From unknown Thu Aug 14 17:27:21 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#51050 <51050@debbugs.gnu.org>
To: bug#51050 <51050@debbugs.gnu.org>
Subject: Status: [PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes
 CVE-2021-{41524, 41773}].
Reply-To: bug#51050 <51050@debbugs.gnu.org>
Date: Fri, 15 Aug 2025 00:27:21 +0000

retitle 51050 [PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes CVE-2021-{=
41524, 41773}].
reassign 51050 guix-patches
submitter 51050 Leo Famulari <leo@famulari.name>
severity 51050 normal
tag 51050 patch

thanks


From debbugs-submit-bounces@debbugs.gnu.org Tue Oct 05 21:05:35 2021
Received: (at submit) by debbugs.gnu.org; 6 Oct 2021 01:05:35 +0000
Received: from localhost ([127.0.0.1]:42157 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mXvNH-0006YB-Mi
	for submit@debbugs.gnu.org; Tue, 05 Oct 2021 21:05:35 -0400
Received: from lists.gnu.org ([209.51.188.17]:50882)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1mXvNG-0006Y3-3f
 for submit@debbugs.gnu.org; Tue, 05 Oct 2021 21:05:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:48544)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1mXvND-0005F2-Ik
 for guix-patches@gnu.org; Tue, 05 Oct 2021 21:05:33 -0400
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:49203)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1mXvN9-0002HV-Iv
 for guix-patches@gnu.org; Tue, 05 Oct 2021 21:05:31 -0400
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
 by mailout.west.internal (Postfix) with ESMTP id 721D93201D2F;
 Tue,  5 Oct 2021 21:05:20 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute6.internal (MEProxy); Tue, 05 Oct 2021 21:05:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=from:to:subject:date:message-id:mime-version
 :content-transfer-encoding; s=mesmtp; bh=xon4ks8p1pdh13d79bdMvMX
 9VE3qqcHiU7KLKAeZaWc=; b=BakvTkhoovGQxluxsKXzty6T0lYzhBO3d279kl0
 4Z9DLoqWHcvcY95iFHPq/Hj4irP04XfryzH4SjJdAdwVD0XDHeOXnMVjjmOKlcPQ
 ZWbo6xDV1pDcxJfolNzhQXh7IdRMF75H8hSdZqj8aESh3T8w0iwxQ74+lqpm+gJ2
 /wr8=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:date:from
 :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=xon4ks8p1pdh13d79
 bdMvMX9VE3qqcHiU7KLKAeZaWc=; b=hpv/fh+B7iO1LLrFMRxqqB/j0awlyBDpw
 c8IA+e0jK+qEqFGBHxWsFpD4EFouj6T59mUPpLBqG0hhQujUb5oCMkLhLKIX1NFB
 RY6EdF4+sAyRFR7e1MQI2QvQn9q0p0lv85iHE2k9jUbYwQkOCzr9tXnpyMez850p
 fKg8D3ytIJoyboFxgvSb6uxr7PByj/KDA3JYWcPdEuZ1CiA/asQzPDayy75emMfa
 SA7DTdUoohp8BYCW3zsOh7h8p6Slz2xC3FQYlBiPKIe3pKtROdNchbI6mBrVeZ06
 rkPkz4E70xf6Pyj1Eoe51McugOaImMWGB+hoi6vOezd7RBcS2c9rQ==
X-ME-Sender: <xms:T_ZcYUDqY4ehEfyYlzndEt4X_F7T_WrMJXH5Owfm6yb8urBZdGUdPQ>
 <xme:T_ZcYWhZ9iTTDtgRLTW1oGQ45e9LTD7IqR-wF1GQA3z3owPLMBQkZxpM83v_q7cfL
 JYqjD9JYo94oPQMpQ>
X-ME-Received: <xmr:T_ZcYXnZd6TK-pfCjChCxPOlc3VCo3NMhoDyL14l-8ghd0o2RfxDsI4jKO31Ju7cpRk6rW5h7RruiwHaPoyaTU3e-1Qf>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudelhedggedtucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre
 dttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi
 rdhnrghmvgeqnecuggftrfgrthhtvghrnhepgfetveduueehgeejkeekffeljeffkefgue
 ffteehveettddvhfeileelieegjefgnecuffhomhgrihhnpegrphgrtghhvgdrohhrghen
 ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghose
 hfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:T_ZcYay62WLvsGDr-iFnQ8rcNTIzgDGS2BUUC8vY5Rfqze3Nd0Qk8Q>
 <xmx:T_ZcYZTHPi_327IC_iOP1mGOsGxOhuvAHV9ABcAuUx7QPyJtw6EYjQ>
 <xmx:T_ZcYVaOYFpWLTwD5eTWF2-bdR37i3ucL-0w3Lbe4RRxTHyfjR1Rxg>
 <xmx:UPZcYUNRFbljhQq4xwPqCC-xLioEvprAbqGqDoSP_NtC-ipKTdnhXQ>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <guix-patches@gnu.org>; Tue, 5 Oct 2021 21:05:19 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes CVE-2021-{41524,
 41773}].
Date: Tue,  5 Oct 2021 21:05:16 -0400
Message-Id: <f868ed2a75b55400107b80fcc1e41dcfb6b3c28c.1633482316.git.leo@famulari.name>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=64.147.123.21; envelope-from=leo@famulari.name;
 helo=wout5-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

