From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/apache:master commit in: 2.2/patches/
Date: Sat, 9 Nov 2013 15:32:59 +0000 (UTC) [thread overview]
Message-ID: <1246960510.76724def1d1cd41c8aefd048687b16efcb5da9f4.polynomial-c@gentoo> (raw)
commit: 76724def1d1cd41c8aefd048687b16efcb5da9f4
Author: Benedikt Boehm <hollow <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 7 09:55:10 2009 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 7 09:55:10 2009 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=76724def
add more patches
---
2.2/patches/09_all_CVE-2009-1891.patch | 29 +++++++++++++++
2.2/patches/10_all_r779472.patch | 67 ++++++++++++++++++++++++++++++++++
2.2/patches/11_all_r790738.patch | 18 +++++++++
3 files changed, 114 insertions(+)
diff --git a/2.2/patches/09_all_CVE-2009-1891.patch b/2.2/patches/09_all_CVE-2009-1891.patch
new file mode 100644
index 0000000..4d778f8
--- /dev/null
+++ b/2.2/patches/09_all_CVE-2009-1891.patch
@@ -0,0 +1,29 @@
+--- httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:01:05 791453
++++ httpd/httpd/branches/2.2.x/server/core_filters.c 2009/07/06 12:03:20 791454
+@@ -542,6 +542,12 @@
+ apr_read_type_e eblock = APR_NONBLOCK_READ;
+ apr_pool_t *input_pool = b->p;
+
++ /* Fail quickly if the connection has already been aborted. */
++ if (c->aborted) {
++ apr_brigade_cleanup(b);
++ return APR_ECONNABORTED;
++ }
++
+ if (ctx == NULL) {
+ ctx = apr_pcalloc(c->pool, sizeof(*ctx));
+ net->out_ctx = ctx;
+@@ -909,12 +915,9 @@
+ /* No need to check for SUCCESS, we did that above. */
+ if (!APR_STATUS_IS_EAGAIN(rv)) {
+ c->aborted = 1;
++ return APR_ECONNABORTED;
+ }
+
+- /* The client has aborted, but the request was successful. We
+- * will report success, and leave it to the access and error
+- * logs to note that the connection was aborted.
+- */
+ return APR_SUCCESS;
+ }
+
diff --git a/2.2/patches/10_all_r779472.patch b/2.2/patches/10_all_r779472.patch
new file mode 100644
index 0000000..c4bb6cb
--- /dev/null
+++ b/2.2/patches/10_all_r779472.patch
@@ -0,0 +1,67 @@
+Index: server/core.c
+===================================================================
+--- server/core.c (revision 779471)
++++ server/core.c (revision 779472)
+@@ -661,7 +661,11 @@
+ core_dir_config *conf =
+ (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
+
+- return conf->opts;
++ /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is
++ * inverted, such that the exposed semantics match that of
++ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
++ * permitted. */
++ return conf->opts ^ OPT_INC_WITH_EXEC;
+ }
+
+ AP_DECLARE(int) ap_allow_overrides(request_rec *r)
+Index: modules/filters/mod_include.c
+===================================================================
+--- modules/filters/mod_include.c (revision 779471)
++++ modules/filters/mod_include.c (revision 779472)
+@@ -3565,7 +3565,7 @@
+ intern->seen_eos = 0;
+ intern->state = PARSE_PRE_HEAD;
+ ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
+- if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
++ if (ap_allow_options(r) & OPT_INCNOEXEC) {
+ ctx->flags |= SSI_FLAG_NO_EXEC;
+ }
+ intern->accessenable = conf->accessenable;
+Index: include/http_core.h
+===================================================================
+--- include/http_core.h (revision 779471)
++++ include/http_core.h (revision 779472)
+@@ -73,16 +73,29 @@
+ #define OPT_EXECCGI 8
+ /** directive unset */
+ #define OPT_UNSET 16
+-/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
+-#define OPT_INC_WITH_EXEC 32
++/** IncludesNOEXEC directive */
++#define OPT_INCNOEXEC 32
+ /** SymLinksIfOwnerMatch directive */
+ #define OPT_SYM_OWNER 64
+ /** MultiViews directive */
+ #define OPT_MULTI 128
+ /** All directives */
+-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)
+ /** @} */
+
++#ifdef CORE_PRIVATE
++/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
++ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics
++ * of the two SSI-related bits are hence:
++ *
++ * OPT_INCLUDES => "enable SSI, without exec= permission"
++ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
++ *
++ * The set of options exposed via ap_allow_options() retains the
++ * semantics of OPT_INCNOEXEC by flipping the bit. */
++#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
++#endif
++
+ /**
+ * @defgroup get_remote_host Remote Host Resolution
+ * @ingroup APACHE_CORE_HTTPD
diff --git a/2.2/patches/11_all_r790738.patch b/2.2/patches/11_all_r790738.patch
new file mode 100644
index 0000000..3ddf33b
--- /dev/null
+++ b/2.2/patches/11_all_r790738.patch
@@ -0,0 +1,18 @@
+Index: server/core.c
+===================================================================
+--- server/core.c (revision 790737)
++++ server/core.c (revision 790738)
+@@ -665,7 +665,12 @@
+ * inverted, such that the exposed semantics match that of
+ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
+ * permitted. */
+- return conf->opts ^ OPT_INC_WITH_EXEC;
++ if (conf->opts & OPT_INCLUDES) {
++ return conf->opts ^ OPT_INC_WITH_EXEC;
++ }
++ else {
++ return conf->opts;
++ }
+ }
+
+ AP_DECLARE(int) ap_allow_overrides(request_rec *r)
next reply other threads:[~2013-11-09 15:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-09 15:32 Lars Wendler [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-09-22 7:11 [gentoo-commits] proj/apache:master commit in: 2.2/patches/ Lars Wendler
2014-07-31 11:29 Lars Wendler
2014-08-24 9:46 ` Lars Wendler
2014-07-31 11:25 Lars Wendler
2014-08-24 9:46 ` Lars Wendler
2013-11-09 21:23 Lars Wendler
2013-11-09 15:33 Lars Wendler
2013-11-09 15:33 Lars Wendler
2013-11-09 15:33 Lars Wendler
2013-11-09 15:33 Lars Wendler
2013-11-09 15:33 Lars Wendler
2013-11-09 15:32 Lars Wendler
2013-11-09 15:32 Lars Wendler
2013-11-09 15:32 Lars Wendler
2013-11-09 15:32 Lars Wendler
2013-11-09 15:32 Lars Wendler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1246960510.76724def1d1cd41c8aefd048687b16efcb5da9f4.polynomial-c@gentoo \
--to=polynomial-c@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox