From ca54923143a90a24563b84ef87f147adb2499249 Mon Sep 17 00:00:00 2001
From: xingwei <xingwei14@h-partners.com>
Date: Wed, 16 Apr 2025 03:21:11 +0000
Subject: [PATCH] backport patches

---
 backport-Check-SSL_CTX_new-return-value.patch | 41 +++++++++++
 ...ort-Fix-possible-crash-on-error-path.patch | 43 ++++++++++++
 ...tickysession-configuration-parameter.patch | 42 +++++++++++
 ...hen-parsing-AllowOverride-directives.patch | 59 ++++++++++++++++
 ...port-fix-LogFormat-directive-merging.patch | 40 +++++++++++
 ...d-Increase-MAX_CONCURRENCY-hard-limi.patch | 69 +++++++++++++++++++
 httpd.spec                                    | 19 ++++-
 7 files changed, 312 insertions(+), 1 deletion(-)
 create mode 100644 backport-Check-SSL_CTX_new-return-value.patch
 create mode 100644 backport-Fix-possible-crash-on-error-path.patch
 create mode 100644 backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch
 create mode 100644 backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch
 create mode 100644 backport-fix-LogFormat-directive-merging.patch
 create mode 100644 backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch

diff --git a/backport-Check-SSL_CTX_new-return-value.patch b/backport-Check-SSL_CTX_new-return-value.patch
new file mode 100644
index 0000000..4a069e1
--- /dev/null
+++ b/backport-Check-SSL_CTX_new-return-value.patch
@@ -0,0 +1,41 @@
+From c8c469b3a907ea263a888217d6d5c48c287205ec Mon Sep 17 00:00:00 2001
+From: Joe Orton <jorton@apache.org>
+Date: Mon, 20 Jan 2025 10:27:52 +0000
+Subject: [PATCH] Merge r1916054 from trunk:
+
+mod_ssl: Check SSL_CTX_new() return value
+
+SSL_CTX_new() will return NULL if there was an error creating a new SSL context.
+
+Submitted by: StephenWall
+Github: closes #402
+Reviewed by: jailletc36, rjung, jorton
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923248 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/c8c469b3a907ea263a888217d6d5c48c287205ec
+---
+ modules/ssl/ssl_engine_init.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index beb5dac..b8150a9 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -704,6 +704,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
+         TLS_server_method();  /* server */
+ #endif
+     ctx = SSL_CTX_new(method);
++    if (ctx == NULL) {
++        /* Can fail for some system/install mis-configuration. */
++        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
++        return ssl_die(s);
++    }
+ 
+     mctx->ssl_ctx = ctx;
+ 
+-- 
+2.33.0
+
diff --git a/backport-Fix-possible-crash-on-error-path.patch b/backport-Fix-possible-crash-on-error-path.patch
new file mode 100644
index 0000000..21ec75a
--- /dev/null
+++ b/backport-Fix-possible-crash-on-error-path.patch
@@ -0,0 +1,43 @@
+From 000cd2291d3d2c40682ec607e8d3b0711ac5a097 Mon Sep 17 00:00:00 2001
+From: Joe Orton <jorton@apache.org>
+Date: Mon, 20 Jan 2025 10:24:13 +0000
+Subject: [PATCH] Merge r1921067 from trunk:
+
+* Take care for the case where nkey is NULL
+
+PR: 69358
+Reported by: <zhora.budyukin111 gmail.com>
+Submitted by: rpluem
+Reviewed by: jailletc36, rjung, jorton
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923247 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/000cd2291d3d2c40682ec607e8d3b0711ac5a097
+---
+ modules/cache/mod_cache_socache.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/modules/cache/mod_cache_socache.c b/modules/cache/mod_cache_socache.c
+index f369004..341db53 100644
+--- a/modules/cache/mod_cache_socache.c
++++ b/modules/cache/mod_cache_socache.c
+@@ -694,9 +694,11 @@ fail:
+             return DECLINED;
+         }
+     }
+-    conf->provider->socache_provider->remove(
+-            conf->provider->socache_instance, r->server,
+-            (unsigned char *) nkey, strlen(nkey), r->pool);
++    if (nkey) {
++        conf->provider->socache_provider->remove(
++                conf->provider->socache_instance, r->server,
++                (unsigned char *) nkey, strlen(nkey), r->pool);
