helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2025-12-31 13:38:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

apache2: patch CVE-2025-54090

Browse Source 
https://nvd.nist.gov/vuln/detail/CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-10-04 20:39:28 +02:00
parent dead2a0070
commit 36fa532688
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
meta-webserver/recipes-httpd/apache2/apache2/CVE-2025-54090.patch Normal file
View File

@ -0,0 +1,40 @@
From 8abb3d06b23975705ebcf4bf4476464fd0b9bd0b Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 21 Jul 2025 11:12:44 +0000
Subject: [PATCH] fix `rewritecond expr` regression in 2.4.64
*) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
always evaluates to true in 2.4.64 (cve.mitre.org)
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes
the issue.
Reviewed By: covener, ylavic, gbechis, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927361 13f79535-47bb-0310-9956-ffa450edef68
CVE: CVE-2025-54090
Upstream-Status: Backport [https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
modules/mappers/mod_rewrite.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index f9fcd61400f..ae0ceda0508 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4276,8 +4276,9 @@ static cond_return_type apply_rewrite_cond(rewritecond_entry *p, rewrite_ctx *ct
rc = COND_RC_NOMATCH;
}
else {
- rc = COND_RC_MATCH;
+ rc = (rc > 0) ? COND_RC_MATCH : COND_RC_NOMATCH;
}
+
/* update briRC backref info */
if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
ctx->briRC.source = source;

1
meta-webserver/recipes-httpd/apache2/apache2_2.4.64.bb
View File

@ -16,6 +16,7 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch \
file://CVE-2025-54090.patch \
"
SRC_URI:append:class-target = " \