Up to 2.4.56; fixes CVE-2023-27522, CVE-2023-25690

diff --git a/apache.spec b/apache.spec
index cc975127b7f4f90b15196c6100f1fa0f77e905e4..58d35faa307e0afde63ef70e5240fb7971d4803f 100644 (file)
--- a/apache.spec
+++ b/apache.spec
@@ -34,12 +34,12 @@ Summary(pt_BR.UTF-8):       Servidor HTTPD para prover serviços WWW
 Summary(ru.UTF-8):     Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
-Version:       2.4.55
-Release:       2
+Version:       2.4.56
+Release:       1
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: b6a8b9d8741db43cf5b4dd8e9bdb0ce7
+# Source0-md5: 67f3c04a28df1ad36ff6ea55df010869
 Source1:       %{name}.init
 Source2:       %{name}.logrotate
 Source3:       %{name}.sysconfig
@@ -79,7 +79,6 @@ Patch2:               %{name}-suexec.patch
 Patch3:                %{name}-branding.patch
 Patch4:                %{name}-apr.patch
 Patch7:                %{name}-syslibs.patch
-Patch8:         http2-500.patch
 
 Patch10:       httpd-2.0.46-dav401dest.patch
 Patch14:       httpd-2.0.48-corelimit.patch
@@ -2693,7 +2692,6 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 %patch4 -p1
 
 %patch7 -p1
-%patch8 -p1
 
 %patch10 -p1
 

diff --git a/http2-500.patch b/http2-500.patch
deleted file mode 100644 (file)
index e75fbef..0000000
--- a/http2-500.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit a829ac7f3f543ce6849d563aed4b6d602a7ca0e7
-Author: Stefan Eissing <icing@apache.org>
-Date:   Wed Jan 18 20:02:25 2023 +0000
-
-      *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
-         reported in access logs and error documents. The processing of the
-         reset was correct, only unneccesary reporting was caused.
-    
-    
-    
-    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906775 13f79535-47bb-0310-9956-ffa450edef68
-
-diff --git a/changes-entries/h2-rst-access-500-fix.txt b/changes-entries/h2-rst-access-500-fix.txt
-new file mode 100644
-index 0000000000..d165fa3bc8
---- /dev/null
-+++ b/changes-entries/h2-rst-access-500-fix.txt
-@@ -0,0 +1,4 @@
-+  *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
-+     reported in access logs and error documents. The processing of the
-+     reset was correct, only unneccesary reporting was caused.
-+     [Stefan Eissing]
-diff --git a/modules/http2/h2_c2_filter.c b/modules/http2/h2_c2_filter.c
-index f537a19f07..37254fc1d7 100644
---- a/modules/http2/h2_c2_filter.c
-+++ b/modules/http2/h2_c2_filter.c
-@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f, apr_bucket_brigade* bb)
-     ap_assert(conn_ctx);
-     H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
- 
--    if (!conn_ctx->has_final_response) {
-+    if (!f->c->aborted && !conn_ctx->has_final_response) {
-         if (!parser) {
-             parser = apr_pcalloc(f->c->pool, sizeof(*parser));
-             parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, conn_ctx->stream_id);