rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 281538 from Apache

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/281538
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=97
This commit is contained in:
Dominique Leuenberger 2015-01-22 20:48:16 +00:00 committed by Git OBS Bridge
commit 6704cfdf8f
8 changed files with 214 additions and 547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
apache2.changes
View File

@ -1,3 +1,212 @@
-------------------------------------------------------------------
Fri Jan 16 04:24:04 UTC 2015 - crrodriguez@opensuse.org
- remove obsolete patches
* httpd-2.4.10-check_null_pointer_dereference.patch
* httpd-event-deadlock.patch
* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
-------------------------------------------------------------------
Fri Jan 16 04:13:59 UTC 2015 - crrodriguez@opensuse.org
- Apache 2.4.11
*) SECURITY: CVE-2014-3583 (cve.mitre.org)
mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with
response headers' size above 8K. [Yann Ylavic, Jeff Trawick]
*) SECURITY: CVE-2014-3581 (cve.mitre.org)
mod_cache: Avoid a crash when Content-Type has an empty value.
PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-8109 (cve.mitre.org)
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
used in multiple Require directives with different arguments.
PR57204 [Edward Lu <Chaosed0 gmail.com>]
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
*) mod_ssl: New directive SSLSessionTickets (On|Off).
The directive controls the use of TLS session tickets (RFC 5077),
default value is "On" (unchanged behavior).
Session ticket creation uses a random key created during web
server startup and recreated during restarts. No other key
recreation mechanism is available currently. Therefore using session
tickets without restarting the web server with an appropriate frequency
(e.g. daily) compromises perfect forward secrecy. [Rainer Jung]
*) mod_proxy_fcgi: Provide some basic alternate options for specifying
how PATH_INFO is passed to FastCGI backends by adding significance to
the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener]
*) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule
to opt-in to connection reuse and other Proxy options via explicitly
declared "proxy workers" (<Proxy unix:... enablereuse=on max=...)
[Eric Covener]
*) mod_proxy: Add "enablereuse" option as the inverse of "disablereuse".
[Eric Covener]
*) mod_proxy_fcgi: Enable opt-in to TCP connection reuse by explicitly
setting proxy option disablereuse=off. [Eric Covener] PR 57378.
*) event: Update the internal "connection id" when requests
move from thread to thread. Reuse can confuse modules like
mod_cgid. PR 57435. [Michael Thorpe <mike gistnet.com>]
*) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME
passed to fastcgi backends. [Eric Covener]
*) core: Configuration files with long lines and continuation characters
are not read properly. PR 55910. [Manuel Mausz <manuel-as mausz.at>]
*) mod_include: the 'env' function was incorrectly handled as 'getenv' if the
leading 'e' was written in upper case in <!--#if expr="..." -->
statements. [Christophe Jaillet]
*) split-logfile: Fix perl error: 'Can't use string ("example.org:80")
as a symbol ref while "strict refs"'. PR 56329.
[Holger Mauermann <mauermann gmail.com>]
*) mod_proxy: Prevent ProxyPassReverse from doing a substitution when
the URL parameter interpolates to an empty string. PR 56603.
[<ajprout hotmail.com>]
*) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
PR 57328. [Armin Abfalterer <a.abfalterer gmail.com>, Yann Ylavic].
*) mod_proxy: Preserve original request headers even if they differ
from the ones to be forwarded to the backend. PR 45387.
[Yann Ylavic]
*) mod_ssl: dump SSL IO/state for the write side of the connection(s),
like reads (level TRACE4). [Yann Ylavic]
*) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.
[Jan Kaluza]
*) mod_ssl: Do not crash when looking up SSL related variables during
expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem]
*) mod_proxy_ajp: Fix handling of the default port (8009) in the
ProxyPass and <Proxy> configurations. PR 57259. [Yann Ylavic]
*) mpm_event: Avoid a possible use after free when notifying the end of
connection during lingering close. PR 57268. [Eric Covener, Yann Ylavic]
*) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
improperly or too large. [Jeff Trawick]
*) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
[Jeff Trawick]
*) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
error when parsing or forwarding the response fails. [Yann Ylavic]
*) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e
PR 53435 [tadanori <tadanori2007 yahoo.com>, Sebastian Wiedenroth <wiedi frubar.net>]
*) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
determine whether it is a normal close or a real error. PR 57168. [Yann
Ylavic]
*) mod_proxy_wstunnel: abort backend connection on polling error to avoid
further processing. [Yann Ylavic]
*) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
PR 57167 [Edward Lu <Chaosed0 gmail.com>]
*) mod_proxy_connect: Fix ProxyRemote to https:// backends on EBCDIC
systems. PR 57092 [Edward Lu <Chaosed0 gmail.com>]
*) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752
CacheLock error occurs during cache revalidation. [Eric Covener]
*) mod_ssl: Move OCSP stapling information from a per-certificate store to
a per-server hash. PR 54357, PR 56919. [Alex Bligh <alex alex.org.uk>,
Yann Ylavic, Kaspar Brand]
*) mod_cache_socache: Change average object size hint from 32 bytes to
2048 bytes. [Rainer Jung]
*) mod_cache_socache: Add cache status to server-status. [Rainer Jung]
*) event: Fix worker-listener deadlock in graceful restart.
PR 56960.
*) Concat strings at compile time when possible. PR 53741.
*) mod_substitute: Restrict configuration in .htaccess to
FileInfo as documented. [Rainer Jung]
*) mod_substitute: Make maximum line length configurable. [Rainer Jung]
*) mod_substitute: Fix line length limitation in case of regexp plus flatten.
[Rainer Jung]
*) mod_proxy: Truncated character worker names are no longer fatal
errors. PR53218. [Jim Jagielski]
*) mod_dav: Set r->status_line in dav_error_response. PR 55426.
*) mod_proxy_http, mod_cache: Avoid (unlikely) accesses to freed memory.
[Yann Ylavic, Christophe Jaillet]
*) http_protocol: fix logic in ap_method_list_(add|remove) in order:
- to correctly reset bits
- not to modify the 'method_mask' bitfield unnecessarily
[Christophe Jaillet]
*) mod_slotmem_shm: Increase log level for some originally debug messages.
[Jim Jagielski]
*) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with
the wrong credentials when a backend connection is reused.
[Eric Covener]
*) mod_macro: Add missing APLOGNO for some Warning log messages.
[Christophe Jaillet]
*) mod_cache: Avoid sending 304 responses during failed revalidations
PR56881. [Eric Covener]
*) mod_status: Honor client IP address using mod_remoteip. PR 55886.
[Jim Jagielski]
*) cmake-based build for Windows: Fix incompatibility with cmake 2.8.12
and later. PR 56615. [Chuck Liu <cliu81 gmail.com>, Jeff Trawick]
*) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade
failed) messages from ERROR to TRACE1. Other filters do not bother
re-reporting failures from lower level filters. PR56832. [Eric Covener]
*) core: Avoid useless warning message when parsing a section guarded by
<IfDefine foo> if $(foo) is used within the section.
PR 56503 [Christophe Jaillet]
*) mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the
application. PR 56858. [Manuel Mausz <manuel-asf mausz.at>]
*) mod_proxy_http: Proxy responses with error status and
"ProxyErrorOverride On" hang until proxy timeout.
PR53420 [Rainer Jung]
*) mod_log_config: Allow three character log formats to be registered. For
backwards compatibility, the first character of a three-character format
must be the '^' (caret) character. [Eric Covener]
*) mod_lua: Don't quote Expires and Path values. PR 56734.
[Keith Mashinter, <kmashint yahoo com>]
*) mod_authz_core: Allow <AuthzProviderAlias>'es to be seen from auth
stanzas under virtual hosts. PR 56870. [Eric Covener]
-------------------------------------------------------------------
Mon Jan 12 10:51:32 UTC 2015 - bruno@ioda-net.ch

