* [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224
@ 2022-01-13 8:02 changqing.li
2022-01-15 14:16 ` [oe] " akuster808
0 siblings, 1 reply; 3+ messages in thread
From: changqing.li @ 2022-01-13 8:02 UTC (permalink / raw)
To: openembedded-devel
From: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
.../apache2/apache2/CVE-2021-44224-1.patch | 282 ++++++++++++++++++
.../apache2/apache2/CVE-2021-44224-2.patch | 110 +++++++
.../apache2/apache2/CVE-2021-44790.patch | 32 ++
.../recipes-httpd/apache2/apache2_2.4.51.bb | 3 +
4 files changed, 427 insertions(+)
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
new file mode 100644
index 000000000..90efafb6a
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
@@ -0,0 +1,282 @@
+From 14e54221476e45a6a63c7c656bf967f1fe810b3f Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 13 Jan 2022 14:37:50 +0800
+Subject: [PATCH] Merge r1895914, r1895921 from trunk:
+
+ *) http: Enforce that fully qualified uri-paths not to be forward-proxied
+ have an http(s) scheme, and that the ones to be forward proxied have a
+ hostname, per HTTP specifications.
+ trunk patch: http://svn.apache.org/r1895914
+ http://svn.apache.org/r1895921
+ 2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/286.patch
+ backport PR: https://github.com/apache/httpd/pull/286
+ +1: ylavic, minfrin, gbechis
+
+mod_proxy: Detect unix: scheme syntax errors at load time.
+
+* modules/proxy/mod_proxy.c(add_pass, add_member, set_proxy_param,
+ proxysection):
+ Check return value of ap_proxy_de_socketfy().
+
+* modules/proxy/proxy_util.c(ap_proxy_get_worker_ex):
+ Check return value of ap_proxy_de_socketfy().
+
+http: Enforce that fully qualified uri-paths not to be forward-proxied
+ have an http(s) scheme, and that the ones to be forward proxied have a
+ hostname, per HTTP specifications.
+
+The early checks avoid failing the request later on and thus save cycles
+for those invalid cases.
+
+Submitted by: ylavic
+Reviewed by: ylavic, minfrin, gbechis
+Closes #286
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1895955 13f79535-47bb-0310-9956-ffa450edef68
+
+CVE: CVE-2021-44224
+Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1895955]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ include/ap_mmn.h | 2 +-
+ include/http_protocol.h | 7 ++++++
+ modules/http/http_request.c | 2 +-
+ modules/http2/h2_request.c | 4 ++--
+ modules/proxy/mod_proxy.c | 45 ++++++++++++++++++++++++++-----------
+ modules/proxy/proxy_util.c | 3 +++
+ server/protocol.c | 23 ++++++++++++++++++-
+ 7 files changed, 68 insertions(+), 18 deletions(-)
+
+diff --git a/include/ap_mmn.h b/include/ap_mmn.h
+index 942e6d4..f2eee7a 100644
+--- a/include/ap_mmn.h
++++ b/include/ap_mmn.h
+@@ -589,7 +589,7 @@
+ #ifndef MODULE_MAGIC_NUMBER_MAJOR
+ #define MODULE_MAGIC_NUMBER_MAJOR 20120211
+ #endif
+-#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */
++#define MODULE_MAGIC_NUMBER_MINOR 119 /* 0...n */
+
+ /**
+ * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
+diff --git a/include/http_protocol.h b/include/http_protocol.h
+index 9ccac89..20bd202 100644
+--- a/include/http_protocol.h
++++ b/include/http_protocol.h
+@@ -96,6 +96,13 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r);
+ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
+ apr_bucket_brigade *bb);
+
++/**
++ * Run post_read_request hook and validate.
++ * @param r The current request
++ * @return OK or HTTP_...
++ */
++AP_DECLARE(int) ap_post_read_request(request_rec *r);
++
+ /* Finish up stuff after a request */
+
+ /**
+diff --git a/modules/http/http_request.c b/modules/http/http_request.c
+index c9ae5af..d59cfe2 100644
+--- a/modules/http/http_request.c
++++ b/modules/http/http_request.c
+@@ -680,7 +680,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
+ * to do their thing on internal redirects as well. Perhaps this is a
+ * misnamed function.
+ */
+- if ((access_status = ap_run_post_read_request(new))) {
++ if ((access_status = ap_post_read_request(new))) {
+ ap_die(access_status, new);
+ return NULL;
+ }
+diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
+index 7c4fb95..900f050 100644
+--- a/modules/http2/h2_request.c
++++ b/modules/http2/h2_request.c
+@@ -369,8 +369,8 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c)
+ */
+ ap_add_input_filter_handle(ap_http_input_filter_handle,
+ NULL, r, r->connection);
+-
+- if ((access_status = ap_run_post_read_request(r))) {
++
++ if ((access_status = ap_post_read_request(r))) {
+ /* Request check post hooks failed. An example of this would be a
+ * request for a vhost where h2 is disabled --> 421.
