From cbd6091e3b8a31bb6ae6a427982309d6924ab7cd Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Tue, 9 Sep 2025 09:20:27 +0800
Subject: [PATCH 1/5] [CVE]update to httpd-2.4.37-65.5

to #ICX0N6

update to httpd-2.4.37-65.5 for CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 1000-httpd-anolis-rebrand.patch             | 370 ----------------
 1001-httpd-anolis-support-loongarch64.patch |  32 --
 httpd-2.4.37-CVE-2024-47252.patch           |  44 ++
 httpd-2.4.37-CVE-2025-23048.patch           |  56 +++
 httpd-2.4.37-CVE-2025-49812.patch           | 238 +++++++++++
 httpd-2.4.37-r1855391.patch                 |  48 +++
 httpd-2.4.37-sw.patch                       |  66 ---
 httpd.spec                                  | 450 ++++++++++----------
 8 files changed, 613 insertions(+), 691 deletions(-)
 delete mode 100644 1000-httpd-anolis-rebrand.patch
 delete mode 100644 1001-httpd-anolis-support-loongarch64.patch
 create mode 100644 httpd-2.4.37-CVE-2024-47252.patch
 create mode 100644 httpd-2.4.37-CVE-2025-23048.patch
 create mode 100644 httpd-2.4.37-CVE-2025-49812.patch
 create mode 100644 httpd-2.4.37-r1855391.patch
 delete mode 100644 httpd-2.4.37-sw.patch

