From b3413e39e46b1350e7c407a2e06eed44a44387294c3442308280c4ca1c3a91e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Fri, 16 Jan 2015 15:52:19 +0000 Subject: [PATCH] Accepting request 281475 from home:elvigia:branches:Apache - remove obsolete patches * httpd-2.4.10-check_null_pointer_dereference.patch * httpd-event-deadlock.patch * httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch * httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch - Apache 2.4.11 *) SECURITY: CVE-2014-3583 (cve.mitre.org) mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. [Yann Ylavic, Jeff Trawick] *) SECURITY: CVE-2014-3581 (cve.mitre.org) mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924. [Mark Montague , Jan Kaluza] *) SECURITY: CVE-2014-8109 (cve.mitre.org) mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204 [Edward Lu ] *) SECURITY: CVE-2013-5704 (cve.mitre.org) core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] *) mod_ssl: New directive SSLSessionTickets (On|Off). The directive controls the use of TLS session tickets (RFC 5077), default value is "On" (unchanged behavior). Session ticket creation uses a random key created during web server startup and recreated during restarts. No other key recreation mechanism is available currently. Therefore using session tickets without restarting the web server with an appropriate frequency OBS-URL: https://build.opensuse.org/request/show/281475 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=429 --- apache2.changes | 209 +++++++++ apache2.spec | 15 +- ....4.10-check_null_pointer_dereference.patch | 31 -- httpd-2.4.10.tar.bz2 | 3 - httpd-2.4.11.tar.bz2 | 3 + ...13-5704-mod_headers_chunked_requests.patch | 399 ------------------ ...109-mod_lua_handling_of_Require_line.patch | 83 ---- httpd-event-deadlock.patch | 18 - 8 files changed, 214 insertions(+), 547 deletions(-) delete mode 100644 httpd-2.4.10-check_null_pointer_dereference.patch delete mode 100644 httpd-2.4.10.tar.bz2 create mode 100644 httpd-2.4.11.tar.bz2 delete mode 100644 httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch delete mode 100644 httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch delete mode 100644 httpd-event-deadlock.patch diff --git a/apache2.changes b/apache2.changes index 7b840d0..6ab22f0 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,212 @@ +------------------------------------------------------------------- +Fri Jan 16 04:24:04 UTC 2015 - crrodriguez@opensuse.org + +- remove obsolete patches +* httpd-2.4.10-check_null_pointer_dereference.patch +* httpd-event-deadlock.patch +* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch +* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch + +------------------------------------------------------------------- +Fri Jan 16 04:13:59 UTC 2015 - crrodriguez@opensuse.org + +- Apache 2.4.11 + + *) SECURITY: CVE-2014-3583 (cve.mitre.org) + mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with + response headers' size above 8K. [Yann Ylavic, Jeff Trawick] + + *) SECURITY: CVE-2014-3581 (cve.mitre.org) + mod_cache: Avoid a crash when Content-Type has an empty value. + PR 56924. [Mark Montague , Jan Kaluza] + + *) SECURITY: CVE-2014-8109 (cve.mitre.org) + mod_lua: Fix handling of the Require line when a LuaAuthzProvider is + used in multiple Require directives with different arguments. + PR57204 [Edward Lu ] + + *) SECURITY: CVE-2013-5704 (cve.mitre.org) + core: HTTP trailers could be used to replace HTTP headers + late during request processing, potentially undoing or + otherwise confusing modules that examined or modified + request headers earlier. Adds "MergeTrailers" directive to restore + legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] + + *) mod_ssl: New directive SSLSessionTickets (On|Off). + The directive controls the use of TLS session tickets (RFC 5077), + default value is "On" (unchanged behavior). + Session ticket creation uses a random key created during web + server startup and recreated during restarts. No other key + recreation mechanism is available currently. Therefore using session + tickets without restarting the web server with an appropriate frequency + (e.g. daily) compromises perfect forward secrecy. [Rainer Jung] + + *) mod_proxy_fcgi: Provide some basic alternate options for specifying + how PATH_INFO is passed to FastCGI backends by adding significance to + the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener] + + *) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule + to opt-in to connection reuse and other Proxy options via explicitly + declared "proxy workers" (] + + *) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME + passed to fastcgi backends. [Eric Covener] + + *) core: Configuration files with long lines and continuation characters + are not read properly. PR 55910. [Manuel Mausz ] + + *) mod_include: the 'env' function was incorrectly handled as 'getenv' if the + leading 'e' was written in upper case in + statements. [Christophe Jaillet] + + *) split-logfile: Fix perl error: 'Can't use string ("example.org:80") + as a symbol ref while "strict refs"'. PR 56329. + [Holger Mauermann ] + + *) mod_proxy: Prevent ProxyPassReverse from doing a substitution when + the URL parameter interpolates to an empty string. PR 56603. + [] + + *) core: Fix -D[efined] or [d] variables lifetime accross restarts. + PR 57328. [Armin Abfalterer , Yann Ylavic]. + + *) mod_proxy: Preserve original request headers even if they differ + from the ones to be forwarded to the backend. PR 45387. + [Yann Ylavic] + + *) mod_ssl: dump SSL IO/state for the write side of the connection(s), + like reads (level TRACE4). [Yann Ylavic] + + *) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. + [Jan Kaluza] + + *) mod_ssl: Do not crash when looking up SSL related variables during + expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem] + + *) mod_proxy_ajp: Fix handling of the default port (8009) in the + ProxyPass and configurations. PR 57259. [Yann Ylavic] + + *) mpm_event: Avoid a possible use after free when notifying the end of + connection during lingering close. PR 57268. [Eric Covener, Yann Ylavic] + + *) mod_ssl: Fix recognition of OCSP stapling responses that are encoded + improperly or too large. [Jeff Trawick] + + *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers. + [Jeff Trawick] + + *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an + error when parsing or forwarding the response fails. [Yann Ylavic] + + *) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e + PR 53435 [tadanori , Sebastian Wiedenroth ] + + *) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read + determine whether it is a normal close or a real error. PR 57168. [Yann + Ylavic] + + *) mod_proxy_wstunnel: abort backend connection on polling error to avoid + further processing. [Yann Ylavic] + + *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. + PR 57167 [Edward Lu ] + + *) mod_proxy_connect: Fix ProxyRemote to https:// backends on EBCDIC + systems. PR 57092 [Edward Lu ] + + *) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752 + CacheLock error occurs during cache revalidation. [Eric Covener] + + *) mod_ssl: Move OCSP stapling information from a per-certificate store to + a per-server hash. PR 54357, PR 56919. [Alex Bligh , + Yann Ylavic, Kaspar Brand] + + *) mod_cache_socache: Change average object size hint from 32 bytes to + 2048 bytes. [Rainer Jung] + + *) mod_cache_socache: Add cache status to server-status. [Rainer Jung] + + *) event: Fix worker-listener deadlock in graceful restart. + PR 56960. + + *) Concat strings at compile time when possible. PR 53741. + + *) mod_substitute: Restrict configuration in .htaccess to + FileInfo as documented. [Rainer Jung] + + *) mod_substitute: Make maximum line