From 56ec19c3fc19d8f88da150e1052928172f430c70 Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Tue, 15 Mar 2022 22:33:09 +0800 Subject: [PATCH 1/3] update to httpd-2.4.37-43.module+el8.5.0+14370+51c6d843.2 Signed-off-by: Liwei Ge --- 1000-httpd-anolis-rebrand.patch | 370 -------------------- 1001-httpd-anolis-support-loongarch64.patch | 32 -- httpd-2.4.37-CVE-2021-34798.patch | 13 + httpd-2.4.37-CVE-2021-39275.patch | 21 ++ httpd.spec | 35 +- 5 files changed, 50 insertions(+), 421 deletions(-) delete mode 100644 1000-httpd-anolis-rebrand.patch delete mode 100644 1001-httpd-anolis-support-loongarch64.patch create mode 100644 httpd-2.4.37-CVE-2021-34798.patch create mode 100644 httpd-2.4.37-CVE-2021-39275.patch diff --git a/1000-httpd-anolis-rebrand.patch b/1000-httpd-anolis-rebrand.patch deleted file mode 100644 index 94aa798..0000000 --- a/1000-httpd-anolis-rebrand.patch +++ /dev/null @@ -1,370 +0,0 @@ -From de0dd0e04d3045426c4b0fd1d681c3a80575376b Mon Sep 17 00:00:00 2001 -From: zhangbinchen -Date: Tue, 16 Mar 2021 18:17:35 +0800 -Subject: [PATCH] rebrand-for-anolis - -Signed-off-by: zhangbinchen ---- - docs/manual/developer/thread_safety.html.en | 2 +- - docs/manual/index.html.de | 4 ++-- - docs/manual/index.html.en | 4 ++-- - docs/manual/index.html.es | 4 ++-- - docs/manual/index.html.fr.utf8 | 4 ++-- - docs/manual/index.html.ja.utf8 | 4 ++-- - docs/manual/index.html.tr.utf8 | 4 ++-- - docs/manual/index.html.zh-cn.utf8 | 4 ++-- - docs/manual/install.html.fr.utf8 | 4 ++-- - docs/manual/install.html.tr.utf8 | 4 ++-- - docs/manual/platform/index.html.en | 4 ++-- - docs/manual/platform/index.html.fr.utf8 | 4 ++-- - docs/manual/platform/rpm.html.en | 6 +++--- - docs/manual/platform/rpm.html.fr.utf8 | 6 +++--- - docs/manual/ssl/ssl_compat.html.en | 10 ++-------- - docs/manual/ssl/ssl_compat.html.fr.utf8 | 11 ++--------- - 16 files changed, 33 insertions(+), 46 deletions(-) - -diff --git a/docs/manual/developer/thread_safety.html.en b/docs/manual/developer/thread_safety.html.en -index e9e2130..e3fb303 100644 ---- a/docs/manual/developer/thread_safety.html.en -+++ b/docs/manual/developer/thread_safety.html.en -@@ -304,4 +304,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.de b/docs/manual/index.html.de -index 84032a9..d039a72 100644 ---- a/docs/manual/index.html.de -+++ b/docs/manual/index.html.de -@@ -93,7 +93,7 @@ - -

Plattform-spezifische Anmerkungen

- -@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.en b/docs/manual/index.html.en -index 493be56..294258c 100644 ---- a/docs/manual/index.html.en -+++ b/docs/manual/index.html.en -@@ -91,7 +91,7 @@ Documentation - -

Platform Specific Notes

- -@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.es b/docs/manual/index.html.es -index 0256bec..68aa346 100644 ---- a/docs/manual/index.html.es -+++ b/docs/manual/index.html.es -@@ -94,7 +94,7 @@ Documentaci - -

Notas Sobre Plataformas Específicas

- -

Otros Temas

-@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.fr.utf8 b/docs/manual/index.html.fr.utf8 -index e729674..4eb6d0a 100644 ---- a/docs/manual/index.html.fr.utf8 -+++ b/docs/manual/index.html.fr.utf8 -@@ -93,7 +93,7 @@ - -

Notes spécifiques aux différentes plateformes

- -@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.ja.utf8 b/docs/manual/index.html.ja.utf8 -index 37b85d3..1a62301 100644 ---- a/docs/manual/index.html.ja.utf8 -+++ b/docs/manual/index.html.ja.utf8 -@@ -93,7 +93,7 @@ - -