+ */
+diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
+index 3fb84c8..b3aafcc 100644
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -775,13 +775,13 @@ static int proxy_detect(request_rec *r)
+
+ /* Ick... msvc (perhaps others) promotes ternary short results to int */
+
+- if (conf->req && r->parsed_uri.scheme) {
++ if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
+ /* but it might be something vhosted */
+- if (!(r->parsed_uri.hostname
+- && !ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r))
+- && ap_matches_request_vhost(r, r->parsed_uri.hostname,
+- (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
+- : ap_default_port(r))))) {
++ if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
++ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
++ (apr_port_t)(r->parsed_uri.port_str
++ ? r->parsed_uri.port
++ : ap_default_port(r)))) {
+ r->proxyreq = PROXYREQ_PROXY;
+ r->uri = r->unparsed_uri;
+ r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
+@@ -2007,6 +2007,7 @@ static const char *
+ struct proxy_alias *new;
+ char *f = cmd->path;
+ char *r = NULL;
++ const char *real;
+ char *word;
+ apr_table_t *params = apr_table_make(cmd->pool, 5);
+ const apr_array_header_t *arr;
+@@ -2094,6 +2095,10 @@ static const char *
+ return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
+ }
+
++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
++ return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
++ }
++
+ /* if per directory, save away the single alias */
+ if (cmd->path) {
+ dconf->alias = apr_pcalloc(cmd->pool, sizeof(struct proxy_alias));
+@@ -2109,7 +2114,7 @@ static const char *
+ }
+
+ new->fake = apr_pstrdup(cmd->pool, f);
+- new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r));
++ new->real = apr_pstrdup(cmd->pool, real);
+ new->flags = flags;
+ if (worker_type & AP_PROXY_WORKER_IS_MATCH) {
+ new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
+@@ -2635,6 +2640,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
+ proxy_worker *worker;
+ char *path = cmd->path;
+ char *name = NULL;
++ const char *real;
+ char *word;
+ apr_table_t *params = apr_table_make(cmd->pool, 5);
+ const apr_array_header_t *arr;
+@@ -2676,6 +2682,10 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
+ if (!name)
+ return "BalancerMember must define remote proxy server";
+
++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
++ return "BalancerMember uses an invalid \"unix:\" URL";
++ }
++
+ ap_str_tolower(path); /* lowercase scheme://hostname */
+
+ /* Try to find the balancer */
+@@ -2687,8 +2697,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
+ }
+
+ /* Try to find existing worker */
+- worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf,
+- ap_proxy_de_socketfy(cmd->temp_pool, name));
++ worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
+ if (!worker) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
+ "Defining worker '%s' for balancer '%s'",
+@@ -2785,9 +2794,14 @@ static const char *
+ }
+ }
+ else {
++ const char *real;
++
++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
++ return "ProxySet uses an invalid \"unix:\" URL";
++ }
++
+ worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, conf,
+- ap_proxy_de_socketfy(cmd->temp_pool, name),
+- worker_type);
++ real, worker_type);
+ if (!worker) {
+ if (in_proxy_section) {
+ err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL,
+@@ -2930,9 +2944,14 @@ static const char *proxysection(cmd_parms *cmd, void *mconfig, const char *arg)
+ }
+ }
+ else {
++ const char *real;
++
++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
++ return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
++ }
++
+ worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, sconf,
+- ap_proxy_de_socketfy(cmd->temp_pool, conf->p),
+- worker_type);
++ real, worker_type);
+ if (!worker) {
+ err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, sconf,
+ conf->p, worker_type);
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index f291a0d..3511688 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -1742,6 +1742,9 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
+ }
+
+ url = ap_proxy_de_socketfy(p, url);
++ if (!url) {
++ return NULL;
++ }
+
+ c = ap_strchr_c(url, ':');
+ if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
+diff --git a/server/protocol.c b/server/protocol.c
+index 3d74c5b..2214f72 100644
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -1548,7 +1548,7 @@ request_rec *ap_read_request(conn_rec *conn)
+ /* we may have switched to another server */
+ apply_server_config(r);
+
+- if ((access_status = ap_run_post_read_request(r))) {
++ if ((access_status = ap_post_read_request(r))) {
+ goto die;
+ }
+
+@@ -1603,6 +1603,27 @@ ignore:
+ return NULL;
+ }
+
++AP_DECLARE(int) ap_post_read_request(request_rec *r)
++{
++ int status;
++
++ if ((status = ap_run_post_read_request(r))) {
++ return status;
++ }
++
++ /* Enforce http(s) only scheme for non-forward-proxy requests */
++ if (!r->proxyreq
++ && r->parsed_uri.scheme
++ && (ap_cstr_casecmpn(r->parsed_uri.scheme, "http", 4) != 0
++ || (r->parsed_uri.scheme[4] != '\0'
++ && (apr_tolower(r->parsed_uri.scheme[4]) != 's'
++ || r->parsed_uri.scheme[5] != '\0')))) {
++ return HTTP_BAD_REQUEST;
++ }
++
++ return OK;
++}
++
+ /* if a request with a body creates a subrequest, remove original request's
+ * input headers which pertain to the body which has already been read.
+ * out-of-line helper function for ap_set_sub_req_protocol.
+--
+2.17.1
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
new file mode 100644
index 000000000..b464a452b
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
@@ -0,0 +1,110 @@
+From 994610ea76b6e1b3f198101af31564e6c4e8fc0f Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 13 Jan 2022 14:47:56 +0800
+Subject: [PATCH] Merge of r1895981,r1895986 from trunk:
+
+ *) mod_proxy: Don't prevent forwarding URIs w/ no hostname.
+ (fix for r1895955 already in 2.4.x)
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896044 13f79535-47bb-0310-9956-ffa450edef68
+
+CVE: CVE-2021-44224
+Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896044]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ modules/proxy/mod_proxy.c | 5 +++--
+ modules/proxy/mod_proxy.h | 1 +
+ modules/proxy/proxy_util.c | 22 ++++++++++++----------
+ 3 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
+index b3aafcc..a28bea4 100644
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -775,9 +775,10 @@ static int proxy_detect(request_rec *r)
+
+ /* Ick... msvc (perhaps others) promotes ternary short results to int */
+
+- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
++ if (conf->req && r->parsed_uri.scheme) {
+ /* but it might be something vhosted */
+- if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
++ if (!r->parsed_uri.hostname
++ || ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
+ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
+ (apr_port_t)(r->parsed_uri.port_str
+ ? r->parsed_uri.port
+diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
+index 1219e9f..47899d7 100644
+--- a/modules/proxy/mod_proxy.h
++++ b/modules/proxy/mod_proxy.h
+@@ -750,6 +750,7 @@ PROXY_DECLARE(int) ap_proxy_worker_can_upgrade(apr_pool_t *p,
+ #define AP_PROXY_WORKER_IS_PREFIX (1u << 0)
+ #define AP_PROXY_WORKER_IS_MATCH (1u << 1)
+ #define AP_PROXY_WORKER_IS_MALLOCED (1u << 2)
++#define AP_PROXY_WORKER_NO_UDS (1u << 3)
+
+ /**
+ * Get the worker from proxy configuration, looking for either PREFIXED or
+diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
+index 3511688..d578452 100644
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -1741,9 +1741,11 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
+ return NULL;
+ }
+
+- url = ap_proxy_de_socketfy(p, url);
+- if (!url) {
+- return NULL;
++ if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
++ url = ap_proxy_de_socketfy(p, url);
++ if (!url) {
++ return NULL;
++ }
+ }
+
+ c = ap_strchr_c(url, ':');
+@@ -2326,22 +2328,22 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
+
+ access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
+ if (access_status == DECLINED && *balancer == NULL) {
+- *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
++ const int forward = (r->proxyreq == PROXYREQ_PROXY);
++ *worker = ap_proxy_get_worker_ex(r->pool, NULL, conf, *url,
++ forward ? AP_PROXY_WORKER_NO_UDS : 0);
+ if (*worker) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+ "%s: found worker %s for %s",
+ (*worker)->s->scheme, (*worker)->s->name, *url);
+- *balancer = NULL;
+- if (!fix_uds_filename(r, url)) {
++ if (!forward && !fix_uds_filename(r, url)) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ access_status = OK;
+ }
+- else if (r->proxyreq == PROXYREQ_PROXY) {
++ else if (forward) {
+ if (conf->forward) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+ "*: found forward proxy worker for %s", *url);
+- *balancer = NULL;
+ *worker = conf->forward;
+ access_status = OK;
+ /*
+@@ -2355,8 +2357,8 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
+ else if (r->proxyreq == PROXYREQ_REVERSE) {
+ if (conf->reverse) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+- "*: using default reverse proxy worker for %s (no keepalive)", *url);
+- *balancer = NULL;
++ "*: using default reverse proxy worker for %s "
++ "(no keepalive)", *url);
+ *worker = conf->reverse;
+ access_status = OK;
+ /*
+--
+2.17.1
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
new file mode 100644
index 000000000..4bef9519c
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
@@ -0,0 +1,32 @@
+From 7e17af6bc469e9cdded01a3f076043892d9d9a58 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 13 Jan 2022 13:50:20 +0800
+Subject: [PATCH] Merge r1895970 from trunk:
+
+ *) mod_lua: Improve error handling
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896039 13f79535-47bb-0310-9956-ffa450edef68
+
+CVE: CVE-2021-44790
+Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896039]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ modules/lua/lua_request.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
+index 67ff432..493b2bb 100644
+--- a/modules/lua/lua_request.c
++++ b/modules/lua/lua_request.c
+@@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L)
+ if (end == NULL) break;
+ key = (char *) apr_pcalloc(r->pool, 256);
+ filename = (char *) apr_pcalloc(r->pool, 256);
++ if (end - crlf <= 8) break;
+ vlen = end - crlf - 8;
+ buffer = (char *) apr_pcalloc(r->pool, vlen+1);
+ memcpy(buffer, crlf + 4, vlen);
+--
+2.17.1
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
index d6e736d31..233543af8 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
@@ -15,6 +15,9 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0007-apache2-allow-to-disable-selinux-support.patch \
file://apache-configure_perlbin.patch \
file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \
+ file://CVE-2021-44790.patch \
+ file://CVE-2021-44224-1.patch \
+ file://CVE-2021-44224-2.patch \
"
SRC_URI_append_class-target = " \
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [oe] [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224
2022-01-13 8:02 [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224 changqing.li
@ 2022-01-15 14:16 ` akuster808
2022-01-17 3:54 ` Changqing Li
0 siblings, 1 reply; 3+ messages in thread
From: akuster808 @ 2022-01-15 14:16 UTC (permalink / raw)
To: Changqing Li, openembedded-devel
On 1/13/22 12:02 AM, Changqing Li wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> .../apache2/apache2/CVE-2021-44224-1.patch | 282 ++++++++++++++++++
> .../apache2/apache2/CVE-2021-44224-2.patch | 110 +++++++
> .../apache2/apache2/CVE-2021-44790.patch | 32 ++
> .../recipes-httpd/apache2/apache2_2.4.51.bb | 3 +
> 4 files changed, 427 insertions(+)
> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
There is an apache update siting in stable/hardknott-nut.
FYI, apache 2.4.x is an LTS version so package updates are allowed as
they only contain bug fixes
-armin
>
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
> new file mode 100644
> index 000000000..90efafb6a
> --- /dev/null
> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
> @@ -0,0 +1,282 @@
> +From 14e54221476e45a6a63c7c656bf967f1fe810b3f Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 13 Jan 2022 14:37:50 +0800
> +Subject: [PATCH] Merge r1895914, r1895921 from trunk:
> +
> + *) http: Enforce that fully qualified uri-paths not to be forward-proxied
> + have an http(s) scheme, and that the ones to be forward proxied have a
> + hostname, per HTTP specifications.
> + trunk patch: http://svn.apache.org/r1895914
> + http://svn.apache.org/r1895921
> + 2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/286.patch
> + backport PR: https://github.com/apache/httpd/pull/286
> + +1: ylavic, minfrin, gbechis
> +
> +mod_proxy: Detect unix: scheme syntax errors at load time.
> +
> +* modules/proxy/mod_proxy.c(add_pass, add_member, set_proxy_param,
> + proxysection):
> + Check return value of ap_proxy_de_socketfy().
> +
> +* modules/proxy/proxy_util.c(ap_proxy_get_worker_ex):
> + Check return value of ap_proxy_de_socketfy().
> +
> +http: Enforce that fully qualified uri-paths not to be forward-proxied
> + have an http(s) scheme, and that the ones to be forward proxied have a
> + hostname, per HTTP specifications.
> +
> +The early checks avoid failing the request later on and thus save cycles
> +for those invalid cases.
> +
> +Submitted by: ylavic
> +Reviewed by: ylavic, minfrin, gbechis
> +Closes #286
> +
> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1895955 13f79535-47bb-0310-9956-ffa450edef68
> +
> +CVE: CVE-2021-44224
> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1895955]
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + include/ap_mmn.h | 2 +-
> + include/http_protocol.h | 7 ++++++
> + modules/http/http_request.c | 2 +-
> + modules/http2/h2_request.c | 4 ++--
> + modules/proxy/mod_proxy.c | 45 ++++++++++++++++++++++++++-----------
> + modules/proxy/proxy_util.c | 3 +++
> + server/protocol.c | 23 ++++++++++++++++++-
> + 7 files changed, 68 insertions(+), 18 deletions(-)
> +
> +diff --git a/include/ap_mmn.h b/include/ap_mmn.h
> +index 942e6d4..f2eee7a 100644
> +--- a/include/ap_mmn.h
> ++++ b/include/ap_mmn.h
> +@@ -589,7 +589,7 @@
> + #ifndef MODULE_MAGIC_NUMBER_MAJOR
> + #define MODULE_MAGIC_NUMBER_MAJOR 20120211
> + #endif
> +-#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */
> ++#define MODULE_MAGIC_NUMBER_MINOR 119 /* 0...n */
> +
> + /**
> + * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
> +diff --git a/include/http_protocol.h b/include/http_protocol.h
> +index 9ccac89..20bd202 100644
> +--- a/include/http_protocol.h
> ++++ b/include/http_protocol.h
> +@@ -96,6 +96,13 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r);
> + AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
> + apr_bucket_brigade *bb);
> +
> ++/**
> ++ * Run post_read_request hook and validate.
> ++ * @param r The current request
> ++ * @return OK or HTTP_...
> ++ */
> ++AP_DECLARE(int) ap_post_read_request(request_rec *r);
> ++
> + /* Finish up stuff after a request */
> +
> + /**
> +diff --git a/modules/http/http_request.c b/modules/http/http_request.c
> +index c9ae5af..d59cfe2 100644
> +--- a/modules/http/http_request.c
> ++++ b/modules/http/http_request.c
> +@@ -680,7 +680,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
> + * to do their thing on internal redirects as well. Perhaps this is a
> + * misnamed function.
> + */
> +- if ((access_status = ap_run_post_read_request(new))) {
> ++ if ((access_status = ap_post_read_request(new))) {
> + ap_die(access_status, new);
> + return NULL;
> + }
> +diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
> +index 7c4fb95..900f050 100644
> +--- a/modules/http2/h2_request.c
> ++++ b/modules/http2/h2_request.c
> +@@ -369,8 +369,8 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c)
> + */
> + ap_add_input_filter_handle(ap_http_input_filter_handle,
> + NULL, r, r->connection);
> +-
> +- if ((access_status = ap_run_post_read_request(r))) {
> ++
> ++ if ((access_status = ap_post_read_request(r))) {
> + /* Request check post hooks failed. An example of this would be a
> + * request for a vhost where h2 is disabled --> 421.
> + */
> +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
> +index 3fb84c8..b3aafcc 100644
> +--- a/modules/proxy/mod_proxy.c
> ++++ b/modules/proxy/mod_proxy.c
> +@@ -775,13 +775,13 @@ static int proxy_detect(request_rec *r)
> +
> + /* Ick... msvc (perhaps others) promotes ternary short results to int */
> +
> +- if (conf->req && r->parsed_uri.scheme) {
> ++ if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
> + /* but it might be something vhosted */
> +- if (!(r->parsed_uri.hostname
> +- && !ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r))
> +- && ap_matches_request_vhost(r, r->parsed_uri.hostname,
> +- (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
> +- : ap_default_port(r))))) {
> ++ if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
> ++ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
> ++ (apr_port_t)(r->parsed_uri.port_str
> ++ ? r->parsed_uri.port
> ++ : ap_default_port(r)))) {
> + r->proxyreq = PROXYREQ_PROXY;
> + r->uri = r->unparsed_uri;
> + r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
> +@@ -2007,6 +2007,7 @@ static const char *
> + struct proxy_alias *new;
> + char *f = cmd->path;
> + char *r = NULL;
> ++ const char *real;
> + char *word;
> + apr_table_t *params = apr_table_make(cmd->pool, 5);
> + const apr_array_header_t *arr;
> +@@ -2094,6 +2095,10 @@ static const char *
> + return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
> + }
> +
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
> ++ return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
> ++ }
> ++
> + /* if per directory, save away the single alias */
> + if (cmd->path) {
> + dconf->alias = apr_pcalloc(cmd->pool, sizeof(struct proxy_alias));
> +@@ -2109,7 +2114,7 @@ static const char *
> + }
> +
> + new->fake = apr_pstrdup(cmd->pool, f);
> +- new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r));
> ++ new->real = apr_pstrdup(cmd->pool, real);
> + new->flags = flags;
> + if (worker_type & AP_PROXY_WORKER_IS_MATCH) {
> + new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
> +@@ -2635,6 +2640,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
> + proxy_worker *worker;
> + char *path = cmd->path;
> + char *name = NULL;
> ++ const char *real;
> + char *word;
> + apr_table_t *params = apr_table_make(cmd->pool, 5);
> + const apr_array_header_t *arr;
> +@@ -2676,6 +2682,10 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
> + if (!name)
> + return "BalancerMember must define remote proxy server";
> +
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
> ++ return "BalancerMember uses an invalid \"unix:\" URL";
> ++ }
> ++
> + ap_str_tolower(path); /* lowercase scheme://hostname */
> +
> + /* Try to find the balancer */
> +@@ -2687,8 +2697,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
> + }
> +
> + /* Try to find existing worker */
> +- worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf,
> +- ap_proxy_de_socketfy(cmd->temp_pool, name));
> ++ worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
> + if (!worker) {
> + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
> + "Defining worker '%s' for balancer '%s'",
> +@@ -2785,9 +2794,14 @@ static const char *
> + }
> + }
> + else {
> ++ const char *real;
> ++
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
> ++ return "ProxySet uses an invalid \"unix:\" URL";
> ++ }
> ++
> + worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, conf,
> +- ap_proxy_de_socketfy(cmd->temp_pool, name),
> +- worker_type);
> ++ real, worker_type);
> + if (!worker) {
> + if (in_proxy_section) {
> + err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL,
> +@@ -2930,9 +2944,14 @@ static const char *proxysection(cmd_parms *cmd, void *mconfig, const char *arg)
> + }
> + }
> + else {
> ++ const char *real;
> ++
> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
> ++ return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
> ++ }
> ++
> + worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, sconf,
> +- ap_proxy_de_socketfy(cmd->temp_pool, conf->p),
> +- worker_type);
> ++ real, worker_type);
> + if (!worker) {
> + err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, sconf,
> + conf->p, worker_type);
> +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
> +index f291a0d..3511688 100644
> +--- a/modules/proxy/proxy_util.c
> ++++ b/modules/proxy/proxy_util.c
> +@@ -1742,6 +1742,9 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
> + }
> +
> + url = ap_proxy_de_socketfy(p, url);
> ++ if (!url) {
> ++ return NULL;
> ++ }
> +
> + c = ap_strchr_c(url, ':');
> + if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
> +diff --git a/server/protocol.c b/server/protocol.c
> +index 3d74c5b..2214f72 100644
> +--- a/server/protocol.c
> ++++ b/server/protocol.c
> +@@ -1548,7 +1548,7 @@ request_rec *ap_read_request(conn_rec *conn)
> + /* we may have switched to another server */
> + apply_server_config(r);
> +
> +- if ((access_status = ap_run_post_read_request(r))) {
> ++ if ((access_status = ap_post_read_request(r))) {
> + goto die;
> + }
> +
> +@@ -1603,6 +1603,27 @@ ignore:
> + return NULL;
> + }
> +
> ++AP_DECLARE(int) ap_post_read_request(request_rec *r)
> ++{
> ++ int status;
> ++
> ++ if ((status = ap_run_post_read_request(r))) {
> ++ return status;
> ++ }
> ++
> ++ /* Enforce http(s) only scheme for non-forward-proxy requests */
> ++ if (!r->proxyreq
> ++ && r->parsed_uri.scheme
> ++ && (ap_cstr_casecmpn(r->parsed_uri.scheme, "http", 4) != 0
> ++ || (r->parsed_uri.scheme[4] != '\0'
> ++ && (apr_tolower(r->parsed_uri.scheme[4]) != 's'
> ++ || r->parsed_uri.scheme[5] != '\0')))) {
> ++ return HTTP_BAD_REQUEST;
> ++ }
> ++
> ++ return OK;
> ++}
> ++
> + /* if a request with a body creates a subrequest, remove original request's
> + * input headers which pertain to the body which has already been read.
> + * out-of-line helper function for ap_set_sub_req_protocol.
> +--
> +2.17.1
> +
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
> new file mode 100644
> index 000000000..b464a452b
> --- /dev/null
> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
> @@ -0,0 +1,110 @@
> +From 994610ea76b6e1b3f198101af31564e6c4e8fc0f Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 13 Jan 2022 14:47:56 +0800
> +Subject: [PATCH] Merge of r1895981,r1895986 from trunk:
> +
> + *) mod_proxy: Don't prevent forwarding URIs w/ no hostname.
> + (fix for r1895955 already in 2.4.x)
> +
> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896044 13f79535-47bb-0310-9956-ffa450edef68
> +
> +CVE: CVE-2021-44224
> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896044]
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + modules/proxy/mod_proxy.c | 5 +++--
> + modules/proxy/mod_proxy.h | 1 +
> + modules/proxy/proxy_util.c | 22 ++++++++++++----------
> + 3 files changed, 16 insertions(+), 12 deletions(-)
> +
> +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
> +index b3aafcc..a28bea4 100644
> +--- a/modules/proxy/mod_proxy.c
> ++++ b/modules/proxy/mod_proxy.c
> +@@ -775,9 +775,10 @@ static int proxy_detect(request_rec *r)
> +
> + /* Ick... msvc (perhaps others) promotes ternary short results to int */
> +
> +- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
> ++ if (conf->req && r->parsed_uri.scheme) {
> + /* but it might be something vhosted */
> +- if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
> ++ if (!r->parsed_uri.hostname
> ++ || ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
> + || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
> + (apr_port_t)(r->parsed_uri.port_str
> + ? r->parsed_uri.port
> +diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
> +index 1219e9f..47899d7 100644
> +--- a/modules/proxy/mod_proxy.h
> ++++ b/modules/proxy/mod_proxy.h
> +@@ -750,6 +750,7 @@ PROXY_DECLARE(int) ap_proxy_worker_can_upgrade(apr_pool_t *p,
> + #define AP_PROXY_WORKER_IS_PREFIX (1u << 0)
> + #define AP_PROXY_WORKER_IS_MATCH (1u << 1)
> + #define AP_PROXY_WORKER_IS_MALLOCED (1u << 2)
> ++#define AP_PROXY_WORKER_NO_UDS (1u << 3)
> +
> + /**
> + * Get the worker from proxy configuration, looking for either PREFIXED or
> +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
> +index 3511688..d578452 100644
> +--- a/modules/proxy/proxy_util.c
> ++++ b/modules/proxy/proxy_util.c
> +@@ -1741,9 +1741,11 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
> + return NULL;
> + }
> +
> +- url = ap_proxy_de_socketfy(p, url);
> +- if (!url) {
> +- return NULL;
> ++ if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
> ++ url = ap_proxy_de_socketfy(p, url);
> ++ if (!url) {
> ++ return NULL;
> ++ }
> + }
> +
> + c = ap_strchr_c(url, ':');
> +@@ -2326,22 +2328,22 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
> +
> + access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
> + if (access_status == DECLINED && *balancer == NULL) {
> +- *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
> ++ const int forward = (r->proxyreq == PROXYREQ_PROXY);
> ++ *worker = ap_proxy_get_worker_ex(r->pool, NULL, conf, *url,
> ++ forward ? AP_PROXY_WORKER_NO_UDS : 0);
> + if (*worker) {
> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
> + "%s: found worker %s for %s",
> + (*worker)->s->scheme, (*worker)->s->name, *url);
> +- *balancer = NULL;
> +- if (!fix_uds_filename(r, url)) {
> ++ if (!forward && !fix_uds_filename(r, url)) {
> + return HTTP_INTERNAL_SERVER_ERROR;
> + }
> + access_status = OK;
> + }
> +- else if (r->proxyreq == PROXYREQ_PROXY) {
> ++ else if (forward) {
> + if (conf->forward) {
> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
> + "*: found forward proxy worker for %s", *url);
> +- *balancer = NULL;
> + *worker = conf->forward;
> + access_status = OK;
> + /*
> +@@ -2355,8 +2357,8 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
> + else if (r->proxyreq == PROXYREQ_REVERSE) {
> + if (conf->reverse) {
> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
> +- "*: using default reverse proxy worker for %s (no keepalive)", *url);
> +- *balancer = NULL;
> ++ "*: using default reverse proxy worker for %s "
> ++ "(no keepalive)", *url);
> + *worker = conf->reverse;
> + access_status = OK;
> + /*
> +--
> +2.17.1
> +
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
> new file mode 100644
> index 000000000..4bef9519c
> --- /dev/null
> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
> @@ -0,0 +1,32 @@
> +From 7e17af6bc469e9cdded01a3f076043892d9d9a58 Mon Sep 17 00:00:00 2001
> +From: Changqing Li <changqing.li@windriver.com>
> +Date: Thu, 13 Jan 2022 13:50:20 +0800
> +Subject: [PATCH] Merge r1895970 from trunk:
> +
> + *) mod_lua: Improve error handling
> +
> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896039 13f79535-47bb-0310-9956-ffa450edef68
> +
> +CVE: CVE-2021-44790
> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896039]
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + modules/lua/lua_request.c | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
> +index 67ff432..493b2bb 100644
> +--- a/modules/lua/lua_request.c
> ++++ b/modules/lua/lua_request.c
> +@@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L)
> + if (end == NULL) break;
> + key = (char *) apr_pcalloc(r->pool, 256);
> + filename = (char *) apr_pcalloc(r->pool, 256);
> ++ if (end - crlf <= 8) break;
> + vlen = end - crlf - 8;
> + buffer = (char *) apr_pcalloc(r->pool, vlen+1);
> + memcpy(buffer, crlf + 4, vlen);
> +--
> +2.17.1
> +
> diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
> index d6e736d31..233543af8 100644
> --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
> +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
> @@ -15,6 +15,9 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
> file://0007-apache2-allow-to-disable-selinux-support.patch \
> file://apache-configure_perlbin.patch \
> file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \
> + file://CVE-2021-44790.patch \
> + file://CVE-2021-44224-1.patch \
> + file://CVE-2021-44224-2.patch \
> "
>
> SRC_URI_append_class-target = " \
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#94800): https://lists.openembedded.org/g/openembedded-devel/message/94800
> Mute This Topic: https://lists.openembedded.org/mt/88392787/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe] [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224
2022-01-15 14:16 ` [oe] " akuster808
@ 2022-01-17 3:54 ` Changqing Li
0 siblings, 0 replies; 3+ messages in thread
From: Changqing Li @ 2022-01-17 3:54 UTC (permalink / raw)
To: akuster808, openembedded-devel
On 1/15/22 10:16 PM, akuster808 wrote:
> [Please note: This e-mail is from an EXTERNAL e-mail address]
>
> On 1/13/22 12:02 AM, Changqing Li wrote:
>> From: Changqing Li <changqing.li@windriver.com>
>>
>> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> ---
>> .../apache2/apache2/CVE-2021-44224-1.patch | 282 ++++++++++++++++++
>> .../apache2/apache2/CVE-2021-44224-2.patch | 110 +++++++
>> .../apache2/apache2/CVE-2021-44790.patch | 32 ++
>> .../recipes-httpd/apache2/apache2_2.4.51.bb | 3 +
>> 4 files changed, 427 insertions(+)
>> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
>> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
>> create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
> There is an apache update siting in stable/hardknott-nut.
