[meta-webserver,walnascar] apache2: patch CVE-2025-54090

Message ID	20251004183928.2967614-1-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.208.46, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-webserver][walnascar][PATCH] apache2: patch CVE-2025-54090 Date: Sat, 4 Oct 2025 20:39:28 +0200 Message-ID: <20251004183928.2967614-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-webserver,walnascar] apache2: patch CVE-2025-54090 \| expand [meta-webserver,walnascar] apache2: patch CVE-2025-54090

Message ID

20251004183928.2967614-1-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-webserver][walnascar][PATCH] apache2: patch CVE-2025-54090
Date: Sat,  4 Oct 2025 20:39:28 +0200
Message-ID: <20251004183928.2967614-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-webserver,walnascar] apache2: patch CVE-2025-54090 | expand

Commit Message

Gyorgy Sarvari Oct. 4, 2025, 6:39 p.m. UTC

https://nvd.nist.gov/vuln/detail/CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../apache2/apache2/CVE-2025-54090.patch      | 40 +++++++++++++++++++
 .../recipes-httpd/apache2/apache2_2.4.64.bb   |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2025-54090.patch

diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2025-54090.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2025-54090.patch
new file mode 100644
index 0000000000..54ae450a5f
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2025-54090.patch
@@ -0,0 +1,40 @@ 
+From 8abb3d06b23975705ebcf4bf4476464fd0b9bd0b Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 21 Jul 2025 11:12:44 +0000
+Subject: [PATCH] fix `rewritecond expr` regression in 2.4.64
+
+  *) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
+     always evaluates to true in 2.4.64 (cve.mitre.org)
+     A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
+     expr ..." tests evaluating as "true".
+     Users are recommended to upgrade to version 2.4.65, which fixes
+     the issue.
+
+
+Reviewed By: covener, ylavic, gbechis, jorton
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927361 13f79535-47bb-0310-9956-ffa450edef68
+
+CVE: CVE-2025-54090
+Upstream-Status: Backport [https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ modules/mappers/mod_rewrite.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
+index f9fcd61400f..ae0ceda0508 100644
+--- a/modules/mappers/mod_rewrite.c
++++ b/modules/mappers/mod_rewrite.c
+@@ -4276,8 +4276,9 @@ static cond_return_type apply_rewrite_cond(rewritecond_entry *p, rewrite_ctx *ct
+                 rc = COND_RC_NOMATCH;
+             }
+             else {
+-                rc = COND_RC_MATCH;
++                rc = (rc > 0) ? COND_RC_MATCH : COND_RC_NOMATCH;
+             }
++
+             /* update briRC backref info */
+             if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
+                 ctx->briRC.source = source;
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.64.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.64.bb
index 5830568746..b2cfcebc49 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.64.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.64.bb
@@ -16,6 +16,7 @@  SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
            file://0008-Fix-perl-install-directory-to-usr-bin.patch \
            file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
            file://0001-make_exports.awk-not-expose-the-path.patch \
+           file://CVE-2025-54090.patch \
           "
 
 SRC_URI:append:class-target = " \

[meta-webserver,walnascar] apache2: patch CVE-2025-54090

Commit Message

Patch