15
apache2.spec
View File

@ -92,8 +92,8 @@ BuildRequires: expat-devel
# "Server:" header
%define VENDOR SUSE
%define platform_string Linux/%VENDOR
%define realver 2.4.10
Version: 2.4.10
%define realver 2.4.11
Version: 2.4.11
Release: 0
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: httpd-%{realver}.tar.bz2
@ -157,19 +157,12 @@ Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.x.x-logresolve.patch
Patch69: httpd-2.2.x-bnc690734.patch
Patch70: apache2-implicit-pointer-decl.patch
Patch71: httpd-event-deadlock.patch
# PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
#Patch108: apache2-mod_ssl_npn.patch
#Provides: apache2(mod_ssl+npn)
# PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
Patch109: httpd-2.4.3-mod_systemd.patch
Patch111: httpd-visibility.patch
# PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value
Patch112: httpd-2.4.10-check_null_pointer_dereference.patch
# PATCH-FIX-UPSTREAM bnc#909715 kstreitova@suse.com -- Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments.
Patch113: httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
# PATCH-FIX-UPSTREAM bnc#871310 kstreitova@suse.com -- Fix the flaw in the way mod_headers handled chunked requests.
Patch114: httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.4
@ -345,13 +338,9 @@ to administrators of web servers in general.
%patch68 -p1
#%patch69
%patch70 -p1
%patch71 -p1
#%patch108 -p1
%patch109 -p1
%patch111 -p1
%patch112 -p1
%patch113 -p1
%patch114 -p1
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
a=$(basename %{S:22})