++    }
+     if (socache_mutex) {
+         apr_status_t status = apr_global_mutex_unlock(socache_mutex);
+         if (status != APR_SUCCESS) {
+-- 
+2.33.0
+
diff --git a/backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch b/backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch
new file mode 100644
index 0000000..7bb0e66
--- /dev/null
+++ b/backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch
@@ -0,0 +1,42 @@
+From c8c5aef865dd4dfcce6606cf5a4fba1e815adb0f Mon Sep 17 00:00:00 2001
+From: Jim Jagielski <jim@apache.org>
+Date: Wed, 15 Jan 2025 12:03:59 +0000
+Subject: [PATCH]   *) Do not add a space before '|' when setting the value for
+ stickysession in the      balancer manager as this breaks the stickysession
+ configuration once a new      configuration is submitted by the balancer
+ manager. PR: 69510      trunk patch: https://svn.apache.org/r1923101
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923145 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/c8c5aef865dd4dfcce6606cf5a4fba1e815adb0f
+
+---
+ modules/proxy/mod_proxy_balancer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
+index 6ec6383..77344c8 100644
+--- a/modules/proxy/mod_proxy_balancer.c
++++ b/modules/proxy/mod_proxy_balancer.c
+@@ -1704,7 +1704,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
+                        balancer->max_workers - (int)storage->num_free_slots(balancer->wslot));
+             if (*balancer->s->sticky) {
+                 if (strcmp(balancer->s->sticky, balancer->s->sticky_path)) {
+-                    ap_rvputs(r, "<td>", ap_escape_html(r->pool, balancer->s->sticky), " | ",
++                    ap_rvputs(r, "<td>", ap_escape_html(r->pool, balancer->s->sticky), "|",
+                               ap_escape_html(r->pool, balancer->s->sticky_path), NULL);
+                 }
+                 else {
+@@ -1889,7 +1889,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
+             ap_rputs("</tr>\n", r);
+             ap_rputs("<tr><td>Sticky Session:</td><td><input name='b_ss' id='b_ss' size=64 type=text ", r);
+             if (strcmp(bsel->s->sticky, bsel->s->sticky_path)) {
+-                ap_rvputs(r, "value =\"", ap_escape_html(r->pool, bsel->s->sticky), " | ",
++                ap_rvputs(r, "value =\"", ap_escape_html(r->pool, bsel->s->sticky), "|",
+                           ap_escape_html(r->pool, bsel->s->sticky_path), NULL);
+             }
+             else {
+-- 
+2.33.0
+
diff --git a/backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch b/backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch
new file mode 100644
index 0000000..3e285f3
--- /dev/null
+++ b/backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch
@@ -0,0 +1,59 @@
+From 8486d22d82e484e2e027db30722a9b74e6c99ab9 Mon Sep 17 00:00:00 2001
+From: Joe Orton <jorton@apache.org>
+Date: Fri, 14 Feb 2025 09:16:23 +0000
+Subject: [PATCH] Merge r1917017, r1923218 from trunk:
+
+* server/core.c (set_override): Catch errors returned by
+  set_allow_opts() for a parsing fail in an Options= argument.
+
+Submitted by: Zhou Qingyang <zhou1615 umn.edu>
+Github: closes #310
+
+Add a Changes entry related to r1917017
+
+While at it, fix a small style issue (tab vs spaces)
+
+Submitted by: jorton, jailletc36
+Reviewed by: rjung (reduce code drift), jorton, jailletc36
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923804 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/8486d22d82e484e2e027db30722a9b74e6c99ab9
+
+---
+ changes-entries/github 310.txt | 3 +++
+ server/core.c                  | 6 ++++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+ create mode 100644 changes-entries/github 310.txt
+
+diff --git a/changes-entries/github 310.txt b/changes-entries/github 310.txt
+new file mode 100644
+index 0000000..2d966cd
+--- /dev/null
++++ b/changes-entries/github 310.txt	
+@@ -0,0 +1,3 @@
++  *) core: Report invalid Options= argument when parsing AllowOverride
++     directives.