プラットフォーム固有ã®æƒ…å ±

- -@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.tr.utf8 b/docs/manual/index.html.tr.utf8 -index 70a7f31..1036391 100644 ---- a/docs/manual/index.html.tr.utf8 -+++ b/docs/manual/index.html.tr.utf8 -@@ -91,7 +91,7 @@ Belgeleri - -

Platformlara Özgü Bilgiler

- -@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/index.html.zh-cn.utf8 b/docs/manual/index.html.zh-cn.utf8 -index 1f7f63f..76b88d8 100644 ---- a/docs/manual/index.html.zh-cn.utf8 -+++ b/docs/manual/index.html.zh-cn.utf8 -@@ -88,7 +88,7 @@ - -

å¹³å°ç›¸å…³è¯´æ˜Ž

- -@@ -119,4 +119,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/install.html.fr.utf8 b/docs/manual/install.html.fr.utf8 -index ccf39a2..5a0fd01 100644 ---- a/docs/manual/install.html.fr.utf8 -+++ b/docs/manual/install.html.fr.utf8 -@@ -69,7 +69,7 @@ -

Aperçu pour les plus pressés

- -
--
Installation sous Fedora/CentOS/Red Hat Enterprise Linux
-+
Installation sous AnolisOS/Fedora/CentOS/Red Hat Enterprise Linux
-
- 
sudo yum install httpd
- sudo service httpd start
-@@ -525,4 +525,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/install.html.tr.utf8 b/docs/manual/install.html.tr.utf8 -index fdb89ea..fd6d691 100644 ---- a/docs/manual/install.html.tr.utf8 -+++ b/docs/manual/install.html.tr.utf8 -@@ -66,7 +66,7 @@ -
-

Tez canlılar için genel bir bakış

-
--
Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum
-+
AnolisoS/Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum
-
- 
sudo yum install httpd
- sudo systemctl enable httpd
-@@ -494,4 +494,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //-->
--
-\ No newline at end of file
-+
-diff --git a/docs/manual/platform/index.html.en b/docs/manual/platform/index.html.en
-index 07af003..8949d4d 100644
---- a/docs/manual/platform/index.html.en
-+++ b/docs/manual/platform/index.html.en
-@@ -66,7 +66,7 @@
-     
- 
-     

--      
RPM Based Systems (Redhat / CentOS / Fedora)

-+	    
RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)

-       

-         
This document explains how to build, install, and run Apache 2.4
-         on systems supporting the RPM packaging format.

-@@ -121,4 +121,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //-->
--
-\ No newline at end of file
-+
-diff --git a/docs/manual/platform/index.html.fr.utf8 b/docs/manual/platform/index.html.fr.utf8
-index 03404a5..bc0a8a8 100644
---- a/docs/manual/platform/index.html.fr.utf8
-+++ b/docs/manual/platform/index.html.fr.utf8
-@@ -67,7 +67,7 @@
-     
- 
-     

--      
Systèmes à base de paquets RPM (Redhat / CentOS / Fedora)

-+	    
Systèmes à base de paquets RPM (AnolisOS / Redhat / CentOS / Fedora)

-       

-         
Ce document explique comment installer, configurer et
- 	exécuter Apache 2.4 sur des systèmes qui supportent le format de
-@@ -127,4 +127,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //-->
--
-\ No newline at end of file
-+
-diff --git a/docs/manual/platform/rpm.html.en b/docs/manual/platform/rpm.html.en
-index 992fe9e..bc1c696 100644
---- a/docs/manual/platform/rpm.html.en
-+++ b/docs/manual/platform/rpm.html.en
-@@ -7,7 +7,7 @@
-               This file is generated from xml source: DO NOT EDIT
-         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-       -->
--Using Apache With RPM Based Systems (Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4
-+Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4
- 
- 
- 
-@@ -21,7 +21,7 @@
-
-
<-
-

Using Apache With RPM Based Systems (Redhat / CentOS / Fedora)

-+ Apache > HTTP Server > Documentation > Version 2.4 > Platform Specific Notes

Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)

-
-

Available Languages:  en  | -  fr 

-@@ -245,4 +245,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/platform/rpm.html.fr.utf8 b/docs/manual/platform/rpm.html.fr.utf8 -index 3ae9ee3..78e6f77 100644 ---- a/docs/manual/platform/rpm.html.fr.utf8 -+++ b/docs/manual/platform/rpm.html.fr.utf8 -@@ -7,7 +7,7 @@ - This file is generated from xml source: DO NOT EDIT - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - --> --Utiliser Apache sur les systèmes à base de paquets RPM (Redhat -+<title>Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat - / CentOS / Fedora) - Serveur HTTP Apache Version 2.4 - - -@@ -23,7 +23,7 @@ -
<-
-

