Update to 2.4.54 for security issues, bugs and improvements

httpd-2.4.4-cachehardmax.patch → httpd-2.4.43-cachehardmax.patch

@@ -1,8 +1,8 @@
 diff --git a/modules/cache/cache_util.h b/modules/cache/cache_util.h
-index eec38f3..1a2d5ee 100644
+index 6b92151..4c42a8e 100644
 --- a/modules/cache/cache_util.h
 +++ b/modules/cache/cache_util.h
-@@ -194,6 +194,9 @@ typedef struct {
+@@ -195,6 +195,9 @@ typedef struct {
      unsigned int store_nostore_set:1;
      unsigned int enable_set:1;
      unsigned int disable_set:1;
@@ -13,10 +13,10 @@ index eec38f3..1a2d5ee 100644
 
  /* A linked-list of authn providers. */
 diff --git a/modules/cache/mod_cache.c b/modules/cache/mod_cache.c
-index 4f2d3e0..30c88f4 100644
+index 3b9aa4f..8268503 100644
 --- a/modules/cache/mod_cache.c
 +++ b/modules/cache/mod_cache.c
-@@ -1299,6 +1299,11 @@ static apr_status_t cache_save_filter(ap_filter_t *f, apr_bucket_brigade *in)
+@@ -1455,6 +1455,11 @@ static apr_status_t cache_save_filter(ap_filter_t *f, apr_bucket_brigade *in)
              exp = date + dconf->defex;
          }
      }
@@ -28,7 +28,7 @@ index 4f2d3e0..30c88f4 100644
      info->expire = exp;
 
      /* We found a stale entry which wasn't really stale. */
-@@ -1717,7 +1722,9 @@ static void *create_dir_config(apr_pool_t *p, char *dummy)
+@@ -1954,7 +1959,9 @@ static void *create_dir_config(apr_pool_t *p, char *dummy)
 
      /* array of providers for this URL space */
      dconf->cacheenable = apr_array_make(p, 10, sizeof(struct cache_enable));
@@ -39,7 +39,7 @@ index 4f2d3e0..30c88f4 100644
      return dconf;
  }
 
-@@ -1767,7 +1774,10 @@ static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) {
+@@ -2004,7 +2011,10 @@ static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) {
      new->enable_set = add->enable_set || base->enable_set;
      new->disable = (add->disable_set == 0) ? base->disable : add->disable;
      new->disable_set = add->disable_set || base->disable_set;
@@ -51,7 +51,7 @@ index 4f2d3e0..30c88f4 100644
      return new;
  }
 
-@@ -2096,12 +2106,18 @@ static const char *add_cache_disable(cmd_parms *parms, void *dummy,
+@@ -2332,12 +2342,18 @@ static const char *add_cache_disable(cmd_parms *parms, void *dummy,
  }
 
  static const char *set_cache_maxex(cmd_parms *parms, void *dummy,
@@ -71,7 +71,7 @@ index 4f2d3e0..30c88f4 100644
      return NULL;
  }
 
-@@ -2309,7 +2325,7 @@ static const command_rec cache_cmds[] =
+@@ -2545,7 +2561,7 @@ static const command_rec cache_cmds[] =
                     "caching is enabled"),
      AP_INIT_TAKE1("CacheDisable", add_cache_disable, NULL, RSRC_CONF|ACCESS_CONF,
                    "A partial URL prefix below which caching is disabled"),

httpd-2.4.1-corelimit.patch → httpd-2.4.43-corelimit.patch

@@ -1,13 +1,8 @@
-
-Bump up the core size limit if CoreDumpDirectory is
-configured.
-
-Upstream-Status: Was discussed but there are competing desires;
-	there are portability oddities here too.
-
---- httpd-2.4.1/server/core.c.corelimit
-+++ httpd-2.4.1/server/core.c
-@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t *
+diff --git a/server/core.c b/server/core.c
+index 79b2a82..dc0f17a 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -4996,6 +4996,25 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
      }
      apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper,
                                apr_pool_cleanup_null);

httpd-2.4.1-deplibs.patch → httpd-2.4.43-deplibs.patch

@@ -1,11 +1,8 @@
-
-Link straight against .la files.
-
-Upstream-Status: vendor specific
-
---- httpd-2.4.1/configure.in.deplibs
-+++ httpd-2.4.1/configure.in
-@@ -707,9 +707,9 @@ APACHE_HELP_STRING(--with-suexec-umask,u
+diff --git a/configure.in b/configure.in
+index f8f9442..f276550 100644
+--- a/configure.in
++++ b/configure.in
+@@ -786,9 +786,9 @@ APACHE_SUBST(INSTALL_SUEXEC)
 
  dnl APR should go after the other libs, so the right symbols can be picked up
  if test x${apu_found} != xobsolete; then

