From 766e4975285363f0ab075f1a86312593114f846e Mon Sep 17 00:00:00 2001
From: wangxiaomeng <wangxiaomeng@kylinos.cn>
Date: Fri, 29 Aug 2025 09:43:23 +0800
Subject: [PATCH] fix CVE-2024-40898

---
 ...898-merge-leading-slashes-by-default.patch | 52 +++++++++++++++++++
 httpd.spec                                    |  9 +++-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-40898-merge-leading-slashes-by-default.patch

diff --git a/backport-CVE-2024-40898-merge-leading-slashes-by-default.patch b/backport-CVE-2024-40898-merge-leading-slashes-by-default.patch
new file mode 100644
index 0000000..343ddc9
--- /dev/null
+++ b/backport-CVE-2024-40898-merge-leading-slashes-by-default.patch
@@ -0,0 +1,52 @@
+From b1560d34a37681ebc18baa78588579ed87f9da70 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 15 Jul 2024 12:05:57 +0000
+Subject: [PATCH] merge leading slashes by default
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919246 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/mappers/mod_rewrite.c   | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
+index 0d928e4b99..439af886ba 100644
+--- a/modules/mappers/mod_rewrite.c
++++ b/modules/mappers/mod_rewrite.c
+@@ -179,6 +179,7 @@ static const char* really_last_key = "rewrite_really_last";
+ #define RULEFLAG_ESCAPECTLS         (1<<21)
+ #define RULEFLAG_UNSAFE_PREFIX_STAT (1<<22)
+ #define RULEFLAG_UNSAFE_ALLOW3F     (1<<23)
++#define RULEFLAG_UNC                (1<<24)
+ 
+ /* return code of the rewrite rule
+  * the result may be escaped - or not
+@@ -3884,6 +3885,9 @@ static const char *cmd_rewriterule_setflag(apr_pool_t *p, void *_cfg,
+         else if(!strcasecmp(key, "nsafeAllow3F")) {
+             cfg->flags |= RULEFLAG_UNSAFE_ALLOW3F;
+         }
++        else if(!strcasecmp(key, "NC")) {
++            cfg->flags |= RULEFLAG_UNC;
++        }
+         else {
+             ++error;
+         }
+@@ -4508,6 +4512,16 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
+         return RULE_RC_MATCH;
+     }
+ 
++    if (!(p->flags & RULEFLAG_UNC)) {
++        /* merge leading slashes, unless they were literals in the sub */
++        if (!AP_IS_SLASH(p->output[0]) || !AP_IS_SLASH(p->output[1])) {
++            while (AP_IS_SLASH(r->filename[0]) &&
++                   AP_IS_SLASH(r->filename[1])) {
++                r->filename++;
++            }
++        }
++    }
++
+     /* Finally remember the forced mime-type */
+     force_type_handler(p, ctx);
+ 
+-- 
+2.25.1
+
diff --git a/httpd.spec b/httpd.spec
index 9c047ee..76df576 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.58
-Release:          10
+Release:          11
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -103,6 +103,7 @@ Patch49:          backport-CVE-2025-23048.patch
 Patch50:          backport-CVE-2024-47252.patch
 Patch51:          backport-CVE-2024-43204.patch
 Patch52:          backport-CVE-2024-42516.patch
+Patch53:          backport-CVE-2024-40898-merge-leading-slashes-by-default.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -540,6 +541,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Aug 29 2025 wangxiaomeng <wangxiaomeng@kylinos.cn> - 2.4.58-11
+- Type:CVE
+- ID:CVE-2024-40898
+- SUG:NA
+- DESC:fix CVE-2024-40898
+
 * Wed Aug 13 2025 yanglu <yanglu72@h-partners.com> - 2.4.58-10
 - Type:CVE
 - CVE:CVE-2025-49812,CVE-2025-23048,CVE-2024-47252,CVE-2024-43204,CVE-2024-42516
-- 
Gitee