Utiliser Apache sur les systèmes à base de paquets RPM (Redhat -+ plateformes

Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat - / CentOS / Fedora)

-
-

Langues Disponibles:  en  | -@@ -261,4 +261,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/ssl/ssl_compat.html.en b/docs/manual/ssl/ssl_compat.html.en -index fb7b888..122f52d 100644 ---- a/docs/manual/ssl/ssl_compat.html.en -+++ b/docs/manual/ssl/ssl_compat.html.en -@@ -31,13 +31,7 @@ - This page covers backwards compatibility between mod_ssl and other - SSL solutions. mod_ssl is not the only SSL solution for Apache; four - additional products are (or were) also available: Ben Laurie's freely --available Apache-SSL (from --where mod_ssl were originally derived in 1998), Red Hat's commercial --Secure Web Server (which was based on mod_ssl), Covalent's commercial --Raven SSL Module (also based on --mod_ssl) and finally C2Net's (now Red Hat's) commercial product Stronghold (based --on a different evolution branch, named Sioux up to Stronghold 2.x, and --based on mod_ssl since Stronghold 3.x).

-+available Apache-SSL

- -

- mod_ssl mostly provides a superset of the functionality of all the other -@@ -245,4 +239,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ -diff --git a/docs/manual/ssl/ssl_compat.html.fr.utf8 b/docs/manual/ssl/ssl_compat.html.fr.utf8 -index 1c9a0c6..a4adb34 100644 ---- a/docs/manual/ssl/ssl_compat.html.fr.utf8 -+++ b/docs/manual/ssl/ssl_compat.html.fr.utf8 -@@ -31,14 +31,7 @@ -

Ce document couvre la compatibilité ascendante entre mod_ssl et - d'autres solutions SSL. mod_ssl n'est pas la seule solution SSL pour Apache ; - quatre autres produits sont (ou ont été) également disponibles : --Apache-SSL, le produit libre de --Ben Laurie (d'où mod_ssl est issu à l'origine en 1998), Secure --Web Server, un produit commercial de Red Hat (basé sur mod_ssl), --Raven SSL Module, un produit commercial --de Covalent (basé lui aussi sur mod_ssl), et enfin Stronghold, produit --commercial de C2Net et maintenant de Red Hat, (basé sur une branche --d'évolution différente appelée Sioux jusqu'à Stronghold 2.x et basé sur --mod_ssl depuis Stronghold 3.x).