diff --git a/1000-httpd-anolis-rebrand.patch b/1000-httpd-anolis-rebrand.patch
deleted file mode 100644
index 94aa798..0000000
--- a/1000-httpd-anolis-rebrand.patch
+++ /dev/null
@@ -1,370 +0,0 @@
-From de0dd0e04d3045426c4b0fd1d681c3a80575376b Mon Sep 17 00:00:00 2001
-From: zhangbinchen <zhangbinchen@uniontech.com>
-Date: Tue, 16 Mar 2021 18:17:35 +0800
-Subject: [PATCH] rebrand-for-anolis
-
-Signed-off-by: zhangbinchen <zhangbinchen@uniontech.com>
----
- docs/manual/developer/thread_safety.html.en |  2 +-
- docs/manual/index.html.de                   |  4 ++--
- docs/manual/index.html.en                   |  4 ++--
- docs/manual/index.html.es                   |  4 ++--
- docs/manual/index.html.fr.utf8              |  4 ++--
- docs/manual/index.html.ja.utf8              |  4 ++--
- docs/manual/index.html.tr.utf8              |  4 ++--
- docs/manual/index.html.zh-cn.utf8           |  4 ++--
- docs/manual/install.html.fr.utf8            |  4 ++--
- docs/manual/install.html.tr.utf8            |  4 ++--
- docs/manual/platform/index.html.en          |  4 ++--
- docs/manual/platform/index.html.fr.utf8     |  4 ++--
- docs/manual/platform/rpm.html.en            |  6 +++---
- docs/manual/platform/rpm.html.fr.utf8       |  6 +++---
- docs/manual/ssl/ssl_compat.html.en          | 10 ++--------
- docs/manual/ssl/ssl_compat.html.fr.utf8     | 11 ++---------
- 16 files changed, 33 insertions(+), 46 deletions(-)
-
-diff --git a/docs/manual/developer/thread_safety.html.en b/docs/manual/developer/thread_safety.html.en
-index e9e2130..e3fb303 100644
---- a/docs/manual/developer/thread_safety.html.en
-+++ b/docs/manual/developer/thread_safety.html.en
-@@ -304,4 +304,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.de b/docs/manual/index.html.de
-index 84032a9..d039a72 100644
---- a/docs/manual/index.html.de
-+++ b/docs/manual/index.html.de
-@@ -93,7 +93,7 @@
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">Plattform-spezifische Anmerkungen</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">RPM-basierte Systeme (Redhat / CentOS / Fedora)</a></li>
-+	<li><a href="platform/rpm.html">RPM-basierte Systeme (AnolisoS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- <li><a href="platform/ebcdic.html">EBCDIC-Portierung</a></li>
- </ul>
-@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.en b/docs/manual/index.html.en
-index 493be56..294258c 100644
---- a/docs/manual/index.html.en
-+++ b/docs/manual/index.html.en
-@@ -91,7 +91,7 @@ Documentation</h1>
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">Platform Specific Notes</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">RPM-based Systems (Redhat / CentOS / Fedora)</a></li>
-+	<li><a href="platform/rpm.html">RPM-based Systems (AnolisOS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- <li><a href="platform/ebcdic.html">EBCDIC Port</a></li>
- </ul>
-@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.es b/docs/manual/index.html.es
-index 0256bec..68aa346 100644
---- a/docs/manual/index.html.es
-+++ b/docs/manual/index.html.es
-@@ -94,7 +94,7 @@ Documentaci
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">Notas Sobre Plataformas Específicas</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">Sistemas Basados en RPM (Redhat / CentOS / Fedora)</a></li>
-+<li><a href="platform/rpm.html">Sistemas Basados en RPM (AnolisOS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- </ul>
- </div><div class="category"><h2><a name="other" id="other">Otros Temas</a></h2>
-@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.fr.utf8 b/docs/manual/index.html.fr.utf8
-index e729674..4eb6d0a 100644
---- a/docs/manual/index.html.fr.utf8
-+++ b/docs/manual/index.html.fr.utf8
-@@ -93,7 +93,7 @@
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">Notes spécifiques aux différentes plateformes</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">Systèmes basés sur les paquet RPM (Redhat / CentOS / Fedora)</a></li>
-+	<li><a href="platform/rpm.html">Systèmes basés sur les paquet RPM (AnolisOS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- <li><a href="platform/ebcdic.html">Portage EBCDIC</a></li>
- </ul>
-@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.ja.utf8 b/docs/manual/index.html.ja.utf8
-index 37b85d3..1a62301 100644
---- a/docs/manual/index.html.ja.utf8
-+++ b/docs/manual/index.html.ja.utf8
-@@ -93,7 +93,7 @@
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">プラットフォーム固有�情報</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">RPMベース�システム (Redhat / CentOS / Fedora)</a></li>
-+	<li><a href="platform/rpm.html">RPMベース�システム (AnolisOS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- <li><a href="platform/ebcdic.html">EBCDIC 版</a></li>
- </ul>
-@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.tr.utf8 b/docs/manual/index.html.tr.utf8
-index 70a7f31..1036391 100644
---- a/docs/manual/index.html.tr.utf8
-+++ b/docs/manual/index.html.tr.utf8
-@@ -91,7 +91,7 @@ Belgeleri</h1>
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">Platformlara Özgü Bilgiler</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">RPM tabanlı Sistemler (Redhat / CentOS / Fedora)</a></li>
-+	<li><a href="platform/rpm.html">RPM tabanlı Sistemler (AnolisOS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- <li><a href="platform/ebcdic.html">EBCDIC Port</a></li>
- </ul>
-@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/index.html.zh-cn.utf8 b/docs/manual/index.html.zh-cn.utf8
-index 1f7f63f..76b88d8 100644
---- a/docs/manual/index.html.zh-cn.utf8
-+++ b/docs/manual/index.html.zh-cn.utf8
-@@ -88,7 +88,7 @@
- </ul>
- </div><div class="category"><h2><a name="platform" id="platform">平�相关说明</a></h2>
- <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
--<li><a href="platform/rpm.html">基于RPM安装包的系统 (Redhat / CentOS / Fedora)</a></li>
-+	<li><a href="platform/rpm.html">基于RPM安装包的系统 (AnolisOS / Redhat / CentOS / Fedora)</a></li>
- <li><a href="platform/netware.html">Novell NetWare</a></li>
- <li><a href="platform/ebcdic.html">EBCDIC 系统</a></li>
- </ul>
-@@ -119,4 +119,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/install.html.fr.utf8 b/docs/manual/install.html.fr.utf8
-index ccf39a2..5a0fd01 100644
---- a/docs/manual/install.html.fr.utf8
-+++ b/docs/manual/install.html.fr.utf8
-@@ -69,7 +69,7 @@
- <h2><a name="overview" id="overview">Aperçu pour les plus pressés</a></h2>
- 
-     <dl>
--    <dt>Installation sous Fedora/CentOS/Red Hat Enterprise Linux</dt>
-+	    <dt>Installation sous AnolisOS/Fedora/CentOS/Red Hat Enterprise Linux</dt>
-     <dd>
-     <pre class="prettyprint lang-">sudo yum install httpd
- sudo service httpd start</pre>
-@@ -525,4 +525,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/install.html.tr.utf8 b/docs/manual/install.html.tr.utf8
-index fdb89ea..fd6d691 100644
---- a/docs/manual/install.html.tr.utf8
-+++ b/docs/manual/install.html.tr.utf8
-@@ -66,7 +66,7 @@
- <div class="section">
- <h2><a name="overview" id="overview">Tez canlılar için genel bir bakış</a></h2>
-     <dl>
--    <dt>Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum</dt>
-+	    <dt>AnolisoS/Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum</dt>
-     <dd>
-     <pre class="prettyprint lang-">sudo yum install httpd
- sudo systemctl enable httpd
-@@ -494,4 +494,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/platform/index.html.en b/docs/manual/platform/index.html.en
-index 07af003..8949d4d 100644
---- a/docs/manual/platform/index.html.en
-+++ b/docs/manual/platform/index.html.en
-@@ -66,7 +66,7 @@
-     
- 
-     <dl>
--      <dt>RPM Based Systems (Redhat / CentOS / Fedora)</dt>
-+	    <dt>RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)</dt>
-       <dd>
-         <p>This document explains how to build, install, and run Apache 2.4
-         on systems supporting the RPM packaging format.</p>
-@@ -121,4 +121,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/platform/index.html.fr.utf8 b/docs/manual/platform/index.html.fr.utf8
-index 03404a5..bc0a8a8 100644
---- a/docs/manual/platform/index.html.fr.utf8
-+++ b/docs/manual/platform/index.html.fr.utf8
-@@ -67,7 +67,7 @@
-     
- 
-     <dl>
--      <dt>Systèmes à base de paquets RPM (Redhat / CentOS / Fedora)</dt>
-+	    <dt>Systèmes à base de paquets RPM (AnolisOS / Redhat / CentOS / Fedora)</dt>
-       <dd>
-         <p>Ce document explique comment installer, configurer et
- 	exécuter Apache 2.4 sur des systèmes qui supportent le format de
-@@ -127,4 +127,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/platform/rpm.html.en b/docs/manual/platform/rpm.html.en
-index 992fe9e..bc1c696 100644
---- a/docs/manual/platform/rpm.html.en
-+++ b/docs/manual/platform/rpm.html.en
-@@ -7,7 +7,7 @@
-               This file is generated from xml source: DO NOT EDIT
-         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-       -->
--<title>Using Apache With RPM Based Systems (Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4</title>
-+<title>Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4</title>
- <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
- <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
- <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
-@@ -21,7 +21,7 @@
- <img alt="" src="../images/feather.png" /></div>
- <div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
- <div id="path">
--<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Platform Specific Notes</a></div><div id="page-content"><div id="preamble"><h1>Using Apache With RPM Based Systems (Redhat / CentOS / Fedora)</h1>
-+	<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Platform Specific Notes</a></div><div id="page-content"><div id="preamble"><h1>Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)</h1>
- <div class="toplang">
- <p><span>Available Languages: </span><a href="../en/platform/rpm.html" title="English">&nbsp;en&nbsp;</a> |
- <a href="../fr/platform/rpm.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
-@@ -245,4 +245,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/platform/rpm.html.fr.utf8 b/docs/manual/platform/rpm.html.fr.utf8
-index 3ae9ee3..78e6f77 100644
---- a/docs/manual/platform/rpm.html.fr.utf8
-+++ b/docs/manual/platform/rpm.html.fr.utf8
-@@ -7,7 +7,7 @@
-               This file is generated from xml source: DO NOT EDIT
-         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-       -->
--<title>Utiliser Apache sur les systèmes à base de paquets RPM (Redhat
-+<title>Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat
-   / CentOS / Fedora) - Serveur HTTP Apache Version 2.4</title>
- <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
- <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
-@@ -23,7 +23,7 @@
- <div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
- <div id="path">
- <a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Notes spécifiques aux différentes
--  plateformes</a></div><div id="page-content"><div id="preamble"><h1>Utiliser Apache sur les systèmes à base de paquets RPM (Redhat
-+	plateformes</a></div><div id="page-content"><div id="preamble"><h1>Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat
-   / CentOS / Fedora)</h1>
- <div class="toplang">
- <p><span>Langues Disponibles: </span><a href="../en/platform/rpm.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
-@@ -261,4 +261,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/ssl/ssl_compat.html.en b/docs/manual/ssl/ssl_compat.html.en
-index fb7b888..122f52d 100644
---- a/docs/manual/ssl/ssl_compat.html.en
-+++ b/docs/manual/ssl/ssl_compat.html.en
-@@ -31,13 +31,7 @@
- This page covers backwards compatibility between mod_ssl and other
- SSL solutions.  mod_ssl is not the only SSL solution for Apache; four
- additional products are (or were) also available: Ben Laurie's freely
--available <a href="http://www.apache-ssl.org/">Apache-SSL</a> (from
--where mod_ssl were originally derived in 1998), Red Hat's commercial
--Secure Web Server (which was based on mod_ssl), Covalent's commercial
--Raven SSL Module (also based on
--mod_ssl) and finally C2Net's (now Red Hat's) commercial product <a href="http://www.redhat.com/explore/stronghold/">Stronghold</a> (based
--on a different evolution branch, named Sioux up to Stronghold 2.x, and
--based on mod_ssl since Stronghold 3.x).</p>
-+available <a href="http://www.apache-ssl.org/">Apache-SSL</a> </p>
- 
- <p>
- mod_ssl mostly provides a superset of the functionality of all the other
-@@ -245,4 +239,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
-diff --git a/docs/manual/ssl/ssl_compat.html.fr.utf8 b/docs/manual/ssl/ssl_compat.html.fr.utf8
-index 1c9a0c6..a4adb34 100644
---- a/docs/manual/ssl/ssl_compat.html.fr.utf8
-+++ b/docs/manual/ssl/ssl_compat.html.fr.utf8
-@@ -31,14 +31,7 @@
- <p>Ce document couvre la compatibilité ascendante entre mod_ssl et
- d'autres solutions SSL. mod_ssl n'est pas la seule solution SSL pour Apache ;
- quatre autres produits sont (ou ont été) également disponibles :
--<a href="http://www.apache-ssl.org/">Apache-SSL</a>, le produit libre de
--Ben Laurie (d'où mod_ssl est issu à l'origine en 1998), Secure
--Web Server, un produit commercial de Red Hat (basé sur mod_ssl),
--Raven SSL Module, un produit commercial
--de Covalent (basé lui aussi sur mod_ssl), et enfin <a href="http://www.redhat.com/explore/stronghold/">Stronghold</a>, produit
--commercial de C2Net et maintenant de Red Hat, (basé sur une branche
--d'évolution différente appelée Sioux jusqu'à Stronghold 2.x et basé sur
--mod_ssl depuis Stronghold 3.x).</p>
-+<a href="http://www.apache-ssl.org/">Apache-SSL</a> </p>
- 
- <p>En plus de ses fonctionnalités propres, mod_ssl rassemble la plupart de
- celles des autres solutions SSL, si bien qu'il est très simple de
-@@ -254,4 +247,4 @@ if (typeof(prettyPrint) !== 'undefined') {
-     prettyPrint();
- }
- //--><!]]></script>
--</body></html>
-\ No newline at end of file
-+</body></html>
--- 
-2.18.4
-
diff --git a/1001-httpd-anolis-support-loongarch64.patch b/1001-httpd-anolis-support-loongarch64.patch
deleted file mode 100644
index 37efba2..0000000
--- a/1001-httpd-anolis-support-loongarch64.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-diff -Nur httpd-2.4.37/build/config.guess httpd-2.4.37.new/build/config.guess
---- httpd-2.4.37/build/config.guess	2018-10-18 22:34:08.000000000 +0800
-+++ httpd-2.4.37.new/build/config.guess	2021-11-04 11:15:42.592000000 +0800
-@@ -897,6 +897,9 @@
- 	UNAME_MACHINE=aarch64_be
- 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
- 	exit ;;
-+    loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
-+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-+	exit ;;
-     alpha:Linux:*:*)
- 	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
- 	  EV5)   UNAME_MACHINE=alphaev5 ;;
-diff -Nur httpd-2.4.37/build/config.sub httpd-2.4.37.new/build/config.sub
---- httpd-2.4.37/build/config.sub	2018-10-18 22:34:08.000000000 +0800
-+++ httpd-2.4.37.new/build/config.sub	2021-11-04 11:15:42.592000000 +0800
-@@ -265,6 +265,7 @@
- 	| k1om \
- 	| le32 | le64 \
- 	| lm32 \
-+	| loongarch32 | loongarch64 | loongarchx32 \
- 	| m32c | m32r | m32rle | m68000 | m68k | m88k \
- 	| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
- 	| mips | mipsbe | mipseb | mipsel | mipsle \
-@@ -390,6 +391,7 @@
- 	| k1om-* \
- 	| le32-* | le64-* \
- 	| lm32-* \
-+	| loongarch32-* | loongarch64-* | loongarchx32-* \
- 	| m32c-* | m32r-* | m32rle-* \
- 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- 	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
diff --git a/httpd-2.4.37-CVE-2024-47252.patch b/httpd-2.4.37-CVE-2024-47252.patch
new file mode 100644
index 0000000..5f25b2b
--- /dev/null
+++ b/httpd-2.4.37-CVE-2024-47252.patch
@@ -0,0 +1,44 @@
+From c01e60707048be14a510f0a92128a5227923215c Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 7 Jul 2025 12:03:42 +0000
+Subject: [PATCH] backport 1927034 from trunk
+
+  escape ssl vars
+
+Reviewed By: rpluem, jorton, covener, ylavic
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927042 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/ssl/ssl_engine_vars.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
+index 5724f18..0ddf9f7 100644
+--- a/modules/ssl/ssl_engine_vars.c
++++ b/modules/ssl/ssl_engine_vars.c
+@@ -1230,8 +1230,9 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
+         result = "-";
+     else if (strEQ(a, "errstr"))
+         result = (char *)sslconn->verify_error;
+-    if (result != NULL && result[0] == NUL)
+-        result = NULL;
++    if (result) {
++        result = *result ? ap_escape_logitem(r->pool, result) : NULL;
++    }
+     return result;
+ }
+ 
+@@ -1244,8 +1245,9 @@ static const char *ssl_var_log_handler_x(request_rec *r, char *a)
+     char *result;
+ 
+     result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
+-    if (result != NULL && result[0] == NUL)
+-        result = NULL;
++    if (result) {
++        result = *result ? ap_escape_logitem(r->pool, result) : NULL;
++    }
+     return result;
+ }
+ 
diff --git a/httpd-2.4.37-CVE-2025-23048.patch b/httpd-2.4.37-CVE-2025-23048.patch
new file mode 100644
index 0000000..d868acb
--- /dev/null
+++ b/httpd-2.4.37-CVE-2025-23048.patch
@@ -0,0 +1,56 @@
+From d76573e7608cbdeab6c6a658c427d900917bf955 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 7 Jul 2025 11:51:57 +0000
+Subject: [PATCH] update SNI validation
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927035 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/ssl/ssl_engine_kernel.c | 28 +++++++++++++++-------------
+ 1 file changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
+index 9c51021..d912a87 100644
+--- a/modules/ssl/ssl_engine_kernel.c
++++ b/modules/ssl/ssl_engine_kernel.c
+@@ -371,19 +371,6 @@ int ssl_hook_ReadReq(request_rec *r)
+                             " provided in HTTP request", servername);
+                 return HTTP_BAD_REQUEST;
+             }
+-            if (r->server != handshakeserver 
+-                && !ssl_server_compatible(sslconn->server, r->server)) {
+-                /* 
+-                 * The request does not select the virtual host that was
+-                 * selected by the SNI and its SSL parameters are different
+-                 */
+-                
+-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
+-                             "Hostname %s provided via SNI and hostname %s provided"
+-                             " via HTTP have no compatible SSL setup",
+-                             servername, r->hostname);
+-                return HTTP_MISDIRECTED_REQUEST;
+-            }
+         }
+         else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
+                   || hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
+@@ -404,6 +391,21 @@ int ssl_hook_ReadReq(request_rec *r)
+                            "which is required to access this server.<br />\n");
+             return HTTP_FORBIDDEN;
+         }
++        if (r->server != handshakeserver
++            && !ssl_server_compatible(sslconn->server, r->server)) {
++            /*
++             * The request does not select the virtual host that was
++             * selected for handshaking and its SSL parameters are different
++             */
++
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
++                         "Hostname %s %s and hostname %s provided"
++                         " via HTTP have no compatible SSL setup",
++                         servername ? servername : handshakeserver->server_hostname,
++                         servername ? "provided via SNI" : "(default host as no SNI was provided)",
++                         r->hostname);
++            return HTTP_MISDIRECTED_REQUEST;
++        }
+     }
+ #endif
+     modssl_set_app_data2(ssl, r);
diff --git a/httpd-2.4.37-CVE-2025-49812.patch b/httpd-2.4.37-CVE-2025-49812.patch
new file mode 100644
index 0000000..f40ac79
--- /dev/null
+++ b/httpd-2.4.37-CVE-2025-49812.patch
@@ -0,0 +1,238 @@
+From 87a7351c755c9ef8ab386e3090e44838c2a06d48 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 7 Jul 2025 12:09:30 +0000
+Subject: [PATCH] backport 1927037 from trunk
+
+  remove antiquated 'SSLEngine optional' TLS upgrade
+
+Reviewed By: rpluem, jorton, covener
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927045 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/ssl/ssl_engine_config.c |  6 ++-
+ modules/ssl/ssl_engine_init.c   |  6 +--
+ modules/ssl/ssl_engine_kernel.c | 86 ---------------------------------
+ modules/ssl/ssl_private.h       |  1 -
+ 4 files changed, 7 insertions(+), 92 deletions(-)
+
+diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
+index b50c259..b5f8bdf 100644
+--- a/modules/ssl/mod_ssl.c
++++ b/modules/ssl/mod_ssl.c
+@@ -617,7 +617,7 @@ static const char *ssl_hook_http_scheme(const request_rec *r)
+ {
+     SSLSrvConfigRec *sc = mySrvConfig(r->server);
+ 
+-    if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
++    if (sc->enabled == SSL_ENABLED_FALSE) {
+         return NULL;
+     }
+ 
+@@ -628,7 +628,7 @@ static apr_port_t ssl_hook_default_port(const request_rec *r)
+ {
+     SSLSrvConfigRec *sc = mySrvConfig(r->server);
+ 
+-    if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
++    if (sc->enabled == SSL_ENABLED_FALSE) {
+         return 0;
+     }
+ 
+diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
+index ca5f702..7b3e212 100644
+--- a/modules/ssl/ssl_engine_config.c
++++ b/modules/ssl/ssl_engine_config.c
+@@ -739,11 +739,13 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, const char *arg)
+         return NULL;
+     }
+     else if (!strcasecmp(arg, "Optional")) {
+-        sc->enabled = SSL_ENABLED_OPTIONAL;
++        sc->enabled = SSL_ENABLED_FALSE;
++        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server, APLOGNO(10510)
++                     "'SSLEngine optional' is no longer supported");
+         return NULL;
+     }
+ 
+-    return "Argument must be On, Off, or Optional";
++    return "Argument must be On or Off";
+ }
+ 
+ const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag)
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index e4f5fc8..ce8cb3a 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -410,7 +410,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
+                                                     &ssl_module);
+ 
+         sc = mySrvConfig(s);
+-        if (sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) {
++        if (sc->enabled == SSL_ENABLED_TRUE) {
+             if ((rv = ssl_run_init_server(s, p, 0, sc->server->ssl_ctx)) != APR_SUCCESS) {
+                 return rv;
+             }
+@@ -2016,9 +2016,9 @@ apr_status_t ssl_init_ConfigureServer(server_rec *s,
+                                                 &ssl_module);
+     apr_status_t rv;
+ 
+-    /* Initialize the server if SSL is enabled or optional.
++    /* Initialize the server if SSL is enabled.
+      */
+-    if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) {
++    if (sc->enabled == SSL_ENABLED_TRUE) {
+         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01914)
+                      "Configuring server %s for SSL protocol", sc->vhost_id);
+         if ((rv = ssl_init_server_ctx(s, p, ptemp, sc, pphrases))
+diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
+index 40acb04..c13e86c 100644
+--- a/modules/ssl/ssl_engine_kernel.c
++++ b/modules/ssl/ssl_engine_kernel.c
+@@ -38,59 +38,6 @@ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
+ #endif
+ 
+-#define SWITCH_STATUS_LINE "HTTP/1.1 101 Switching Protocols"
+-#define UPGRADE_HEADER "Upgrade: TLS/1.0, HTTP/1.1"
+-#define CONNECTION_HEADER "Connection: Upgrade"
+-
+-/* Perform an upgrade-to-TLS for the given request, per RFC 2817. */
+-static apr_status_t upgrade_connection(request_rec *r)
+-{
+-    struct conn_rec *conn = r->connection;
+-    apr_bucket_brigade *bb;
+-    SSLConnRec *sslconn;
+-    apr_status_t rv;
+-    SSL *ssl;
+-
+-    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02028)
+-                  "upgrading connection to TLS");
+-
+-    bb = apr_brigade_create(r->pool, conn->bucket_alloc);
+-
+-    rv = ap_fputs(conn->output_filters, bb, SWITCH_STATUS_LINE CRLF
+-                  UPGRADE_HEADER CRLF CONNECTION_HEADER CRLF CRLF);
+-    if (rv == APR_SUCCESS) {
+-        APR_BRIGADE_INSERT_TAIL(bb,
+-                                apr_bucket_flush_create(conn->bucket_alloc));
+-        rv = ap_pass_brigade(conn->output_filters, bb);
+-    }
+-
+-    if (rv) {
+-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02029)
+-                      "failed to send 101 interim response for connection "
+-                      "upgrade");
+-        return rv;
+-    }
+-
+-    ssl_init_ssl_connection(conn, r);
+-
+-    sslconn = myConnConfig(conn);
+-    ssl = sslconn->ssl;
+-
+-    /* Perform initial SSL handshake. */
+-    SSL_set_accept_state(ssl);
+-    SSL_do_handshake(ssl);
+-
+-    if (!SSL_is_init_finished(ssl)) {
+-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030)
+-                      "TLS upgrade handshake failed");
+-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
+-
+-        return APR_ECONNABORTED;
+-    }
+-
+-    return APR_SUCCESS;
+-}
+-
+ /* Perform a speculative (and non-blocking) read from the connection
+  * filters for the given request, to determine whether there is any
+  * pending data to read.  Return non-zero if there is, else zero. */
+@@ -270,40 +217,17 @@ int ssl_hook_ReadReq(request_rec *r)
+ {
+     SSLSrvConfigRec *sc = mySrvConfig(r->server);
+     SSLConnRec *sslconn;
+-    const char *upgrade;
+ #ifdef HAVE_TLSEXT
+     const char *servername;
+ #endif
+     SSL *ssl;
+ 
+-    /* Perform TLS upgrade here if "SSLEngine optional" is configured,
+-     * SSL is not already set up for this connection, and the client
+-     * has sent a suitable Upgrade header. */
+-    if (sc->enabled == SSL_ENABLED_OPTIONAL && !myConnConfig(r->connection)
+-        && (upgrade = apr_table_get(r->headers_in, "Upgrade")) != NULL
+-        && ap_find_token(r->pool, upgrade, "TLS/1.0")) {
+-        if (upgrade_connection(r)) {
+-            return AP_FILTER_ERROR;
+-        }
+-    }
+-
+     /* If we are on a slave connection, we do not expect to have an SSLConnRec,
+      * but our master connection might. */
+     sslconn = myConnConfig(r->connection);
+     if (!(sslconn && sslconn->ssl) && r->connection->master) {
+         sslconn = myConnConfig(r->connection->master);
+     }
+-    
+-    /* If "SSLEngine optional" is configured, this is not an SSL
+-     * connection, and this isn't a subrequest, send an Upgrade
+-     * response header.  Note this must happen before map_to_storage
+-     * and OPTIONS * request processing is completed.
+-     */
+-    if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
+-        && !r->main) {
+-        apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
+-        apr_table_mergen(r->headers_out, "Connection", "upgrade");
+-    }
+ 
+     if (!sslconn) {
+         return DECLINED;
+@@ -1239,16 +1163,6 @@ int ssl_hook_Access(request_rec *r)
+      * Support for SSLRequireSSL directive
+      */
+     if (dc->bSSLRequired && !ssl) {
+-        if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !r->connection->master) {
+-            /* This vhost was configured for optional SSL, just tell the
+-             * client that we need to upgrade.
+-             */
+-            apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
+-            apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
+-
+-            return HTTP_UPGRADE_REQUIRED;
+-        }
+-
+         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
+                       "access to %s failed, reason: %s",
+                       r->filename, "SSL connection required");
+@@ -1421,7 +1335,7 @@ int ssl_hook_UserCheck(request_rec *r)
+      * - ssl not enabled
+      * - client did not present a certificate
+      */
+-    if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
++    if (!((sc->enabled == SSL_ENABLED_TRUE)
+           && sslconn && sslconn->ssl && sslconn->client_cert) ||
+         !(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
+     {
+@@ -1543,7 +1457,7 @@ int ssl_hook_Fixup(request_rec *r)
+     /*
+      * Check to see if SSL is on
+      */
+-    if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
++    if (!((sc->enabled == SSL_ENABLED_TRUE) && sslconn && (ssl = sslconn->ssl))) {
+         return DECLINED;
+     }
+ 
+diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
+index f8a1db7..2f8d4d3 100644
+--- a/modules/ssl/ssl_private.h
++++ b/modules/ssl/ssl_private.h
+@@ -468,7 +468,6 @@ typedef enum {
+     SSL_ENABLED_UNSET    = UNSET,
+     SSL_ENABLED_FALSE    = 0,
+     SSL_ENABLED_TRUE     = 1,
+-    SSL_ENABLED_OPTIONAL = 3
+ } ssl_enabled_t;
+ 
+ /**
diff --git a/httpd-2.4.37-r1855391.patch b/httpd-2.4.37-r1855391.patch
new file mode 100644
index 0000000..8cab1b3
--- /dev/null
+++ b/httpd-2.4.37-r1855391.patch
@@ -0,0 +1,48 @@
+diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
+index 27c44b2..bfa8952 100644
+--- a/modules/http/http_filters.c
++++ b/modules/http/http_filters.c
+@@ -1290,6 +1290,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
+     request_rec *r = f->r;
+     conn_rec *c = r->connection;
+     const char *clheader;
++    int header_only = (r->header_only || AP_STATUS_IS_HEADER_ONLY(r->status));
+     const char *protocol = NULL;
+     apr_bucket *e;
+     apr_bucket_brigade *b2;
+@@ -1307,7 +1308,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
+     }
+     else if (ctx->headers_sent) {
+         /* Eat body if response must not have one. */
+-        if (r->header_only || AP_STATUS_IS_HEADER_ONLY(r->status)) {
++        if (header_only) {
+             /* Still next filters may be waiting for EOS, so pass it (alone)
+              * when encountered and be done with this filter.
+              */
+@@ -1526,14 +1527,21 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
+ 
+     terminate_header(b2);
+ 
+-    rv = ap_pass_brigade(f->next, b2);
+-    if (rv != APR_SUCCESS) {
+-        goto out;
++    if (header_only) {
++        e = APR_BRIGADE_LAST(b);
++        if (e != APR_BRIGADE_SENTINEL(b) && APR_BUCKET_IS_EOS(e)) {
++            APR_BUCKET_REMOVE(e);
++            APR_BRIGADE_INSERT_TAIL(b2, e);
++            ap_remove_output_filter(f);
++        }
++        apr_brigade_cleanup(b);
+     }
++
++    rv = ap_pass_brigade(f->next, b2);
++    apr_brigade_cleanup(b2);
+     ctx->headers_sent = 1;
+ 
+-    if (r->header_only || AP_STATUS_IS_HEADER_ONLY(r->status)) {
+-        apr_brigade_cleanup(b);
++    if (rv != APR_SUCCESS || header_only) {
+         goto out;
+     }
+ 
diff --git a/httpd-2.4.37-sw.patch b/httpd-2.4.37-sw.patch
deleted file mode 100644
index 0951329..0000000
--- a/httpd-2.4.37-sw.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-diff -Naur httpd-2.4.37.org/configure httpd-2.4.37.sw/configure
---- httpd-2.4.37.org/configure	2018-10-18 22:34:09.000000000 +0800
-+++ httpd-2.4.37.sw/configure	2023-07-21 14:55:43.876595734 +0800
-@@ -29566,6 +29566,10 @@
-         # ulimit only accepts English "unlimited" on input
-         APACHECTL_ULIMIT="ulimit -S -n unlimited"
-         ;;
-+    *sw_64*-dec-osf*)
-+        # Tru64: -H is for setting, not retrieving
-+        APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
-+        ;;
-     *alpha*-dec-osf*)
-         # Tru64: -H is for setting, not retrieving
-         APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
-diff -Naur httpd-2.4.37.org/support/config.m4 httpd-2.4.37.sw/support/config.m4
---- httpd-2.4.37.org/support/config.m4	2011-04-08 03:32:49.000000000 +0800
-+++ httpd-2.4.37.sw/support/config.m4	2023-07-21 14:56:03.520289713 +0800
-@@ -136,6 +136,10 @@
-         # ulimit only accepts English "unlimited" on input
-         APACHECTL_ULIMIT="ulimit -S -n unlimited"
-         ;;
-+    *sw_64*-dec-osf*)
-+        # Tru64: -H is for setting, not retrieving
-+        APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
-+        ;;
-     *alpha*-dec-osf*)
-         # Tru64: -H is for setting, not retrieving
-         APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
-
-diff -Nuar httpd-2.4.37.org/build/config.guess httpd-2.4.37.sw/build/config.guess
---- httpd-2.4.37.org/build/config.guess	2023-08-09 16:22:45.045389206 +0800
-+++ httpd-2.4.37.sw/build/config.guess	2023-08-09 16:24:04.103173784 +0800
-@@ -900,6 +900,14 @@
-     loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
- 	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- 	exit ;;
-+    sw_64:Linux:*:*)
-+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
-+	  sw)   UNAME_MACHINE=sw_64 ;;
-+	esac
-+	objdump --private-headers /bin/sh | grep -q ld.so.1
-+	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
-+	echo ${UNAME_MACHINE}-sunway-linux-${LIBC}
-+	exit ;;
-     alpha:Linux:*:*)
- 	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
- 	  EV5)   UNAME_MACHINE=alphaev5 ;;
-diff -Nuar httpd-2.4.37.org/build/config.sub httpd-2.4.37.sw/build/config.sub
---- httpd-2.4.37.org/build/config.sub	2023-08-09 16:22:45.045389206 +0800
-+++ httpd-2.4.37.sw/build/config.sub	2023-08-09 16:23:26.159837338 +0800
-@@ -245,6 +245,7 @@
- 	1750a | 580 \
- 	| a29k \
- 	| aarch64 | aarch64_be \
-+	| sw_64 \
- 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
- 	| am33_2.0 \
-@@ -370,6 +371,7 @@
- 	580-* \
- 	| a29k-* \
- 	| aarch64-* | aarch64_be-* \
-+	| sw_64-* \
- 	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- 	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
diff --git a/httpd.spec b/httpd.spec
index 9f4b938..b688407 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -1,324 +1,325 @@
-%define anolis_release .0.1
 %define contentdir %{_datadir}/httpd
 %define docroot /var/www
 %define suexec_caller apache
 %define mmn 20120211
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
 %define vstring %(source /etc/os-release; echo ${NAME})
-%if 0%{?fedora} > 26 || 0%{?rhel} > 7 || 0%{?anolis}
+%if 0%{?fedora} > 26 || 0%{?rhel} > 7
 %global mpm event
 %else
 %global mpm prefork
 %endif
 