httpd-2.4.43-selinux.patch

@@ -28,7 +28,7 @@ index dc0f17a..7ed9527 100644
 +
  /* LimitRequestBody handling */
  #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
- #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+ #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
 @@ -5015,6 +5019,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
      }
  #endif
@@ -57,4 +57,4 @@ index dc0f17a..7ed9527 100644
 +
      return OK;
  }
-
+

httpd-2.4.17-socket-activation.patch → httpd-2.4.43-socket-activation.patch

@@ -1,5 +1,5 @@
 diff --git a/server/listen.c b/server/listen.c
-index a8e9e6f..1a6c1d3 100644
+index 5242c2a..e2e028a 100644
 --- a/server/listen.c
 +++ b/server/listen.c
 @@ -34,6 +34,10 @@

httpd-2.4.53-detect-systemd.patch

@@ -1,5 +1,5 @@
 diff --git a/Makefile.in b/Makefile.in
-index 0b088ac..9eeb5c7 100644
+index a2e9c82..bd8045c 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -4,7 +4,7 @@ CLEAN_SUBDIRS = test
@@ -12,33 +12,34 @@ index 0b088ac..9eeb5c7 100644
  PROGRAM_DEPENDENCIES = \
    server/libmain.la \
 diff --git a/acinclude.m4 b/acinclude.m4
-index 2a7e5d1..eb28321 100644
+index 97484c9..05abe18 100644
 --- a/acinclude.m4
 +++ b/acinclude.m4
-@@ -624,6 +624,7 @@ case $host in
+@@ -631,6 +631,7 @@ case $host in
        if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then
          AC_MSG_WARN([Your system does not support systemd.])
        else
 +        APR_ADDTO(HTTPD_LIBS, [$SYSTEMD_LIBS])
          AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported])
        fi
     fi
---- a/configure.in	2022-02-24 23:18:42.000000000 +0100
-+++ b/configure.in	2022-03-15 09:22:30.660247473 +0100
-@@ -239,6 +239,7 @@
+diff --git a/configure.in b/configure.in
+index cf437fe..521fc45 100644
+--- a/configure.in
++++ b/configure.in
+@@ -239,6 +239,7 @@ if test "x$PCRE_CONFIG" != "x"; then
    AC_MSG_NOTICE([Using external PCRE library from $PCRE_CONFIG])
    APR_ADDTO(PCRE_INCLUDES, [`$PCRE_CONFIG --cflags`])
    APR_ADDTO(PCRE_LIBS, [`$PCRE_CONFIG --libs8 2>/dev/null || $PCRE_CONFIG --libs`])
 +  APR_ADDTO(HTTPD_LIBS, [\$(PCRE_LIBS)])
  else
    AC_MSG_ERROR([pcre(2)-config for libpcre not found. PCRE is required and available from http://pcre.org/])
  fi
-@@ -703,6 +704,7 @@
+@@ -734,6 +735,7 @@ APACHE_SUBST(OS_DIR)
  APACHE_SUBST(BUILTIN_LIBS)
  APACHE_SUBST(SHLIBPATH_VAR)
  APACHE_SUBST(OS_SPECIFIC_VARS)
 +APACHE_SUBST(HTTPD_LIBS)
 
  PRE_SHARED_CMDS='echo ""'
  POST_SHARED_CMDS='echo ""'
-

httpd-2.4.53-export.patch

@@ -0,0 +1,56 @@
+diff --git a/Makefile.in b/Makefile.in
+index bd8045c..d6733a5 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -4,8 +4,15 @@ CLEAN_SUBDIRS = test
+
+ PROGRAM_NAME         = $(progname)
+ PROGRAM_SOURCES      = modules.c
+-PROGRAM_LDADD        = buildmark.o $(HTTPD_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(HTTPD_LIBS) $(EXTRA_LIBS) $(AP_LIBS) $(LIBS)
++PROGRAM_LDADD        = buildmark.o $(HTTPD_LDFLAGS) \
++	$(PROGRAM_LDDEPS)  \
++	$(HTTPD_LIBS) $(EXTRA_LIBS) $(AP_LIBS) $(LIBS)
+ PROGRAM_PRELINK      = $(COMPILE) -c $(top_srcdir)/server/buildmark.c
++PROGRAM_LDDEPS = \
++  $(BUILTIN_LIBS) \
++  $(MPM_LIB) \
++  -Wl,--whole-archive,server/.libs/libmain.a,--no-whole-archive \
++  os/$(OS_DIR)/libos.la
+ PROGRAM_DEPENDENCIES = \
+   server/libmain.la \
+   $(BUILTIN_LIBS) \
+diff --git a/server/Makefile.in b/server/Makefile.in
+index 8111877..f00bb3f 100644
+--- a/server/Makefile.in
++++ b/server/Makefile.in
+@@ -12,7 +12,7 @@ LTLIBRARY_SOURCES = \
+ 	connection.c listen.c util_mutex.c \
+ 	mpm_common.c mpm_unix.c mpm_fdqueue.c \
+ 	util_charset.c util_cookies.c util_debug.c util_xml.c \
+-	util_filter.c util_pcre.c util_regex.c exports.c \
++	util_filter.c util_pcre.c util_regex.c \
+ 	scoreboard.c error_bucket.c protocol.c core.c request.c ssl.c provider.c \
+ 	eoc_bucket.c eor_bucket.c core_filters.c \
+ 	util_expr_parse.c util_expr_scan.c util_expr_eval.c
+diff --git a/server/main.c b/server/main.c
+index 7da7aa2..e63d2eb 100644
+--- a/server/main.c
++++ b/server/main.c
+@@ -857,17 +857,3 @@ int main(int argc, const char * const argv[])
+     return !OK;
+ }
+
+-#ifdef AP_USING_AUTOCONF
+-/* This ugly little hack pulls any function referenced in exports.c into
+- * the web server.  exports.c is generated during the build, and it
+- * has all of the APR functions specified by the apr/apr.exports and
+- * apr-util/aprutil.exports files.
+- */
+-const void *ap_suck_in_APR(void);
+-const void *ap_suck_in_APR(void)
+-{
+-    extern const void *ap_ugly_hack;
+-
+-    return ap_ugly_hack;
+-}
+-#endif