length configurable. [Rainer Jung] + + *) mod_substitute: Fix line length limitation in case of regexp plus flatten. + [Rainer Jung] + + *) mod_proxy: Truncated character worker names are no longer fatal + errors. PR53218. [Jim Jagielski] + + *) mod_dav: Set r->status_line in dav_error_response. PR 55426. + + *) mod_proxy_http, mod_cache: Avoid (unlikely) accesses to freed memory. + [Yann Ylavic, Christophe Jaillet] + + *) http_protocol: fix logic in ap_method_list_(add|remove) in order: + - to correctly reset bits + - not to modify the 'method_mask' bitfield unnecessarily + [Christophe Jaillet] + + *) mod_slotmem_shm: Increase log level for some originally debug messages. + [Jim Jagielski] + + *) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with + the wrong credentials when a backend connection is reused. + [Eric Covener] + + *) mod_macro: Add missing APLOGNO for some Warning log messages. + [Christophe Jaillet] + + *) mod_cache: Avoid sending 304 responses during failed revalidations + PR56881. [Eric Covener] + + *) mod_status: Honor client IP address using mod_remoteip. PR 55886. + [Jim Jagielski] + + *) cmake-based build for Windows: Fix incompatibility with cmake 2.8.12 + and later. PR 56615. [Chuck Liu , Jeff Trawick] + + *) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade + failed) messages from ERROR to TRACE1. Other filters do not bother + re-reporting failures from lower level filters. PR56832. [Eric Covener] + + *) core: Avoid useless warning message when parsing a section guarded by + if $(foo) is used within the section. + PR 56503 [Christophe Jaillet] + + *) mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the + application. PR 56858. [Manuel Mausz ] + + *) mod_proxy_http: Proxy responses with error status and + "ProxyErrorOverride On" hang until proxy timeout. + PR53420 [Rainer Jung] + + *) mod_log_config: Allow three character log formats to be registered. For + backwards compatibility, the first character of a three-character format + must be the '^' (caret) character. [Eric Covener] + + *) mod_lua: Don't quote Expires and Path values. PR 56734. + [Keith Mashinter, ] + + *) mod_authz_core: Allow 'es to be seen from auth + stanzas under virtual hosts. PR 56870. [Eric Covener] + ------------------------------------------------------------------- Mon Jan 12 10:51:32 UTC 2015 - bruno@ioda-net.ch diff --git a/apache2.spec b/apache2.spec index 5e94c34..5a4bf73 100644 --- a/apache2.spec +++ b/apache2.spec @@ -92,8 +92,8 @@ BuildRequires: expat-devel # "Server:" header %define VENDOR SUSE %define platform_string Linux/%VENDOR -%define realver 2.4.10 -Version: 2.4.10 +%define realver 2.4.11 +Version: 2.4.11 Release: 0 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: httpd-%{realver}.tar.bz2 @@ -157,19 +157,12 @@ Patch67: httpd-2.2.0-apxs-a2enmod.dif Patch68: httpd-2.x.x-logresolve.patch Patch69: httpd-2.2.x-bnc690734.patch Patch70: apache2-implicit-pointer-decl.patch -Patch71: httpd-event-deadlock.patch # PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy) #Patch108: apache2-mod_ssl_npn.patch #Provides: apache2(mod_ssl+npn) # PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration. Patch109: httpd-2.4.3-mod_systemd.patch Patch111: httpd-visibility.patch -# PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value -Patch112: httpd-2.4.10-check_null_pointer_dereference.patch -# PATCH-FIX-UPSTREAM bnc#909715 kstreitova@suse.com -- Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. -Patch113: httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch -# PATCH-FIX-UPSTREAM bnc#871310 kstreitova@suse.com -- Fix the flaw in the way mod_headers handled chunked requests. -Patch114: httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch Url: http://httpd.apache.org/ Icon: Apache.xpm Summary: The Apache Web Server Version 2.4 @@ -345,13 +338,9 @@ to administrators of web servers in