[gentoo-commits] proj/apache:master commit in: 2.2/patches/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/apache:master commit in: 2.2/patches/
Date:	Sat, 09 Nov 2013 15:33:05
Message-Id:	`1246960510.76724def1d1cd41c8aefd048687b16efcb5da9f4.polynomial-c@gentoo`

1

commit:     76724def1d1cd41c8aefd048687b16efcb5da9f4

2

Author:     Benedikt Boehm <hollow <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jul  7 09:55:10 2009 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Tue Jul  7 09:55:10 2009 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=76724def

7

8

add more patches

9

10

---

11

 2.2/patches/09_all_CVE-2009-1891.patch | 29 +++++++++++++++

12

 2.2/patches/10_all_r779472.patch       | 67 ++++++++++++++++++++++++++++++++++

13

 2.2/patches/11_all_r790738.patch       | 18 +++++++++

14

 3 files changed, 114 insertions(+)

15

16

diff --git a/2.2/patches/09_all_CVE-2009-1891.patch b/2.2/patches/09_all_CVE-2009-1891.patch

17

new file mode 100644

18

index 0000000..4d778f8

19

--- /dev/null

20

+++ b/2.2/patches/09_all_CVE-2009-1891.patch

21

@@ -0,0 +1,29 @@

22

+--- httpd/httpd/branches/2.2.x/server/core_filters.c	2009/07/06 12:01:05	791453

23

++++ httpd/httpd/branches/2.2.x/server/core_filters.c	2009/07/06 12:03:20	791454

24

+@@ -542,6 +542,12 @@

25

+     apr_read_type_e eblock = APR_NONBLOCK_READ;

26

+     apr_pool_t *input_pool = b->p;

27

+

28

++    /* Fail quickly if the connection has already been aborted. */

29

++    if (c->aborted) {

30

++        apr_brigade_cleanup(b);

31

++        return APR_ECONNABORTED;

32

++    }

33

++

34

+     if (ctx == NULL) {

35

+         ctx = apr_pcalloc(c->pool, sizeof(*ctx));

36

+         net->out_ctx = ctx;

37

+@@ -909,12 +915,9 @@

38

+             /* No need to check for SUCCESS, we did that above. */

39

+             if (!APR_STATUS_IS_EAGAIN(rv)) {

40

+                 c->aborted = 1;

41

++                return APR_ECONNABORTED;

42

+             }

43

+

44

+-            /* The client has aborted, but the request was successful. We

45

+-             * will report success, and leave it to the access and error

46

+-             * logs to note that the connection was aborted.

47

+-             */

48

+             return APR_SUCCESS;

49

+         }

50

+

51

52

diff --git a/2.2/patches/10_all_r779472.patch b/2.2/patches/10_all_r779472.patch

53

new file mode 100644

54

index 0000000..c4bb6cb

55

--- /dev/null

56

+++ b/2.2/patches/10_all_r779472.patch

57

@@ -0,0 +1,67 @@

58

+Index: server/core.c

59

+===================================================================

60

+--- server/core.c	(revision 779471)

61

++++ server/core.c	(revision 779472)

62

+@@ -661,7 +661,11 @@

63

+     core_dir_config *conf =

64

+       (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);

65

+

66

+-    return conf->opts;

67

++    /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is

68

++     * inverted, such that the exposed semantics match that of

69

++     * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*

70

++     * permitted. */

71

++    return conf->opts ^ OPT_INC_WITH_EXEC;

72

+ }

73

+

74

+ AP_DECLARE(int) ap_allow_overrides(request_rec *r)

75

+Index: modules/filters/mod_include.c

76

+===================================================================

77

+--- modules/filters/mod_include.c	(revision 779471)

78

++++ modules/filters/mod_include.c	(revision 779472)

79

+@@ -3565,7 +3565,7 @@

80

+         intern->seen_eos = 0;

81

+         intern->state = PARSE_PRE_HEAD;

82

+         ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);

83

+-        if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {

84

++        if (ap_allow_options(r) & OPT_INCNOEXEC) {

85

+             ctx->flags |= SSI_FLAG_NO_EXEC;

86

+         }

87

+         intern->accessenable = conf->accessenable;

88

+Index: include/http_core.h

89

+===================================================================

90

+--- include/http_core.h	(revision 779471)

91

++++ include/http_core.h	(revision 779472)