++     Github #310 [Zhou Qingyang <zhou1615 umn.edu>]
+diff --git a/server/core.c b/server/core.c
+index e8ef728..1401863 100644
+--- a/server/core.c
++++ b/server/core.c
+@@ -1831,8 +1831,10 @@ static const char *set_override(cmd_parms *cmd, void *d_, const char *l)
+         }
+         else if (!ap_cstr_casecmp(k, "Options")) {
+             d->override |= OR_OPTIONS;
+-            if (v)
+-                set_allow_opts(cmd, &(d->override_opts), v);
++            if (v) {
++                if ((err = set_allow_opts(cmd, &(d->override_opts), v)) != NULL)
++                    return err;
++            }
+             else
+                 d->override_opts = OPT_ALL;
+         }
+-- 
+2.33.0
+
diff --git a/backport-fix-LogFormat-directive-merging.patch b/backport-fix-LogFormat-directive-merging.patch
new file mode 100644
index 0000000..f762e12
--- /dev/null
+++ b/backport-fix-LogFormat-directive-merging.patch
@@ -0,0 +1,40 @@
+From 9248113bed1c5c0c610c7108b447314cf2847fdc Mon Sep 17 00:00:00 2001
+From: Jim Jagielski <jim@apache.org>
+Date: Tue, 7 Jan 2025 15:07:17 +0000
+Subject: [PATCH]   *) mod_log_config: Fix LogFormat directive merging
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1922961 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/9248113bed1c5c0c610c7108b447314cf2847fdc
+
+---
+ changes-entries/pr65222.txt      | 2 ++
+ modules/loggers/mod_log_config.c | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+ create mode 100644 changes-entries/pr65222.txt
+
+diff --git a/changes-entries/pr65222.txt b/changes-entries/pr65222.txt
+new file mode 100644
+index 0000000..8efffd6
+--- /dev/null
++++ b/changes-entries/pr65222.txt
+@@ -0,0 +1,2 @@
++  *) mod_log_config: Fix merging for the "LogFormat" directive.
++     PR: 65222. [Michael Kaufmann <mail michael-kaufmann.ch>]
+diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
+index aba01f2..8a3c64a 100644
+--- a/modules/loggers/mod_log_config.c
++++ b/modules/loggers/mod_log_config.c
+@@ -1263,7 +1263,7 @@ static void *merge_config_log_state(apr_pool_t *p, void *basev, void *addv)
+         add->default_format_string = base->default_format_string;
+         add->default_format = base->default_format;
+     }
+-    add->formats = apr_table_overlay(p, base->formats, add->formats);
++    add->formats = apr_table_overlay(p, add->formats, base->formats);
+ 
+     return add;
+ }
+-- 
+2.33.0
+
diff --git a/backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch b/backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch
new file mode 100644
index 0000000..3a0e461
--- /dev/null
+++ b/backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch
@@ -0,0 +1,69 @@
+From: Jim Jagielski <jim@apache.org>
+Date: Wed, 15 Jan 2025 11:51:28 +0000
+Subject: [PATCH] svn merge -c 1910518,1910847,1912477,1918297
+ ^/httpd/httpd/trunk .   *) Easy patches: synch 2.4.x and trunk         - ab:
+ Increase MAX_CONCURRENCY hard limit (from 20K to 200K)         - ab: Fix X509
+ * leak         - dav/fs/dbm.c: Remove error message references to "property"
+ databases         - httpd.h: Fix comment
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923142 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:The pre-installation patch f38c5b8 is a reconstruction patch and is not integrated. As a result, adaptation exists.
