diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2024-01-09 10:43:26 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-03-03 16:38:27 -0500 |
commit | 10d8982782b32a3940d2b2b57927ae6978e0f472 (patch) | |
tree | c1b43b8524f5a105370dad784383182778822ae2 | |
parent | daa4619fe3fbf8c28f342c4a7163a84a330f7653 (diff) | |
download | meta-openembedded-10d8982782b32a3940d2b2b57927ae6978e0f472.tar.gz |
apache2: upgrade 2.4.57 -> 2.4.58
This upgrade incorporates the CVE-2023-31122, CVE-2023-43622 &
CVE-2023-45802 fixes and other bugfixes.
The "0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch"
and "CVE-2023-45802.patch" is no longer needed as it's included in this upgrade.
Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.58
References:
https://httpd.apache.org/security/vulnerabilities_24.html
https://security-tracker.debian.org/tracker/CVE-2023-31122
https://security-tracker.debian.org/tracker/CVE-2023-43622
https://security-tracker.debian.org/tracker/CVE-2023-45802
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch | 31 | ||||
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/CVE-2023-45802.patch | 141 | ||||
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb (renamed from meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb) | 4 |
3 files changed, 1 insertions, 175 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch deleted file mode 100644 index 996eabf58..000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001 | ||
2 | From: Valeria Petrov <valeria.petrov@spinetix.com> | ||
3 | Date: Tue, 18 Apr 2023 15:38:53 +0200 | ||
4 | Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to | ||
5 | include path if mod_rewrite is enabled. | ||
6 | |||
7 | Upstream-Status: Accepted [https://svn.apache.org/viewvc?view=revision&revision=1909241] | ||
8 | |||
9 | --- | ||
10 | modules/mappers/config9.m4 | 5 +++++ | ||
11 | 1 file changed, 5 insertions(+) | ||
12 | |||
13 | diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4 | ||
14 | index 55a97ab993..7120b729b7 100644 | ||
15 | --- a/modules/mappers/config9.m4 | ||
16 | +++ b/modules/mappers/config9.m4 | ||
17 | @@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos | ||
18 | APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes) | ||
19 | APACHE_MODULE(rewrite, rule based URL manipulation, , , most) | ||
20 | |||
21 | +if test "x$enable_rewrite" != "xno"; then | ||
22 | + # mod_rewrite needs test_char.h | ||
23 | + APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server]) | ||
24 | +fi | ||
25 | + | ||
26 | APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) | ||
27 | |||
28 | APACHE_MODPATH_FINISH | ||
29 | -- | ||
30 | 2.25.1 | ||
31 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2023-45802.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2023-45802.patch deleted file mode 100644 index ee26e701f..000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2023-45802.patch +++ /dev/null | |||
@@ -1,141 +0,0 @@ | |||
1 | From decce82a706abd78dfc32821a03ad93841d7758a Mon Sep 17 00:00:00 2001 | ||
2 | From: Stefan Eissing <icing@apache.org> | ||
3 | Date: Mon, 16 Oct 2023 09:05:00 +0000 | ||
4 | Subject: [PATCH] Merge of /httpd/httpd/trunk:r1912999 | ||
5 | |||
6 | * mod_http2: improved early cleanup of streams. | ||
7 | |||
8 | |||
9 | |||
10 | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1913000 13f79535-47bb-0310-9956-ffa450edef68 | ||
11 | --- | ||
12 | Upstream-Status: Backport from [https://github.com/apache/httpd/commit/decce82a706abd78dfc32821a03ad93841d7758a] | ||
13 | CVE: CVE-2023-45802 | ||
14 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
15 | changes-entries/h2_cleanup.txt | 2 ++ | ||