-Summary:              Apache HTTP Server
-Name:                 httpd
-Version:              2.4.37
-Release:              65%{anolis_release}%{?dist}.3
-URL:                  https://httpd.apache.org/
-Source0:              https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source2:              httpd.logrotate
-Source3:              instance.conf
-Source4:              httpd-ssl-pass-dialog
-Source5:              httpd.tmpfiles
-Source6:              httpd.service
-Source7:              action-graceful.sh
-Source8:              action-configtest.sh
-Source10:             httpd.conf
-Source11:             00-base.conf
-Source12:             00-mpm.conf
-Source13:             00-lua.conf
-Source14:             01-cgi.conf
-Source15:             00-dav.conf
-Source16:             00-proxy.conf
-Source17:             00-ssl.conf
-Source18:             01-ldap.conf
-Source19:             00-proxyhtml.conf
-Source20:             userdir.conf
-Source21:             ssl.conf
-Source22:             welcome.conf
-Source23:             manual.conf
-Source24:             00-systemd.conf
-Source25:             01-session.conf
-Source26:             10-listen443.conf
-Source27:             httpd.socket
-Source28:             00-optional.conf
+Summary: Apache HTTP Server
+Name: httpd
+Version: 2.4.37
+Release: 65%{?dist}.5
+URL: https://httpd.apache.org/
+Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
+Source2: httpd.logrotate
+Source3: instance.conf
+Source4: httpd-ssl-pass-dialog
+Source5: httpd.tmpfiles
+Source6: httpd.service
+Source7: action-graceful.sh
+Source8: action-configtest.sh
+Source10: httpd.conf
+Source11: 00-base.conf
+Source12: 00-mpm.conf
+Source13: 00-lua.conf
+Source14: 01-cgi.conf
+Source15: 00-dav.conf
+Source16: 00-proxy.conf
+Source17: 00-ssl.conf
+Source18: 01-ldap.conf
+Source19: 00-proxyhtml.conf
+Source20: userdir.conf
+Source21: ssl.conf
+Source22: welcome.conf
+Source23: manual.conf
+Source24: 00-systemd.conf
+Source25: 01-session.conf
+Source26: 10-listen443.conf
+Source27: httpd.socket
+Source28: 00-optional.conf
 # Documentation
-Source30:             README.confd
-Source31:             README.confmod
-Source32:             httpd.service.xml
-Source33:             htcacheclean.service.xml
-Source34:             httpd.conf.xml
-Source40:             htcacheclean.service
-Source41:             htcacheclean.sysconf
-Source42:             httpd-init.service
-Source43:             httpd-ssl-gencerts
-Source44:             httpd@.service
-Source45:             config.layout
-Source46:             apache-poweredby.png
+Source30: README.confd
+Source31: README.confmod
+Source32: httpd.service.xml
+Source33: htcacheclean.service.xml
+Source34: httpd.conf.xml
+Source40: htcacheclean.service
+Source41: htcacheclean.sysconf
+Source42: httpd-init.service
+Source43: httpd-ssl-gencerts
+Source44: httpd@.service
+Source45: config.layout
+Source46: apache-poweredby.png
 