92

+@@ -73,16 +73,29 @@

93

+ #define OPT_EXECCGI 8

94

+ /**  directive unset */

95

+ #define OPT_UNSET 16

96

+-/**  SSI exec= permission is permitted, iff OPT_INCLUDES is also set */

97

+-#define OPT_INC_WITH_EXEC 32

98

++/**  IncludesNOEXEC directive */

99

++#define OPT_INCNOEXEC 32

100

+ /** SymLinksIfOwnerMatch directive */

101

+ #define OPT_SYM_OWNER 64

102

+ /** MultiViews directive */

103

+ #define OPT_MULTI 128

104

+ /**  All directives */

105

+-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)

106

++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)

107

+ /** @} */

108

+

109

++#ifdef CORE_PRIVATE

110

++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is

111

++ * internally replaced by OPT_INC_WITH_EXEC.  The internal semantics

112

++ * of the two SSI-related bits are hence:

113

++ *

114

++ *  OPT_INCLUDES => "enable SSI, without exec= permission"

115

++ *  OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="

116

++ *

117

++ * The set of options exposed via ap_allow_options() retains the

118

++ * semantics of OPT_INCNOEXEC by flipping the bit. */

119

++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC

120

++#endif

121

++

122

+ /**

123

+  * @defgroup get_remote_host Remote Host Resolution 

124

+  * @ingroup APACHE_CORE_HTTPD

125

126

diff --git a/2.2/patches/11_all_r790738.patch b/2.2/patches/11_all_r790738.patch

127

new file mode 100644

128

index 0000000..3ddf33b

129

--- /dev/null

130

+++ b/2.2/patches/11_all_r790738.patch

131

@@ -0,0 +1,18 @@

132

+Index: server/core.c

133

+===================================================================

134

+--- server/core.c	(revision 790737)

135

++++ server/core.c	(revision 790738)

136

+@@ -665,7 +665,12 @@

137

+      * inverted, such that the exposed semantics match that of

138

+      * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*

139

+      * permitted. */

140

+-    return conf->opts ^ OPT_INC_WITH_EXEC;

141

++    if (conf->opts & OPT_INCLUDES) {

142

++        return conf->opts ^ OPT_INC_WITH_EXEC;

143

++    }

144

++    else {

145

++        return conf->opts;

146

++    }

147

+ }

148

+

149

+ AP_DECLARE(int) ap_allow_overrides(request_rec *r)

1	commit: 76724def1d1cd41c8aefd048687b16efcb5da9f4
2	Author: Benedikt Boehm <hollow <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jul 7 09:55:10 2009 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Tue Jul 7 09:55:10 2009 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=76724def
7
8	add more patches
9
10	---
11	2.2/patches/09_all_CVE-2009-1891.patch \| 29 +++++++++++++++
12	2.2/patches/10_all_r779472.patch \| 67 ++++++++++++++++++++++++++++++++++
13	2.2/patches/11_all_r790738.patch \| 18 +++++++++
14	3 files changed, 114 insertions(+)
15
16	diff --git a/2.2/patches/09_all_CVE-2009-1891.patch b/2.2/patches/09_all_CVE-2009-1891.patch
17	new file mode 100644
18	index 0000000..4d778f8
19	--- /dev/null
20	+++ b/2.2/patches/09_all_CVE-2009-1891.patch
21	@@ -0,0 +1,29 @@
22	+--- httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:01:05 791453
23	++++ httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:03:20 791454
24	+@@ -542,6 +542,12 @@
25	+ apr_read_type_e eblock = APR_NONBLOCK_READ;
26	+ apr_pool_t *input_pool = b->p;
27	+
28	++ /* Fail quickly if the connection has already been aborted. */
29	++ if (c->aborted) {
30	++ apr_brigade_cleanup(b);
31	++ return APR_ECONNABORTED;
32	++ }
33	++
34	+ if (ctx == NULL) {
35	+ ctx = apr_pcalloc(c->pool, sizeof(*ctx));
36	+ net->out_ctx = ctx;
37	+@@ -909,12 +915,9 @@
38	+ /* No need to check for SUCCESS, we did that above. */
39	+ if (!APR_STATUS_IS_EAGAIN(rv)) {
40	+ c->aborted = 1;
41	++ return APR_ECONNABORTED;
42	+ }
43	+
44	+- /* The client has aborted, but the request was successful. We
45	+- * will report success, and leave it to the access and error
46	+- * logs to note that the connection was aborted.
47	+- */
48	+ return APR_SUCCESS;
49	+ }
50	+
51
52	diff --git a/2.2/patches/10_all_r779472.patch b/2.2/patches/10_all_r779472.patch
53	new file mode 100644
54	index 0000000..c4bb6cb
55	--- /dev/null
56	+++ b/2.2/patches/10_all_r779472.patch
57	@@ -0,0 +1,67 @@
58	+Index: server/core.c
59	+===================================================================
60	+--- server/core.c (revision 779471)
61	++++ server/core.c (revision 779472)
62	+@@ -661,7 +661,11 @@
63	+ core_dir_config *conf =
64	+ (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
65	+
66	+- return conf->opts;
67	++ /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is
68	++ * inverted, such that the exposed semantics match that of
69	++ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is not
70	++ * permitted. */
71	++ return conf->opts ^ OPT_INC_WITH_EXEC;
72	+ }
73	+
74	+ AP_DECLARE(int) ap_allow_overrides(request_rec *r)
75	+Index: modules/filters/mod_include.c
76	+===================================================================
77	+--- modules/filters/mod_include.c (revision 779471)
78	++++ modules/filters/mod_include.c (revision 779472)
79	+@@ -3565,7 +3565,7 @@
80	+ intern->seen_eos = 0;
81	+ intern->state = PARSE_PRE_HEAD;
82	+ ctx->flags = (SSI_FLAG_PRINTING \| SSI_FLAG_COND_TRUE);
83	+- if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
84	++ if (ap_allow_options(r) & OPT_INCNOEXEC) {
85	+ ctx->flags \|= SSI_FLAG_NO_EXEC;
86	+ }
87	+ intern->accessenable = conf->accessenable;
88	+Index: include/http_core.h
89	+===================================================================
90	+--- include/http_core.h (revision 779471)
91	++++ include/http_core.h (revision 779472)
92	+@@ -73,16 +73,29 @@
93	+ #define OPT_EXECCGI 8
94	+ /** directive unset */
95	+ #define OPT_UNSET 16
96	+-/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
97	+-#define OPT_INC_WITH_EXEC 32
98	++/** IncludesNOEXEC directive */
99	++#define OPT_INCNOEXEC 32
100	+ /** SymLinksIfOwnerMatch directive */
101	+ #define OPT_SYM_OWNER 64
102	+ /** MultiViews directive */
103	+ #define OPT_MULTI 128
104	+ /** All directives */
105	+-#define OPT_ALL (OPT_INDEXES\|OPT_INCLUDES\|OPT_INC_WITH_EXEC\|OPT_SYM_LINKS\|OPT_EXECCGI)
106	++#define OPT_ALL (OPT_INDEXES\|OPT_INCLUDES\|OPT_INCNOEXEC\|OPT_SYM_LINKS\|OPT_EXECCGI)
107	+ /** @} */
108	+
109	++#ifdef CORE_PRIVATE
110	++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
111	++ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics
112	++ * of the two SSI-related bits are hence:
113	++ *
114	++ * OPT_INCLUDES => "enable SSI, without exec= permission"
115	++ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
116	++ *
117	++ * The set of options exposed via ap_allow_options() retains the
118	++ * semantics of OPT_INCNOEXEC by flipping the bit. */
119	++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
120	++#endif
121	++
122	+ /**
123	+ * @defgroup get_remote_host Remote Host Resolution
124	+ * @ingroup APACHE_CORE_HTTPD
125
126	diff --git a/2.2/patches/11_all_r790738.patch b/2.2/patches/11_all_r790738.patch
127	new file mode 100644
128	index 0000000..3ddf33b
129	--- /dev/null
130	+++ b/2.2/patches/11_all_r790738.patch
131	@@ -0,0 +1,18 @@
132	+Index: server/core.c
133	+===================================================================
134	+--- server/core.c (revision 790737)
135	++++ server/core.c (revision 790738)
136	+@@ -665,7 +665,12 @@
137	+ * inverted, such that the exposed semantics match that of
138	+ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is not
139	+ * permitted. */
140	+- return conf->opts ^ OPT_INC_WITH_EXEC;
141	++ if (conf->opts & OPT_INCLUDES) {
142	++ return conf->opts ^ OPT_INC_WITH_EXEC;
143	++ }
144	++ else {
145	++ return conf->opts;
146	++ }
147	+ }
148	+
149	+ AP_DECLARE(int) ap_allow_overrides(request_rec *r)

Gentoo Archives: gentoo-commits