general. %patch68 -p1 #%patch69 %patch70 -p1 -%patch71 -p1 #%patch108 -p1 %patch109 -p1 %patch111 -p1 -%patch112 -p1 -%patch113 -p1 -%patch114 -p1 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE # install READMEs a=$(basename %{S:22}) diff --git a/httpd-2.4.10-check_null_pointer_dereference.patch b/httpd-2.4.10-check_null_pointer_dereference.patch deleted file mode 100644 index 023422b..0000000 --- a/httpd-2.4.10-check_null_pointer_dereference.patch +++ /dev/null @@ -1,31 +0,0 @@ -Index: httpd-2.4.10/CHANGES -=================================================================== ---- httpd-2.4.10.orig/CHANGES -+++ httpd-2.4.10/CHANGES -@@ -1,6 +1,9 @@ - -*- coding: utf-8 -*- - - Changes with Apache 2.4.10 -+ *) SECURITY: CVE-2014-3581 (cve.mitre.org) -+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. -+ [Mark Montague , Jan Kaluza] - - *) SECURITY: CVE-2014-0117 (cve.mitre.org) - mod_proxy: Fix crash in Connection header handling which -Index: httpd-2.4.10/modules/cache/cache_util.c -=================================================================== ---- httpd-2.4.10.orig/modules/cache/cache_util.c -+++ httpd-2.4.10/modules/cache/cache_util.c -@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req - - if (r->content_type - && !apr_table_get(headers_out, "Content-Type")) { -- apr_table_setn(headers_out, "Content-Type", -- ap_make_content_type(r, r->content_type)); -+ const char *ctype = ap_make_content_type(r, r->content_type); -+ if (ctype) { -+ apr_table_setn(headers_out, "Content-Type", ctype); -+ } - } - - if (r->content_encoding diff --git a/httpd-2.4.10.tar.bz2 b/httpd-2.4.10.tar.bz2 deleted file mode 100644 index 53aa858..0000000 --- a/httpd-2.4.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a -size 5031834 diff --git a/httpd-2.4.11.tar.bz2 b/httpd-2.4.11.tar.bz2 new file mode 100644 index 0000000..88b4eae --- /dev/null +++ b/httpd-2.4.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c77b451148036bdd3742fd02d4ac7df9c22fb52411aba0f92064cf9bf8af93e +size 5053472 diff --git a/httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch b/httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch deleted file mode 100644 index f84f1e0..0000000 --- a/httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch +++ /dev/null @@ -1,399 +0,0 @@ -From 6688f9d102ad29d6bb4167d690ee495d709e47b6 Mon Sep 17 00:00:00 2001 -From: "William A. Rowe Jr" -Date: Fri, 22 Aug 2014 18:18:08 +0000 -Subject: [PATCH] SECURITY: CVE-2013-5704 (cve.mitre.org) - -core: HTTP trailers could be used to replace HTTP headers -late during request processing, potentially undoing or -otherwise confusing modules that examined or modified -request headers earlier. Adds "MergeTrailers" directive to restore -legacy behavior. - -Submitted by: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener -Backports: r1610814 -Reviewed by: covener, wrowe, ylavic - - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1619884 13f79535-47bb-0310-9956-ffa450edef68 - -diff --git a/include/http_core.h b/include/http_core.h -index 8730d1f..5cef622 100644 ---- a/include/http_core.h -+++ b/include/http_core.h -@@ -667,6 +667,10 @@ typedef struct { - #define AP_TRACE_ENABLE 1 - #define AP_TRACE_EXTENDED 2 - int trace_enable; -+#define AP_MERGE_TRAILERS_UNSET 0 -+#define AP_MERGE_TRAILERS_ENABLE 1 -+#define AP_MERGE_TRAILERS_DISABLE 2 -+ int merge_trailers; - - } core_server_config; - -diff --git a/include/httpd.h b/include/httpd.h -index e1510be..c6cd827 100644 ---- a/include/httpd.h -+++ b/include/httpd.h -@@ -1035,6 +1035,11 @@ struct request_rec { - */ - apr_sockaddr_t *useragent_addr; - char *useragent_ip; -+ -+ /** MIME trailer environment from the request */ -+ apr_table_t *trailers_in; -+ /** MIME trailer environment from the response */ -+ apr_table_t *trailers_out; - }; - - /** -diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c -index 2a0a979..0b86009 100644 ---- a/modules/http/http_filters.c -+++ b/modules/http/http_filters.c -@@ -231,6 +231,49 @@ static apr_status_t get_chunk_line(http_ctx_t *ctx, apr_bucket_brigade *b, - } - - -+static apr_status_t read_chunked_trailers(http_ctx_t *ctx, ap_filter_t *f, -+ apr_bucket_brigade *b, int merge) -+{ -+ int rv; -+ apr_bucket *e; -+ request_rec *r = f->r; -+ apr_table_t *saved_headers_in = r->headers_in; -+ int saved_status = r->status; -+ -+ r->status = HTTP_OK; -+ r->headers_in = r->trailers_in; -+ apr_table_clear(r->headers_in); -+ ctx->state = BODY_NONE; -+ ap_get_mime_headers(r); -+ -+ if(r->status == HTTP_OK) { -+ r->status = saved_status; -+ e = apr_bucket_eos_create(f->c->bucket_alloc); -+ APR_BRIGADE_INSERT_TAIL(b, e); -+ ctx->eos_sent = 1; -+ rv = APR_SUCCESS; -+ } -+ else { -+ const char *error_notes = apr_table_get(r->notes, -+ "error-notes"); -+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, -+ "Error while reading HTTP trailer: %i%s%s", -+ r->status, error_notes ? ": " : "", -+ error_notes ? error_notes : ""); -+ rv = APR_EINVAL; -+ } -+ -+ if(!merge) { -+ r->headers_in = saved_headers_in; -+ } -+ else { -+ r->headers_in = apr_table_overlay(r->pool, saved_headers_in, -+ r->trailers_in); -+ } -+ -+ return rv; -+} -+ - /* This is the HTTP_INPUT filter for HTTP requests and responses from - * proxied servers (mod_proxy). It handles chunked and content-length - * bodies. This can only be inserted/used after the headers -@@ -240,6 +283,7 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, - ap_input_mode_t mode, apr_read_type_e block, - apr_off_t readbytes) - { -+ core_server_config *conf; - apr_bucket *e; - http_ctx_t *ctx = f->ctx; - apr_status_t rv; -@@ -247,6 +291,9 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, - int http_error = HTTP_REQUEST_ENTITY_TOO_LARGE; - apr_bucket_brigade *bb; - -+ conf = (core_server_config *) -+ ap_get_module_config(f->r->server->module_config, &core_module); -+ - /* just get out of the way of things we don't want. */ - if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) { - return ap_get_brigade(f->next, b, mode, block, readbytes); -@@ -425,13 +472,8 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, - } - - if (!ctx->remaining) { -- /* Handle trailers by calling ap_get_mime_headers again! */ -- ctx->state = BODY_NONE; -- ap_get_mime_headers(f->r); -- e = apr_bucket_eos_create(f->c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(b, e); -- ctx->eos_sent = 1; -- return APR_SUCCESS; -+ return read_chunked_trailers(ctx, f, b, -+ conf->merge_trailers == AP_MERGE_TRAILERS_ENABLE); - } - } - } -@@ -534,13 +576,8 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, - } - - if (!ctx->remaining) { -- /* Handle trailers by calling ap_get_mime_headers again! */ -- ctx->state = BODY_NONE; -- ap_get_mime_headers(f->r); -- e = apr_bucket_eos_create(f->c->bucket_alloc); -- APR_BRIGADE_INSERT_TAIL(b, e); -- ctx->eos_sent = 1; -- return APR_SUCCESS; -+ return read_chunked_trailers(ctx, f, b, -+ conf->merge_trailers == AP_MERGE_TRAILERS_ENABLE); - } - } - break; -diff --git a/modules/http/http_request.c b/modules/http/http_request.c -index 796d506..cdfec8b 100644 ---- a/modules/http/http_request.c -+++ b/modules/http/http_request.c -@@ -463,6 +463,7 @@ static request_rec *internal_internal_redirect(const char *new_uri, - new->main = r->main; - - new->headers_in = r->headers_in; -+ new->trailers_in = r->trailers_in; - new->headers_out = apr_table_make(r->pool, 12); - if (ap_is_HTTP_REDIRECT(new->status)) { - const char *location = apr_table_get(r->headers_out, "Location"); -@@ -470,6 +471,7 @@ static request_rec *internal_internal_redirect(const char *new_uri, - apr_table_setn(new->headers_out, "Location", location); - } - new->err_headers_out = r->err_headers_out; -+ new->trailers_out = apr_table_make(r->pool, 5); - new->subprocess_env = rename_original_env(r->pool, r->subprocess_env); - new->notes = apr_table_make(r->pool, 5); - -@@ -583,6 +585,8 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r) - r->headers_out); - r->err_headers_out = apr_table_overlay(r->pool, rr->err_headers_out, - r->err_headers_out); -+ r->trailers_out = apr_table_overlay(r->pool, rr->trailers_out, -+ r->trailers_out); - r->subprocess_env = apr_table_overlay(r->pool, rr->subprocess_env, - r->subprocess_env); - -diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c -index 792756d..c1b0e1b 100644 ---- a/modules/loggers/mod_log_config.c -+++ b/modules/loggers/mod_log_config.c -@@ -431,6 +431,12 @@ static const char *log_header_in(request_rec *r, char *a) - return ap_escape_logitem(r->pool, apr_table_get(r->headers_in, a)); - } - -+static const char *log_trailer_in(request_rec *r, char *a) -+{ -+ return ap_escape_logitem(r->pool, apr_table_get(r->trailers_in, a)); -+} -+ -+ - static APR_INLINE char *find_multiple_headers(apr_pool_t *pool, - const apr_table_t *table, - const char *key) -@@ -514,6 +520,11 @@ static const char *log_header_out(request_rec *r, char *a) - return ap_escape_logitem(r->pool, cp); - } - -+static const char *log_trailer_out(request_rec *r, char *a) -+{ -+ return ap_escape_logitem(r->pool, apr_table_get(r->trailers_out, a)); -+} -+ - static const char *log_note(request_rec *r, char *a) - { - return ap_escape_logitem(r->pool, apr_table_get(r->notes, a)); -@@ -916,7 +927,7 @@ static char *parse_log_misc_string(apr_pool_t *p, log_format_item *it, - static char *parse_log_item(apr_pool_t *p, log_format_item *it, const char **sa) - { - const char *s = *sa; -- ap_log_handler *handler; -+ ap_log_handler *handler = NULL; - - if (*s != '%') { - return parse_log_misc_string(p, it, sa); -@@ -986,7 +997,16 @@ static char *parse_log_item(apr_pool_t *p, log_format_item *it, const char **sa) - break; - - default: -- handler = (ap_log_handler *)apr_hash_get(log_hash, s++, 1); -+ /* check for '^' + two character format first */ -+ if (*s == '^' && *(s+1) && *(s+2)) { -+ handler = (ap_log_handler *)apr_hash_get(log_hash, s, 3); -+ if (handler) { -+ s += 3; -+ } -+ } -+ if (!handler) { -+ handler = (ap_log_handler *)apr_hash_get(log_hash, s++, 1); -+ } - if (!handler) { - char dummy[2]; - -@@ -1516,7 +1536,7 @@ static void ap_register_log_handler(apr_pool_t *p, char *tag, - log_struct->func = handler; - log_struct->want_orig_default = def; - -- apr_hash_set(log_hash, tag, 1, (const void *)log_struct); -+ apr_hash_set(log_hash, tag, strlen(tag), (const void *)log_struct); - } - static ap_log_writer_init *ap_log_set_writer_init(ap_log_writer_init *handle) - { -@@ -1694,6 +1714,9 @@ static int log_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) - log_pfn_register(p, "U", log_request_uri, 1); - log_pfn_register(p, "s", log_status, 1); - log_pfn_register(p, "R", log_handler, 1); -+ -+ log_pfn_register(p, "^ti", log_trailer_in, 0); -+ log_pfn_register(p, "^to", log_trailer_out, 0); - } - - /* reset to default conditions */ -diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c -index 141452b..1a4d593 100644 ---- a/modules/proxy/mod_proxy_http.c -+++ b/modules/proxy/mod_proxy_http.c -@@ -1011,8 +1011,11 @@ static request_rec *make_fake_req(conn_rec *c, request_rec *r) - rp->status = HTTP_OK; - - rp->headers_in = apr_table_make(pool, 50); -+ rp->trailers_in = apr_table_make(pool, 5); -+ - rp->subprocess_env = apr_table_make(pool, 50); - rp->headers_out = apr_table_make(pool, 12); -+ rp->trailers_out = apr_table_make(pool, 5); - rp->err_headers_out = apr_table_make(pool, 5); - rp->notes = apr_table_make(pool, 5); - -@@ -1093,6 +1096,7 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr, - psc = (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module); - - r->headers_out = apr_table_make(r->pool, 20); -+ r->trailers_out = apr_table_make(r->pool, 5); - *pread_len = 0; - - /* -@@ -1223,6 +1227,14 @@ apr_status_t