-+Apache-SSL

- -

En plus de ses fonctionnalités propres, mod_ssl rassemble la plupart de - celles des autres solutions SSL, si bien qu'il est très simple de -@@ -254,4 +247,4 @@ if (typeof(prettyPrint) !== 'undefined') { - prettyPrint(); - } - //--> -- -\ No newline at end of file -+ --- -2.18.4 - diff --git a/1001-httpd-anolis-support-loongarch64.patch b/1001-httpd-anolis-support-loongarch64.patch deleted file mode 100644 index 37efba2..0000000 --- a/1001-httpd-anolis-support-loongarch64.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -Nur httpd-2.4.37/build/config.guess httpd-2.4.37.new/build/config.guess ---- httpd-2.4.37/build/config.guess 2018-10-18 22:34:08.000000000 +0800 -+++ httpd-2.4.37.new/build/config.guess 2021-11-04 11:15:42.592000000 +0800 -@@ -897,6 +897,9 @@ - UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; -+ loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) -+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" -+ exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; -diff -Nur httpd-2.4.37/build/config.sub httpd-2.4.37.new/build/config.sub ---- httpd-2.4.37/build/config.sub 2018-10-18 22:34:08.000000000 +0800 -+++ httpd-2.4.37.new/build/config.sub 2021-11-04 11:15:42.592000000 +0800 -@@ -265,6 +265,7 @@ - | k1om \ - | le32 | le64 \ - | lm32 \ -+ | loongarch32 | loongarch64 | loongarchx32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ -@@ -390,6 +391,7 @@ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ -+ | loongarch32-* | loongarch64-* | loongarchx32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ diff --git a/httpd-2.4.37-CVE-2021-34798.patch b/httpd-2.4.37-CVE-2021-34798.patch new file mode 100644 index 0000000..4a03341 --- /dev/null +++ b/httpd-2.4.37-CVE-2021-34798.patch @@ -0,0 +1,13 @@ +diff --git a/server/scoreboard.c b/server/scoreboard.c +index 23e3d70..7b01bdf 100644 +--- a/server/scoreboard.c ++++ b/server/scoreboard.c +@@ -376,7 +376,7 @@ AP_DECLARE(void) ap_increment_counts(ap_sb_handle_t *sb, request_rec *r) + if (pfn_ap_logio_get_last_bytes != NULL) { + bytes = pfn_ap_logio_get_last_bytes(r->connection); + } +- else if (r->method_number == M_GET && r->method[0] == 'H') { ++ else if (r->method_number == M_GET && r->method && r->method[0] == 'H') { + bytes = 0; + } + else { diff --git a/httpd-2.4.37-CVE-2021-39275.patch b/httpd-2.4.37-CVE-2021-39275.patch new file mode 100644 index 0000000..590268f --- /dev/null +++ b/httpd-2.4.37-CVE-2021-39275.patch @@ -0,0 +1,21 @@ +diff --git a/server/util.c b/server/util.c +index e0c558c..2a5dd04 100644 +--- a/server/util.c ++++ b/server/util.c +@@ -2460,13 +2460,12 @@ AP_DECLARE(char *) ap_escape_quotes(apr_pool_t *p, const char *instring) + * in front of every " that doesn't already have one. + */ + while (*inchr != '\0') { +- if ((*inchr == '\\') && (inchr[1] != '\0')) { +- *outchr++ = *inchr++; +- *outchr++ = *inchr++; +- } + if (*inchr == '"') { + *outchr++ = '\\'; + } ++ if ((*inchr == '\\') && (inchr[1] != '\0')) { ++ *outchr++ = *inchr++; ++ } + if (*inchr != '\0') { + *outchr++ = *inchr++; + } diff --git a/httpd.spec b/httpd.spec index 28aa8f8..5bd64d6 100644 --- a/httpd.spec +++ b/httpd.spec @@ -1,11 +1,10 @@ -%define anolis_release .0.1 %define contentdir %{_datadir}/httpd %define docroot /var/www %define suexec_caller apache %define mmn 20120211 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits} -%define vstring %(source /etc/os-release; echo ${NAME}) -%if 0%{?fedora} > 26 || 0%{?rhel} > 7 || 0%{?anolis} +%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT}) +%if 0%{?fedora} > 26 || 0%{?rhel} > 7 %global mpm event %else %global mpm prefork @@ -14,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.37 -Release: 43%{anolis_release}%{?dist}.1 +Release: 43%{?dist}.2 URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source2: httpd.logrotate @@ -199,11 +198,10 @@ Patch214: httpd-2.4.37-CVE-2021-40438.patch Patch215: httpd-2.4.37-CVE-2021-26691.