httpd-2.4.53-icons.patch

@@ -0,0 +1,50 @@
+diff --git a/docs/conf/extra/httpd-autoindex.conf.in b/docs/conf/extra/httpd-autoindex.conf.in
+index 51b02ed..93a2b87 100644
+--- a/docs/conf/extra/httpd-autoindex.conf.in
++++ b/docs/conf/extra/httpd-autoindex.conf.in
+@@ -21,7 +21,7 @@ IndexOptions FancyIndexing HTMLTable VersionSort
+ Alias /icons/ "@exp_iconsdir@/"
+
+ <Directory "@exp_iconsdir@">
+-    Options Indexes MultiViews
++    Options Indexes MultiViews FollowSymlinks
+     AllowOverride None
+     Require all granted
+ </Directory>
+@@ -37,6 +37,7 @@ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
++AddIconByType /icons/bomb.gif application/x-coredump
+
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+@@ -53,7 +54,6 @@ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+-AddIcon /icons/bomb.gif core
+
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+diff --git a/docs/conf/magic b/docs/conf/magic
+index bc891d9..6402b59 100644
+--- a/docs/conf/magic
++++ b/docs/conf/magic
+@@ -383,3 +383,16 @@
+ 4   string      moov        video/quicktime
+ 4   string      mdat        video/quicktime
+
++AddIconByType /icons/bomb.gif application/x-coredump
++
++#------------------------------------------------------------------------------
++# application/x-coredump for LE/BE ELF
++#
++0       string          \177ELF
++>5      byte            1
++>16     leshort         4               application/x-coredump
++
++0       string          \177ELF
++>5      byte            2
++>16     beshort         4               application/x-coredump
++

httpd24u.spec

@@ -24,7 +24,7 @@
 
 Summary: Apache HTTP Server
 Name: httpd24u
-Version: 2.4.53
+Version: 2.4.54
 Release: 1%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -67,19 +67,19 @@ Source53: httpd.logrotate-legacy
 # build/scripts patches
 Patch1: httpd-2.4.1-apctl.patch
 Patch2: httpd-2.4.43-apxs.patch
-Patch3: httpd-2.4.1-deplibs.patch
+Patch3: httpd-2.4.43-deplibs.patch
 Patch6: httpd-2.4.3-apctl-systemd.patch
-Patch8: httpd-2.4.35-layout-legacy.patch
+#Patch8: httpd-2.4.35-layout-legacy.patch
 # Needed for socket activation and mod_systemd patch
 Patch19: httpd-2.4.53-detect-systemd.patch
 # Features/functional changes
-Patch23: httpd-2.4.33-export.patch
-Patch24: httpd-2.4.1-corelimit.patch
+Patch23: httpd-2.4.53-export.patch
+Patch24: httpd-2.4.43-corelimit.patch
 Patch25: httpd-2.4.43-selinux.patch
 Patch26: httpd-2.4.43-gettid.patch
-Patch27: httpd-2.4.2-icons.patch
-Patch30: httpd-2.4.4-cachehardmax.patch
-Patch34: httpd-2.4.17-socket-activation.patch
+Patch27: httpd-2.4.53-icons.patch
+Patch30: httpd-2.4.43-cachehardmax.patch
+Patch34: httpd-2.4.43-socket-activation.patch
 Patch41: httpd-2.4.43-r1861793+.patch
 
 Patch65: httpd-2.4.51-r1894152.patch
@@ -827,6 +827,9 @@ exit $rv
 
 
 %changelog
+* Thu Jun 09 2022 Reporter4u <[email protected]> - 2.4.54-1
+- Latest upstream
+
 * Mon Mar 14 2022 Reporter4u <[email protected]> - 2.4.53-1
 - Updated to 2.4.53 from Upstream