From 1df43e2685ed43864fdfd9fe986b2f6fc96306ba Mon Sep 17 00:00:00 2001
From: dufuhang <dufuhang@kylinos.cn>
Date: Tue, 16 Jul 2024 17:17:08 +0800
Subject: [PATCH] core: ap_location_walk() does not deal with the filesystem So
 it shouldn't merge slashes according to filesystem rules.

* server/request.c(ap_location_walk):
  Use ap_no2slash_ex(,0) instead of ap_no2slash() to ignore
  filesystem specifics.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919165 13f79535-47bb-0310-9956-ffa450edef68
---
 ...rt-does-not-deal-with-the-filesystem.patch | 25 +++++++++++++++++++
 httpd.spec                                    |  9 ++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 backport-does-not-deal-with-the-filesystem.patch

diff --git a/backport-does-not-deal-with-the-filesystem.patch b/backport-does-not-deal-with-the-filesystem.patch
new file mode 100644
index 0000000..0c7be30
--- /dev/null
+++ b/backport-does-not-deal-with-the-filesystem.patch
@@ -0,0 +1,25 @@
+From 5243eaf3c326ca80495a8e8431448ab6aba01fa7 Mon Sep 17 00:00:00 2001
+From: ylavic <rpmbuild>
+Date: Tue, 16 Jul 2024 17:10:21 +0800
+Subject: [PATCH] modified
+
+---
+ server/request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/server/request.c b/server/request.c
+index 5599b2c..7890f7c 100644
+--- a/server/request.c
++++ b/server/request.c
+@@ -1481,7 +1481,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+     }
+     else {
+         char *uri = apr_pstrdup(r->pool, r->uri);
+-        ap_no2slash(uri);
++        ap_no2slash_ex(uri, 0/*not an FS path*/);
+         entry_uri = uri;
+     }
+ 
+-- 
+2.27.0
+
diff --git a/httpd.spec b/httpd.spec
index 2df2769..dfca81e 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.58
-Release:          6
+Release:          7
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -87,6 +87,7 @@ Patch33:          backport-CVE-2024-38474-CVE-2024-38475-tighten-up-prefix_stat.
 Patch34:          backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differentiate-trusted-sources.patch
 Patch35:          backport-CVE-2024-38477-validate-hostsname.patch
 Patch36:          backport-CVE-2024-39884-maintain-trusted-flag.patch
+Patch37:          backport-does-not-deal-with-the-filesystem.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -524,6 +525,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Tue Jul 16 2024 dfh <dufuhang@kylinos.cn> - 2.4.58-7
+- Type:NA
+- ID:NA
+- SUG:NA
+- DESC: core: ap_location_walk() does not deal with the filesystem
+
 * Mon Jul 08 2024 chengyechun <chengyechun1@huawei.com> - 2.4.58-6
 - Type:CVE
 - ID:CVE-2024-38473,CVE-2024-38474,CVE-2024-38475,CVE-2024-38476,CVE-2024-38477,CVE-2024-39884,CVE-2024-39573
-- 
Gitee