 # build/scripts patches
 # http://bugzilla.redhat.com/show_bug.cgi?id=1231924
 # http://bugzilla.redhat.com/show_bug.cgi?id=842736
 # http://bugzilla.redhat.com/show_bug.cgi?id=1214401
-Patch1:               httpd-2.4.35-apachectl.patch
-Patch2:               httpd-2.4.28-apxs.patch
-Patch3:               httpd-2.4.35-deplibs.patch
+Patch1: httpd-2.4.35-apachectl.patch
+Patch2: httpd-2.4.28-apxs.patch
+Patch3: httpd-2.4.35-deplibs.patch
 
 # Needed for socket activation and mod_systemd patch
-Patch19:              httpd-2.4.35-detect-systemd.patch
+Patch19: httpd-2.4.35-detect-systemd.patch
 
 # Features/functional changes
-Patch20:              httpd-2.4.32-export.patch
-Patch21:              httpd-2.4.35-corelimit.patch
-Patch22:              httpd-2.4.35-selinux.patch
+Patch20: httpd-2.4.32-export.patch
+Patch21: httpd-2.4.35-corelimit.patch
+Patch22: httpd-2.4.35-selinux.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1170215
-Patch23:              httpd-2.4.28-icons.patch
-Patch24:              httpd-2.4.35-systemd.patch
-Patch25:              httpd-2.4.35-cachehardmax.patch
-Patch26:              httpd-2.4.28-socket-activation.patch
+Patch23: httpd-2.4.28-icons.patch
+Patch24: httpd-2.4.35-systemd.patch
+Patch25: httpd-2.4.35-cachehardmax.patch
+Patch26: httpd-2.4.28-socket-activation.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1109119
-Patch27:              httpd-2.4.35-sslciphdefault.patch
+Patch27: httpd-2.4.35-sslciphdefault.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1332242
-Patch28:              httpd-2.4.28-statements-comment.patch
+Patch28: httpd-2.4.28-statements-comment.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=811714
-Patch29:              httpd-2.4.35-full-release.patch
-Patch30:              httpd-2.4.35-freebind.patch
-Patch31:              httpd-2.4.35-r1830819+.patch
+Patch29: httpd-2.4.35-full-release.patch
+Patch30: httpd-2.4.35-freebind.patch
+Patch31: httpd-2.4.35-r1830819+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1638738
-Patch32:              httpd-2.4.37-sslprotdefault.patch
+Patch32: httpd-2.4.37-sslprotdefault.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1747898
-Patch33:              httpd-2.4.37-mod-md-mod-ssl-hooks.patch
+Patch33: httpd-2.4.37-mod-md-mod-ssl-hooks.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1725031
-Patch34:              httpd-2.4.37-r1861793+.patch
+Patch34: httpd-2.4.37-r1861793+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1704317
-Patch35:              httpd-2.4.37-sslkeylogfile-support.patch
+Patch35: httpd-2.4.37-sslkeylogfile-support.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1794728
-Patch36:              httpd-2.4.37-session-expiry-updt-int.patch
+Patch36: httpd-2.4.37-session-expiry-updt-int.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1209162
-Patch37:              httpd-2.4.37-logjournal.patch
+Patch37: httpd-2.4.37-logjournal.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1869576
-Patch38:              httpd-2.4.37-pr37355.patch
+Patch38: httpd-2.4.37-pr37355.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1896176
-Patch39:              httpd-2.4.37-proxy-ws-idle-timeout.patch
+Patch39: httpd-2.4.37-proxy-ws-idle-timeout.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1883648
-Patch40:              httpd-2.4.37-ssl-proxy-chains.patch
+Patch40: httpd-2.4.37-ssl-proxy-chains.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1935742
-Patch41:              httpd-2.4.37-usertrack-samesite.patch
+Patch41: httpd-2.4.37-usertrack-samesite.patch
 
 # Bug fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
-Patch61:              httpd-2.4.35-r1738878.patch
+Patch61: httpd-2.4.35-r1738878.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1170206
-Patch62:              httpd-2.4.35-r1633085.patch
+Patch62: httpd-2.4.35-r1633085.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1448892
-Patch63:              httpd-2.4.28-r1811831.patch
+Patch63: httpd-2.4.28-r1811831.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1602548
-Patch65:              httpd-2.4.35-r1842888.patch
+Patch65: httpd-2.4.35-r1842888.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1653009
 # https://bugzilla.redhat.com/show_bug.cgi?id=1672977
 # https://bugzilla.redhat.com/show_bug.cgi?id=1673022
-Patch66:              httpd-2.4.37-r1842929+.patch
+Patch66: httpd-2.4.37-r1842929+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1630432
-Patch67:              httpd-2.4.35-r1825120.patch
+Patch67: httpd-2.4.35-r1825120.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1670716
-Patch68:              httpd-2.4.37-fips-segfault.patch
+Patch68: httpd-2.4.37-fips-segfault.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1669221
-Patch70:              httpd-2.4.37-r1840554.patch
+Patch70: httpd-2.4.37-r1840554.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1673022
-Patch71:              httpd-2.4.37-mod-md-perms.patch
+Patch71: httpd-2.4.37-mod-md-perms.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1724549
-Patch72:              httpd-2.4.37-mod-mime-magic-strdup.patch
+Patch72: httpd-2.4.37-mod-mime-magic-strdup.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1724034
-Patch73:              httpd-2.4.35-ocsp-wrong-ctx.patch
+Patch73: httpd-2.4.35-ocsp-wrong-ctx.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1633224
-Patch74:              httpd-2.4.37-r1828172+.patch
+Patch74: httpd-2.4.37-r1828172+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1775158
-Patch75:              httpd-2.4.37-r1870095+.patch
+Patch75: httpd-2.4.37-r1870095+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1771847
-Patch76:              httpd-2.4.37-proxy-continue.patch
-Patch77:              httpd-2.4.37-balancer-failover.patch
+Patch76: httpd-2.4.37-proxy-continue.patch
+Patch77: httpd-2.4.37-balancer-failover.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1875844
-Patch78:              httpd-2.4.37-r1881459.patch
+Patch78: httpd-2.4.37-r1881459.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1891829
-Patch79:              httpd-2.4.37-r1864000.patch
+Patch79: httpd-2.4.37-r1864000.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1868608
-Patch80:              httpd-2.4.37-r1872790.patch
+Patch80: httpd-2.4.37-r1872790.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1861380
-Patch81:              httpd-2.4.37-r1879224.patch
+Patch81: httpd-2.4.37-r1879224.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1680118
-Patch82:              httpd-2.4.37-r1877397.patch
+Patch82: httpd-2.4.37-r1877397.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1847585
-Patch83:              httpd-2.4.37-r1878890.patch
+Patch83: httpd-2.4.37-r1878890.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1918741
-Patch84:              httpd-2.4.37-r1878280.patch
+Patch84: httpd-2.4.37-r1878280.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1891594
-Patch85:              httpd-2.4.37-htcacheclean-dont-break.patch
+Patch85: httpd-2.4.37-htcacheclean-dont-break.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1937334
-Patch86:              httpd-2.4.37-r1873907.patch
+Patch86: httpd-2.4.37-r1873907.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1680111
-Patch87:              httpd-2.4.37-reply-two-tls-rec.patch
+Patch87: httpd-2.4.37-reply-two-tls-rec.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1905613
-Patch88:              httpd-2.4.37-r1845768+.patch
+Patch88: httpd-2.4.37-r1845768+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2001046
-Patch89:              httpd-2.4.37-r1862410.patch
+Patch89: httpd-2.4.37-r1862410.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1984828
-Patch90:              httpd-2.4.37-hcheck-mem-issues.patch
+Patch90: httpd-2.4.37-hcheck-mem-issues.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2017543
-Patch91:              httpd-2.4.37-add-SNI-support.patch
+Patch91: httpd-2.4.37-add-SNI-support.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2159603
-Patch92:              httpd-2.4.37-mod_status-duplicate-key.patch
+Patch92: httpd-2.4.37-mod_status-duplicate-key.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2221083
-Patch93:              httpd-2.4.37-r1885607.patch
+Patch93: httpd-2.4.37-r1885607.patch
 # https://issues.redhat.com/browse/RHEL-14321
-Patch94:              httpd-2.4.57-r1884505+.patch
+Patch94: httpd-2.4.57-r1884505+.patch
 # https://bz.apache.org/bugzilla/show_bug.cgi?id=69197
-Patch95:              httpd-2.4.37-r1919325.patch
+Patch95: httpd-2.4.37-r1919325.patch
 # https://issues.redhat.com/browse/RHEL-56068
-Patch96:              httpd-2.4.37-r1922080.patch
+Patch96: httpd-2.4.37-r1922080.patch
+# https://issues.redhat.com/browse/RHEL-87641
+Patch97: httpd-2.4.37-r1855391.patch
 
