From 974ea42487c8d6297fa49d734764758e965ac3b00474f4885cd3ae28f7a05175 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Tue, 5 Oct 2021 08:25:59 +0000
Subject: [PATCH 1/2] Accepting request 923076 from home:stroeder:network

version update to 2.4.50

OBS-URL: https://build.opensuse.org/request/show/923076
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=656
---
 apache2.changes          | 45 ++++++++++++++++++++++++++++++++++++++++
 apache2.spec             |  2 +-
 httpd-2.4.49.tar.bz2     |  3 ---
 httpd-2.4.49.tar.bz2.asc | 17 ---------------
 httpd-2.4.50.tar.bz2     |  3 +++
 httpd-2.4.50.tar.bz2.asc | 17 +++++++++++++++
 6 files changed, 66 insertions(+), 21 deletions(-)
 delete mode 100644 httpd-2.4.49.tar.bz2
 delete mode 100644 httpd-2.4.49.tar.bz2.asc
 create mode 100644 httpd-2.4.50.tar.bz2
 create mode 100644 httpd-2.4.50.tar.bz2.asc

diff --git a/apache2.changes b/apache2.changes
index 675d058..db32641 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Mon Oct  4 15:23:51 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- version update to 2.4.50
+  *) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
+     the uri-path when it's preceded by a dot.  [Yann Ylavic]
+  *) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
+     fails (!= 0 exit), the renewal process is aborted and an error is
+     reported for the MDomain. This provides scripts that distribute
+     information in a cluster to abort early with bothering an ACME
+     server to validate a dns name that will not work. The common
+     retry logic will make another attempt in the future, as with
+     other failures.
+     Fixed a bug when adding private key specs to an already working
+     MDomain, see <https://github.com/icing/mod_md/issues/260>.
+     [Stefan Eissing]
+  *) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
+     had no hostname ("unix:/...").  [Yann Ylavic]
+  *) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
+     run into an assertion which terminated (and restarted) the child process where
+     the task was running. Eventually, all OCSP responses were collected, but not
+     in the way that things are supposed to work.
+     See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
+     The bug was possibly triggered when more than one OCSP status needed updating
+     at the same time. For example for several renewed certificates after a server
+     reload.
+  *) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules.  PR 57691 + 65590.
+     [Janne Peltonen <janne.peltonen sange.fi>]
+  *) event mpm: Correctly count active child processes in parent process if
+     child process dies due to MaxConnectionsPerChild.
+     PR 65592 [Ruediger Pluem]
+  *) mod_http2: when a server is restarted gracefully, any idle h2 worker
+     threads are shut down immediately.
+     Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
+     Adds all other, never proposed code changes to make a clean
+     sync of http2 sources. [Stefan Eissing]
+  *) mod_dav: Correctly handle errors returned by dav providers on REPORT
+     requests. [Ruediger Pluem]
+  *) core: do not install core input/output filters on secondary
+     connections. [Stefan Eissing]
+  *) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
+     and use it to prevent that failures in running the pre_connection
+     hook cause crashes afterwards. [Ruediger Pluem]
+  *) mod_speling: Add CheckBasenameMatch PR 44221.  [Christophe Jaillet]
+
 -------------------------------------------------------------------
 Fri Sep 17 08:37:29 UTC 2021 - pgajdos@suse.com
 
diff --git a/apache2.spec b/apache2.spec
index 1762f4a..d72b353 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -115,7 +115,7 @@
 %endif
 
 Name:           apache2%{psuffix}
-Version:        2.4.49
+Version:        2.4.50
 Release:        0
 Summary:        The Apache HTTPD Server
 License:        Apache-2.0
diff --git a/httpd-2.4.49.tar.bz2 b/httpd-2.4.49.tar.bz2
deleted file mode 100644
index d84a2af..0000000
--- a/httpd-2.4.49.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b
-size 7199599
diff --git a/httpd-2.4.49.tar.bz2.asc b/httpd-2.4.49.tar.bz2.asc
deleted file mode 100644
index 626c0aa..0000000
--- a/httpd-2.4.49.tar.bz2.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmE7YfoACgkQ03fJ59GU
-TGbbug//aZ9SUOjopIEfyop/AcVdDhgXJjs0ZRQEA4DpDRWwn5//8agKAoZpe8ao
-UEqb89zTISkxEIwwUAnF5Df9g1cP6iF+pgfGQS2tNB0EIYVnOQCubd7Dj6WWr9GY
-bzA7qTgO9Y7jwyYzHlwMX1chZ49wRjoQdzQbCIjNPxRA0PdOSZn6NlcEJSfodgqH
-XQM8/akvPQ1SFwmN990ObcWMjRopwDovlRvHtyKfTSgtNjbL4Qe4PVGp9K5RYCoM
-M0QyIZokOMxpNmAh37FAd2siBSyXrJZFlgpXkXnQ6mn7EHU/+yh2XiTo/XJ0CjMf
-yytcC1l9DIW7VIH9HogdZQ9E4cvFjMLve03YbAOhzjOYdmCjU+v1gwUC6m0NV+H8
-XV573435L9BIXb4nI0TB2nbtiJiFBKcoinsps5UEX5KbAepQAC6OPqADEHQgRkCn
-9PCzruJlJUm7oh2q9BRg2qc2IoePyk5Tv7MAcT6msGcSX9Lh5TkHsLIVPdId+aZ/
-0Q7gIgME9Ej4k+LoiuJNmag7IgLQZxTk82CD9T59REslgDkkT2KP4/PzSgx8G5It
-GmtOQUX7x4AgGtu1YSSn9mbZ73P7b76ii1vHv/eOybAY7zWe/03hXaeNn0Lcgk7Z
-nBjWQfm/Pv01QgCNdpiyZ/lRj3zn4VxFMtCFNSB3ktgezxhYcWI=
-=qZK9
------END PGP SIGNATURE-----
diff --git a/httpd-2.4.50.tar.bz2 b/httpd-2.4.50.tar.bz2
new file mode 100644
index 0000000..8d361ee
--- /dev/null
+++ b/httpd-2.4.50.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f
+size 7653174
diff --git a/httpd-2.4.50.tar.bz2.asc b/httpd-2.4.50.tar.bz2.asc
new file mode 100644
index 0000000..a124300
--- /dev/null
+++ b/httpd-2.4.50.tar.bz2.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - https://gpgtools.org
+
+iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmFXGlIACgkQ03fJ59GU
+TGabXhAAoArFS8OJaAdmTEojAP1S8XbAgnB8HzoZEs9nMSQZSuyz2kW9odf0dr6V
+2+/OhEAfWE0urZ/kbUUY8n5miO3eG1mkBnZasiQ08xUTxX9uXoztS7WpdWtdxU6f
+6easTDDfxzmAteWHuTYt3fEIdcms+3vho3TxzkWAnVeECfSSfsAK+vw9ZIGdNCBj
+NpmxFEUONof2qmuBE3Gkxvcv7Qp+H7c5eNBsr2Ae04YNHdIHUALbc+gRFkjhbnXe
++2ouY13ONfKuHB2bEYwVbE9AdU/uOsVVAt8LGu4PS/W+owhubCV2dQ+wv71pksp3
+2psZG6VYrSwxOnB77mCGCrM/Mi4RnrYbUlCgNi8ad32QjcH7iK7MPnSx/dZ3dcf5
+7W1IUw5dPrPKO+xmQLkcjXMC4qSQhB7VPJuKYBBmJ32tSVMY6BxIotiTvoVJkNl5
+Xtsq8GH++vENPvCeaQh9aflesPcHguss3UMuwpny+I/od2mRhp9ZTyRTHmQM5gJo
+Gt3k2WcBfOaVrnJdufT8sAMDL8H2XDlHUZuhQX5VwLupJiDGXIcmXLP/mxrhnqCp
+K97niY5NjdHNJP/nyVMxwAcWJweLizlxP+xlCH13cAXsL6os4NR+OSJ0KRGJ+fGA
+tIUy87ujOvPm9T7TR+j7GPsauDY0qRy4+I60Dqg6+kzLgN+ZCps=
+=AE4U
+-----END PGP SIGNATURE-----

From 1679d306c26cb34b54a6493858af0da7d27ffb3eaaea2b338f95b1423dafc914 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Fri, 8 Oct 2021 06:03:36 +0000
Subject: [PATCH 2/2] Accepting request 924064 from home:stroeder:network

- version update to 2.4.51
  *) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
     Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
     fix of CVE-2021-41773) (cve.mitre.org)
  *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
     unused AP_NORMALIZE_DROP_PARAMETERS flag.

OBS-URL: https://build.opensuse.org/request/show/924064
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=657
---
 apache2.changes          | 11 +++++++++++
 apache2.spec             |  2 +-
 httpd-2.4.50.tar.bz2     |  3 ---
 httpd-2.4.50.tar.bz2.asc | 17 -----------------
 httpd-2.4.51.tar.bz2     |  3 +++
 httpd-2.4.51.tar.bz2.asc | 17 +++++++++++++++++
 6 files changed, 32 insertions(+), 21 deletions(-)
 delete mode 100644 httpd-2.4.50.tar.bz2
 delete mode 100644 httpd-2.4.50.tar.bz2.asc
 create mode 100644 httpd-2.4.51.tar.bz2
 create mode 100644 httpd-2.4.51.tar.bz2.asc

diff --git a/apache2.changes b/apache2.changes
index db32641..2a2e1bf 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Thu Oct  7 17:30:44 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- version update to 2.4.51
+  *) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
+     Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
+     fix of CVE-2021-41773) (cve.mitre.org)
+  *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
+     unused AP_NORMALIZE_DROP_PARAMETERS flag.
+
+
 -------------------------------------------------------------------
 Mon Oct  4 15:23:51 UTC 2021 - Michael Ströder <michael@stroeder.com>
 
diff --git a/apache2.spec b/apache2.spec
index d72b353..0b515e0 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -115,7 +115,7 @@
 %endif
 