>
> FYI, apache 2.4.x is an LTS version so package updates are allowed as
> they only contain bug fixes
>
> -armin
OK, thanks. I cannot see branch stable/hardknott-nut on
https://git.openembedded.org/meta-openembedded/refs/heads.
So the patches on stable/hardknott-nut will be merged to branch
hardknott periodly?
//chang qing
>> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
>> new file mode 100644
>> index 000000000..90efafb6a
>> --- /dev/null
>> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-1.patch
>> @@ -0,0 +1,282 @@
>> +From 14e54221476e45a6a63c7c656bf967f1fe810b3f Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 13 Jan 2022 14:37:50 +0800
>> +Subject: [PATCH] Merge r1895914, r1895921 from trunk:
>> +
>> + *) http: Enforce that fully qualified uri-paths not to be forward-proxied
>> + have an http(s) scheme, and that the ones to be forward proxied have a
>> + hostname, per HTTP specifications.
>> + trunk patch: http://svn.apache.org/r1895914
>> + http://svn.apache.org/r1895921
>> + 2.4.x patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/286.patch
>> + backport PR: https://github.com/apache/httpd/pull/286
>> + +1: ylavic, minfrin, gbechis
>> +
>> +mod_proxy: Detect unix: scheme syntax errors at load time.
>> +
>> +* modules/proxy/mod_proxy.c(add_pass, add_member, set_proxy_param,
>> + proxysection):
>> + Check return value of ap_proxy_de_socketfy().
>> +
>> +* modules/proxy/proxy_util.c(ap_proxy_get_worker_ex):
>> + Check return value of ap_proxy_de_socketfy().
>> +
>> +http: Enforce that fully qualified uri-paths not to be forward-proxied
>> + have an http(s) scheme, and that the ones to be forward proxied have a
>> + hostname, per HTTP specifications.
>> +
>> +The early checks avoid failing the request later on and thus save cycles
>> +for those invalid cases.
>> +
>> +Submitted by: ylavic
>> +Reviewed by: ylavic, minfrin, gbechis
>> +Closes #286
>> +
>> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1895955 13f79535-47bb-0310-9956-ffa450edef68
>> +
>> +CVE: CVE-2021-44224
>> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1895955]
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + include/ap_mmn.h | 2 +-
>> + include/http_protocol.h | 7 ++++++
>> + modules/http/http_request.c | 2 +-
>> + modules/http2/h2_request.c | 4 ++--
>> + modules/proxy/mod_proxy.c | 45 ++++++++++++++++++++++++++-----------
>> + modules/proxy/proxy_util.c | 3 +++
>> + server/protocol.c | 23 ++++++++++++++++++-
>> + 7 files changed, 68 insertions(+), 18 deletions(-)
>> +
>> +diff --git a/include/ap_mmn.h b/include/ap_mmn.h
>> +index 942e6d4..f2eee7a 100644
>> +--- a/include/ap_mmn.h
>> ++++ b/include/ap_mmn.h
>> +@@ -589,7 +589,7 @@
>> + #ifndef MODULE_MAGIC_NUMBER_MAJOR
>> + #define MODULE_MAGIC_NUMBER_MAJOR 20120211
>> + #endif
>> +-#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */
>> ++#define MODULE_MAGIC_NUMBER_MINOR 119 /* 0...n */
>> +
>> + /**
>> + * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
>> +diff --git a/include/http_protocol.h b/include/http_protocol.h
>> +index 9ccac89..20bd202 100644
>> +--- a/include/http_protocol.h
>> ++++ b/include/http_protocol.h
>> +@@ -96,6 +96,13 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r);
>> + AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
>> + apr_bucket_brigade *bb);
>> +
>> ++/**
>> ++ * Run post_read_request hook and validate.
>> ++ * @param r The current request
>> ++ * @return OK or HTTP_...
>> ++ */
>> ++AP_DECLARE(int) ap_post_read_request(request_rec *r);
>> ++
>> + /* Finish up stuff after a request */
>> +
>> + /**
>> +diff --git a/modules/http/http_request.c b/modules/http/http_request.c
>> +index c9ae5af..d59cfe2 100644
>> +--- a/modules/http/http_request.c
>> ++++ b/modules/http/http_request.c
>> +@@ -680,7 +680,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
>> + * to do their thing on internal redirects as well. Perhaps this is a
>> + * misnamed function.
>> + */
>> +- if ((access_status = ap_run_post_read_request(new))) {
>> ++ if ((access_status = ap_post_read_request(new))) {
>> + ap_die(access_status, new);
>> + return NULL;
>> + }
>> +diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
>> +index 7c4fb95..900f050 100644
>> +--- a/modules/http2/h2_request.c
>> ++++ b/modules/http2/h2_request.c
>> +@@ -369,8 +369,8 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c)
>> + */
>> + ap_add_input_filter_handle(ap_http_input_filter_handle,
>> + NULL, r, r->connection);
>> +-
>> +- if ((access_status = ap_run_post_read_request(r))) {
>> ++
>> ++ if ((access_status = ap_post_read_request(r))) {
>> + /* Request check post hooks failed. An example of this would be a
>> + * request for a vhost where h2 is disabled --> 421.