 # Security fixes
-Patch200:             httpd-2.4.37-r1851471.patch
+Patch200: httpd-2.4.37-r1851471.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1694980
-Patch201:             httpd-2.4.37-CVE-2019-0211.patch
+Patch201: httpd-2.4.37-CVE-2019-0211.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1695025
-Patch202:             httpd-2.4.37-CVE-2019-0215.patch
+Patch202: httpd-2.4.37-CVE-2019-0215.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1696141
-Patch203:             httpd-2.4.37-CVE-2019-0217.patch
+Patch203: httpd-2.4.37-CVE-2019-0217.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1696097
-Patch204:             httpd-2.4.37-CVE-2019-0220.patch
+Patch204: httpd-2.4.37-CVE-2019-0220.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1741860
 # https://bugzilla.redhat.com/show_bug.cgi?id=1741864
 # https://bugzilla.redhat.com/show_bug.cgi?id=1741868
-Patch205:             httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
+Patch205: httpd-2.4.34-CVE-2019-9511-and-9516-and-9517.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1823259
 # https://bugzilla.redhat.com/show_bug.cgi?id=1747284
 # fixes both CVE-2020-1927 and CVE-2019-10098
-Patch206:             httpd-2.4.37-CVE-2019-10098.patch
+Patch206: httpd-2.4.37-CVE-2019-10098.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1747281
-Patch207:             httpd-2.4.37-CVE-2019-10092.patch
+Patch207: httpd-2.4.37-CVE-2019-10092.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1747291
-Patch208:             httpd-2.4.37-CVE-2019-10097.patch
+Patch208: httpd-2.4.37-CVE-2019-10097.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1820772
-Patch209:             httpd-2.4.37-CVE-2020-1934.patch
+Patch209: httpd-2.4.37-CVE-2020-1934.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1668493
-Patch210:             httpd-2.4.37-CVE-2018-17199.patch
+Patch210: httpd-2.4.37-CVE-2018-17199.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1866563
-Patch211:             httpd-2.4.37-CVE-2020-11984.patch
+Patch211: httpd-2.4.37-CVE-2020-11984.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1972500
-Patch212:             httpd-2.4.37-CVE-2021-30641.patch
+Patch212: httpd-2.4.37-CVE-2021-30641.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1968307
-Patch213:             httpd-2.4.37-CVE-2021-26690.patch
+Patch213: httpd-2.4.37-CVE-2021-26690.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2005117
-Patch214:             httpd-2.4.37-CVE-2021-40438.patch
+Patch214: httpd-2.4.37-CVE-2021-40438.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1966732
-Patch215:             httpd-2.4.37-CVE-2021-26691.patch
+Patch215: httpd-2.4.37-CVE-2021-26691.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1968278
-Patch216:             httpd-2.4.37-CVE-2020-35452.patch
+Patch216: httpd-2.4.37-CVE-2020-35452.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2005128
-Patch217:             httpd-2.4.37-CVE-2021-34798.patch
+Patch217: httpd-2.4.37-CVE-2021-34798.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2005119
-Patch218:             httpd-2.4.37-CVE-2021-39275.patch
+Patch218: httpd-2.4.37-CVE-2021-39275.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2005124
-Patch219:             httpd-2.4.37-CVE-2021-36160.patch
+Patch219: httpd-2.4.37-CVE-2021-36160.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1966728
-Patch220:             httpd-2.4.37-CVE-2021-33193.patch
+Patch220: httpd-2.4.37-CVE-2021-33193.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2034674
-Patch221:             httpd-2.4.37-CVE-2021-44790.patch
+Patch221: httpd-2.4.37-CVE-2021-44790.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2034672
-Patch222:             httpd-2.4.37-CVE-2021-44224.patch
+Patch222: httpd-2.4.37-CVE-2021-44224.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2064321
-Patch223:             httpd-2.4.37-CVE-2022-22720.patch
+Patch223: httpd-2.4.37-CVE-2022-22720.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1966738
-Patch224:             httpd-2.4.37-CVE-2020-13950.patch
+Patch224: httpd-2.4.37-CVE-2020-13950.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2064322
-Patch225:             httpd-2.4.37-CVE-2022-22719.patch
+Patch225: httpd-2.4.37-CVE-2022-22719.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2064320
-Patch226:             httpd-2.4.37-CVE-2022-22721.patch
+Patch226: httpd-2.4.37-CVE-2022-22721.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2065324
-Patch227:             httpd-2.4.37-CVE-2022-23943.patch
+Patch227: httpd-2.4.37-CVE-2022-23943.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2095002
-Patch228:             httpd-2.4.37-CVE-2022-28614.patch
+Patch228: httpd-2.4.37-CVE-2022-28614.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2095006
-Patch229:             httpd-2.4.37-CVE-2022-28615.patch
+Patch229: httpd-2.4.37-CVE-2022-28615.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2095015
-Patch230:             httpd-2.4.37-CVE-2022-30522.patch
+Patch230: httpd-2.4.37-CVE-2022-30522.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2095018
-Patch231:             httpd-2.4.37-CVE-2022-30556.patch
+Patch231: httpd-2.4.37-CVE-2022-30556.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2095020
-Patch232:             httpd-2.4.37-CVE-2022-31813.patch
+Patch232: httpd-2.4.37-CVE-2022-31813.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2095012
-Patch233:             httpd-2.4.37-CVE-2022-29404.patch
+Patch233: httpd-2.4.37-CVE-2022-29404.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2094997
-Patch234:             httpd-2.4.37-CVE-2022-26377.patch
+Patch234: httpd-2.4.37-CVE-2022-26377.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2161773
-Patch235:             httpd-2.4.37-CVE-2022-37436.patch
+Patch235: httpd-2.4.37-CVE-2022-37436.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2161774
-Patch236:             httpd-2.4.37-CVE-2006-20001.patch
+Patch236: httpd-2.4.37-CVE-2006-20001.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2161777
-Patch237:             httpd-2.4.37-CVE-2022-36760.patch
+Patch237: httpd-2.4.37-CVE-2022-36760.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2176209
-Patch238:             httpd-2.4.37-CVE-2023-25690.patch
+Patch238: httpd-2.4.37-CVE-2023-25690.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2176211
-Patch239:             httpd-2.4.37-CVE-2023-27522.patch
+Patch239: httpd-2.4.37-CVE-2023-27522.patch
 # https://issues.redhat.com/browse/RHEL-14448
-Patch240:             httpd-2.4.37-CVE-2023-31122.patch
+Patch240: httpd-2.4.37-CVE-2023-31122.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2273491
-Patch241:             httpd-2.4.37-CVE-2023-38709.patch
+Patch241: httpd-2.4.37-CVE-2023-38709.patch
 # CVE-2024-38474 and CVE-2024-38475 fixed in one patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295013
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295014
-Patch242:             httpd-2.4.37-CVE-2024-38474+.patch
+Patch242: httpd-2.4.37-CVE-2024-38474+.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295012
-Patch243:             httpd-2.4.37-CVE-2024-38473.patch
+Patch243: httpd-2.4.37-CVE-2024-38473.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295016
-Patch244:             httpd-2.4.37-CVE-2024-38477.patch
+Patch244: httpd-2.4.37-CVE-2024-38477.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295022
-Patch245:             httpd-2.4.37-CVE-2024-39573.patch
+Patch245: httpd-2.4.37-CVE-2024-39573.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295015
-Patch246:             httpd-2.4.37-CVE-2024-38476.patch
+Patch246: httpd-2.4.37-CVE-2024-38476.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2297362
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295761
-Patch247:             httpd-2.4.37-CVE-2024-39884+.patch
-
-# Add by Anolis
-Patch1000: 1000-httpd-anolis-rebrand.patch
-Patch1001: 1001-httpd-anolis-support-loongarch64.patch
-Patch2000: httpd-2.4.37-sw.patch
-# End
-
-License:              ASL 2.0
-Group:                System Environment/Daemons
-BuildRoot:            %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires:        autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
-BuildRequires:        zlib-devel, libselinux-devel, lua-devel,  brotli-devel
-BuildRequires:        apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
-BuildRequires:        systemd-devel
+Patch247: httpd-2.4.37-CVE-2024-39884+.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2374576
+Patch248: httpd-2.4.37-CVE-2025-23048.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2374571
+Patch249: httpd-2.4.37-CVE-2024-47252.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2374580
+Patch250: httpd-2.4.37-CVE-2025-49812.patch
+
+License: ASL 2.0
+Group: System Environment/Daemons
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
+BuildRequires: zlib-devel, libselinux-devel, lua-devel,  brotli-devel
+BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
+BuildRequires: systemd-devel
 # web server testpage added to redhat-logos in 82.0 (rhbz1896319)
 # new logo requires new footer copyring which was added in rhbz1934800
-Requires:             /etc/mime.types, system-logos-httpd
-Obsoletes:            httpd-suexec
-Provides:             webserver
-Provides:             mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
-Provides:             httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
-Requires:             httpd-tools = %{version}-%{release}
-Requires:             httpd-filesystem = %{version}-%{release}
-Requires:             mod_http2 >= 1.15.7-5
+Requires: /etc/mime.types, system-logos(httpd-logo-ng)
+Obsoletes: httpd-suexec
+Provides: webserver
+Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
+Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
+Requires: httpd-tools = %{version}-%{release}
+Requires: httpd-filesystem = %{version}-%{release}
+Requires: mod_http2 >= 1.15.7-5
 Requires(pre): httpd-filesystem
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 Requires(post): systemd-units
-Conflicts:            apr < 1.5.0-1
+Conflicts: apr < 1.5.0-1
 
 %description
 The Apache HTTP Server is a powerful, efficient, and extensible
 web server.
 
 %package devel
-Group:                Development/Libraries
-Summary:              Development interfaces for the Apache HTTP server
-Requires:             apr-devel, apr-util-devel, pkgconfig
-Requires:             httpd = %{version}-%{release}
+Group: Development/Libraries
+Summary: Development interfaces for the Apache HTTP server
+Requires: apr-devel, apr-util-devel, pkgconfig
+Requires: httpd = %{version}-%{release}
 
 %description devel
 The httpd-devel package contains the APXS binary and other files
@@ -330,11 +331,11 @@ able to compile or develop additional modules for Apache, you need
 to install this package.
 
