25305111 Upgrade Apache Web Server to version 2.4.25
authorPetr Sumbera <petr.sumbera@oracle.com>
Wed, 21 Dec 2016 07:38:10 -0800
changeset 7586 3db1c2ef2aa9
parent 7584 65eec8af934c
child 7589 7eccd056eff6
25305111 Upgrade Apache Web Server to version 2.4.25 25260686 problem in UTILITY/APACHE 25305144 problem in UTILITY/APACHE
components/apache24/Makefile
components/apache24/patches/bug60577.patch
components/apache24/patches/httpoxy.patch
--- a/components/apache24/Makefile	Wed Jan 18 08:23:14 2017 -0800
+++ b/components/apache24/Makefile	Wed Dec 21 07:38:10 2016 -0800
@@ -26,15 +26,15 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		apache2
-COMPONENT_VERSION=	2.4.23
+COMPONENT_VERSION=	2.4.25
 COMPONENT_PROJECT_URL=	http://httpd.apache.org/
 COMPONENT_SRC_NAME=	httpd
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:b71a13f56b8061c6b4086fdcc9ffdddd904449735eadec0f0e2947e33eec91d7
+    sha256:be6c5eb805216ec205453bb02b1990c82609cb1b145bcb69dc6e99fff45493a9
 COMPONENT_ARCHIVE_URL=	http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/apache
 
-TPNO=	30187
+TPNO=	33113
 
 CONFIGURE_DEFAULT_DIRS=no
 TEST_TARGET= $(NO_TESTS)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache24/patches/bug60577.patch	Wed Dec 21 07:38:10 2016 -0800
@@ -0,0 +1,80 @@
+https://bz.apache.org/bugzilla/show_bug.cgi?id=60577
+
+Index: modules/cache/cache_util.c
+===================================================================
+--- modules/cache/cache_util.c	(revision 1778044)
++++ modules/cache/cache_util.c	(working copy)
[email protected]@ -31,10 +31,8 @@ extern module AP_MODULE_DECLARE_DATA cache_module;
+  * in "filter". All but the path comparisons are case-insensitive.
+  */
+ static int uri_meets_conditions(const apr_uri_t *filter, const int pathlen,
+-                                request_rec *r)
++                                const apr_uri_t *url)
+ {
+-    const apr_uri_t *url = &r->parsed_uri;
+-
+     /* Scheme, hostname port and local part. The filter URI and the
+      * URI we test may have the following shapes:
+      *   /<path>
[email protected]@ -114,7 +112,7 @@ static int uri_meets_conditions(const apr_uri_t *f
+     /* For HTTP caching purposes, an empty (NULL) path is equivalent to
+      * a single "/" path. RFCs 3986/2396
+      */
+-    if (!r->uri) {
++    if (!url->path) {
+         if (*filter->path == '/' && pathlen == 1) {
+             return 1;
+         }
[email protected]@ -126,7 +124,7 @@ static int uri_meets_conditions(const apr_uri_t *f
+     /* Url has met all of the filter conditions so far, determine
+      * if the paths match.
+      */
+-    return !strncmp(filter->path, r->uri, pathlen);
++    return !strncmp(filter->path, url->path, pathlen);
+ }
+ 
+ static cache_provider_list *get_provider(request_rec *r, struct cache_enable *ent,
[email protected]@ -172,6 +170,7 @@ cache_provider_list *cache_get_providers(request_r
+ {
+     cache_dir_conf *dconf = ap_get_module_config(r->per_dir_config, &cache_module);
+     cache_provider_list *providers = NULL;
++    const apr_uri_t *url;
+     int i;
+ 
+     /* per directory cache disable */
[email protected]@ -179,11 +178,25 @@ cache_provider_list *cache_get_providers(request_r
+         return NULL;
+     }
+ 
++    url = &r->parsed_uri;
++    if (url->path != r->uri || (r->uri && strcmp(url->path, r->uri))) {
++        apr_uri_t *uri = apr_pcalloc(r->pool, sizeof *uri);
++        if (r->uri && apr_uri_parse(r->pool, r->uri, uri)) {
++            return NULL;
++        }
++        if (!uri->scheme) {
++            char *path = uri->path;
++            memcpy(uri, url, sizeof *uri);
++            uri->path = path;
++        }
++        url = uri;
++    }
++
+     /* global cache disable */
+     for (i = 0; i < conf->cachedisable->nelts; i++) {
+         struct cache_disable *ent =
+                                (struct cache_disable *)conf->cachedisable->elts;
+-        if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, r)) {
++        if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, url)) {
+             /* Stop searching now. */
+             return NULL;
+         }
[email protected]@ -200,7 +213,7 @@ cache_provider_list *cache_get_providers(request_r
+     for (i = 0; i < conf->cacheenable->nelts; i++) {
+         struct cache_enable *ent =
+                                 (struct cache_enable *)conf->cacheenable->elts;
+-        if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, r)) {
++        if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, url)) {
+             providers = get_provider(r, &ent[i], providers);
+         }
+     }
--- a/components/apache24/patches/httpoxy.patch	Wed Jan 18 08:23:14 2017 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-https://www.apache.org/security/asf-httpoxy-response.txt
-http://svn.apache.org/viewvc?view=revision&revision=1753228
-http://svn.apache.org/viewvc?view=revision&revision=1753229
-
---- docs/conf/httpd.conf.in	2016/07/18 14:00:30	1753227
-+++ docs/conf/httpd.conf.in	2016/07/18 14:07:00	1753228
[email protected]@ -283,6 +283,15 @@
-     Require all granted
- </Directory>
- 
-+<IfModule headers_module>
-+    #
-+    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
-+    # backend servers which have lingering "httpoxy" defects.
-+    # 'Proxy' request header is undefined by the IETF, not listed by IANA
-+    #
-+    RequestHeader unset Proxy early
-+</IfModule>
-+
- <IfModule mime_module>
-     #
-     # TypesConfig points to the file containing the list of mappings from
---- server/util_script.c	2016/07/18 14:00:30	1753227
-+++ server/util_script.c	2016/07/18 14:07:00	1753228
[email protected]@ -186,6 +186,14 @@
-         else if (!strcasecmp(hdrs[i].key, "Content-length")) {
-             apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
-         }
-+        /* HTTP_PROXY collides with a popular envvar used to configure
-+         * proxies, don't let clients set/override it.  But, if you must...
-+         */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+        else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
-+            ;
-+        }
-+#endif
-         /*
-          * You really don't want to disable this check, since it leaves you
-          * wide open to CGIs stealing passwords and people viewing them