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2034674 Patch216: httpd-2.4.37-CVE-2021-44790.patch - -# Add by Anolis -Patch1000: 1000-httpd-anolis-rebrand.patch -Patch1001: 1001-httpd-anolis-support-loongarch64.patch -# End +# https://bugzilla.redhat.com/show_bug.cgi?id=2005128 +Patch217: httpd-2.4.37-CVE-2021-34798.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2005119 +Patch218: httpd-2.4.37-CVE-2021-39275.patch License: ASL 2.0 Group: System Environment/Daemons @@ -213,7 +211,8 @@ BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 BuildRequires: systemd-devel # web server testpage added to redhat-logos in 82.0 (rhbz1896319) -Requires: /etc/mime.types, system-logos-httpd +# new logo requires new footer copyring which was added in rhbz1934800 +Requires: /etc/mime.types, system-logos(httpd-logo-ng) Obsoletes: httpd-suexec Provides: webserver Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release} @@ -399,11 +398,8 @@ interface for storing and accessing per-user session data. %patch214 -p1 -b .CVE-2021-40438 %patch215 -p1 -b .CVE-2021-26691 %patch216 -p1 -b .CVE-2021-44790 - -# Add by Anolis -%patch1000 -p1 -%patch1001 -p1 -# End +%patch217 -p1 -b .CVE-2021-34798 +%patch218 -p1 -b .CVE-2021-39275 # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -909,10 +905,11 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog -* Wed Mar 02 2022 zhangbinchen - 2.4.37-43.1.0.1 -- Rebrand for Anolis OS(Binchen Zhang) -- Requires system-logos-httpd(Binchen Zhang) -- Support loongarch64 platform(Liwei Ge) +* Fri Feb 25 2022 Luboš Uhliarik - 2.4.37-43.2 +- Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference + via malformed requests +- Resolves: #2059257 - CVE-2021-39275 httpd:2.4/httpd: out-of-bounds write in + ap_escape_quotes() via malicious input * Mon Jan 10 2022 Luboš Uhliarik - 2.4.37-43.1 - Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer -- Gitee From c83d93b15470735698f90388df48cb39d2ff6d76 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Fri, 17 Dec 2021 06:31:15 +0000 Subject: [PATCH 2/3] rebrand for anolis and requires system-logos-httpd --- 10000-htppd-anolis-rebrand.patch | 370 +++++++++++++++++++++++++++++++ httpd.spec | 22 +- 2 files changed, 387 insertions(+), 5 deletions(-) create mode 100644 10000-htppd-anolis-rebrand.patch diff --git a/10000-htppd-anolis-rebrand.patch b/10000-htppd-anolis-rebrand.patch new file mode 100644 index 0000000..94aa798 --- /dev/null +++ b/10000-htppd-anolis-rebrand.patch @@ -0,0 +1,370 @@ +From de0dd0e04d3045426c4b0fd1d681c3a80575376b Mon Sep 17 00:00:00 2001 +From: zhangbinchen +Date: Tue, 16 Mar 2021 18:17:35 +0800 +Subject: [PATCH] rebrand-for-anolis + +Signed-off-by: zhangbinchen +--- + docs/manual/developer/thread_safety.html.en | 2 +- + docs/manual/index.html.de | 4 ++-- + docs/manual/index.html.en | 4 ++-- + docs/manual/index.html.es | 4 ++-- + docs/manual/index.html.fr.utf8 | 4 ++-- + docs/manual/index.html.ja.utf8 | 4 ++-- + docs/manual/index.html.tr.utf8 | 4 ++-- + docs/manual/index.html.zh-cn.utf8 | 4 ++-- + docs/manual/install.html.fr.utf8 | 4 ++-- + docs/manual/install.html.tr.utf8 | 4 ++-- + docs/manual/platform/index.html.en | 4 ++-- + docs/manual/platform/index.html.fr.utf8 | 4 ++-- + docs/manual/platform/rpm.html.en | 6 +++--- + docs/manual/platform/rpm.html.fr.utf8 | 6 +++--- + docs/manual/ssl/ssl_compat.html.en | 10 ++-------- + docs/manual/ssl/ssl_compat.html.fr.utf8 | 11 ++--------- + 16 files changed, 33 insertions(+), 46 deletions(-) + +diff --git a/docs/manual/developer/thread_safety.html.en b/docs/manual/developer/thread_safety.html.en +index e9e2130..e3fb303 100644 +--- a/docs/manual/developer/thread_safety.html.en ++++ b/docs/manual/developer/thread_safety.html.en +@@ -304,4 +304,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.de b/docs/manual/index.html.de +index 84032a9..d039a72 100644 +--- a/docs/manual/index.html.de ++++ b/docs/manual/index.html.de +@@ -93,7 +93,7 @@ + +