 %package manual
-Group:                Documentation
-Summary:              Documentation for the Apache HTTP server
-Requires:             httpd = %{version}-%{release}
-Obsoletes:            secureweb-manual, apache-manual
-BuildArch:            noarch
+Group: Documentation
+Summary: Documentation for the Apache HTTP server
+Requires: httpd = %{version}-%{release}
+Obsoletes: secureweb-manual, apache-manual
+BuildArch: noarch
 
 %description manual
 The httpd-manual package contains the complete manual and
@@ -342,9 +343,9 @@ reference guide for the Apache HTTP server. The information can
 also be found at http://httpd.apache.org/docs/2.2/.
 
 %package filesystem
-Group:                System Environment/Daemons
-Summary:              The basic directory layout for the Apache HTTP server
-BuildArch:            noarch
+Group: System Environment/Daemons
+Summary: The basic directory layout for the Apache HTTP server
+BuildArch: noarch
 Requires(pre): /usr/sbin/useradd
 
 %description filesystem
@@ -353,24 +354,24 @@ for the Apache HTTP server including the correct permissions
 for the directories.
 
 %package tools
-Group:                System Environment/Daemons
-Summary:              Tools for use with the Apache HTTP Server
+Group: System Environment/Daemons
+Summary: Tools for use with the Apache HTTP Server
 
 %description tools
 The httpd-tools package contains tools which can be used with 
 the Apache HTTP Server.
 
 %package -n mod_ssl
-Group:                System Environment/Daemons
-Summary:              SSL/TLS module for the Apache HTTP Server
-Epoch:                1
-BuildRequires:        openssl-devel
+Group: System Environment/Daemons
+Summary: SSL/TLS module for the Apache HTTP Server
+Epoch: 1
+BuildRequires: openssl-devel
 Requires(pre): httpd-filesystem
-Requires:             httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires:             sscg >= 3.0.0-7, /usr/bin/hostname
-Obsoletes:            stronghold-mod_ssl
+Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
+Requires: sscg >= 3.0.0-7, /usr/bin/hostname
+Obsoletes: stronghold-mod_ssl
 # Require an OpenSSL which supports PROFILE=SYSTEM
-Conflicts:            openssl-libs < 1:1.0.1h-4
+Conflicts: openssl-libs < 1:1.0.1h-4
 
 %description -n mod_ssl
 The mod_ssl module provides strong cryptography for the Apache Web
@@ -378,31 +379,31 @@ server via the Secure Sockets Layer (SSL) and Transport Layer
 Security (TLS) protocols.
 
 %package -n mod_proxy_html
-Group:                System Environment/Daemons
-Summary:              HTML and XML content filters for the Apache HTTP Server
-Requires:             httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-BuildRequires:        libxml2-devel
-Epoch:                1
-Obsoletes:            mod_proxy_html < 1:2.4.1-2
+Group: System Environment/Daemons
+Summary: HTML and XML content filters for the Apache HTTP Server
+Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
+BuildRequires: libxml2-devel
+Epoch: 1
+Obsoletes: mod_proxy_html < 1:2.4.1-2
 
 %description -n mod_proxy_html
 The mod_proxy_html and mod_xml2enc modules provide filters which can
 transform and modify HTML and XML content.
 
 %package -n mod_ldap
-Group:                System Environment/Daemons
-Summary:              LDAP authentication modules for the Apache HTTP Server
-Requires:             httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires:             apr-util-ldap
+Group: System Environment/Daemons
+Summary: LDAP authentication modules for the Apache HTTP Server
+Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
+Requires: apr-util-ldap
 
 %description -n mod_ldap
 The mod_ldap and mod_authnz_ldap modules add support for LDAP
 authentication to the Apache HTTP Server.
 
 %package -n mod_session
-Group:                System Environment/Daemons
-Summary:              Session interface for the Apache HTTP Server
-Requires:             httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
+Group: System Environment/Daemons
+Summary: Session interface for the Apache HTTP Server
+Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
 
 %description -n mod_session
 The mod_session module and associated backends provide an abstract
@@ -470,6 +471,7 @@ interface for storing and accessing per-user session data.
 %patch92 -p1 -b .mod_status-dupl
 %patch93 -p1 -b .r1885607
 %patch94 -p1 -b .r1884505+
+%patch97 -p1 -b .r1855391
 
 %patch200 -p1 -b .r1851471
 %patch201 -p1 -b .CVE-2019-0211
@@ -522,11 +524,9 @@ interface for storing and accessing per-user session data.
 %patch95 -p1 -b .r1919325
 %patch246 -p1 -b .CVE-2024-38476
 %patch247 -p1 -b .CVE-2024-39884+
-# Add by Anolis
-%patch1000 -p1
-%patch1001 -p1
-%patch2000 -p1
-# End
+%patch248 -p1 -b .CVE-2025-23048
+%patch249 -p1 -b .CVE-2024-47252
+%patch250 -p1 -b .CVE-2025-49812
 
 %patch96 -p1 -b .r1922080
 
@@ -1034,12 +1034,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
-* Thu Feb 20 2025 zhangbinchen <zhangbinchen@openanolis.org> - 2.4.37-65.0.1.3
-- Rebrand for Anolis OS
-- Requires system-logos-httpd
-- Support loongarch64 platform(Liwei Ge)
-  cherry-pick `add sw patch #400077d851a81ce23aa39db271e26c3df254ae53`. (nijie@wxiat.com)
-  cherry-pick `change sw patch #bdacf2efe00d8445328f798df8c5520728801e8c`. (nijie@wxiat.com)
+* Mon Jul 28 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.5
+- Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade
+- Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of
+  user-supplied data in mod_ssl
+- Resolves: RHEL-99961 - CVE-2025-23048 httpd: access control bypass by trusted
+  clients is possible using TLS 1.3 session resumption
+
+* Tue Apr 22 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.4
+- Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests
 
 * Wed Jan 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.3
 - Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with
@@ -1154,6 +1157,7 @@ rm -rf $RPM_BUILD_ROOT
 
 * Fri Jun 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-49
 - Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
+  dereference
 
 * Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-48
 - Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
-- 
Gitee


From 065f924df02ed31e6f31994640510ac41187979a Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Fri, 17 Dec 2021 06:31:15 +0000
Subject: [PATCH 2/5] rebrand for anolis and requires system-logos-httpd

---
 10000-htppd-anolis-rebrand.patch | 370 +++++++++++++++++++++++++++++++
 httpd.spec                       |  31 ++-
 2 files changed, 391 insertions(+), 10 deletions(-)
 create mode 100644 10000-htppd-anolis-rebrand.patch

