25305111 Upgrade Apache Web Server to version 2.4.25
25260686 problem in UTILITY/APACHE
25305144 problem in UTILITY/APACHE
--- a/components/apache24/Makefile Thu Jan 19 10:27:20 2017 -0800
+++ b/components/apache24/Makefile Fri Jan 06 01:50:42 2017 -0800
@@ -23,17 +23,17 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= apache2
-COMPONENT_VERSION= 2.4.23
+COMPONENT_VERSION= 2.4.25
COMPONENT_PROJECT_URL= http://httpd.apache.org/
COMPONENT_SRC_NAME= httpd
COMPONENT_SRC= $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:b71a13f56b8061c6b4086fdcc9ffdddd904449735eadec0f0e2947e33eec91d7
+ sha256:be6c5eb805216ec205453bb02b1990c82609cb1b145bcb69dc6e99fff45493a9
COMPONENT_ARCHIVE_URL= http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/apache
-TPNO= 30187
+TPNO= 33113
CONFIGURE_DEFAULT_DIRS=no
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache24/patches/bug60577.patch Fri Jan 06 01:50:42 2017 -0800
@@ -0,0 +1,80 @@
+https://bz.apache.org/bugzilla/show_bug.cgi?id=60577
+
+Index: modules/cache/cache_util.c
+===================================================================
+--- modules/cache/cache_util.c (revision 1778044)
++++ modules/cache/cache_util.c (working copy)
+@@ -31,10 +31,8 @@ extern module AP_MODULE_DECLARE_DATA cache_module;
+ * in "filter". All but the path comparisons are case-insensitive.
+ */
+ static int uri_meets_conditions(const apr_uri_t *filter, const int pathlen,
+- request_rec *r)
++ const apr_uri_t *url)
+ {
+- const apr_uri_t *url = &r->parsed_uri;
+-
+ /* Scheme, hostname port and local part. The filter URI and the
+ * URI we test may have the following shapes:
+ * /<path>
+@@ -114,7 +112,7 @@ static int uri_meets_conditions(const apr_uri_t *f
+ /* For HTTP caching purposes, an empty (NULL) path is equivalent to
+ * a single "/" path. RFCs 3986/2396
+ */
+- if (!r->uri) {
++ if (!url->path) {
+ if (*filter->path == '/' && pathlen == 1) {
+ return 1;
+ }
+@@ -126,7 +124,7 @@ static int uri_meets_conditions(const apr_uri_t *f
+ /* Url has met all of the filter conditions so far, determine
+ * if the paths match.
+ */
+- return !strncmp(filter->path, r->uri, pathlen);
++ return !strncmp(filter->path, url->path, pathlen);
+ }
+
+ static cache_provider_list *get_provider(request_rec *r, struct cache_enable *ent,
+@@ -172,6 +170,7 @@ cache_provider_list *cache_get_providers(request_r
+ {
+ cache_dir_conf *dconf = ap_get_module_config(r->per_dir_config, &cache_module);
+ cache_provider_list *providers = NULL;
++ const apr_uri_t *url;
+ int i;
+
+ /* per directory cache disable */
+@@ -179,11 +178,25 @@ cache_provider_list *cache_get_providers(request_r
+ return NULL;
+ }
+
++ url = &r->parsed_uri;
++ if (url->path != r->uri || (r->uri && strcmp(url->path, r->uri))) {
++ apr_uri_t *uri = apr_pcalloc(r->pool, sizeof *uri);
++ if (r->uri && apr_uri_parse(r->pool, r->uri, uri)) {
++ return NULL;
++ }
++ if (!uri->scheme) {
++ char *path = uri->path;
++ memcpy(uri, url, sizeof *uri);
++ uri->path = path;
++ }
++ url = uri;
++ }
++
+ /* global cache disable */
+ for (i = 0; i < conf->cachedisable->nelts; i++) {
+ struct cache_disable *ent =
+ (struct cache_disable *)conf->cachedisable->elts;
+- if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, r)) {
++ if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, url)) {
+ /* Stop searching now. */
+ return NULL;
+ }
+@@ -200,7 +213,7 @@ cache_provider_list *cache_get_providers(request_r
+ for (i = 0; i < conf->cacheenable->nelts; i++) {
+ struct cache_enable *ent =
+ (struct cache_enable *)conf->cacheenable->elts;
+- if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, r)) {
++ if (uri_meets_conditions(&ent[i].url, ent[i].pathlen, url)) {
+ providers = get_provider(r, &ent[i], providers);
+ }
+ }
--- a/components/apache24/patches/httpoxy.patch Thu Jan 19 10:27:20 2017 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-https://www.apache.org/security/asf-httpoxy-response.txt
-http://svn.apache.org/viewvc?view=revision&revision=1753228
-http://svn.apache.org/viewvc?view=revision&revision=1753229
-
---- docs/conf/httpd.conf.in 2016/07/18 14:00:30 1753227
-+++ docs/conf/httpd.conf.in 2016/07/18 14:07:00 1753228
-@@ -283,6 +283,15 @@
- Require all granted
- </Directory>
-
-+<IfModule headers_module>
-+ #
-+ # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
-+ # backend servers which have lingering "httpoxy" defects.
-+ # 'Proxy' request header is undefined by the IETF, not listed by IANA
-+ #
-+ RequestHeader unset Proxy early
-+</IfModule>
-+
- <IfModule mime_module>
- #
- # TypesConfig points to the file containing the list of mappings from
---- server/util_script.c 2016/07/18 14:00:30 1753227
-+++ server/util_script.c 2016/07/18 14:07:00 1753228
-@@ -186,6 +186,14 @@
- else if (!strcasecmp(hdrs[i].key, "Content-length")) {
- apr_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
- }
-+ /* HTTP_PROXY collides with a popular envvar used to configure
-+ * proxies, don't let clients set/override it. But, if you must...
-+ */
-+#ifndef SECURITY_HOLE_PASS_PROXY
-+ else if (!ap_cstr_casecmp(hdrs[i].key, "Proxy")) {
-+ ;
-+ }
-+#endif
- /*
- * You really don't want to disable this check, since it leaves you
- * wide open to CGIs stealing passwords and people viewing them