ap_proxygetline(apr_bucket_brigade *bb, char *s, int n, request_rec - #define AP_MAX_INTERIM_RESPONSES 10 - #endif - -+static int add_trailers(void *data, const char *key, const char *val) -+{ -+ if (val) { -+ apr_table_add((apr_table_t*)data, key, val); -+ } -+ return 1; -+} -+ - static - apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, - proxy_conn_rec **backend_ptr, -@@ -1735,6 +1747,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, - /* next time try a non-blocking read */ - mode = APR_NONBLOCK_READ; - -+ if (!apr_is_empty_table(backend->r->trailers_in)) { -+ apr_table_do(add_trailers, r->trailers_out, -+ backend->r->trailers_in, NULL); -+ apr_table_clear(backend->r->trailers_in); -+ } -+ - apr_brigade_length(bb, 0, &readbytes); - backend->worker->s->read += readbytes; - #if DEBUGGING -diff --git a/server/core.c b/server/core.c -index dd1a375..613ffa4 100644 ---- a/server/core.c -+++ b/server/core.c -@@ -520,6 +520,10 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv) - if (virt->error_log_req) - conf->error_log_req = virt->error_log_req; - -+ conf->merge_trailers = (virt->merge_trailers != AP_MERGE_TRAILERS_UNSET) -+ ? virt->merge_trailers -+ : base->merge_trailers; -+ - return conf; - } - -@@ -3882,6 +3886,16 @@ AP_DECLARE(void) ap_register_errorlog_handler(apr_pool_t *p, char *tag, - } - - -+static const char *set_merge_trailers(cmd_parms *cmd, void *dummy, int arg) -+{ -+ core_server_config *conf = ap_get_module_config(cmd->server->module_config, -+ &core_module); -+ conf->merge_trailers = (arg ? AP_MERGE_TRAILERS_ENABLE : -+ AP_MERGE_TRAILERS_DISABLE); -+ -+ return NULL; -+} -+ - /* Note --- ErrorDocument will now work from .htaccess files. - * The AllowOverride of Fileinfo allows webmasters to turn it off - */ -@@ -4129,6 +4143,8 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF, - #endif - AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF, - "'on' (default), 'off' or 'extended' to trace request body content"), -+AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF, -+ "merge request trailers into request headers or not"), - { NULL } - }; - -@@ -4211,7 +4227,6 @@ static int core_map_to_storage(request_rec *r) - - static int do_nothing(request_rec *r) { return OK; } - -- - static int core_override_type(request_rec *r) - { - core_dir_config *conf = -diff --git a/server/protocol.c b/server/protocol.c -index bf915a0..960117d 100644 ---- a/server/protocol.c -+++ b/server/protocol.c -@@ -718,6 +718,8 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb - r->status = HTTP_REQUEST_TIME_OUT; - } - else { -+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, -+ "Failed to read request header line %s", field); - r->status = HTTP_BAD_REQUEST; - } - -@@ -917,9 +919,11 @@ request_rec *ap_read_request(conn_rec *conn) - r->allowed_methods = ap_make_method_list(p, 2); - - r->headers_in = apr_table_make(r->pool, 25); -+ r->trailers_in = apr_table_make(r->pool, 5); - r->subprocess_env = apr_table_make(r->pool, 25); - r->headers_out = apr_table_make(r->pool, 12); - r->err_headers_out = apr_table_make(r->pool, 5); -+ r->trailers_out = apr_table_make(r->pool, 5); - r->notes = apr_table_make(r->pool, 5); - - r->request_config = ap_create_request_config(r->pool); -@@ -1185,6 +1189,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, - rnew->status = HTTP_OK; - - rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); -+ rnew->trailers_in = apr_table_copy(rnew->pool, r->trailers_in); - - /* did the original request have a body? (e.g. POST w/SSI tags) - * if so, make sure the subrequest doesn't inherit body headers -@@ -1196,6 +1201,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, - rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); - rnew->headers_out = apr_table_make(rnew->pool, 5); - rnew->err_headers_out = apr_table_make(rnew->pool, 5); -+ rnew->trailers_out = apr_table_make(rnew->pool, 