diff --git a/10000-htppd-anolis-rebrand.patch b/10000-htppd-anolis-rebrand.patch
new file mode 100644
index 0000000..94aa798
--- /dev/null
+++ b/10000-htppd-anolis-rebrand.patch
@@ -0,0 +1,370 @@
+From de0dd0e04d3045426c4b0fd1d681c3a80575376b Mon Sep 17 00:00:00 2001
+From: zhangbinchen <zhangbinchen@uniontech.com>
+Date: Tue, 16 Mar 2021 18:17:35 +0800
+Subject: [PATCH] rebrand-for-anolis
+
+Signed-off-by: zhangbinchen <zhangbinchen@uniontech.com>
+---
+ docs/manual/developer/thread_safety.html.en |  2 +-
+ docs/manual/index.html.de                   |  4 ++--
+ docs/manual/index.html.en                   |  4 ++--
+ docs/manual/index.html.es                   |  4 ++--
+ docs/manual/index.html.fr.utf8              |  4 ++--
+ docs/manual/index.html.ja.utf8              |  4 ++--
+ docs/manual/index.html.tr.utf8              |  4 ++--
+ docs/manual/index.html.zh-cn.utf8           |  4 ++--
+ docs/manual/install.html.fr.utf8            |  4 ++--
+ docs/manual/install.html.tr.utf8            |  4 ++--
+ docs/manual/platform/index.html.en          |  4 ++--
+ docs/manual/platform/index.html.fr.utf8     |  4 ++--
+ docs/manual/platform/rpm.html.en            |  6 +++---
+ docs/manual/platform/rpm.html.fr.utf8       |  6 +++---
+ docs/manual/ssl/ssl_compat.html.en          | 10 ++--------
+ docs/manual/ssl/ssl_compat.html.fr.utf8     | 11 ++---------
+ 16 files changed, 33 insertions(+), 46 deletions(-)
+
+diff --git a/docs/manual/developer/thread_safety.html.en b/docs/manual/developer/thread_safety.html.en
+index e9e2130..e3fb303 100644
+--- a/docs/manual/developer/thread_safety.html.en
++++ b/docs/manual/developer/thread_safety.html.en
+@@ -304,4 +304,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.de b/docs/manual/index.html.de
+index 84032a9..d039a72 100644
+--- a/docs/manual/index.html.de
++++ b/docs/manual/index.html.de
+@@ -93,7 +93,7 @@
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">Plattform-spezifische Anmerkungen</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">RPM-basierte Systeme (Redhat / CentOS / Fedora)</a></li>
++	<li><a href="platform/rpm.html">RPM-basierte Systeme (AnolisoS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ <li><a href="platform/ebcdic.html">EBCDIC-Portierung</a></li>
+ </ul>
+@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.en b/docs/manual/index.html.en
+index 493be56..294258c 100644
+--- a/docs/manual/index.html.en
++++ b/docs/manual/index.html.en
+@@ -91,7 +91,7 @@ Documentation</h1>
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">Platform Specific Notes</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">RPM-based Systems (Redhat / CentOS / Fedora)</a></li>
++	<li><a href="platform/rpm.html">RPM-based Systems (AnolisOS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ <li><a href="platform/ebcdic.html">EBCDIC Port</a></li>
+ </ul>
+@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.es b/docs/manual/index.html.es
+index 0256bec..68aa346 100644
+--- a/docs/manual/index.html.es
++++ b/docs/manual/index.html.es
+@@ -94,7 +94,7 @@ Documentaci
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">Notas Sobre Plataformas Específicas</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">Sistemas Basados en RPM (Redhat / CentOS / Fedora)</a></li>
++<li><a href="platform/rpm.html">Sistemas Basados en RPM (AnolisOS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ </ul>
+ </div><div class="category"><h2><a name="other" id="other">Otros Temas</a></h2>
+@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.fr.utf8 b/docs/manual/index.html.fr.utf8
+index e729674..4eb6d0a 100644
+--- a/docs/manual/index.html.fr.utf8
++++ b/docs/manual/index.html.fr.utf8
+@@ -93,7 +93,7 @@
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">Notes spécifiques aux différentes plateformes</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">Systèmes basés sur les paquet RPM (Redhat / CentOS / Fedora)</a></li>
++	<li><a href="platform/rpm.html">Systèmes basés sur les paquet RPM (AnolisOS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ <li><a href="platform/ebcdic.html">Portage EBCDIC</a></li>
+ </ul>
+@@ -125,4 +125,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.ja.utf8 b/docs/manual/index.html.ja.utf8
+index 37b85d3..1a62301 100644
+--- a/docs/manual/index.html.ja.utf8
++++ b/docs/manual/index.html.ja.utf8
+@@ -93,7 +93,7 @@
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">プラットフォーム固有�情報</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">RPMベース�システム (Redhat / CentOS / Fedora)</a></li>
++	<li><a href="platform/rpm.html">RPMベース�システム (AnolisOS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ <li><a href="platform/ebcdic.html">EBCDIC 版</a></li>
+ </ul>
+@@ -124,4 +124,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.tr.utf8 b/docs/manual/index.html.tr.utf8
+index 70a7f31..1036391 100644
+--- a/docs/manual/index.html.tr.utf8
++++ b/docs/manual/index.html.tr.utf8
+@@ -91,7 +91,7 @@ Belgeleri</h1>
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">Platformlara Özgü Bilgiler</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">RPM tabanlı Sistemler (Redhat / CentOS / Fedora)</a></li>
++	<li><a href="platform/rpm.html">RPM tabanlı Sistemler (AnolisOS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ <li><a href="platform/ebcdic.html">EBCDIC Port</a></li>
+ </ul>
+@@ -122,4 +122,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/index.html.zh-cn.utf8 b/docs/manual/index.html.zh-cn.utf8
+index 1f7f63f..76b88d8 100644
+--- a/docs/manual/index.html.zh-cn.utf8
++++ b/docs/manual/index.html.zh-cn.utf8
+@@ -88,7 +88,7 @@
+ </ul>
+ </div><div class="category"><h2><a name="platform" id="platform">平�相关说明</a></h2>
+ <ul><li><a href="platform/windows.html">Microsoft Windows</a></li>
+-<li><a href="platform/rpm.html">基于RPM安装包的系统 (Redhat / CentOS / Fedora)</a></li>
++	<li><a href="platform/rpm.html">基于RPM安装包的系统 (AnolisOS / Redhat / CentOS / Fedora)</a></li>
+ <li><a href="platform/netware.html">Novell NetWare</a></li>
+ <li><a href="platform/ebcdic.html">EBCDIC 系统</a></li>
+ </ul>
+@@ -119,4 +119,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/install.html.fr.utf8 b/docs/manual/install.html.fr.utf8
+index ccf39a2..5a0fd01 100644
+--- a/docs/manual/install.html.fr.utf8
++++ b/docs/manual/install.html.fr.utf8
+@@ -69,7 +69,7 @@
+ <h2><a name="overview" id="overview">Aperçu pour les plus pressés</a></h2>
+ 
+     <dl>
+-    <dt>Installation sous Fedora/CentOS/Red Hat Enterprise Linux</dt>
++	    <dt>Installation sous AnolisOS/Fedora/CentOS/Red Hat Enterprise Linux</dt>
+     <dd>
+     <pre class="prettyprint lang-">sudo yum install httpd
+ sudo service httpd start</pre>
+@@ -525,4 +525,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/install.html.tr.utf8 b/docs/manual/install.html.tr.utf8
+index fdb89ea..fd6d691 100644
+--- a/docs/manual/install.html.tr.utf8
++++ b/docs/manual/install.html.tr.utf8
+@@ -66,7 +66,7 @@
+ <div class="section">
+ <h2><a name="overview" id="overview">Tez canlılar için genel bir bakış</a></h2>
+     <dl>
+-    <dt>Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum</dt>
++	    <dt>AnolisoS/Fedora/CentOS/Red Hat Enterprise Linux üzerinde kurulum</dt>
+     <dd>
+     <pre class="prettyprint lang-">sudo yum install httpd
+ sudo systemctl enable httpd
+@@ -494,4 +494,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/platform/index.html.en b/docs/manual/platform/index.html.en
+index 07af003..8949d4d 100644
+--- a/docs/manual/platform/index.html.en
++++ b/docs/manual/platform/index.html.en
+@@ -66,7 +66,7 @@
+     
+ 
+     <dl>
+-      <dt>RPM Based Systems (Redhat / CentOS / Fedora)</dt>
++	    <dt>RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)</dt>
+       <dd>
+         <p>This document explains how to build, install, and run Apache 2.4
+         on systems supporting the RPM packaging format.</p>
+@@ -121,4 +121,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/platform/index.html.fr.utf8 b/docs/manual/platform/index.html.fr.utf8
+index 03404a5..bc0a8a8 100644
+--- a/docs/manual/platform/index.html.fr.utf8
++++ b/docs/manual/platform/index.html.fr.utf8
+@@ -67,7 +67,7 @@
+     
+ 
+     <dl>
+-      <dt>Systèmes à base de paquets RPM (Redhat / CentOS / Fedora)</dt>
++	    <dt>Systèmes à base de paquets RPM (AnolisOS / Redhat / CentOS / Fedora)</dt>
+       <dd>
+         <p>Ce document explique comment installer, configurer et
+ 	exécuter Apache 2.4 sur des systèmes qui supportent le format de
+@@ -127,4 +127,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/platform/rpm.html.en b/docs/manual/platform/rpm.html.en
+index 992fe9e..bc1c696 100644
+--- a/docs/manual/platform/rpm.html.en
++++ b/docs/manual/platform/rpm.html.en
+@@ -7,7 +7,7 @@
+               This file is generated from xml source: DO NOT EDIT
+         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+       -->
+-<title>Using Apache With RPM Based Systems (Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4</title>
++<title>Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora) - Apache HTTP Server Version 2.4</title>
+ <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+ <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+ <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+@@ -21,7 +21,7 @@
+ <img alt="" src="../images/feather.png" /></div>
+ <div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+ <div id="path">
+-<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Platform Specific Notes</a></div><div id="page-content"><div id="preamble"><h1>Using Apache With RPM Based Systems (Redhat / CentOS / Fedora)</h1>
++	<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Platform Specific Notes</a></div><div id="page-content"><div id="preamble"><h1>Using Apache With RPM Based Systems (AnolisOS / Redhat / CentOS / Fedora)</h1>
+ <div class="toplang">
+ <p><span>Available Languages: </span><a href="../en/platform/rpm.html" title="English">&nbsp;en&nbsp;</a> |
+ <a href="../fr/platform/rpm.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
+@@ -245,4 +245,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/platform/rpm.html.fr.utf8 b/docs/manual/platform/rpm.html.fr.utf8
+index 3ae9ee3..78e6f77 100644
+--- a/docs/manual/platform/rpm.html.fr.utf8
++++ b/docs/manual/platform/rpm.html.fr.utf8
+@@ -7,7 +7,7 @@
+               This file is generated from xml source: DO NOT EDIT
+         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+       -->
+-<title>Utiliser Apache sur les systèmes à base de paquets RPM (Redhat
++<title>Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat
+   / CentOS / Fedora) - Serveur HTTP Apache Version 2.4</title>
+ <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+ <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+@@ -23,7 +23,7 @@
+ <div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+ <div id="path">
+ <a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Notes spécifiques aux différentes
+-  plateformes</a></div><div id="page-content"><div id="preamble"><h1>Utiliser Apache sur les systèmes à base de paquets RPM (Redhat
++	plateformes</a></div><div id="page-content"><div id="preamble"><h1>Utiliser Apache sur les systèmes à base de paquets RPM (AnolisOS / Redhat
+   / CentOS / Fedora)</h1>
+ <div class="toplang">
+ <p><span>Langues Disponibles: </span><a href="../en/platform/rpm.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+@@ -261,4 +261,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/ssl/ssl_compat.html.en b/docs/manual/ssl/ssl_compat.html.en
+index fb7b888..122f52d 100644
+--- a/docs/manual/ssl/ssl_compat.html.en
++++ b/docs/manual/ssl/ssl_compat.html.en
+@@ -31,13 +31,7 @@
+ This page covers backwards compatibility between mod_ssl and other
+ SSL solutions.  mod_ssl is not the only SSL solution for Apache; four
+ additional products are (or were) also available: Ben Laurie's freely
+-available <a href="http://www.apache-ssl.org/">Apache-SSL</a> (from
+-where mod_ssl were originally derived in 1998), Red Hat's commercial
+-Secure Web Server (which was based on mod_ssl), Covalent's commercial
+-Raven SSL Module (also based on
+-mod_ssl) and finally C2Net's (now Red Hat's) commercial product <a href="http://www.redhat.com/explore/stronghold/">Stronghold</a> (based
+-on a different evolution branch, named Sioux up to Stronghold 2.x, and
+-based on mod_ssl since Stronghold 3.x).</p>
++available <a href="http://www.apache-ssl.org/">Apache-SSL</a> </p>
+ 
+ <p>
+ mod_ssl mostly provides a superset of the functionality of all the other
+@@ -245,4 +239,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+diff --git a/docs/manual/ssl/ssl_compat.html.fr.utf8 b/docs/manual/ssl/ssl_compat.html.fr.utf8
+index 1c9a0c6..a4adb34 100644
+--- a/docs/manual/ssl/ssl_compat.html.fr.utf8
++++ b/docs/manual/ssl/ssl_compat.html.fr.utf8
+@@ -31,14 +31,7 @@
+ <p>Ce document couvre la compatibilité ascendante entre mod_ssl et
+ d'autres solutions SSL. mod_ssl n'est pas la seule solution SSL pour Apache ;
+ quatre autres produits sont (ou ont été) également disponibles :
+-<a href="http://www.apache-ssl.org/">Apache-SSL</a>, le produit libre de
+-Ben Laurie (d'où mod_ssl est issu à l'origine en 1998), Secure
+-Web Server, un produit commercial de Red Hat (basé sur mod_ssl),
+-Raven SSL Module, un produit commercial
+-de Covalent (basé lui aussi sur mod_ssl), et enfin <a href="http://www.redhat.com/explore/stronghold/">Stronghold</a>, produit
+-commercial de C2Net et maintenant de Red Hat, (basé sur une branche
+-d'évolution différente appelée Sioux jusqu'à Stronghold 2.x et basé sur
+-mod_ssl depuis Stronghold 3.x).</p>
++<a href="http://www.apache-ssl.org/">Apache-SSL</a> </p>
+ 
+ <p>En plus de ses fonctionnalités propres, mod_ssl rassemble la plupart de
+ celles des autres solutions SSL, si bien qu'il est très simple de
+@@ -254,4 +247,4 @@ if (typeof(prettyPrint) !== 'undefined') {
+     prettyPrint();
+ }
+ //--><!]]></script>
+-</body></html>
+\ No newline at end of file
++</body></html>
+-- 
+2.18.4
+
diff --git a/httpd.spec b/httpd.spec
index b688407..8297989 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -1,10 +1,11 @@
+%define anolis_release .0.1
 %define contentdir %{_datadir}/httpd
 %define docroot /var/www
 %define suexec_caller apache
 %define mmn 20120211
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
 %define vstring %(source /etc/os-release; echo ${NAME})
-%if 0%{?fedora} > 26 || 0%{?rhel} > 7
+%if 0%{?fedora} > 26 || 0%{?rhel} > 7 || 0%{?anolis}
 %global mpm event
 %else
 %global mpm prefork
@@ -13,7 +14,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.37
-Release: 65%{?dist}.5
+Release: 655%{anolis_release}%{?dist}.5
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source2: httpd.logrotate
@@ -288,13 +289,17 @@ Patch249: httpd-2.4.37-CVE-2024-47252.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2374580
 Patch250: httpd-2.4.37-CVE-2025-49812.patch
 
-License: ASL 2.0
-Group: System Environment/Daemons
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
-BuildRequires: zlib-devel, libselinux-devel, lua-devel,  brotli-devel
-BuildRequires: apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
-BuildRequires: systemd-devel
+# Add by Anolis
+Patch1000: 10000-htppd-anolis-rebrand.patch
+# End
+
+License:              ASL 2.0
+Group:                System Environment/Daemons
+BuildRoot:            %{_tmppath}/%{name}-%{version}-%{release}-root
+BuildRequires:        autoconf, perl-interpreter, perl-generators, pkgconfig, findutils, xmlto
+BuildRequires:        zlib-devel, libselinux-devel, lua-devel,  brotli-devel
+BuildRequires:        apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >= 5.0
+BuildRequires:        systemd-devel
 # web server testpage added to redhat-logos in 82.0 (rhbz1896319)
 # new logo requires new footer copyring which was added in rhbz1934800
 Requires: /etc/mime.types, system-logos(httpd-logo-ng)
@@ -527,6 +532,9 @@ interface for storing and accessing per-user session data.
 %patch248 -p1 -b .CVE-2025-23048
 %patch249 -p1 -b .CVE-2024-47252
 %patch250 -p1 -b .CVE-2025-49812
+# Add by Anolis
+%patch1000 -p1
+# End
 