+Reference:https://github.com/apache/httpd/commit/84a9b978e7a502e3d93e2d757af67f8f303cb615
+
+---
+ include/httpd.h      | 2 +-
+ modules/dav/fs/dbm.c | 2 +-
+ support/ab.c         | 3 ++-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/include/httpd.h b/include/httpd.h
+index 5e518d1..c836367 100644
+--- a/include/httpd.h
++++ b/include/httpd.h
+@@ -1113,7 +1113,7 @@ struct request_rec {
+      */
+     int double_reverse;
+     /** Request flags associated with this request. Use
+-     * AP_REQUEST_GET_FLAGS() and AP_REQUEST_SET_FLAGS() to access
++     * AP_REQUEST_GET_BNOTE() and AP_REQUEST_SET_BNOTE() to access
+      * the elements of this field.
+      */
+     ap_request_bnotes_t bnotes;
+diff --git a/modules/dav/fs/dbm.c b/modules/dav/fs/dbm.c
+index 0d12831..7a8893a 100644
+--- a/modules/dav/fs/dbm.c
++++ b/modules/dav/fs/dbm.c
+@@ -95,7 +95,7 @@ static dav_error * dav_fs_dbm_error(dav_db *db, apr_pool_t *p,
+     /* There might not be a <db> if we had problems creating it. */
+     if (db == NULL) {
+         errcode = 1;
+-        errstr = "Could not open property database.";
++        errstr = "Could not open database.";
+         if (APR_STATUS_IS_EDSOOPEN(status))
+             ap_log_error(APLOG_MARK, APLOG_CRIT, status, ap_server_conf, APLOGNO(00576)
+             "The DBM driver could not be loaded");
+diff --git a/support/ab.c b/support/ab.c
+index 71cf484..dcd0bc8 100644
+--- a/support/ab.c
++++ b/support/ab.c
+@@ -279,7 +279,7 @@ struct data {
+ #define ap_max(a,b) (((a)>(b))?(a):(b))
+ #define ap_round_ms(a) ((apr_time_t)((a) + 500)/1000)
+ #define ap_double_ms(a) ((double)(a)/1000.0)
+-#define MAX_CONCURRENCY 20000
++#define MAX_CONCURRENCY 200000
+ 
+ /* --------------------- GLOBALS ---------------------------- */
+ 
+@@ -735,6 +735,7 @@ static void ssl_proceed_handshake(struct connection *c)
+                              SSL_get_version(c->ssl),
+                              SSL_CIPHER_get_name(ci),
+                              pk_bits, sk_bits);
++                if (cert) X509_free(cert);
+             }
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+             if (ssl_tmp_key == NULL) {
+-- 
+2.33.0
+
diff --git a/httpd.spec b/httpd.spec
index 0800aec..188e9ae 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.51
-Release:          23
+Release:          24
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -127,6 +127,12 @@ Patch73:          backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differen
 Patch74:          backport-CVE-2024-38477-validate-hostsname.patch
 Patch75:          backport-CVE-2024-39884-maintain-trusted-flag.patch
 Patch76:          backport-CVE-2024-40725.patch
+Patch77:          backport-fix-LogFormat-directive-merging.patch
+Patch78:          backport-fix-X509-leak-and-Increase-MAX_CONCURRENCY-hard-limi.patch
+Patch79:          backport-Fix-the-handling-of-the-stickysession-configuration-parameter.patch
+Patch80:          backport-Fix-possible-crash-on-error-path.patch
+Patch81:          backport-Check-SSL_CTX_new-return-value.patch
+Patch82:          backport-Report-invalid-Options-argument-when-parsing-AllowOverride-directives.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -563,6 +569,17 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Apr 16 2025 xingwei <xingwei14@h-partners.com> - 2.4.51-24
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:mod_log_config: Fix LogFormat directive merging
+       Fix X509 leak and Increase MAX_CONCURRENCY hard limit
+       mod_proxy_balancer: Fix the handling of the stickysession
+       mod_cache_socache: Fix possible crash on error path
+       mod_ssl: Check SSL_CTX_new() return value
+       core: Report invalid Options argument when parsing AllowOverride directives
+
 * Wed Aug 28 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 2.4.51-23
 - Type:CVE
 - ID:CVE-2024-40725
-- 
Gitee