diff options
author | Benedikt Boehm <hollow@gentoo.org> | 2009-07-07 09:55:10 +0000 |
---|---|---|
committer | Benedikt Boehm <hollow@gentoo.org> | 2009-07-07 09:55:10 +0000 |
commit | 76724def1d1cd41c8aefd048687b16efcb5da9f4 (patch) | |
tree | c9e286e1e07c9aa00600ac13278ebb464387dc86 | |
parent | new patches and some config fixes (diff) | |
download | apache-76724def1d1cd41c8aefd048687b16efcb5da9f4.tar.gz apache-76724def1d1cd41c8aefd048687b16efcb5da9f4.tar.bz2 apache-76724def1d1cd41c8aefd048687b16efcb5da9f4.zip |
add more patches
-rw-r--r-- | 2.2/patches/09_all_CVE-2009-1891.patch | 29 | ||||
-rw-r--r-- | 2.2/patches/10_all_r779472.patch | 67 | ||||
-rw-r--r-- | 2.2/patches/11_all_r790738.patch | 18 |
3 files changed, 114 insertions, 0 deletions
diff --git a/2.2/patches/09_all_CVE-2009-1891.patch b/2.2/patches/09_all_CVE-2009-1891.patch new file mode 100644 index 0000000..4d778f8 --- /dev/null +++ b/2.2/patches/09_all_CVE-2009-1891.patch @@ -0,0 +1,29 @@ +--- httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:01:05 791453 ++++ httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:03:20 791454 +@@ -542,6 +542,12 @@ + apr_read_type_e eblock = APR_NONBLOCK_READ; + apr_pool_t *input_pool = b->p; + ++ /* Fail quickly if the connection has already been aborted. */ ++ if (c->aborted) { ++ apr_brigade_cleanup(b); ++ return APR_ECONNABORTED; ++ } ++ + if (ctx == NULL) { + ctx = apr_pcalloc(c->pool, sizeof(*ctx)); + net->out_ctx = ctx; +@@ -909,12 +915,9 @@ + /* No need to check for SUCCESS, we did that above. */ + if (!APR_STATUS_IS_EAGAIN(rv)) { + c->aborted = 1; ++ return APR_ECONNABORTED; + } + +- /* The client has aborted, but the request was successful. We +- * will report success, and leave it to the access and error +- * logs to note that the connection was aborted. +- */ + return APR_SUCCESS; + } + diff --git a/2.2/patches/10_all_r779472.patch b/2.2/patches/10_all_r779472.patch new file mode 100644 index 0000000..c4bb6cb --- /dev/null +++ b/2.2/patches/10_all_r779472.patch @@ -0,0 +1,67 @@ +Index: server/core.c +=================================================================== +--- server/core.c (revision 779471) ++++ server/core.c (revision 779472) +@@ -661,7 +661,11 @@ + core_dir_config *conf = + (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module); + +- return conf->opts; ++ /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is ++ * inverted, such that the exposed semantics match that of ++ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not* ++ * permitted. */ ++ return conf->opts ^ OPT_INC_WITH_EXEC; + } + + AP_DECLARE(int) ap_allow_overrides(request_rec *r) +Index: modules/filters/mod_include.c +=================================================================== +--- modules/filters/mod_include.c (revision 779471) ++++ modules/filters/mod_include.c (revision 779472) +@@ -3565,7 +3565,7 @@ + intern->seen_eos = 0; + intern->state = PARSE_PRE_HEAD; + ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE); +- if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) { ++ if (ap_allow_options(r) & OPT_INCNOEXEC) { + ctx->flags |= SSI_FLAG_NO_EXEC; + } + intern->accessenable = conf->accessenable; +Index: include/http_core.h +=================================================================== +--- include/http_core.h (revision 779471) ++++ include/http_core.h (revision 779472) +@@ -73,16 +73,29 @@ + #define OPT_EXECCGI 8 + /** directive unset */ + #define OPT_UNSET 16 +-/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */ +-#define OPT_INC_WITH_EXEC 32 ++/** IncludesNOEXEC directive */ ++#define OPT_INCNOEXEC 32 + /** SymLinksIfOwnerMatch directive */ + #define OPT_SYM_OWNER 64 + /** MultiViews directive */ + #define OPT_MULTI 128 + /** All directives */ +-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI) ++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI) + /** @} */ + ++#ifdef CORE_PRIVATE ++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is ++ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics ++ * of the two SSI-related bits are hence: ++ * ++ * OPT_INCLUDES => "enable SSI, without exec= permission" ++ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec=" ++ * ++ * The set of options exposed via ap_allow_options() retains the ++ * semantics of OPT_INCNOEXEC by flipping the bit. */ ++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC ++#endif ++ + /** + * @defgroup get_remote_host Remote Host Resolution + * @ingroup APACHE_CORE_HTTPD diff --git a/2.2/patches/11_all_r790738.patch b/2.2/patches/11_all_r790738.patch new file mode 100644 index 0000000..3ddf33b --- /dev/null +++ b/2.2/patches/11_all_r790738.patch @@ -0,0 +1,18 @@ +Index: server/core.c +=================================================================== +--- server/core.c (revision 790737) ++++ server/core.c (revision 790738) +@@ -665,7 +665,12 @@ + * inverted, such that the exposed semantics match that of + * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not* + * permitted. */ +- return conf->opts ^ OPT_INC_WITH_EXEC; ++ if (conf->opts & OPT_INCLUDES) { ++ return conf->opts ^ OPT_INC_WITH_EXEC; ++ } ++ else { ++ return conf->opts; ++ } + } + + AP_DECLARE(int) ap_allow_overrides(request_rec *r) |