5); - rnew->notes = apr_table_make(rnew->pool, 5); - - rnew->expecting_100 = r->expecting_100; diff --git a/httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch b/httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch deleted file mode 100644 index a5a748d..0000000 --- a/httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch +++ /dev/null @@ -1,83 +0,0 @@ -Index: httpd-2.4.10/modules/lua/mod_lua.c -=================================================================== ---- httpd-2.4.10.orig/modules/lua/mod_lua.c -+++ httpd-2.4.10/modules/lua/mod_lua.c -@@ -66,9 +66,13 @@ typedef struct { - const char *file_name; - const char *function_name; - ap_lua_vm_spec *spec; -- apr_array_header_t *args; - } lua_authz_provider_spec; - -+typedef struct { -+ lua_authz_provider_spec *spec; -+ apr_array_header_t *args; -+} lua_authz_provider_func; -+ - apr_hash_t *lua_authz_providers; - - typedef struct -@@ -1692,6 +1696,7 @@ static const char *lua_authz_parse(cmd_p - { - const char *provider_name; - lua_authz_provider_spec *spec; -+ lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func)); - - apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE, - cmd->temp_pool); -@@ -1699,16 +1704,17 @@ static const char *lua_authz_parse(cmd_p - - spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING); - ap_assert(spec != NULL); -+ func->spec = spec; - - if (require_line && *require_line) { - const char *arg; -- spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); -+ func->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); - while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) { -- APR_ARRAY_PUSH(spec->args, const char *) = arg; -+ APR_ARRAY_PUSH(func->args, const char *) = arg; - } - } - -- *parsed_require_line = spec; -+ *parsed_require_line = func; - return NULL; - } - -@@ -1722,7 +1728,8 @@ static authz_status lua_authz_check(requ - &lua_module); - const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, - &lua_module); -- const lua_authz_provider_spec *prov_spec = parsed_require_line; -+ const lua_authz_provider_func *prov_func = parsed_require_line; -+ const lua_authz_provider_spec *prov_spec = prov_func->spec; - int result; - int nargs = 0; - -@@ -1744,19 +1751,19 @@ static authz_status lua_authz_check(requ - return AUTHZ_GENERAL_ERROR; - } - ap_lua_run_lua_request(L, r); -- if (prov_spec->args) { -+ if (prov_func->args) { - int i; -- if (!lua_checkstack(L, prov_spec->args->nelts)) { -+ if (!lua_checkstack(L, prov_func->args->nelts)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315) - "Error: authz provider %s: too many arguments", prov_spec->name); - ap_lua_release_state(L, spec, r); - return AUTHZ_GENERAL_ERROR; - } -- for (i = 0; i < prov_spec->args->nelts; i++) { -- const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *); -+ for (i = 0; i < prov_func->args->nelts; i++) { -+ const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *); - lua_pushstring(L, arg); - } -- nargs = prov_spec->args->nelts; -+ nargs = prov_func->args->nelts; - } - if (lua_pcall(L, 1 + nargs, 1, 0)) { - const char *err = lua_tostring(L, -1); diff --git a/httpd-event-deadlock.patch b/httpd-event-deadlock.patch deleted file mode 100644 index 1ab5ee9..0000000 --- a/httpd-event-deadlock.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- httpd-2.4.10.orig/server/mpm/event/event.c -+++ httpd-2.4.10/server/mpm/event/event.c -@@ -1271,13 +1271,13 @@ static void get_worker(int *have_idle_wo - else - rc = ap_queue_info_try_get_idler(worker_queue_info); - -- if (rc == APR_SUCCESS) { -+ if (rc == APR_SUCCESS || APR_STATUS_IS_EOF(rc)) { - *have_idle_worker_p = 1; - } - else if (!blocking && rc == APR_EAGAIN) { - *all_busy = 1; - } -- else if (!APR_STATUS_IS_EOF(rc)) { -+ else { - ap_log_error(APLOG_MARK, APLOG_ERR, rc, ap_server_conf, APLOGNO(00472) - "ap_queue_info_wait_for_idler failed. " - "Attempting to shutdown process gracefully");