>> + */
>> +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
>> +index 3fb84c8..b3aafcc 100644
>> +--- a/modules/proxy/mod_proxy.c
>> ++++ b/modules/proxy/mod_proxy.c
>> +@@ -775,13 +775,13 @@ static int proxy_detect(request_rec *r)
>> +
>> + /* Ick... msvc (perhaps others) promotes ternary short results to int */
>> +
>> +- if (conf->req && r->parsed_uri.scheme) {
>> ++ if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
>> + /* but it might be something vhosted */
>> +- if (!(r->parsed_uri.hostname
>> +- && !ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r))
>> +- && ap_matches_request_vhost(r, r->parsed_uri.hostname,
>> +- (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
>> +- : ap_default_port(r))))) {
>> ++ if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
>> ++ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
>> ++ (apr_port_t)(r->parsed_uri.port_str
>> ++ ? r->parsed_uri.port
>> ++ : ap_default_port(r)))) {
>> + r->proxyreq = PROXYREQ_PROXY;
>> + r->uri = r->unparsed_uri;
>> + r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
>> +@@ -2007,6 +2007,7 @@ static const char *
>> + struct proxy_alias *new;
>> + char *f = cmd->path;
>> + char *r = NULL;
>> ++ const char *real;
>> + char *word;
>> + apr_table_t *params = apr_table_make(cmd->pool, 5);
>> + const apr_array_header_t *arr;
>> +@@ -2094,6 +2095,10 @@ static const char *
>> + return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
>> + }
>> +
>> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
>> ++ return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
>> ++ }
>> ++
>> + /* if per directory, save away the single alias */
>> + if (cmd->path) {
>> + dconf->alias = apr_pcalloc(cmd->pool, sizeof(struct proxy_alias));
>> +@@ -2109,7 +2114,7 @@ static const char *
>> + }
>> +
>> + new->fake = apr_pstrdup(cmd->pool, f);
>> +- new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r));
>> ++ new->real = apr_pstrdup(cmd->pool, real);
>> + new->flags = flags;
>> + if (worker_type & AP_PROXY_WORKER_IS_MATCH) {
>> + new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
>> +@@ -2635,6 +2640,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
>> + proxy_worker *worker;
>> + char *path = cmd->path;
>> + char *name = NULL;
>> ++ const char *real;
>> + char *word;
>> + apr_table_t *params = apr_table_make(cmd->pool, 5);
>> + const apr_array_header_t *arr;
>> +@@ -2676,6 +2682,10 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
>> + if (!name)
>> + return "BalancerMember must define remote proxy server";
>> +
>> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
>> ++ return "BalancerMember uses an invalid \"unix:\" URL";
>> ++ }
>> ++
>> + ap_str_tolower(path); /* lowercase scheme://hostname */
>> +
>> + /* Try to find the balancer */
>> +@@ -2687,8 +2697,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
>> + }
>> +
>> + /* Try to find existing worker */
>> +- worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf,
>> +- ap_proxy_de_socketfy(cmd->temp_pool, name));
>> ++ worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
>> + if (!worker) {
>> + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
>> + "Defining worker '%s' for balancer '%s'",
>> +@@ -2785,9 +2794,14 @@ static const char *
>> + }
>> + }
>> + else {
>> ++ const char *real;
>> ++
>> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
>> ++ return "ProxySet uses an invalid \"unix:\" URL";
>> ++ }
>> ++
>> + worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, conf,
>> +- ap_proxy_de_socketfy(cmd->temp_pool, name),
>> +- worker_type);
>> ++ real, worker_type);
>> + if (!worker) {
>> + if (in_proxy_section) {
>> + err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL,
>> +@@ -2930,9 +2944,14 @@ static const char *proxysection(cmd_parms *cmd, void *mconfig, const char *arg)
>> + }
>> + }
>> + else {
>> ++ const char *real;
>> ++
>> ++ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
>> ++ return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
>> ++ }
>> ++
>> + worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, sconf,
>> +- ap_proxy_de_socketfy(cmd->temp_pool, conf->p),
>> +- worker_type);
>> ++ real, worker_type);
>> + if (!worker) {
>> + err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, sconf,
>> + conf->p, worker_type);
>> +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
>> +index f291a0d..3511688 100644
>> +--- a/modules/proxy/proxy_util.c
>> ++++ b/modules/proxy/proxy_util.c
>> +@@ -1742,6 +1742,9 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
>> + }
>> +
>> + url = ap_proxy_de_socketfy(p, url);
>> ++ if (!url) {
>> ++ return NULL;
>> ++ }
>> +
>> + c = ap_strchr_c(url, ':');
>> + if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
>> +diff --git a/server/protocol.c b/server/protocol.c
>> +index 3d74c5b..2214f72 100644
>> +--- a/server/protocol.c
>> ++++ b/server/protocol.c
>> +@@ -1548,7 +1548,7 @@ request_rec *ap_read_request(conn_rec *conn)
>> + /* we may have switched to another server */
>> + apply_server_config(r);
>> +
>> +- if ((access_status = ap_run_post_read_request(r))) {
>> ++ if ((access_status = ap_post_read_request(r))) {
>> + goto die;
>> + }
>> +
>> +@@ -1603,6 +1603,27 @@ ignore:
>> + return NULL;
>> + }
>> +
>> ++AP_DECLARE(int) ap_post_read_request(request_rec *r)
>> ++{
>> ++ int status;
>> ++
>> ++ if ((status = ap_run_post_read_request(r))) {
>> ++ return status;
>> ++ }
>> ++
>> ++ /* Enforce http(s) only scheme for non-forward-proxy requests */
>> ++ if (!r->proxyreq
>> ++ && r->parsed_uri.scheme
>> ++ && (ap_cstr_casecmpn(r->parsed_uri.scheme, "http", 4) != 0
>> ++ || (r->parsed_uri.scheme[4] != '\0'
>> ++ && (apr_tolower(r->parsed_uri.scheme[4]) != 's'
>> ++ || r->parsed_uri.scheme[5] != '\0')))) {
>> ++ return HTTP_BAD_REQUEST;
>> ++ }
>> ++
>> ++ return OK;
>> ++}
>> ++
>> + /* if a request with a body creates a subrequest, remove original request's
>> + * input headers which pertain to the body which has already been read.
>> + * out-of-line helper function for ap_set_sub_req_protocol.
>> +--
>> +2.17.1
>> +
>> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
>> new file mode 100644
>> index 000000000..b464a452b
>> --- /dev/null
>> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44224-2.patch
>> @@ -0,0 +1,110 @@
>> +From 994610ea76b6e1b3f198101af31564e6c4e8fc0f Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 13 Jan 2022 14:47:56 +0800
>> +Subject: [PATCH] Merge of r1895981,r1895986 from trunk:
>> +
>> + *) mod_proxy: Don't prevent forwarding URIs w/ no hostname.