Plattform-spezifische Anmerkungen

+ +@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.en b/docs/manual/index.html.en +index 493be56..294258c 100644 +--- a/docs/manual/index.html.en ++++ b/docs/manual/index.html.en +@@ -91,7 +91,7 @@ Documentation + +

Platform Specific Notes

+ +@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.es b/docs/manual/index.html.es +index 0256bec..68aa346 100644 +--- a/docs/manual/index.html.es ++++ b/docs/manual/index.html.es +@@ -94,7 +94,7 @@ Documentaci + +

Notas Sobre Plataformas Específicas

+ +

Otros Temas

+@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.fr.utf8 b/docs/manual/index.html.fr.utf8 +index e729674..4eb6d0a 100644 +--- a/docs/manual/index.html.fr.utf8 ++++ b/docs/manual/index.html.fr.utf8 +@@ -93,7 +93,7 @@ + +

Notes spécifiques aux différentes plateformes

+ +@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.ja.utf8 b/docs/manual/index.html.ja.utf8 +index 37b85d3..1a62301 100644 +--- a/docs/manual/index.html.ja.utf8 ++++ b/docs/manual/index.html.ja.utf8 +@@ -93,7 +93,7 @@ + +

プラットフォーム固有ã®æƒ…å ±

+ +@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.tr.utf8 b/docs/manual/index.html.tr.utf8 +index 70a7f31..1036391 100644 +--- a/docs/manual/index.html.tr.utf8 ++++ b/docs/manual/index.html.tr.utf8 +@@ -91,7 +91,7 @@ Belgeleri + +

Platformlara Özgü Bilgiler

+ +@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/index.html.zh-cn.utf8 b/docs/manual/index.html.zh-cn.utf8 +index 1f7f63f..76b88d8 100644 +--- a/docs/manual/index.html.zh-cn.utf8 ++++ b/docs/manual/index.html.zh-cn.utf8 +@@ -88,7 +88,7 @@ + +

å¹³å°ç›¸å…³è¯´æ˜Ž

+ +@@ -119,4 +119,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/install.html.fr.utf8 b/docs/manual/install.html.fr.utf8 +index ccf39a2..5a0fd01 100644 +--- a/docs/manual/install.html.fr.utf8 ++++ b/docs/manual/install.html.fr.utf8 +@@ -69,7 +69,7 @@ +

Aperçu pour les plus pressés

+ +
+-
Installation sous Fedora/CentOS/Red Hat Enterprise Linux
++
Installation sous AnolisOS/Fedora/CentOS/Red Hat Enterprise Linux
+
+ 
sudo yum install httpd
+ sudo service httpd start
+@@ -525,4 +525,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/install.html.tr.utf8 b/docs/manual/install.html.tr.utf8 +index fdb89ea..fd6d691 100644 +--- a/docs/manual/install.html.tr.utf8 ++++ b/docs/manual/install.html.tr.utf8 +@@ -66,7 +66,7 @@ +
+

Tez canlılar için genel bir bakış

+
+-
Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum
++
AnolisoS/Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum
+
+ 
sudo yum install httpd
+ sudo systemctl enable httpd
+@@ -494,4 +494,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //-->
+-
+\ No newline at end of file
++
+diff --git a/docs/manual/platform/index.html.en b/docs/manual/platform/index.html.en
+index 07af003..8949d4d 100644
+--- a/docs/manual/platform/index.html.en
++++ b/docs/manual/platform/index.html.en
+@@ -66,7 +66,7 @@
+     
+ 
+     

+-      
RPM Based Systems (Redhat / CentOS / Fedora)

++	    
RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)

+       

+         
This document explains how to build, install, and run Apache 2.4
+         on systems supporting the RPM packaging format.

+@@ -121,4 +121,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //-->
+-
+\ No newline at end of file
++
+diff --git a/docs/manual/platform/index.html.fr.utf8 b/docs/manual/platform/index.html.fr.utf8
+index 03404a5..bc0a8a8 100644
+--- a/docs/manual/platform/index.html.fr.utf8
++++ b/docs/manual/platform/index.html.fr.utf8
+@@ -67,7 +67,7 @@
+     
+ 
+     

+-      
Systèmes à base de paquets RPM (Redhat / CentOS / Fedora)

++	    
Systèmes à base de paquets RPM (AnolisOS / Redhat / CentOS / Fedora)

+       

+         
Ce document explique comment installer, configurer et
+ 	exécuter Apache 2.4 sur des systèmes qui supportent le format de
+@@ -127,4 +127,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //-->
+-
+\ No newline at end of file
++
+diff --git a/docs/manual/platform/rpm.html.en b/docs/manual/platform/rpm.html.en
+index 992fe9e..bc1c696 100644
+--- a/docs/manual/platform/rpm.html.en
++++ b/docs/manual/platform/rpm.html.en
+@@ -7,7 +7,7 @@
+               This file is generated from xml source: DO NOT EDIT
+         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+       -->
+-Using Apache With RPM Based Systems (Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4
++Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4
+ 
+ 
+ 
+@@ -21,7 +21,7 @@
+
+
<-
+

Using Apache With RPM Based Systems (Redhat / CentOS / Fedora)

++ Apache > HTTP Server > Documentation > Version 2.4 > Platform Specific Notes

Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)

+
+

Available Languages:  en  | +  fr 

+@@ -245,4 +245,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/platform/rpm.html.fr.utf8 b/docs/manual/platform/rpm.html.fr.utf8 +index 3ae9ee3..78e6f77 100644 +--- a/docs/manual/platform/rpm.html.fr.utf8 ++++ b/docs/manual/platform/rpm.html.fr.utf8 +@@ -7,7 +7,7 @@ + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +-Utiliser Apache sur les systèmes à base de paquets RPM (Redhat ++<title>Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat + / CentOS / Fedora) - Serveur HTTP Apache Version 2.4 + + +@@ -23,7 +23,7 @@ +
<-
+

