1 |
commit: 76724def1d1cd41c8aefd048687b16efcb5da9f4 |
2 |
Author: Benedikt Boehm <hollow <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jul 7 09:55:10 2009 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jul 7 09:55:10 2009 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=76724def |
7 |
|
8 |
add more patches |
9 |
|
10 |
--- |
11 |
2.2/patches/09_all_CVE-2009-1891.patch | 29 +++++++++++++++ |
12 |
2.2/patches/10_all_r779472.patch | 67 ++++++++++++++++++++++++++++++++++ |
13 |
2.2/patches/11_all_r790738.patch | 18 +++++++++ |
14 |
3 files changed, 114 insertions(+) |
15 |
|
16 |
diff --git a/2.2/patches/09_all_CVE-2009-1891.patch b/2.2/patches/09_all_CVE-2009-1891.patch |
17 |
new file mode 100644 |
18 |
index 0000000..4d778f8 |
19 |
--- /dev/null |
20 |
+++ b/2.2/patches/09_all_CVE-2009-1891.patch |
21 |
@@ -0,0 +1,29 @@ |
22 |
+--- httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:01:05 791453 |
23 |
++++ httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:03:20 791454 |
24 |
+@@ -542,6 +542,12 @@ |
25 |
+ apr_read_type_e eblock = APR_NONBLOCK_READ; |
26 |
+ apr_pool_t *input_pool = b->p; |
27 |
+ |
28 |
++ /* Fail quickly if the connection has already been aborted. */ |
29 |
++ if (c->aborted) { |
30 |
++ apr_brigade_cleanup(b); |
31 |
++ return APR_ECONNABORTED; |
32 |
++ } |
33 |
++ |
34 |
+ if (ctx == NULL) { |
35 |
+ ctx = apr_pcalloc(c->pool, sizeof(*ctx)); |
36 |
+ net->out_ctx = ctx; |
37 |
+@@ -909,12 +915,9 @@ |
38 |
+ /* No need to check for SUCCESS, we did that above. */ |
39 |
+ if (!APR_STATUS_IS_EAGAIN(rv)) { |
40 |
+ c->aborted = 1; |
41 |
++ return APR_ECONNABORTED; |
42 |
+ } |
43 |
+ |
44 |
+- /* The client has aborted, but the request was successful. We |
45 |
+- * will report success, and leave it to the access and error |
46 |
+- * logs to note that the connection was aborted. |
47 |
+- */ |
48 |
+ return APR_SUCCESS; |
49 |
+ } |
50 |
+ |
51 |
|
52 |
diff --git a/2.2/patches/10_all_r779472.patch b/2.2/patches/10_all_r779472.patch |
53 |
new file mode 100644 |
54 |
index 0000000..c4bb6cb |
55 |
--- /dev/null |
56 |
+++ b/2.2/patches/10_all_r779472.patch |
57 |
@@ -0,0 +1,67 @@ |
58 |
+Index: server/core.c |
59 |
+=================================================================== |
60 |
+--- server/core.c (revision 779471) |
61 |
++++ server/core.c (revision 779472) |
62 |
+@@ -661,7 +661,11 @@ |
63 |
+ core_dir_config *conf = |
64 |
+ (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module); |
65 |
+ |
66 |
+- return conf->opts; |
67 |
++ /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is |
68 |
++ * inverted, such that the exposed semantics match that of |
69 |
++ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not* |
70 |
++ * permitted. */ |
71 |
++ return conf->opts ^ OPT_INC_WITH_EXEC; |
72 |
+ } |
73 |
+ |
74 |
+ AP_DECLARE(int) ap_allow_overrides(request_rec *r) |
75 |
+Index: modules/filters/mod_include.c |
76 |
+=================================================================== |
77 |
+--- modules/filters/mod_include.c (revision 779471) |
78 |
++++ modules/filters/mod_include.c (revision 779472) |
79 |
+@@ -3565,7 +3565,7 @@ |
80 |
+ intern->seen_eos = 0; |
81 |
+ intern->state = PARSE_PRE_HEAD; |
82 |
+ ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE); |
83 |
+- if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) { |
84 |
++ if (ap_allow_options(r) & OPT_INCNOEXEC) { |
85 |
+ ctx->flags |= SSI_FLAG_NO_EXEC; |
86 |
+ } |
87 |
+ intern->accessenable = conf->accessenable; |
88 |
+Index: include/http_core.h |
89 |
+=================================================================== |
90 |
+--- include/http_core.h (revision 779471) |
91 |
++++ include/http_core.h (revision 779472) |
92 |
+@@ -73,16 +73,29 @@ |
93 |
+ #define OPT_EXECCGI 8 |
94 |
+ /** directive unset */ |
95 |
+ #define OPT_UNSET 16 |
96 |
+-/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */ |
97 |
+-#define OPT_INC_WITH_EXEC 32 |
98 |
++/** IncludesNOEXEC directive */ |
99 |
++#define OPT_INCNOEXEC 32 |
100 |
+ /** SymLinksIfOwnerMatch directive */ |
101 |
+ #define OPT_SYM_OWNER 64 |
102 |
+ /** MultiViews directive */ |
103 |
+ #define OPT_MULTI 128 |
104 |
+ /** All directives */ |
105 |
+-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI) |
106 |
++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI) |
107 |
+ /** @} */ |
108 |
+ |
109 |
++#ifdef CORE_PRIVATE |
110 |
++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is |
111 |
++ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics |
112 |
++ * of the two SSI-related bits are hence: |
113 |
++ * |
114 |
++ * OPT_INCLUDES => "enable SSI, without exec= permission" |
115 |
++ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec=" |
116 |
++ * |
117 |
++ * The set of options exposed via ap_allow_options() retains the |
118 |
++ * semantics of OPT_INCNOEXEC by flipping the bit. */ |
119 |
++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC |
120 |
++#endif |
121 |
++ |
122 |
+ /** |
123 |
+ * @defgroup get_remote_host Remote Host Resolution |
124 |
+ * @ingroup APACHE_CORE_HTTPD |
125 |
|
126 |
diff --git a/2.2/patches/11_all_r790738.patch b/2.2/patches/11_all_r790738.patch |
127 |
new file mode 100644 |
128 |
index 0000000..3ddf33b |
129 |
--- /dev/null |
130 |
+++ b/2.2/patches/11_all_r790738.patch |
131 |
@@ -0,0 +1,18 @@ |
132 |
+Index: server/core.c |
133 |
+=================================================================== |
134 |
+--- server/core.c (revision 790737) |
135 |
++++ server/core.c (revision 790738) |
136 |
+@@ -665,7 +665,12 @@ |
137 |
+ * inverted, such that the exposed semantics match that of |
138 |
+ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not* |
139 |
+ * permitted. */ |
140 |
+- return conf->opts ^ OPT_INC_WITH_EXEC; |
141 |
++ if (conf->opts & OPT_INCLUDES) { |
142 |
++ return conf->opts ^ OPT_INC_WITH_EXEC; |
143 |
++ } |
144 |
++ else { |
145 |
++ return conf->opts; |
146 |
++ } |
147 |
+ } |
148 |
+ |
149 |
+ AP_DECLARE(int) ap_allow_overrides(request_rec *r) |