diff --git a/backport-Only-allocate-a-heap-buffer.patch b/backport-Only-allocate-a-heap-buffer.patch new file mode 100644 index 0000000000000000000000000000000000000000..4a79a9611283512e3adbb94ed8b07826b6a9da31 --- /dev/null +++ b/backport-Only-allocate-a-heap-buffer.patch @@ -0,0 +1,32 @@ +From aa86530aec72e5de24227dbe2054cd713fb3d3f5 Mon Sep 17 00:00:00 2001 +From: Joe Orton +Date: Wed, 8 May 2024 12:44:52 +0000 +Subject: [PATCH] * modules/proxy/mod_proxy_fcgi.c (dispatch): Only allocate a + heap buffer if the configured size is greater than the stack-allocated + buffer. + +Reference: https://github.com/apache/httpd/commit/aa86530aec72e5de24227dbe2054cd713fb3d3f5 +--- + modules/proxy/mod_proxy_fcgi.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c +index 831bd15..ee7d24f 100644 +--- a/modules/proxy/mod_proxy_fcgi.c ++++ b/modules/proxy/mod_proxy_fcgi.c +@@ -569,7 +569,11 @@ static apr_status_t dispatch(proxy_conn_rec *conn, proxy_dir_conf *conf, + *err = NULL; + if (conn->worker->s->io_buffer_size_set) { + iobuf_size = conn->worker->s->io_buffer_size; +- iobuf = apr_palloc(r->pool, iobuf_size); ++ /* Allocate a buffer if the configured size is larger than the ++ * stack buffer, otherwise use the stack buffer. */ ++ if (iobuf_size > AP_IOBUFSIZE) { ++ iobuf = apr_palloc(r->pool, iobuf_size); ++ } + } + + pfd.desc_type = APR_POLL_SOCKET; +-- +2.27.0 + diff --git a/httpd.spec b/httpd.spec index 6f8c1768347ac69492436288e69ce5cdcfce7ac2..4b80d5e57dc1e36235d47ddbdd4ccc0c9b383416 100644 --- a/httpd.spec +++ b/httpd.spec @@ -8,7 +8,7 @@ Name: httpd Summary: Apache HTTP Server Version: 2.4.51 -Release: 21 +Release: 22 License: ASL 2.0 URL: https://httpd.apache.org/ Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 @@ -117,6 +117,7 @@ Patch63: backport-Use-ap_os_is_path_absolute-to-make-it-portable.patch Patch64: backport-CVE-2024-24795-let-httpd-handle-CL-TE-for-non-http-handlers.patch Patch65: backport-CVE-2023-38709-header-validation-after-content.patch Patch66: backport-CVE-2024-27316-bail-after-too-many-failed-reads.patch +Patch67: backport-Only-allocate-a-heap-buffer.patch BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel @@ -553,6 +554,12 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Thu May 30 2024 zhangyaqi - 2.4.51-22 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:allocate a heap buffer if the configured size is greater than the stack-allocated buffer. + * Tue May 07 2024 chengyechun - 2.4.51-21 - Type:CVE - ID:CVE-2024-24795,CVE-2023-38709,CVE-2024-27316