Utiliser Apache sur les systèmes à base de paquets RPM (Redhat ++ plateformes

Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat + / CentOS / Fedora)

+
+

Langues Disponibles:  en  | +@@ -261,4 +261,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/ssl/ssl_compat.html.en b/docs/manual/ssl/ssl_compat.html.en +index fb7b888..122f52d 100644 +--- a/docs/manual/ssl/ssl_compat.html.en ++++ b/docs/manual/ssl/ssl_compat.html.en +@@ -31,13 +31,7 @@ + This page covers backwards compatibility between mod_ssl and other + SSL solutions. mod_ssl is not the only SSL solution for Apache; four + additional products are (or were) also available: Ben Laurie's freely +-available Apache-SSL (from +-where mod_ssl were originally derived in 1998), Red Hat's commercial +-Secure Web Server (which was based on mod_ssl), Covalent's commercial +-Raven SSL Module (also based on +-mod_ssl) and finally C2Net's (now Red Hat's) commercial product Stronghold (based +-on a different evolution branch, named Sioux up to Stronghold 2.x, and +-based on mod_ssl since Stronghold 3.x).

++available Apache-SSL

+ +

+ mod_ssl mostly provides a superset of the functionality of all the other +@@ -245,4 +239,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +diff --git a/docs/manual/ssl/ssl_compat.html.fr.utf8 b/docs/manual/ssl/ssl_compat.html.fr.utf8 +index 1c9a0c6..a4adb34 100644 +--- a/docs/manual/ssl/ssl_compat.html.fr.utf8 ++++ b/docs/manual/ssl/ssl_compat.html.fr.utf8 +@@ -31,14 +31,7 @@ +

Ce document couvre la compatibilité ascendante entre mod_ssl et + d'autres solutions SSL. mod_ssl n'est pas la seule solution SSL pour Apache ; + quatre autres produits sont (ou ont été) également disponibles : +-Apache-SSL, le produit libre de +-Ben Laurie (d'où mod_ssl est issu à l'origine en 1998), Secure +-Web Server, un produit commercial de Red Hat (basé sur mod_ssl), +-Raven SSL Module, un produit commercial +-de Covalent (basé lui aussi sur mod_ssl), et enfin Stronghold, produit +-commercial de C2Net et maintenant de Red Hat, (basé sur une branche +-d'évolution différente appelée Sioux jusqu'à Stronghold 2.x et basé sur +-mod_ssl depuis Stronghold 3.x).

