[AUTO-CHERRYPICK] Upgrade httpd to 2.4.62 to address CVE-2024-40725 - branch main (#9928)

CBL-Mariner-Bot · Sumynwa · jslobodzian · web-flow · commit cf3bd4177196 · 2024-07-29T23:09:48.000-04:00
Co-authored-by: Sumynwa &lt;sumsharma@microsoft.com&gt;
Co-authored-by: jslobodzian &lt;joslobo@microsoft.com&gt;
diff --git a/SPECS/httpd/httpd.signatures.json b/SPECS/httpd/httpd.signatures.json
@@ -5,11 +5,11 @@
   "01-ldap.conf": "cbbbdd396fe056e8ab167abd7b2cb5145b42210bfea38452968ff02a03493fc8",
   "01-session.conf": "51df0ceeb7dae9922817f4af0554f83fe01d6268025ee08260aeed69be3953d1",
   "10-listen443.conf": "fc7484790ec6328b9082e04083137551a5ae2e8f4d4696d9846b052915b6a0cb",
-  "httpd-2.4.61.tar.bz2": "ea8ba86fd95bd594d15e46d25ac5bbda82ae0c9122ad93998cc539c133eaceb6",
+  "httpd-2.4.62.tar.bz2": "674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec",
   "httpd-init.service": "2501b44bdb02f583d98cc5296accbf0af36957b93ed5b871358aeb10a0512a7c",
   "httpd-ssl-gencerts": "ae96a94eeb0be8731c0bb976e5b878e0e5a196442a001c9e809bed3873f4755d",
   "httpd-ssl-pass-dialog": "b9bd4816dda673ad9294a0fbd2904fac9b96eabddb4d72080ae58b498bcd1db9",
   "macros.httpd": "6dbf9313a5d085cb705fa5ef393372ec940008f08bf1c9350f8f49d58df75dff",
   "ssl.conf": "6690cb873d2312d0ecffcda3822562cd1b1b11ac44b1fcb7bd1b720a9e53c333"
  }
-}
+}
diff --git a/SPECS/httpd/httpd.spec b/SPECS/httpd/httpd.spec
@@ -2,7 +2,7 @@
 %define _confdir %{_sysconfdir}
 Summary:        The Apache HTTP Server
 Name:           httpd
-Version:        2.4.61
+Version:        2.4.62
 Release:        1%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
@@ -345,6 +345,9 @@ fi
 %{_libexecdir}/httpd-ssl-pass-dialog
 
 %changelog
+* Thu Jul 25 2024 Sumedh Sharma <sumsharma@microsoft.com> - 2.4.62-1
+- Upgrade to 2.4.62 to fix CVE-2024-40725
+
 * Thu Jul 11 2024 Tobias Brick <tobiasb@microsoft.com> - 2.4.61-1
 - Upgrade to 2.4.61 to address CVE-2024-38473
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -5390,8 +5390,8 @@
         "type": "other",
         "other": {
           "name": "httpd",
-          "version": "2.4.61",
-          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.61.tar.bz2"
+          "version": "2.4.62",
+          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.bz2"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -5390,8 +5390,8 @@`
`5390`	`5390`	`"type": "other",`
`5391`	`5391`	`"other": {`
`5392`	`5392`	`"name": "httpd",`
`5393`		`- "version": "2.4.61",`
`5394`		`- "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.61.tar.bz2"`
	`5393`	`+ "version": "2.4.62",`
	`5394`	`+ "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.bz2"`
`5395`	`5395`	`}`
`5396`	`5396`	`}`
`5397`	`5397`	`},`