bsel->s->wupdated = nworker->s->updated = apr_time_now(); + /* by default, all new workers are disabled */ + ap_proxy_set_wstatus('D', 1, nworker); ++ } else { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10163) ++ "%s: failed to add worker %s", ++ bsel->s->name, val); ++ PROXY_GLOBAL_UNLOCK(bsel); ++ return HTTP_BAD_REQUEST; + } + if ((rv = PROXY_GLOBAL_UNLOCK(bsel)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01203) + "%s: Unlock failed for adding worker", + bsel->s->name); + } ++ } else { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10164) ++ "%s: failed to add worker %s", ++ bsel->s->name, val); ++ return HTTP_BAD_REQUEST; + } + + } +--- httpd-2.4.6/modules/proxy/mod_proxy_ftp.c.r1872790 ++++ httpd-2.4.6/modules/proxy/mod_proxy_ftp.c +@@ -972,7 +972,7 @@ + conn_rec *origin, *data = NULL; + apr_status_t err = APR_SUCCESS; + apr_status_t uerr = APR_SUCCESS; +- apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); ++ apr_bucket_brigade *bb; + char *buf, *connectname; + apr_port_t connectport; + char buffer[MAX_STRING_LEN]; +@@ -1112,13 +1112,15 @@ + + if (worker->s->is_address_reusable) { + if (!worker->cp->addr) { ++#if APR_HAS_THREADS + if ((err = PROXY_THREAD_LOCK(worker->balancer)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, err, r, APLOGNO(01037) "lock"); + return HTTP_INTERNAL_SERVER_ERROR; + } ++#endif + } +- connect_addr = worker->cp->addr; +- address_pool = worker->cp->pool; ++ connect_addr = AP_VOLATILIZE_T(apr_sockaddr_t *, worker->cp->addr); ++ address_pool = worker->cp->dns_pool; + } + else + address_pool = r->pool; +@@ -1206,6 +1208,7 @@ + * correct directory... + */ + ++ bb = apr_brigade_create(p, c->bucket_alloc); + + /* possible results: */ + /* 120 Service ready in nnn minutes. */ +--- httpd-2.4.6/modules/proxy/mod_proxy.h.r1872790 ++++ httpd-2.4.6/modules/proxy/mod_proxy.h +@@ -260,12 +260,15 @@ + + /* Connection pool */ + struct proxy_conn_pool { +- apr_pool_t *pool; /* The pool used in constructor and destructor calls */ +- apr_sockaddr_t *addr; /* Preparsed remote address info */ +- apr_reslist_t *res; /* Connection resource list */ +- proxy_conn_rec *conn; /* Single connection for prefork mpm */ ++ apr_pool_t *pool; /* The pool used in constructor and destructor calls */ ++ apr_sockaddr_t *addr; /* Preparsed remote address info */ ++ apr_reslist_t *res; /* Connection resource list */ ++ proxy_conn_rec *conn; /* Single connection for prefork mpm */ ++ apr_pool_t *dns_pool; /* The pool used for worker scoped DNS resolutions */ + }; + ++#define AP_VOLATILIZE_T(T, x) (*(T volatile *)&(x)) ++ + /* Keep below in sync with proxy_util.c! */ + /* worker status bits */ + #define PROXY_WORKER_INITIALIZED 0x0001 +--- httpd-2.4.6/modules/proxy/proxy_util.c.r1872790 ++++ httpd-2.4.6/modules/proxy/proxy_util.c +@@ -1318,16 +1324,14 @@ + + static apr_status_t conn_pool_cleanup(void *theworker) + { +- proxy_worker *worker = (proxy_worker *)theworker; +- if (worker->cp->res) { +- worker->cp->pool = NULL; +- } ++ ((proxy_worker *)theworker)->cp = NULL; + return APR_SUCCESS; + } + + static void init_conn_pool(apr_pool_t *p, proxy_worker *worker) + { + apr_pool_t *pool; ++ apr_pool_t *dns_pool; + proxy_conn_pool *cp; + + /* +@@ -1339,11 +1343,20 @@ + apr_pool_create(&pool, p); + apr_pool_tag(pool, "proxy_worker_cp"); + /* ++ * Create a subpool of the connection pool for worker ++ * scoped DNS resolutions. This is needed to avoid race ++ * conditions in using the connection pool by multiple ++ * threads during ramp up. ++ */ ++ apr_pool_create(&dns_pool, pool); ++ apr_pool_tag(dns_pool, "proxy_worker_dns"); ++ /* + * Alloc from the same pool as worker. + * proxy_conn_pool is permanently attached to the worker. + */ + cp = (proxy_conn_pool *)apr_pcalloc(p, sizeof(proxy_conn_pool)); + cp->pool = pool; ++ cp->dns_pool = dns_pool; + worker->cp = cp; + } + +@@ -1359,14 +1372,6 @@ + proxy_conn_rec *conn = (proxy_conn_rec *)theconn; + proxy_worker *worker = conn->worker; + +- /* +- * If the connection pool is NULL the worker +- * cleanup has been run. Just return. +- */ +- if (!worker->cp) { +- return APR_SUCCESS; +- } +- + if (conn->r) { + apr_pool_destroy(conn->r->pool); + conn->r = NULL; +@@ -1487,10 +1492,11 @@ + static apr_status_t connection_destructor(void *resource, void *params, + apr_pool_t *pool) + { +- proxy_conn_rec *conn = (proxy_conn_rec *)resource; ++ proxy_worker *worker = params; + + /* Destroy the pool only if not called from reslist_destroy */ +- if (conn->worker->cp->pool) { ++ if (worker->cp) { ++ proxy_conn_rec *conn = resource; + apr_pool_destroy(conn->pool); + } + +@@ -1880,67 +1886,73 @@ + ap_proxy_worker_name(p, worker)); + } + else { +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00927) +- "initializing worker %s local", +- ap_proxy_worker_name(p, worker)); + apr_global_mutex_lock(proxy_mutex); +- /* Now init local worker data */ +- if (worker->tmutex == NULL) { +- rv = apr_thread_mutex_create(&(worker->tmutex), APR_THREAD_MUTEX_DEFAULT, p); +- if (rv != APR_SUCCESS) { +- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00928) +- "can not create worker thread mutex"); +- apr_global_mutex_unlock(proxy_mutex); +- return rv; ++ /* Check again after we got the lock if we are still uninitialized */ ++ if (!(AP_VOLATILIZE_T(unsigned int, worker->local_status) & PROXY_WORKER_INITIALIZED)) { ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00927) ++ "initializing worker %s local", ++ ap_proxy_worker_name(p, worker)); ++ /* Now init local worker data */ ++#if APR_HAS_THREADS ++ if (worker->tmutex == NULL) { ++ rv = apr_thread_mutex_create(&(worker->tmutex), APR_THREAD_MUTEX_DEFAULT, p); ++ if (rv != APR_SUCCESS) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00928) ++ "can not create worker thread mutex"); ++ apr_global_mutex_unlock(proxy_mutex); ++ return rv; ++ } + } +- } +- if (worker->cp == NULL) +- init_conn_pool(p, worker); +- if (worker->cp == NULL) { +- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00929) +- "can not create connection pool"); +- apr_global_mutex_unlock(proxy_mutex); +- return APR_EGENERAL; +- } +- +- if (worker->s->hmax) { +- rv = apr_reslist_create(&(worker->cp->res), +- worker->s->min, worker->s->smax, +- worker->s->hmax, worker->s->ttl, +- connection_constructor, connection_destructor, +- worker, worker->cp->pool); +- +- apr_pool_cleanup_register(worker->cp->pool, (void *)worker, +- conn_pool_cleanup, +- apr_pool_cleanup_null); +- +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930) +- "initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d", +- getpid(), worker->s->hostname, worker->s->min, +- worker->s->hmax, worker->s->smax); +- +- /* Set the acquire timeout */ +- if (rv == APR_SUCCESS && worker->s->acquire_set) { +- apr_reslist_timeout_set(worker->cp->res, worker->s->acquire); ++#endif ++ if (worker->cp == NULL) ++ init_conn_pool(p, worker); ++ if (worker->cp == NULL) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00929) ++ "can not create connection pool"); ++ apr_global_mutex_unlock(proxy_mutex); ++ return APR_EGENERAL; + } + +- } +- else { +- void *conn; ++ if (worker->s->hmax) { ++ rv = apr_reslist_create(&(worker->cp->res), ++ worker->s->min, worker->s->smax, ++ worker->s->hmax, worker->s->ttl, ++ connection_constructor, connection_destructor, ++ worker, worker->cp->pool); ++ ++ apr_pool_pre_cleanup_register(worker->cp->pool, worker, ++ conn_pool_cleanup); ++ ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930) ++ "initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d", ++ getpid(), worker->s->hostname, worker->s->min, ++ worker->s->hmax, worker->s->smax); ++ ++ /* Set the acquire timeout */ ++ if (rv == APR_SUCCESS && worker->s->acquire_set) { ++ apr_reslist_timeout_set(worker->cp->res, worker->s->acquire); ++ } + +- rv = connection_constructor(&conn, worker, worker->cp->pool); +- worker->cp->conn = conn; ++ } ++ else { ++ void *conn; ++ ++ rv = connection_constructor(&conn, worker, worker->cp->pool); ++ worker->cp->conn = conn; + +- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00931) +- "initialized single connection worker in child %" APR_PID_T_FMT " for (%s)", +- getpid(), worker->s->hostname); ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, s, APLOGNO(00931) ++ "initialized single connection worker in child %" APR_PID_T_FMT " for (%s)", ++ getpid(), worker->s->hostname); ++ } ++ if (rv == APR_SUCCESS) { ++ worker->local_status |= (PROXY_WORKER_INITIALIZED); ++ } + } + apr_global_mutex_unlock(proxy_mutex); + + } + if (rv == APR_SUCCESS) { + worker->s->status |= (PROXY_WORKER_INITIALIZED); +- worker->local_status |= (PROXY_WORKER_INITIALIZED); + } + return rv; + } +@@ -2183,13 +2195,13 @@ + else { + /* create the new connection if the previous was destroyed */ + if (!worker->cp->conn) { +- connection_constructor((void **)conn, worker, worker->cp->pool); ++ rv = connection_constructor((void **)conn, worker, worker->cp->pool); + } + else { + *conn = worker->cp->conn; + worker->cp->conn = NULL; ++ rv = APR_SUCCESS; + } +- rv = APR_SUCCESS; + } + + if (rv != APR_SUCCESS) { +@@ -2374,15 +2386,25 @@ + } + + /* +- * Worker can have the single constant backend adress. +- * The single DNS lookup is used once per worker. +- * If dynamic change is needed then set the addr to NULL +- * inside dynamic config to force the lookup. ++ * Recheck addr after we got the lock. This may have changed ++ * while waiting for the lock. + */ +- err = apr_sockaddr_info_get(&(worker->cp->addr), +- conn->hostname, APR_UNSPEC, +- conn->port, 0, +- worker->cp->pool); ++ if (!AP_VOLATILIZE_T(apr_sockaddr_t *, worker->cp->addr)) { ++ ++ apr_sockaddr_t *addr; ++ ++ /* ++ * Worker can have the single constant backend address. ++ * The single DNS lookup is used once per worker. ++ * If dynamic change is needed then set the addr to NULL ++ * inside dynamic config to force the lookup. ++ */ ++ err = apr_sockaddr_info_get(&addr, ++ conn->hostname, APR_UNSPEC, ++ conn->port, 0, ++ worker->cp->dns_pool); ++ worker->cp->addr = addr; ++ } + conn->addr = worker->cp->addr; + if ((uerr = PROXY_THREAD_UNLOCK(worker)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, uerr, r, APLOGNO(00946) "unlock"); diff --git a/httpd-2.4.6-r1879224.patch b/httpd-2.4.6-r1879224.patch new file mode 100644 index 0000000000000000000000000000000000000000..85b67441d5c04440450e1fa4ecae407a6d11ca0f --- /dev/null +++ b/httpd-2.4.6-r1879224.patch @@ -0,0 +1,13 @@ +diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c +index 0e4017c..d6903f7 100644 +--- a/modules/ssl/ssl_engine_kernel.c ++++ b/modules/ssl/ssl_engine_kernel.c +@@ -1511,7 +1511,7 @@ static void modssl_proxy_info_log(conn_rec *c, + *cert = info->x509; \ + CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \ + *pkey = info->x_pkey->dec_pkey; \ +- CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_X509_PKEY) ++ CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_EVP_PKEY) + + int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) + { diff --git a/httpd-2.4.6-r1881459.patch b/httpd-2.4.6-r1881459.patch new file mode 100644 index 0000000000000000000000000000000000000000..c8222c045aecd44261b08ea1d8ce22924e2922ef --- /dev/null +++ b/httpd-2.4.6-r1881459.patch @@ -0,0 +1,36 @@ +diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c +index 7808262..38e43d3 100644 +--- a/modules/generators/mod_cgi.c ++++ b/modules/generators/mod_cgi.c +@@ -946,6 +946,13 @@ static int cgi_handler(request_rec *r) + if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf, + APLOG_MODULE_INDEX))) + { ++ /* In the case of a timeout reading script output, clear ++ * the brigade to avoid a second attempt to read the ++ * output. */ ++ if (ret == HTTP_GATEWAY_TIME_OUT) { ++ apr_brigade_cleanup(bb); ++ } ++ + ret = log_script(r, conf, ret, dbuf, sbuf, bb, script_err); + + /* +diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c +index 56d3524..b1e7dec 100644 +--- a/modules/generators/mod_cgid.c ++++ b/modules/generators/mod_cgid.c +@@ -1554,6 +1554,13 @@ static int cgid_handler(request_rec *r) + if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf, + APLOG_MODULE_INDEX))) + { ++ /* In the case of a timeout reading script output, clear ++ * the brigade to avoid a second attempt to read the ++ * output. */ ++ if (ret == HTTP_GATEWAY_TIME_OUT) { ++ apr_brigade_cleanup(bb); ++ } ++ + ret = log_script(r, conf, ret, dbuf, sbuf, bb, NULL); + + /* diff --git a/httpd.spec b/httpd.spec index 13a80548fcf30c12e331fb1b67dbede47b9f193c..2240168655444536cb0bd2833124b97a5b18bd42 100644 --- a/httpd.spec +++ b/httpd.spec @@ -4,7 +4,7 @@ %define mmn 20120211 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits} %define mmnisa %{mmn}%{__isa_name}%{__isa_bits} -%define vstring CentOS +%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT}) # Drop automatic provides for module DSOs %{?filter_setup: @@ -15,10 +15,10 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.6 -Release: 95%{?dist} +Release: 97%{?dist}.2 URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 -Source1: centos-noindex.tar.gz +Source1: index.html Source2: httpd.logrotate Source3: httpd.sysconf Source4: httpd-ssl-pass-dialog @@ -201,6 +201,12 @@ Patch141: httpd-2.4.6-r1583175.patch Patch142: httpd-2.4.6-r1862604.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1724879 Patch143: httpd-2.4.6-ssl-close-notify-client.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1852350 +Patch144: httpd-2.4.6-r1879224.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1785100 +Patch145: httpd-2.4.6-r1881459.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1862499 +Patch146: httpd-2.4.6-r1872790.patch # Security fixes Patch200: httpd-2.4.6-CVE-2013-6438.patch @@ -235,6 +241,7 @@ Patch228: httpd-2.4.6-CVE-2019-10098.patch Patch229: httpd-2.4.6-CVE-2018-1303.patch Patch230: httpd-2.4.6-CVE-2018-1283.patch Patch240: httpd-2.4.6-CVE-2020-1934.patch +Patch241: httpd-2.4.6-CVE-2021-40438.patch License: ASL 2.0 Group: System Environment/Daemons @@ -462,6 +469,9 @@ rm modules/ssl/ssl_engine_dh.c %patch141 -p1 -b .r1583175 %patch142 -p1 -b .r1862604 %patch143 -p1 -b .ssl-close-notify-client +%patch144 -p1 -b .r1879224 +%patch145 -p1 -b .r1881459 +%patch146 -p1 -b .r1872790 %patch200 -p1 -b .cve6438 %patch201 -p1 -b .cve0098 @@ -495,6 +505,7 @@ rm modules/ssl/ssl_engine_dh.c %patch229 -p1 -b .cve1303 %patch230 -p1 -b .cve1283 %patch240 -p1 -b .cve1934 +%patch241 -p1 -b .cve40438 # Patch in the vendor string and the release string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -648,10 +659,8 @@ EOF # Handle contentdir mkdir $RPM_BUILD_ROOT%{contentdir}/noindex -tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \ - -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \ - --strip-components=1 - +install -m 644 -p $RPM_SOURCE_DIR/index.html \ + $RPM_BUILD_ROOT%{contentdir}/noindex/index.html rm -rf %{contentdir}/htdocs # remove manual sources @@ -674,7 +683,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \ $RPM_BUILD_ROOT%{docroot}/cgi-bin/* # Symlink for the powered-by-$DISTRO image: -ln -s ../noindex/images/poweredby.png \ +ln -s ../../pixmaps/poweredby.png \ $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png # symlinks for /etc/httpd @@ -860,7 +869,7 @@ rm -rf $RPM_BUILD_ROOT %{contentdir}/error/README %{contentdir}/error/*.var %{contentdir}/error/include/*.html -%{contentdir}/noindex/* +%{contentdir}/noindex/index.html %dir %{docroot} %dir %{docroot}/cgi-bin @@ -926,11 +935,19 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog -* Tue Sep 29 2020 CentOS Sources - 2.4.6-95.el7.centos -- Remove index.html, add centos-noindex.tar.gz -- change vstring -- change symlink for poweredby.png -- update welcome.conf with proper aliases +* Mon Oct 25 2021 Luboš Uhliarik - 2.4.6-97.2 +- Resolves: #2015694 - proxy rewrite to unix socket fails with CVE-2021-40438 fix + +* Thu Oct 07 2021 Luboš Uhliarik - 2.4.6-97.1 +- Resolves: #2011729 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted + request uri-path containing "unix:" + +* Wed Oct 07 2020 Lubos Uhliarik - 2.4.6-97 +- Resolves: #1852350 - httpd/mod_proxy_http/mod_ssl aborted when sending + a client cert to backend server +- Resolves: #1785100 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout +- Resolves: #1862499 - Intermittent Segfault in Apache httpd due to pool + concurrency issues * Fri Apr 17 2020 Lubos Uhliarik - 2.4.6-95 - Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized diff --git a/index.html b/index.html new file mode 100644 index 0000000000000000000000000000000000000000..06ad3fcb3168b1405abcca254040a9bf4d408ca2 --- /dev/null +++ b/index.html @@ -0,0 +1,123 @@ + + + + + Test Page for the Apache HTTP Server on Red Hat Enterprise Linux + + + + + +

Red Hat Enterprise Linux Test Page

+ +
+
+

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly.

+
+
+ +
+
+

If you are a member of the general public:

+ +

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.

+ +

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.

+ +

For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+
+
+ +
+

If you are the website administrator:

+ +

You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

+ +

You are free to use the image below on web sites powered by the Apache HTTP Server:

+ +

[ Powered by Apache ]

+ +
+
+
+ + diff --git a/welcome.conf b/welcome.conf index c1b6c11d9622c7bf21d7aefa5c1e19c36da1e186..5d1e452842545f8a55db0d6d602b2033b758898d 100644 --- a/welcome.conf +++ b/welcome.conf @@ -16,7 +16,3 @@ Alias /.noindex.html /usr/share/httpd/noindex/index.html -Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css -Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css -Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif -Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png