>> + (fix for r1895955 already in 2.4.x)
>> +
>> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896044 13f79535-47bb-0310-9956-ffa450edef68
>> +
>> +CVE: CVE-2021-44224
>> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896044]
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + modules/proxy/mod_proxy.c | 5 +++--
>> + modules/proxy/mod_proxy.h | 1 +
>> + modules/proxy/proxy_util.c | 22 ++++++++++++----------
>> + 3 files changed, 16 insertions(+), 12 deletions(-)
>> +
>> +diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
>> +index b3aafcc..a28bea4 100644
>> +--- a/modules/proxy/mod_proxy.c
>> ++++ b/modules/proxy/mod_proxy.c
>> +@@ -775,9 +775,10 @@ static int proxy_detect(request_rec *r)
>> +
>> + /* Ick... msvc (perhaps others) promotes ternary short results to int */
>> +
>> +- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
>> ++ if (conf->req && r->parsed_uri.scheme) {
>> + /* but it might be something vhosted */
>> +- if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
>> ++ if (!r->parsed_uri.hostname
>> ++ || ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
>> + || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
>> + (apr_port_t)(r->parsed_uri.port_str
>> + ? r->parsed_uri.port
>> +diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
>> +index 1219e9f..47899d7 100644
>> +--- a/modules/proxy/mod_proxy.h
>> ++++ b/modules/proxy/mod_proxy.h
>> +@@ -750,6 +750,7 @@ PROXY_DECLARE(int) ap_proxy_worker_can_upgrade(apr_pool_t *p,
>> + #define AP_PROXY_WORKER_IS_PREFIX (1u << 0)
>> + #define AP_PROXY_WORKER_IS_MATCH (1u << 1)
>> + #define AP_PROXY_WORKER_IS_MALLOCED (1u << 2)
>> ++#define AP_PROXY_WORKER_NO_UDS (1u << 3)
>> +
>> + /**
>> + * Get the worker from proxy configuration, looking for either PREFIXED or
>> +diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
>> +index 3511688..d578452 100644
>> +--- a/modules/proxy/proxy_util.c
>> ++++ b/modules/proxy/proxy_util.c
>> +@@ -1741,9 +1741,11 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
>> + return NULL;
>> + }
>> +
>> +- url = ap_proxy_de_socketfy(p, url);
>> +- if (!url) {
>> +- return NULL;
>> ++ if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
>> ++ url = ap_proxy_de_socketfy(p, url);
>> ++ if (!url) {
>> ++ return NULL;
>> ++ }
>> + }
>> +
>> + c = ap_strchr_c(url, ':');
>> +@@ -2326,22 +2328,22 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
>> +
>> + access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
>> + if (access_status == DECLINED && *balancer == NULL) {
>> +- *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
>> ++ const int forward = (r->proxyreq == PROXYREQ_PROXY);
>> ++ *worker = ap_proxy_get_worker_ex(r->pool, NULL, conf, *url,
>> ++ forward ? AP_PROXY_WORKER_NO_UDS : 0);
>> + if (*worker) {
>> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
>> + "%s: found worker %s for %s",
>> + (*worker)->s->scheme, (*worker)->s->name, *url);
>> +- *balancer = NULL;
>> +- if (!fix_uds_filename(r, url)) {
>> ++ if (!forward && !fix_uds_filename(r, url)) {
>> + return HTTP_INTERNAL_SERVER_ERROR;
>> + }
>> + access_status = OK;
>> + }
>> +- else if (r->proxyreq == PROXYREQ_PROXY) {
>> ++ else if (forward) {
>> + if (conf->forward) {
>> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
>> + "*: found forward proxy worker for %s", *url);
>> +- *balancer = NULL;
>> + *worker = conf->forward;
>> + access_status = OK;
>> + /*
>> +@@ -2355,8 +2357,8 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
>> + else if (r->proxyreq == PROXYREQ_REVERSE) {
>> + if (conf->reverse) {
>> + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
>> +- "*: using default reverse proxy worker for %s (no keepalive)", *url);
>> +- *balancer = NULL;
>> ++ "*: using default reverse proxy worker for %s "
>> ++ "(no keepalive)", *url);
>> + *worker = conf->reverse;
>> + access_status = OK;
>> + /*
>> +--
>> +2.17.1
>> +
>> diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
>> new file mode 100644
>> index 000000000..4bef9519c
>> --- /dev/null
>> +++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-44790.patch
>> @@ -0,0 +1,32 @@
>> +From 7e17af6bc469e9cdded01a3f076043892d9d9a58 Mon Sep 17 00:00:00 2001
>> +From: Changqing Li <changqing.li@windriver.com>
>> +Date: Thu, 13 Jan 2022 13:50:20 +0800
>> +Subject: [PATCH] Merge r1895970 from trunk:
>> +
>> + *) mod_lua: Improve error handling
>> +
>> +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896039 13f79535-47bb-0310-9956-ffa450edef68
>> +
>> +CVE: CVE-2021-44790
>> +Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1896039]
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + modules/lua/lua_request.c | 1 +
>> + 1 file changed, 1 insertion(+)
>> +
>> +diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
>> +index 67ff432..493b2bb 100644
>> +--- a/modules/lua/lua_request.c
>> ++++ b/modules/lua/lua_request.c
>> +@@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L)
>> + if (end == NULL) break;
>> + key = (char *) apr_pcalloc(r->pool, 256);
>> + filename = (char *) apr_pcalloc(r->pool, 256);
>> ++ if (end - crlf <= 8) break;
>> + vlen = end - crlf - 8;
>> + buffer = (char *) apr_pcalloc(r->pool, vlen+1);
>> + memcpy(buffer, crlf + 4, vlen);
>> +--
>> +2.17.1
>> +
>> diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
>> index d6e736d31..233543af8 100644
>> --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
>> +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.51.bb
>> @@ -15,6 +15,9 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
>> file://0007-apache2-allow-to-disable-selinux-support.patch \
>> file://apache-configure_perlbin.patch \
>> file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \
>> + file://CVE-2021-44790.patch \
>> + file://CVE-2021-44224-1.patch \
>> + file://CVE-2021-44224-2.patch \
>> "
>>
>> SRC_URI_append_class-target = " \
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#94800): https://lists.openembedded.org/g/openembedded-devel/message/94800
>> Mute This Topic: https://lists.openembedded.org/mt/88392787/3616698
>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-17 3:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-13 8:02 [hardknott][meta-webserver][PATCH] apache2: fix CVE-2021-44790,CVE-2021-44224 changqing.li
2022-01-15 14:16 ` [oe] " akuster808
2022-01-17 3:54 ` Changqing Li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.