From 0aa718edc07ec3c8aab8281d9938d804f33edcbf Mon Sep 17 00:00:00 2001
From: hanjinpeng <hanjinpeng@kylinos.cn>
Date: Wed, 28 Aug 2024 09:50:14 +0800
Subject: [PATCH] fix CVE-2024-40725

(cherry picked from commit 317b656845313a80279d4000e83e647fdd0f95e0)
---
 backport-CVE-2024-40725.patch | 29 +++++++++++++++++++++++++++++
 httpd.spec                    |  9 ++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-40725.patch

diff --git a/backport-CVE-2024-40725.patch b/backport-CVE-2024-40725.patch
new file mode 100644
index 0000000..92f8143
--- /dev/null
+++ b/backport-CVE-2024-40725.patch
@@ -0,0 +1,29 @@
+From a7d24b4ea9a6ea35878fd33075365328caafcf91 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 15 Jul 2024 12:08:30 +0000
+Subject: [PATCH] Merge r1919247 from trunk:
+
+copy the trusted flag from the subrequest
+
+Submitted By: covener
+Reviewed By: covener, ylavic, gbechis
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1919249 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/http/http_request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/http/http_request.c b/modules/http/http_request.c
+index 71ecc2bbab1..7e9477be1f1 100644
+--- a/modules/http/http_request.c
++++ b/modules/http/http_request.c
+@@ -708,7 +708,7 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r)
+     r->args = rr->args;
+     r->finfo = rr->finfo;
+     r->handler = rr->handler;
+-    ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(r));
++    ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(rr));
+     r->content_encoding = rr->content_encoding;
+     r->content_languages = rr->content_languages;
+     r->per_dir_config = rr->per_dir_config;
diff --git a/httpd.spec b/httpd.spec
index a1be516..0800aec 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.51
-Release:          22
+Release:          23
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -126,6 +126,7 @@ Patch72:          backport-CVE-2024-38474-CVE-2024-38475-tighten-up-prefix_stat.
 Patch73:          backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differentiate-trusted-sources.patch
 Patch74:          backport-CVE-2024-38477-validate-hostsname.patch
 Patch75:          backport-CVE-2024-39884-maintain-trusted-flag.patch
+Patch76:          backport-CVE-2024-40725.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -562,6 +563,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Aug 28 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 2.4.51-23
+- Type:CVE
+- ID:CVE-2024-40725
+- SUG:NA
+- DESC:fix CVE-2024-40725
+
 * Sat Jul 06 2024 chengyechun <chengyechun1@huawei.com> - 2.4.51-22
 - Type:CVE
 - ID:CVE-2024-38473,CVE-2024-38474,CVE-2024-38475,CVE-2024-38476,CVE-2024-38477,CVE-2024-39884,CVE-2024-39573
-- 
Gitee