pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=10

Browse Source
This commit is contained in:
OBS User unknown 2007-08-27 15:26:38 +00:00 committed by Git OBS Bridge
parent d5ff858bc3
commit 4056645c6a
4 changed files with 143 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
apache2-mod_cache-CVE-2007-1863.patch Normal file
View File

@ -0,0 +1,89 @@
Index: modules/cache/cache_util.c
================================================================================
--- CHANGES
+++ CHANGES
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.3
+ *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+ mod_cache: Prevent segmentation fault if a Cache-Control header has
+ no value [Niklas Edmundsson]
+
*) SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
--- modules/cache/cache_util.c
+++ modules/cache/cache_util.c
@@ -231,7 +231,8 @@
age = ap_cache_current_age(info, age_c, r->request_time);
/* extract s-maxage */
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
+ && val != NULL) {
smaxage = apr_atoi64(val);
}
else {
@@ -240,7 +241,8 @@
/* extract max-age from request */
if (!conf->ignorecachecontrol
- && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
+ && val != NULL) {
maxage_req = apr_atoi64(val);
}
else {
@@ -248,7 +250,8 @@
}
/* extract max-age from response */
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
+ && val != NULL) {
maxage_cresp = apr_atoi64(val);
}
else {
@@ -270,7 +273,20 @@
/* extract max-stale */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
- maxstale = apr_atoi64(val);
+ if(val != NULL) {
+ maxstale = apr_atoi64(val);
+ }
+ else {
+ /*
+ * If no value is assigned to max-stale, then the client is willing
+ * to accept a stale response of any age (RFC2616 14.9.3). We will
+ * set it to one year in this case as this situation is somewhat
+ * similar to a "never expires" Expires header (RFC2616 14.21)
+ * which is set to a date one year from the time the response is
+ * sent in this case.
+ */
+ maxstale = APR_INT64_C(86400*365);
+ }
}
else {
maxstale = 0;
@@ -278,7 +294,8 @@
/* extract min-fresh */
if (!conf->ignorecachecontrol
- && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
+ && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
+ && val != NULL) {
minfresh = apr_atoi64(val);
}
else {
@@ -407,6 +424,9 @@
next - val_start);
}
}
+ else {
+ *val = NULL;
+ }
}
return 1;
}

40
apache2-mod_status-CVE-2006-5752.patch Normal file
View File

@ -0,0 +1,40 @@
--- modules/generators/mod_status.c 2007/06/20 17:22:08 549158
+++ modules/generators/mod_status.c 2007/06/20 17:29:24 549159
@@ -270,7 +270,7 @@
if (r->method_number != M_GET)
return DECLINED;
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
/*
* Simple table-driven form data set parser that lets you alter the header
@@ -299,7 +299,7 @@
no_table_report = 1;
break;
case STAT_OPT_AUTO:
- ap_set_content_type(r, "text/plain");
+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
short_report = 1;
break;
}
@@ -673,7 +673,8 @@
ap_escape_html(r->pool,
ws_record->client),
ap_escape_html(r->pool,
- ws_record->request),
+ ap_escape_logitem(r->pool,
+ ws_record->request)),
ap_escape_html(r->pool,
ws_record->vhost));
}
@@ -763,7 +764,8 @@
ap_escape_html(r->pool,
ws_record->vhost),
ap_escape_html(r->pool,
- ws_record->request));
+ ap_escape_logitem(r->pool,
+ ws_record->request)));
} /* no_table_report */
} /* for (j...) */
} /* for (i...) */

6
apache2.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Aug 23 11:27:19 CEST 2007 - mskibbe@suse.de
- Bug 289996 - VUL-0: mod_status XSS in public server status page
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
-------------------------------------------------------------------
Wed Jul 18 16:04:05 CEST 2007 - skh@suse.de

9
apache2.spec
View File

@ -55,7 +55,7 @@ License: The Apache Software License
Group: Productivity/Networking/Web/Servers
%define realver 2.2.4
Version: 2.2.4
Release: 44
Release: 57
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
Source10: SUSE-NOTICE
@ -110,6 +110,8 @@ Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.2.3-AddDirectoryIndexCharset.patch
Patch69: httpd-2.2.x.doublefree.patch
Patch150: mod_dbd.c-issue18989-autoconnect.dif
Patch151: apache2-mod_status-CVE-2006-5752.patch
Patch152: apache2-mod_cache-CVE-2007-1863.patch
URL: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.0
@ -321,6 +323,8 @@ Authors:
%patch67 -p1
%patch68 -p1
%patch69 -p0
%patch151 -p0
%patch152 -p0
cp -p %{S:150} modules/database/mod_dbd.c
#%patch150 -p0
#
@ -1056,6 +1060,9 @@ if ! test -f /.buildenv; then
fi
%changelog
* Thu Aug 23 2007 - mskibbe@suse.de
- Bug 289996 - VUL-0: mod_status XSS in public server status page
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
* Wed Jul 18 2007 - skh@suse.de
- split off apache2-utils subpackage, containing all helper tools that
are useful for system administrators in general (b.n.c. #272292 and