16 | modules/http2/h2_mplx.c | 26 ++++++++++++++++++++++---- | ||
17 | modules/http2/h2_mplx.h | 3 ++- | ||
18 | modules/http2/h2_session.c | 18 +++++++++++++++++- | ||
19 | modules/http2/h2_stream.c | 2 +- | ||
20 | 5 files changed, 44 insertions(+), 7 deletions(-) | ||
21 | create mode 100644 changes-entries/h2_cleanup.txt | ||
22 | |||
23 | diff --git a/changes-entries/h2_cleanup.txt b/changes-entries/h2_cleanup.txt | ||
24 | new file mode 100644 | ||
25 | index 00000000000..5366b4adfc6 | ||
26 | --- /dev/null | ||
27 | +++ b/changes-entries/h2_cleanup.txt | ||
28 | @@ -0,0 +1,2 @@ | ||
29 | + * mod_http2: improved early cleanup of streams. | ||
30 | + [Stefan Eissing] | ||
31 | diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c | ||
32 | index 4637a5f66ef..2aeea42b5df 100644 | ||
33 | --- a/modules/http2/h2_mplx.c | ||
34 | +++ b/modules/http2/h2_mplx.c | ||
35 | @@ -1119,14 +1119,32 @@ static int reset_is_acceptable(h2_stream *stream) | ||
36 | return 1; /* otherwise, be forgiving */ | ||
37 | } | ||
38 | |||
39 | -apr_status_t h2_mplx_c1_client_rst(h2_mplx *m, int stream_id) | ||
40 | +apr_status_t h2_mplx_c1_client_rst(h2_mplx *m, int stream_id, h2_stream *stream) | ||
41 | { | ||
42 | - h2_stream *stream; | ||
43 | apr_status_t status = APR_SUCCESS; | ||
44 | + int registered; | ||
45 | |||
46 | H2_MPLX_ENTER_ALWAYS(m); | ||
47 | - stream = h2_ihash_get(m->streams, stream_id); | ||
48 | - if (stream && !reset_is_acceptable(stream)) { | ||
49 | + registered = (h2_ihash_get(m->streams, stream_id) != NULL); | ||
50 | + if (!stream) { | ||
51 | + /* a RST might arrive so late, we have already forgotten | ||
52 | + * about it. Seems ok. */ | ||
53 | + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c1, | ||
54 | + H2_MPLX_MSG(m, "RST on unknown stream %d"), stream_id); | ||
55 | + AP_DEBUG_ASSERT(!registered); | ||
56 | + } | ||
57 | + else if (!registered) { | ||
58 | + /* a RST on a stream that mplx has not been told about, but | ||
59 | + * which the session knows. Very early and annoying. */ | ||
60 | + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c1, | ||
61 | + H2_STRM_MSG(stream, "very early RST, drop")); | ||
62 | + h2_stream_set_monitor(stream, NULL); | ||
63 | + h2_stream_rst(stream, H2_ERR_STREAM_CLOSED); | ||
64 | + h2_stream_dispatch(stream, H2_SEV_EOS_SENT); | ||
65 | + m_stream_cleanup(m, stream); | ||
66 | + m_be_annoyed(m); | ||
67 | + } | ||
68 | + else if (!reset_is_acceptable(stream)) { | ||
69 | m_be_annoyed(m); | ||
70 | } | ||
71 | H2_MPLX_LEAVE(m); | ||
72 | diff --git a/modules/http2/h2_mplx.h b/modules/http2/h2_mplx.h | ||
73 | index a2e73d9d7c3..860f9160397 100644 | ||
74 | --- a/modules/http2/h2_mplx.h | ||
75 | +++ b/modules/http2/h2_mplx.h | ||
76 | @@ -201,7 +201,8 @@ int h2_mplx_c1_all_streams_want_send_data(h2_mplx *m); | ||
77 | * any processing going on and remove from processing | ||
78 | * queue. | ||
79 | */ | ||
80 | -apr_status_t h2_mplx_c1_client_rst(h2_mplx *m, int stream_id); | ||
81 | +apr_status_t h2_mplx_c1_client_rst(h2_mplx *m, int stream_id, | ||
82 | + struct h2_stream *stream); | ||
83 | |||
84 | /** | ||
85 | * Get readonly access to a stream for a secondary connection. | ||
86 | diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c | ||
87 | index 066c73ad98b..b6f6e7c01fb 100644 | ||
88 | --- a/modules/http2/h2_session.c | ||
89 | +++ b/modules/http2/h2_session.c | ||
90 | @@ -402,6 +402,10 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, | ||
91 | H2_SSSN_STRM_MSG(session, frame->hd.stream_id, | ||
92 | "RST_STREAM by client, error=%d"), | ||
93 | (int)frame->rst_stream.error_code); | ||
94 | + if (stream) { | ||
95 | + rv = h2_stream_recv_frame(stream, NGHTTP2_RST_STREAM, frame->hd.flags, | ||
