Sync from SUSE:SLFO:Main apache2 revision 0cd166d3657ae2dcae806a1e440282a9

2024-06-21 10:20:13 +02:00 · 2024-06-21 10:20:13 +02:00 · d36b6b6ca8
commit d36b6b6ca8
parent e467032439
3 changed files with 46 additions and 0 deletions
--- a/apache2-issue-444.patch
+++ b/apache2-issue-444.patch
@ -0,0 +1,36 @@
+Index: httpd-2.4.58/modules/generators/mod_cgid.c
+===================================================================
+--- httpd-2.4.58.orig/modules/generators/mod_cgid.c
+++ httpd-2.4.58/modules/generators/mod_cgid.c
+@@ -1625,7 +1625,12 @@ static int cgid_handler(request_rec *r)
+          */
+         if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+             apr_table_unset(r->headers_out, "Content-Length");
+-        apr_table_unset(r->headers_out, "Transfer-Encoding");
+
+        if (apr_table_get(r->headers_out, "Transfer-Encoding") != NULL) {
+            apr_brigade_cleanup(bb);
+            return log_scripterror(r, conf, HTTP_BAD_GATEWAY, 0, APLOGNO(10501)
+                                   "script sent Transfer-Encoding");
+        }
+ 
+         if (ret != OK) {
+             ret = log_script(r, conf, ret, dbuf, sbuf, bb, NULL);
+Index: httpd-2.4.58/modules/generators/mod_cgi.c
+===================================================================
+--- httpd-2.4.58.orig/modules/generators/mod_cgi.c
+++ httpd-2.4.58/modules/generators/mod_cgi.c
+@@ -944,7 +944,12 @@ static int cgi_handler(request_rec *r)
+          */
+         if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+             apr_table_unset(r->headers_out, "Content-Length");
+-        apr_table_unset(r->headers_out, "Transfer-Encoding");
+
+        if (apr_table_get(r->headers_out, "Transfer-Encoding") != NULL) {
+            apr_brigade_cleanup(bb);
+            return log_scripterror(r, conf, HTTP_BAD_GATEWAY, 0, APLOGNO(10501),
+                                   "script sent Transfer-Encoding");
+        }
+ 
+         if (ret != OK) {
+             ret = log_script(r, conf, ret, dbuf, sbuf, bb, script_err);
--- a/apache2.changes
+++ b/apache2.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jun 13 16:50:39 UTC 2024 - pgajdos@suse.com
+
+- added patches [bsc#1226217]
+  https://github.com/apache/httpd/pull/444/commits/c2fffd29b0f58bdc9caaaff4fec68e17a676f182
+  + apache2-issue-444.patch
+
 -------------------------------------------------------------------
 Tue Apr 30 13:44:03 UTC 2024 - pgajdos@suse.com

--- a/apache2.spec
+++ b/apache2.spec
@ -196,6 +196,8 @@ Patch102:       apache2-CVE-2023-38709.patch
 Patch103:       apache2-CVE-2024-27316.patch
 # CVE-2024-24795 [bsc#1222332], HTTP Response Splitting in multiple modules
 Patch104:       apache2-CVE-2024-24795.patch
+# https://github.com/apache/httpd/pull/444/commits/c2fffd29b0f58bdc9caaaff4fec68e17a676f182
+Patch105:       apache2-issue-444.patch
 BuildRequires:  apache-rpm-macros-control
 #Since 2.4.7 the event MPM requires apr 1.5.0 or later.
 BuildRequires:  apr-devel >= 1.5.0
@ -329,6 +331,7 @@ provides HTTP services in sync with the current HTTP standards.
 %patch102 -p1
 %patch103 -p1
 %patch104 -p1
+%patch105 -p1

 #
 # BUILD