SLFO-pool/apache2
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:1.1 apache2 revision 776a4671d69009998cb2f5b4ffea0347

Browse Source
This commit is contained in:
Adrian Schröter 2024-10-23 09:55:53 +02:00
parent 196c8aa588
commit ccdc269996
3 changed files with 0 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apache2-CVE-2024-36387.patch
View File

@ -1,30 +0,0 @@
commit 62aa64e5aea21dd969db97aded4443c98c0735ac
Author: Eric Covener <covener@apache.org>
Date: Mon Jun 24 17:51:42 2024 +0000
Merge r1918548 from trunk:
mod_http2: early exit if bb is null
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918557 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/modules/http2/h2_c2.c b/modules/http2/h2_c2.c
index a955200944..c65a521ab8 100644
--- a/modules/http2/h2_c2.c
+++ b/modules/http2/h2_c2.c
@@ -370,6 +370,13 @@ static apr_status_t h2_c2_filter_out(ap_filter_t* f, apr_bucket_brigade* bb)
h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
apr_status_t rv;
+ if (bb == NULL) {
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
+ f->c->data_in_output_filters = 0;
+#endif
+ return APR_SUCCESS;
+ }
+
ap_assert(conn_ctx);
#if AP_HAS_RESPONSE_BUCKETS
if (!conn_ctx->has_final_response) {

7
apache2.changes
View File

@ -5,13 +5,6 @@ Thu Oct 3 02:39:41 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
Patch file added:
* apache2-CVE-2024-40725.patch
-------------------------------------------------------------------
Wed Oct 2 18:22:25 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
- Security fix:
- CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2
* Added apache2-CVE-2024-36387.patch
-------------------------------------------------------------------
Thu Aug 22 18:37:23 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>

2
apache2.spec
View File

@ -237,8 +237,6 @@ Patch100: apache-test-application-xml-type.patch
# even if in live system I do not experience this inconsistency, let's turn off
# these variables from the test
Patch101: apache-test-turn-off-variables-in-ssl-var-lookup.patch
# FIX-UPSTREAM: CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2
Patch102: apache2-CVE-2024-36387.patch
BuildRequires: apache-rpm-macros-control
#Since 2.4.7 the event MPM requires apr 1.5.0 or later.