96 | + frame->hd.length + H2_FRAME_HDR_LEN); | ||
97 | + } | ||
98 | if (stream && stream->initiated_on) { | ||
99 | /* A stream reset on a request we sent it. Normal, when the | ||
100 | * client does not want it. */ | ||
101 | @@ -410,7 +414,8 @@ static int on_frame_recv_cb(nghttp2_session *ng2s, | ||
102 | else { | ||
103 | /* A stream reset on a request it sent us. Could happen in a browser | ||
104 | * when the user navigates away or cancels loading - maybe. */ | ||
105 | - h2_mplx_c1_client_rst(session->mplx, frame->hd.stream_id); | ||
106 | + h2_mplx_c1_client_rst(session->mplx, frame->hd.stream_id, | ||
107 | + stream); | ||
108 | } | ||
109 | ++session->streams_reset; | ||
110 | break; | ||
111 | @@ -812,6 +817,17 @@ static apr_status_t session_cleanup(h2_session *session, const char *trigger) | ||
112 | "goodbye, clients will be confused, should not happen")); | ||
113 | } | ||
114 | |||
115 | + if (!h2_iq_empty(session->ready_to_process)) { | ||
116 | + int sid; | ||
117 | + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, | ||
118 | + H2_SSSN_LOG(APLOGNO(), session, | ||
119 | + "cleanup, resetting %d streams in ready-to-process"), | ||
120 | + h2_iq_count(session->ready_to_process)); | ||
121 | + while ((sid = h2_iq_shift(session->ready_to_process)) > 0) { | ||
122 | + h2_mplx_c1_client_rst(session->mplx, sid, get_stream(session, sid)); | ||
123 | + } | ||
124 | + } | ||
125 | + | ||
126 | transit(session, trigger, H2_SESSION_ST_CLEANUP); | ||
127 | h2_mplx_c1_destroy(session->mplx); | ||
128 | session->mplx = NULL; | ||
129 | diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c | ||
130 | index c419e2d8591..f6c92024519 100644 | ||
131 | --- a/modules/http2/h2_stream.c | ||
132 | +++ b/modules/http2/h2_stream.c | ||
133 | @@ -125,7 +125,7 @@ static int trans_on_event[][H2_SS_MAX] = { | ||
134 | { S_XXX, S_ERR, S_ERR, S_CL_L, S_CLS, S_XXX, S_XXX, S_XXX, },/* EV_CLOSED_L*/ | ||
135 | { S_ERR, S_ERR, S_ERR, S_CL_R, S_ERR, S_CLS, S_NOP, S_NOP, },/* EV_CLOSED_R*/ | ||
136 | { S_CLS, S_CLS, S_CLS, S_CLS, S_CLS, S_CLS, S_NOP, S_NOP, },/* EV_CANCELLED*/ | ||
137 | -{ S_NOP, S_XXX, S_XXX, S_XXX, S_XXX, S_CLS, S_CLN, S_XXX, },/* EV_EOS_SENT*/ | ||
138 | +{ S_NOP, S_XXX, S_XXX, S_XXX, S_XXX, S_CLS, S_CLN, S_NOP, },/* EV_EOS_SENT*/ | ||
139 | { S_NOP, S_XXX, S_CLS, S_XXX, S_XXX, S_CLS, S_XXX, S_XXX, },/* EV_IN_ERROR*/ | ||
140 | }; | ||
141 | |||
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb index 2484f90eb..746db4ac0 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb | |||
@@ -15,8 +15,6 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ | |||
15 | file://0007-apache2-allow-to-disable-selinux-support.patch \ | 15 | file://0007-apache2-allow-to-disable-selinux-support.patch \ |
16 | file://0008-Fix-perl-install-directory-to-usr-bin.patch \ | 16 | file://0008-Fix-perl-install-directory-to-usr-bin.patch \ |
17 | file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ | 17 | file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \ |
18 | file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \ | ||
19 | file://CVE-2023-45802.patch \ | ||
20 | " | 18 | " |
21 | 19 | ||
22 | SRC_URI:append:class-target = " \ | 20 | SRC_URI:append:class-target = " \ |
@@ -28,7 +26,7 @@ SRC_URI:append:class-target = " \ | |||
28 | " | 26 | " |
29 | 27 | ||
30 | LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" | 28 | LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" |
31 | SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a" | 29 | SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5" |
32 | 30 | ||
33 | S = "${WORKDIR}/httpd-${PV}" | 31 | S = "${WORKDIR}/httpd-${PV}" |
34 | 32 | ||