Upgrade httpd to 2.4.65 to fix CVE-2025-54090 (microsoft#14402)

kgodara912 · Kshitiz Godara · web-flow · commit 3d84a7b939a2 · 2025-07-28T14:42:10.000+05:30
Co-authored-by: Kshitiz Godara &lt;kgodara@microsoft.com&gt;
diff --git a/SPECS/httpd/httpd.signatures.json b/SPECS/httpd/httpd.signatures.json
@@ -5,7 +5,7 @@
   "01-ldap.conf": "cbbbdd396fe056e8ab167abd7b2cb5145b42210bfea38452968ff02a03493fc8",
   "01-session.conf": "51df0ceeb7dae9922817f4af0554f83fe01d6268025ee08260aeed69be3953d1",
   "10-listen443.conf": "fc7484790ec6328b9082e04083137551a5ae2e8f4d4696d9846b052915b6a0cb",
-  "httpd-2.4.64.tar.bz2": "120b35a2ebf264f277e20f9a94f870f2063342fbff0861404660d7dd0ab1ac29",
+  "httpd-2.4.65.tar.bz2": "58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3",
   "httpd-init.service": "2501b44bdb02f583d98cc5296accbf0af36957b93ed5b871358aeb10a0512a7c",
   "httpd-ssl-gencerts": "ae96a94eeb0be8731c0bb976e5b878e0e5a196442a001c9e809bed3873f4755d",
   "httpd-ssl-pass-dialog": "b9bd4816dda673ad9294a0fbd2904fac9b96eabddb4d72080ae58b498bcd1db9",
diff --git a/SPECS/httpd/httpd.spec b/SPECS/httpd/httpd.spec
@@ -2,7 +2,7 @@
 %define _confdir %{_sysconfdir}
 Summary:        The Apache HTTP Server
 Name:           httpd
-Version:        2.4.64
+Version:        2.4.65
 Release:        1%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
@@ -316,7 +316,7 @@ fi
 %{_bindir}/*
 %{_mandir}/man1/*
 %license LICENSE
-%doc NOTICE
+%license NOTICE
 %exclude %{_bindir}/apxs
 %exclude %{_mandir}/man1/apxs.1*
 
@@ -345,6 +345,9 @@ fi
 %{_libexecdir}/httpd-ssl-pass-dialog
 
 %changelog
+* Mon Jul 28 2025 Kshitiz Godara <kgodara@microsoft.com> - 2.4.65-1
+- Upgrade to 2.4.65 to fix CVE-2025-54090
+
 * Mon Jul 14 2025 Kevin Lockwood <v-klockwood@microsoft.com> - 2.4.64-1
 - Upgrade to 2.4.64 to fix CVE-2025-49812, CVE-2025-53020
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -5410,8 +5410,8 @@
         "type": "other",
         "other": {
           "name": "httpd",
-          "version": "2.4.64",
-          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.64.tar.bz2"
+          "version": "2.4.65",
+          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.65.tar.bz2"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -5410,8 +5410,8 @@`
`5410`	`5410`	`"type": "other",`
`5411`	`5411`	`"other": {`
`5412`	`5412`	`"name": "httpd",`
`5413`		`- "version": "2.4.64",`
`5414`		`- "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.64.tar.bz2"`
	`5413`	`+ "version": "2.4.65",`
	`5414`	`+ "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.65.tar.bz2"`
`5415`	`5415`	`}`
`5416`	`5416`	`}`
`5417`	`5417`	`},`