 %patch96 -p1 -b .r1922080
 
@@ -1034,6 +1042,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Tue Sep 09 2025 zhangbinchen <zhangbinchen@openanolis.org> - 2.4.37-65.0.1.5
+- Rebrand for Anolis OS
+- Requires system-logos-httpd
+
 * Mon Jul 28 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.5
 - Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade
 - Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of
@@ -1157,7 +1169,6 @@ rm -rf $RPM_BUILD_ROOT
 
 * Fri Jun 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-49
 - Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer
-  dereference
 
 * Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-48
 - Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling
-- 
Gitee


From 81a917123c9312345202fcb963ca14d1df7e55a8 Mon Sep 17 00:00:00 2001
From: Liwei Ge <geliwei@openanolis.org>
Date: Thu, 4 Nov 2021 11:28:04 +0800
Subject: [PATCH 3/5] build: support loongarch64 platform

Signed-off-by: Liwei Ge <geliwei@openanolis.org>
---
 ...d.patch => 1000-httpd-anolis-rebrand.patch |  0
 1001-httpd-anolis-support-loongarch64.patch   | 32 +++++++++++++++++++
 httpd.spec                                    |  5 ++-
 3 files changed, 36 insertions(+), 1 deletion(-)
 rename 10000-htppd-anolis-rebrand.patch => 1000-httpd-anolis-rebrand.patch (100%)
 create mode 100644 1001-httpd-anolis-support-loongarch64.patch

diff --git a/10000-htppd-anolis-rebrand.patch b/1000-httpd-anolis-rebrand.patch
similarity index 100%
rename from 10000-htppd-anolis-rebrand.patch
rename to 1000-httpd-anolis-rebrand.patch
diff --git a/1001-httpd-anolis-support-loongarch64.patch b/1001-httpd-anolis-support-loongarch64.patch
new file mode 100644
index 0000000..37efba2
--- /dev/null
+++ b/1001-httpd-anolis-support-loongarch64.patch
@@ -0,0 +1,32 @@
+diff -Nur httpd-2.4.37/build/config.guess httpd-2.4.37.new/build/config.guess
+--- httpd-2.4.37/build/config.guess	2018-10-18 22:34:08.000000000 +0800
++++ httpd-2.4.37.new/build/config.guess	2021-11-04 11:15:42.592000000 +0800
+@@ -897,6 +897,9 @@
+ 	UNAME_MACHINE=aarch64_be
+ 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+ 	exit ;;
++    loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
++	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
++	exit ;;
+     alpha:Linux:*:*)
+ 	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ 	  EV5)   UNAME_MACHINE=alphaev5 ;;
+diff -Nur httpd-2.4.37/build/config.sub httpd-2.4.37.new/build/config.sub
+--- httpd-2.4.37/build/config.sub	2018-10-18 22:34:08.000000000 +0800
++++ httpd-2.4.37.new/build/config.sub	2021-11-04 11:15:42.592000000 +0800
+@@ -265,6 +265,7 @@
+ 	| k1om \
+ 	| le32 | le64 \
+ 	| lm32 \
++	| loongarch32 | loongarch64 | loongarchx32 \
+ 	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+ 	| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
+ 	| mips | mipsbe | mipseb | mipsel | mipsle \
+@@ -390,6 +391,7 @@
+ 	| k1om-* \
+ 	| le32-* | le64-* \
+ 	| lm32-* \
++	| loongarch32-* | loongarch64-* | loongarchx32-* \
+ 	| m32c-* | m32r-* | m32rle-* \
+ 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ 	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
diff --git a/httpd.spec b/httpd.spec
index 8297989..eb512fd 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -290,7 +290,8 @@ Patch249: httpd-2.4.37-CVE-2024-47252.patch
 Patch250: httpd-2.4.37-CVE-2025-49812.patch
 
 # Add by Anolis
-Patch1000: 10000-htppd-anolis-rebrand.patch
+Patch1000: 1000-httpd-anolis-rebrand.patch
+Patch1001: 1001-httpd-anolis-support-loongarch64.patch
 # End
 
 License:              ASL 2.0
@@ -534,6 +535,7 @@ interface for storing and accessing per-user session data.
 %patch250 -p1 -b .CVE-2025-49812
 # Add by Anolis
 %patch1000 -p1
+%patch1001 -p1
 # End
 
 %patch96 -p1 -b .r1922080
@@ -1045,6 +1047,7 @@ rm -rf $RPM_BUILD_ROOT
 * Tue Sep 09 2025 zhangbinchen <zhangbinchen@openanolis.org> - 2.4.37-65.0.1.5
 - Rebrand for Anolis OS
 - Requires system-logos-httpd
+- Support loongarch64 platform(Liwei Ge)
 
 * Mon Jul 28 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.5
 - Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade
-- 
Gitee


From b8f73c5ab8bb592dd4d71ef8188ea3c05945878b Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Tue, 30 Jan 2024 10:08:33 +0800
Subject: [PATCH 4/5] Requires system-logos-httpd

Signed-off-by: Zhao Hang <wb-zh951434@alibaba-inc.com>
---
 httpd.spec | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/httpd.spec b/httpd.spec
index eb512fd..c28f956 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -303,14 +303,14 @@ BuildRequires:        apr-devel >= 1.5.0, apr-util-devel >= 1.5.0, pcre-devel >=
 BuildRequires:        systemd-devel
 # web server testpage added to redhat-logos in 82.0 (rhbz1896319)
 # new logo requires new footer copyring which was added in rhbz1934800
-Requires: /etc/mime.types, system-logos(httpd-logo-ng)
-Obsoletes: httpd-suexec
-Provides: webserver
-Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
-Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
-Requires: httpd-tools = %{version}-%{release}
-Requires: httpd-filesystem = %{version}-%{release}
-Requires: mod_http2 >= 1.15.7-5
+Requires:             /etc/mime.types, system-logos-httpd
+Obsoletes:            httpd-suexec
+Provides:             webserver
+Provides:             mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
+Provides:             httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
+Requires:             httpd-tools = %{version}-%{release}
+Requires:             httpd-filesystem = %{version}-%{release}
+Requires:             mod_http2 >= 1.15.7-5
 Requires(pre): httpd-filesystem
 Requires(preun): systemd-units
 Requires(postun): systemd-units
-- 
Gitee


From fe2573782df0033f9617607abcacd606c505543f Mon Sep 17 00:00:00 2001
From: wxiat <nijie@wxiat.com>
Date: Fri, 21 Jul 2023 15:23:24 +0800
Subject: [PATCH 5/5] - cherry-pick `add sw patch
 #400077d851a81ce23aa39db271e26c3df254ae53`. - cherry-pick `change sw patch
 #bdacf2efe00d8445328f798df8c5520728801e8c`.

Signed-off-by: wxiat <nijie@wxiat.com>
Signed-off-by: Weisson <Weisson@linux.alibaba.com>
---
 httpd-2.4.37-sw.patch | 66 +++++++++++++++++++++++++++++++++++++++++++
 httpd.spec            |  6 +++-
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 httpd-2.4.37-sw.patch

diff --git a/httpd-2.4.37-sw.patch b/httpd-2.4.37-sw.patch
new file mode 100644
index 0000000..0951329
--- /dev/null
+++ b/httpd-2.4.37-sw.patch
@@ -0,0 +1,66 @@
+diff -Naur httpd-2.4.37.org/configure httpd-2.4.37.sw/configure
+--- httpd-2.4.37.org/configure	2018-10-18 22:34:09.000000000 +0800
++++ httpd-2.4.37.sw/configure	2023-07-21 14:55:43.876595734 +0800
+@@ -29566,6 +29566,10 @@
+         # ulimit only accepts English "unlimited" on input
+         APACHECTL_ULIMIT="ulimit -S -n unlimited"
+         ;;
++    *sw_64*-dec-osf*)
++        # Tru64: -H is for setting, not retrieving
++        APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
++        ;;
+     *alpha*-dec-osf*)
+         # Tru64: -H is for setting, not retrieving
+         APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
+diff -Naur httpd-2.4.37.org/support/config.m4 httpd-2.4.37.sw/support/config.m4
+--- httpd-2.4.37.org/support/config.m4	2011-04-08 03:32:49.000000000 +0800
++++ httpd-2.4.37.sw/support/config.m4	2023-07-21 14:56:03.520289713 +0800
+@@ -136,6 +136,10 @@
+         # ulimit only accepts English "unlimited" on input
+         APACHECTL_ULIMIT="ulimit -S -n unlimited"
+         ;;
++    *sw_64*-dec-osf*)
++        # Tru64: -H is for setting, not retrieving
++        APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
++        ;;
+     *alpha*-dec-osf*)
+         # Tru64: -H is for setting, not retrieving
+         APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`"
+
+diff -Nuar httpd-2.4.37.org/build/config.guess httpd-2.4.37.sw/build/config.guess
+--- httpd-2.4.37.org/build/config.guess	2023-08-09 16:22:45.045389206 +0800
++++ httpd-2.4.37.sw/build/config.guess	2023-08-09 16:24:04.103173784 +0800
+@@ -900,6 +900,14 @@
+     loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
+ 	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+ 	exit ;;
++    sw_64:Linux:*:*)
++	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
++	  sw)   UNAME_MACHINE=sw_64 ;;
++	esac
++	objdump --private-headers /bin/sh | grep -q ld.so.1
++	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
++	echo ${UNAME_MACHINE}-sunway-linux-${LIBC}
++	exit ;;
+     alpha:Linux:*:*)
+ 	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ 	  EV5)   UNAME_MACHINE=alphaev5 ;;
+diff -Nuar httpd-2.4.37.org/build/config.sub httpd-2.4.37.sw/build/config.sub
+--- httpd-2.4.37.org/build/config.sub	2023-08-09 16:22:45.045389206 +0800
++++ httpd-2.4.37.sw/build/config.sub	2023-08-09 16:23:26.159837338 +0800
+@@ -245,6 +245,7 @@
+ 	1750a | 580 \
+ 	| a29k \
+ 	| aarch64 | aarch64_be \
++	| sw_64 \
+ 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ 	| am33_2.0 \
+@@ -370,6 +371,7 @@
+ 	580-* \
+ 	| a29k-* \
+ 	| aarch64-* | aarch64_be-* \
++	| sw_64-* \
+ 	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ 	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
diff --git a/httpd.spec b/httpd.spec
index c28f956..d71a5fb 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -16,7 +16,7 @@ Name: httpd
 Version: 2.4.37
 Release: 655%{anolis_release}%{?dist}.5
 URL: https://httpd.apache.org/
-Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
+Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source2: httpd.logrotate
 Source3: instance.conf
 Source4: httpd-ssl-pass-dialog
@@ -292,6 +292,7 @@ Patch250: httpd-2.4.37-CVE-2025-49812.patch
 # Add by Anolis
 Patch1000: 1000-httpd-anolis-rebrand.patch
 Patch1001: 1001-httpd-anolis-support-loongarch64.patch
+Patch2000: httpd-2.4.37-sw.patch
 # End
 
 License:              ASL 2.0
@@ -536,6 +537,7 @@ interface for storing and accessing per-user session data.
 # Add by Anolis
 %patch1000 -p1
 %patch1001 -p1
+%patch2000 -p1
 # End
 
 %patch96 -p1 -b .r1922080
@@ -1048,6 +1050,8 @@ rm -rf $RPM_BUILD_ROOT
 - Rebrand for Anolis OS
 - Requires system-logos-httpd
 - Support loongarch64 platform(Liwei Ge)
+  cherry-pick `add sw patch #400077d851a81ce23aa39db271e26c3df254ae53`. (nijie@wxiat.com)
+  cherry-pick `change sw patch #bdacf2efe00d8445328f798df8c5520728801e8c`. (nijie@wxiat.com)
 
 * Mon Jul 28 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.5
 - Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade
-- 
Gitee