[AUTO-CHERRYPICK] [High] Upgrade httpd to 2.4.64 to fix CVE-2025-49812, CVE-2025-53020, CVE-2024-47252, CVE-2025-32048, CVE-2025-42516, CVE-2024-43204 - branch 3.0-dev (microsoft#14300)

CBL-Mariner-Bot · kevin-b-lockwood · web-flow · commit f5ffca97b007 · 2025-07-15T18:35:48.000-04:00
Co-authored-by: Kevin Lockwood &lt;57274670+kevin-b-lockwood@users.noreply.github.com&gt;
diff --git a/SPECS/httpd/httpd.signatures.json b/SPECS/httpd/httpd.signatures.json
@@ -5,11 +5,11 @@
   "01-ldap.conf": "cbbbdd396fe056e8ab167abd7b2cb5145b42210bfea38452968ff02a03493fc8",
   "01-session.conf": "51df0ceeb7dae9922817f4af0554f83fe01d6268025ee08260aeed69be3953d1",
   "10-listen443.conf": "fc7484790ec6328b9082e04083137551a5ae2e8f4d4696d9846b052915b6a0cb",
-  "httpd-2.4.62.tar.bz2": "674188e7bf44ced82da8db522da946849e22080d73d16c93f7f4df89e25729ec",
+  "httpd-2.4.64.tar.bz2": "120b35a2ebf264f277e20f9a94f870f2063342fbff0861404660d7dd0ab1ac29",
   "httpd-init.service": "2501b44bdb02f583d98cc5296accbf0af36957b93ed5b871358aeb10a0512a7c",
   "httpd-ssl-gencerts": "ae96a94eeb0be8731c0bb976e5b878e0e5a196442a001c9e809bed3873f4755d",
   "httpd-ssl-pass-dialog": "b9bd4816dda673ad9294a0fbd2904fac9b96eabddb4d72080ae58b498bcd1db9",
   "macros.httpd": "6dbf9313a5d085cb705fa5ef393372ec940008f08bf1c9350f8f49d58df75dff",
   "ssl.conf": "6690cb873d2312d0ecffcda3822562cd1b1b11ac44b1fcb7bd1b720a9e53c333"
  }
-}
+}
diff --git a/SPECS/httpd/httpd.spec b/SPECS/httpd/httpd.spec
@@ -2,7 +2,7 @@
 %define _confdir %{_sysconfdir}
 Summary:        The Apache HTTP Server
 Name:           httpd
-Version:        2.4.62
+Version:        2.4.64
 Release:        1%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
@@ -345,6 +345,9 @@ fi
 %{_libexecdir}/httpd-ssl-pass-dialog
 
 %changelog
+* Mon Jul 14 2025 Kevin Lockwood <v-klockwood@microsoft.com> - 2.4.64-1
+- Upgrade to 2.4.64 to fix CVE-2025-49812, CVE-2025-53020
+
 * Thu Jul 25 2024 Sumedh Sharma <sumsharma@microsoft.com> - 2.4.62-1
 - Upgrade to 2.4.62 to address CVE-2024-40725
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -5410,8 +5410,8 @@
         "type": "other",
         "other": {
           "name": "httpd",
-          "version": "2.4.62",
-          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.bz2"
+          "version": "2.4.64",
+          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.64.tar.bz2"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -5410,8 +5410,8 @@`
`5410`	`5410`	`"type": "other",`
`5411`	`5411`	`"other": {`
`5412`	`5412`	`"name": "httpd",`
`5413`		`- "version": "2.4.62",`
`5414`		`- "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.bz2"`
	`5413`	`+ "version": "2.4.64",`
	`5414`	`+ "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.64.tar.bz2"`
`5415`	`5415`	`}`
`5416`	`5416`	`}`
`5417`	`5417`	`},`