++Apache-SSL

+ +

En plus de ses fonctionnalités propres, mod_ssl rassemble la plupart de + celles des autres solutions SSL, si bien qu'il est très simple de +@@ -254,4 +247,4 @@ if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); + } + //--> +- +\ No newline at end of file ++ +-- +2.18.4 + diff --git a/httpd.spec b/httpd.spec index 5bd64d6..aa8725f 100644 --- a/httpd.spec +++ b/httpd.spec @@ -1,10 +1,11 @@ +%define anolis_release .0.1 %define contentdir %{_datadir}/httpd %define docroot /var/www %define suexec_caller apache %define mmn 20120211 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits} -%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT}) -%if 0%{?fedora} > 26 || 0%{?rhel} > 7 +%define vstring %(source /etc/os-release; echo ${NAME}) +%if 0%{?fedora} > 26 || 0%{?rhel} > 7 || 0%{?anolis} %global mpm event %else %global mpm prefork @@ -13,7 +14,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.37 -Release: 43%{?dist}.2 +Release: 43%{anolis_release}%{?dist}.2 URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source2: httpd.logrotate @@ -203,6 +204,10 @@ Patch217: httpd-2.4.37-CVE-2021-34798.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2005119 Patch218: httpd-2.4.37-CVE-2021-39275.patch +# Add by Anolis +Patch1000: 10000-htppd-anolis-rebrand.patch +# End + License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -211,8 +216,7 @@ BuildRequires: zlib-devel, libselinux-devel, lua-devel, brotli-devel BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0 BuildRequires: systemd-devel # web server testpage added to redhat-logos in 82.0 (rhbz1896319) -# new logo requires new footer copyring which was added in rhbz1934800 -Requires: /etc/mime.types, system-logos(httpd-logo-ng) +Requires: /etc/mime.types, system-logos-httpd Obsoletes: httpd-suexec Provides: webserver Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release} @@ -401,6 +405,10 @@ interface for storing and accessing per-user session data. %patch217 -p1 -b .CVE-2021-34798 %patch218 -p1 -b .CVE-2021-39275 +# Add by Anolis +%patch1000 -p1 +# End + # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h sed -i 's/@RELEASE@/%{release}/' server/core.c @@ -905,6 +913,10 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Wed Mar 02 2022 zhangbinchen - 2.4.37-43.2.0.1 +- Rebrand for Anolis OS +- Requires system-logos-httpd + * Fri Feb 25 2022 Luboš Uhliarik - 2.4.37-43.2 - Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests -- Gitee From 5bd9931afe93e3a403b37eb571220e1eede53adc Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Thu, 4 Nov 2021 11:28:04 +0800 Subject: [PATCH 3/3] build: support loongarch64 platform Signed-off-by: Liwei Ge --- ...d.patch => 1000-httpd-anolis-rebrand.patch | 0 1001-httpd-anolis-support-loongarch64.patch | 32 +++++++++++++++++++ httpd.spec | 9 ++++-- 3 files changed, 38 insertions(+), 3 deletions(-) rename 10000-htppd-anolis-rebrand.patch => 1000-httpd-anolis-rebrand.patch (100%) create mode 100644 1001-httpd-anolis-support-loongarch64.patch diff --git a/10000-htppd-anolis-rebrand.patch b/1000-httpd-anolis-rebrand.patch similarity index 100% rename from 10000-htppd-anolis-rebrand.patch rename to 1000-httpd-anolis-rebrand.patch diff --git a/1001-httpd-anolis-support-loongarch64.patch b/1001-httpd-anolis-support-loongarch64.patch new file mode 100644 index 0000000..37efba2 --- /dev/null +++ b/1001-httpd-anolis-support-loongarch64.patch @@ -0,0 +1,32 @@ +diff -Nur httpd-2.4.37/build/config.guess httpd-2.4.37.new/build/config.guess +--- httpd-2.4.37/build/config.guess 2018-10-18 22:34:08.000000000 +0800 ++++ httpd-2.4.37.new/build/config.guess 2021-11-04 11:15:42.592000000 +0800 +@@ -897,6 +897,9 @@ + UNAME_MACHINE=aarch64_be + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; ++ loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) ++ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +diff -Nur httpd-2.4.37/build/config.sub httpd-2.4.37.new/build/config.sub +--- httpd-2.4.37/build/config.sub 2018-10-18 22:34:08.000000000 +0800 ++++ httpd-2.4.37.new/build/config.sub 2021-11-04 11:15:42.592000000 +0800 +@@ -265,6 +265,7 @@ + | k1om \ + | le32 | le64 \ + | lm32 \ ++ | loongarch32 | loongarch64 | loongarchx32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ +@@ -390,6 +391,7 @@ + | k1om-* \ + | le32-* | le64-* \ + | lm32-* \ ++ | loongarch32-* | loongarch64-* | loongarchx32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ diff --git a/httpd.spec b/httpd.spec index aa8725f..47c2ffe 100644 --- a/httpd.spec +++ b/httpd.spec @@ -205,7 +205,8 @@ Patch217: httpd-2.4.37-CVE-2021-34798.patch Patch218: httpd-2.4.37-CVE-2021-39275.patch # Add by Anolis -Patch1000: 10000-htppd-anolis-rebrand.patch +Patch1000: 1000-httpd-anolis-rebrand.patch +Patch1001: 1001-httpd-anolis-support-loongarch64.patch # End License: ASL 2.0 @@ -407,6 +408,7 @@ interface for storing and accessing per-user session data. # Add by Anolis %patch1000 -p1 +%patch1001 -p1 # End # Patch in the vendor string @@ -914,8 +916,9 @@ rm -rf $RPM_BUILD_ROOT %changelog * Wed Mar 02 2022 zhangbinchen - 2.4.37-43.2.0.1 -- Rebrand for Anolis OS -- Requires system-logos-httpd +- Rebrand for Anolis OS(Binchen Zhang) +- Requires system-logos-httpd(Binchen Zhang) +- Support loongarch64 platform(Liwei Ge) * Fri Feb 25 2022 Luboš Uhliarik - 2.4.37-43.2 - Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference -- Gitee