This update includes an important fix for an actively exploited path traversal
vulnerability (CVE-2021-41773), which allows attackers to access files outside
the "document root":

https://httpd.apache.org/security/vulnerabilities_24.html

* gnu/packages/web.scm (httpd): Update to 2.4.50.
---
 gnu/packages/web.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 0ea362c452..5819973c66 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -252,14 +252,14 @@
 (define-public httpd
   (package
     (name "httpd")
-    (version "2.4.49")
+    (version "2.4.50")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://apache/httpd/httpd-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0fqkfjcpdd40ji2279wfxh5hddb5jdxlnpjr0sbhva8fi7b6bfb5"))))
+               "03w9nc7v0rqljxazikbrlgbw7lq72i8n7n9ynlp6h1n6f301fa3a"))))
     (build-system gnu-build-system)
     (native-inputs `(("pcre" ,pcre "bin")))       ;for 'pcre-config'
     (inputs `(("apr" ,apr)
-- 
2.33.0





From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 06 00:08:01 2021
Received: (at 51050-done) by debbugs.gnu.org; 6 Oct 2021 04:08:01 +0000
Received: from localhost ([127.0.0.1]:42193 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mXyDm-0002i1-OA
	for submit@debbugs.gnu.org; Wed, 06 Oct 2021 00:08:01 -0400
Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:37781)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1mXyDg-0002hk-Be
 for 51050-done@debbugs.gnu.org; Wed, 06 Oct 2021 00:07:56 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.west.internal (Postfix) with ESMTP id 38F193201D2D;
 Wed,  6 Oct 2021 00:07:46 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Wed, 06 Oct 2021 00:07:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:subject:message-id:mime-version:content-type; s=
 mesmtp; bh=JaExHp3KKOn8eytNQcn2qBYF+ClKUTY0s+vg7wr77Xo=; b=S4bsf
 FY8HIg3GhluJXLld3SptxMyS1SYi6I202QjYY+rPztCnwvfrwxNuWnXsDyX2Z3ml
 O/BFyh5hmSb20ikHeysJ2sFkq45hJdX2PiTpTBjjMS7GMckvLwbntSc2LrdWxO80
 x8orXDYlZJKMqbf/xSEJN/1ZSODDdVtpxiSZ0M=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm1; bh=JaExHp3KKOn8eytNQcn2qBYF+ClKU
 TY0s+vg7wr77Xo=; b=fSPpxI2xkVpvg0z7OwBVv+zT4IONfDQS9vi811WI2Cglv
 4jqrWFug6xTbGQGS9YnErqGYfT+f6Q964wWJED70jt+LFmbu3Tfhd83RWPiFDL3K
 DuknY4cuU6dCG4jU0kVeDIgzfwB/xhbH2AF6Ve1nuV+n2tEvm3jxuYEHUGrBB3o1
 ahlIkRQaiENVV5I495TDuZNjHuXzpSlu4zohJCw2CIrejuWXuDboWsbD7B9Kqr17
 cCAoIVxs64fbeZbBoo9cut5gmHZEsAdyH1cgzE1HkHYH/lhSTTunCd2D9wjfWwUY
 yHNqeAyEu9dTOfP7iM/nzvuM0Q9MaH5M8o3VYy8aw==
X-ME-Sender: <xms:ESFdYQVYdA8ZPGxgTFAj-y1RSrbT6mbFp7LoqB-5fu-rzP4Qj_Wwzg>
 <xme:ESFdYUkUMN5pJ37DmqBUAOH_I1qp_9milwpU9nDlEvgdA8Fs5MRuYiPMkQk33HjFy
 OeKowIEMdbiI022uA>
X-ME-Received: <xmr:ESFdYUaRXsXqJPNpTp9sUAORFIWiAA95q-OFCYz1nDl5uGH6USHuQVfChFObeKC23Gp27iBfgbgGoQ3jCA4DGdh27g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudelhedgjeeiucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesthdtredttd
 dtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi
 rdhnrghmvgeqnecuggftrfgrthhtvghrnhepffehtdeffedtvdeuieefudeujedvkeehff
 euieejgfdvteelgeehgeefheehuddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghr
 rghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:ESFdYfUqNOV-DtFJeTYkIeYd75_wAdxEge5To5OJ13UIDDsilGiPhQ>
 <xmx:ESFdYaks7sHE4jOUEWBrwon6-OEQuDKriqB3CwauDq8qYoWgHPfoYw>
 <xmx:ESFdYUd2O8lZVWEzOR1bCAOcXc2qG_px9kQ6e2TFupBsIOkrIWKI4w>
 <xmx:ESFdYUQnHTaO6ROPSknqczIUT9pkk1ltCNy_yjrUyPJxY6IOyrqidg>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <51050-done@debbugs.gnu.org>; Wed, 6 Oct 2021 00:07:45 -0400 (EDT)
Date: Wed, 6 Oct 2021 00:07:43 -0400
From: Leo Famulari <leo@famulari.name>
To: 51050-done@debbugs.gnu.org
Subject: Re: [PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes
 CVE-2021-{41524, 41773}].
Message-ID: <YV0hD+rsWfZI+DJ8@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 51050-done
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Pushed as f868ed2a75b55400107b80fcc1e41dcfb6b3c28c




From unknown Thu Aug 14 17:27:21 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Wed, 03 Nov 2021 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator