From 62c217361b093dea5b3a850759c6bc492bf88716 Mon Sep 17 00:00:00 2001 From: hanjinpeng Date: Wed, 28 Aug 2024 09:49:30 +0800 Subject: [PATCH] fix CVE-2024-40725 --- backport-CVE-2024-40725.patch | 29 +++++++++++++++++++++++++++++ httpd.spec | 9 ++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-40725.patch diff --git a/backport-CVE-2024-40725.patch b/backport-CVE-2024-40725.patch new file mode 100644 index 0000000..92f8143 --- /dev/null +++ b/backport-CVE-2024-40725.patch @@ -0,0 +1,29 @@ +From a7d24b4ea9a6ea35878fd33075365328caafcf91 Mon Sep 17 00:00:00 2001 +From: Eric Covener +Date: Mon, 15 Jul 2024 12:08:30 +0000 +Subject: [PATCH] Merge r1919247 from trunk: + +copy the trusted flag from the subrequest + +Submitted By: covener +Reviewed By: covener, ylavic, gbechis + + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1919249 13f79535-47bb-0310-9956-ffa450edef68 +--- + modules/http/http_request.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/http/http_request.c b/modules/http/http_request.c +index 71ecc2bbab1..7e9477be1f1 100644 +--- a/modules/http/http_request.c ++++ b/modules/http/http_request.c +@@ -708,7 +708,7 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r) + r->args = rr->args; + r->finfo = rr->finfo; + r->handler = rr->handler; +- ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(r)); ++ ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(rr)); + r->content_encoding = rr->content_encoding; + r->content_languages = rr->content_languages; + r->per_dir_config = rr->per_dir_config; diff --git a/httpd.spec b/httpd.spec index b1cb849..b0414ae 100644 --- a/httpd.spec +++ b/httpd.spec @@ -8,7 +8,7 @@ Name: httpd Summary: Apache HTTP Server Version: 2.4.43 -Release: 25 +Release: 26 License: ASL 2.0 URL: https://httpd.apache.org/ Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 @@ -124,6 +124,7 @@ Patch70: backport-CVE-2024-38474-CVE-2024-38475-tighten-up-prefix_stat. Patch71: backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differentiate-trusted-sources.patch Patch72: backport-CVE-2024-38477-validate-hostsname.patch Patch73: backport-CVE-2024-39884-maintain-trusted-flag.patch +Patch74: backport-CVE-2024-40725.patch BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel @@ -560,6 +561,12 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Wed Aug 28 2024 Han Jinpeng - 2.4.43-26 +- Type:CVE +- ID:CVE-2024-40725 +- SUG:NA +- DESC:fix CVE-2024-40725 + * Mon Jul 08 2024 chengyechun - 2.4.43-25 - Type:CVE - ID:CVE-2024-38473,CVE-2024-38474,CVE-2024-38475,CVE-2024-38476,CVE-2024-38477,CVE-2024-39884,CVE-2024-39573 -- Gitee