 Name:           apache2%{psuffix}
-Version:        2.4.50
+Version:        2.4.51
 Release:        0
 Summary:        The Apache HTTPD Server
 License:        Apache-2.0
diff --git a/httpd-2.4.50.tar.bz2 b/httpd-2.4.50.tar.bz2
deleted file mode 100644
index 8d361ee..0000000
--- a/httpd-2.4.50.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f
-size 7653174
diff --git a/httpd-2.4.50.tar.bz2.asc b/httpd-2.4.50.tar.bz2.asc
deleted file mode 100644
index a124300..0000000
--- a/httpd-2.4.50.tar.bz2.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmFXGlIACgkQ03fJ59GU
-TGabXhAAoArFS8OJaAdmTEojAP1S8XbAgnB8HzoZEs9nMSQZSuyz2kW9odf0dr6V
-2+/OhEAfWE0urZ/kbUUY8n5miO3eG1mkBnZasiQ08xUTxX9uXoztS7WpdWtdxU6f
-6easTDDfxzmAteWHuTYt3fEIdcms+3vho3TxzkWAnVeECfSSfsAK+vw9ZIGdNCBj
-NpmxFEUONof2qmuBE3Gkxvcv7Qp+H7c5eNBsr2Ae04YNHdIHUALbc+gRFkjhbnXe
-+2ouY13ONfKuHB2bEYwVbE9AdU/uOsVVAt8LGu4PS/W+owhubCV2dQ+wv71pksp3
-2psZG6VYrSwxOnB77mCGCrM/Mi4RnrYbUlCgNi8ad32QjcH7iK7MPnSx/dZ3dcf5
-7W1IUw5dPrPKO+xmQLkcjXMC4qSQhB7VPJuKYBBmJ32tSVMY6BxIotiTvoVJkNl5
-Xtsq8GH++vENPvCeaQh9aflesPcHguss3UMuwpny+I/od2mRhp9ZTyRTHmQM5gJo
-Gt3k2WcBfOaVrnJdufT8sAMDL8H2XDlHUZuhQX5VwLupJiDGXIcmXLP/mxrhnqCp
-K97niY5NjdHNJP/nyVMxwAcWJweLizlxP+xlCH13cAXsL6os4NR+OSJ0KRGJ+fGA
-tIUy87ujOvPm9T7TR+j7GPsauDY0qRy4+I60Dqg6+kzLgN+ZCps=
-=AE4U
------END PGP SIGNATURE-----
diff --git a/httpd-2.4.51.tar.bz2 b/httpd-2.4.51.tar.bz2
new file mode 100644
index 0000000..c6a0a84
--- /dev/null
+++ b/httpd-2.4.51.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4
+size 7653609
diff --git a/httpd-2.4.51.tar.bz2.asc b/httpd-2.4.51.tar.bz2.asc
new file mode 100644
index 0000000..d34b317
--- /dev/null
+++ b/httpd-2.4.51.tar.bz2.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - https://gpgtools.org
+
+iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmFe8kEACgkQ03fJ59GU
+TGatthAAtWzeOD1TCIEvf5f9bAIZDK9vjEEnBZDeYMMrH1wVJGNJm48XP08O/Kbq
+qhvc9201RUwkAtWEUX811ZBAYd5A8lAqetfmIuCSHerYSOU0CbhvBjKsuIJVIKWD
+Wo1uPUDWk068V0HBquQtW6AEB4oo16fKPMEr1aOOxFpR+F806daJN1gt3ubPzkNJ
+rZd4E6dV00eEymeUIfk0BjDqSWKHmUr+08/dtWqc7kGYGcnJzu0e5pr6cc0hOV2o
+mqYm28F7eMSe5JCnAOd1LnnqtOwV81mZLxiAxR40PoFhV7IoBLo0zAJ99AHxJfA2
+9RjCmZ/WYtleeDT7mC1cdATHKOPRaubklzK6Ntf7tMaRIO07hnIfIRXQveKG7h+G
+Og6PGtfR9bwDGrg2f5Dr+R2fwUJO7EL31IxTYQFBUDe2Q82aNIWpdIFdte93nc+S
+HqjWq3w6zq+jdSm3xvyLB0LLSOguXhcjj5VEqV+aExZPASbf+Q8bG51mSbMQhkaq
+fEheFcdhu3Sm0x5xQXvEM3gX5XUr8vmrPWaacayPYfS7MinWukV0hXe5/DoYkFTt
+a1pt6bHcyVfR0tB0Q3bvm59EeaxLVfogb6Eq74RlrfYiCU/Qx7bMUs3tSeIkHGmY
+cNhpxzc/36i4Cf+fBDPKuJroXYV5wFoQmpnXVLAqRd6jWZcOizY=
+=f5dx
+-----END PGP SIGNATURE-----