31
httpd-2.4.10-check_null_pointer_dereference.patch
View File

@ -1,31 +0,0 @@
Index: httpd-2.4.10/CHANGES
===================================================================
--- httpd-2.4.10.orig/CHANGES
+++ httpd-2.4.10/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.10
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+ [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
Index: httpd-2.4.10/modules/cache/cache_util.c
===================================================================
--- httpd-2.4.10.orig/modules/cache/cache_util.c
+++ httpd-2.4.10/modules/cache/cache_util.c
@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding

3
httpd-2.4.10.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a
size 5031834

3
httpd-2.4.11.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9c77b451148036bdd3742fd02d4ac7df9c22fb52411aba0f92064cf9bf8af93e
size 5053472

399
httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
View File

@ -1,399 +0,0 @@
From 6688f9d102ad29d6bb4167d690ee495d709e47b6 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Fri, 22 Aug 2014 18:18:08 +0000
Subject: [PATCH] SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted by: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Backports: r1610814
Reviewed by: covener, wrowe, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1619884 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/include/http_core.h b/include/http_core.h
index 8730d1f..5cef622 100644
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -667,6 +667,10 @@ typedef struct {
#define AP_TRACE_ENABLE 1
#define AP_TRACE_EXTENDED 2
int trace_enable;
+#define AP_MERGE_TRAILERS_UNSET 0
+#define AP_MERGE_TRAILERS_ENABLE 1
+#define AP_MERGE_TRAILERS_DISABLE 2
+ int merge_trailers;
} core_server_config;
diff --git a/include/httpd.h b/include/httpd.h
index e1510be..c6cd827 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1035,6 +1035,11 @@ struct request_rec {
*/
apr_sockaddr_t *useragent_addr;
char *useragent_ip;
+
+ /** MIME trailer environment from the request */
+ apr_table_t *trailers_in;
+ /** MIME trailer environment from the response */
+ apr_table_t *trailers_out;
};
/**
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 2a0a979..0b86009 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -231,6 +231,49 @@ static apr_status_t get_chunk_line(http_ctx_t *ctx, apr_bucket_brigade *b,
}
+static apr_status_t read_chunked_trailers(http_ctx_t *ctx, ap_filter_t *f,
+ apr_bucket_brigade *b, int merge)
+{
+ int rv;
+ apr_bucket *e;
+ request_rec *r = f->r;
+ apr_table_t *saved_headers_in = r->headers_in;
+ int saved_status = r->status;
+
+ r->status = HTTP_OK;
+ r->headers_in = r->trailers_in;
+ apr_table_clear(r->headers_in);
+ ctx->state = BODY_NONE;
+ ap_get_mime_headers(r);
+
+ if(r->status == HTTP_OK) {
+ r->status = saved_status;
+ e = apr_bucket_eos_create(f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(b, e);
+ ctx->eos_sent = 1;
+ rv = APR_SUCCESS;
+ }
+ else {
+ const char *error_notes = apr_table_get(r->notes,
+ "error-notes");
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+ "Error while reading HTTP trailer: %i%s%s",
+ r->status, error_notes ? ": " : "",
+ error_notes ? error_notes : "");
+ rv = APR_EINVAL;
+ }
+
+ if(!merge) {
+ r->headers_in = saved_headers_in;
+ }
+ else {
+ r->headers_in = apr_table_overlay(r->pool, saved_headers_in,
+ r->trailers_in);
+ }
+
+ return rv;
+}
+
/* This is the HTTP_INPUT filter for HTTP requests and responses from
* proxied servers (mod_proxy). It handles chunked and content-length
* bodies. This can only be inserted/used after the headers
@@ -240,6 +283,7 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
ap_input_mode_t mode, apr_read_type_e block,
apr_off_t readbytes)
{
+ core_server_config *conf;
apr_bucket *e;
http_ctx_t *ctx = f->ctx;
apr_status_t rv;
@@ -247,6 +291,9 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
int http_error = HTTP_REQUEST_ENTITY_TOO_LARGE;
apr_bucket_brigade *bb;
+ conf = (core_server_config *)
+ ap_get_module_config(f->r->server->module_config, &core_module);
+
/* just get out of the way of things we don't want. */
if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) {
return ap_get_brigade(f->next, b, mode, block, readbytes);
@@ -425,13 +472,8 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
}
if (!ctx->remaining) {
- /* Handle trailers by calling ap_get_mime_headers again! */
- ctx->state = BODY_NONE;
- ap_get_mime_headers(f->r);
- e = apr_bucket_eos_create(f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(b, e);
- ctx->eos_sent = 1;
- return APR_SUCCESS;
+ return read_chunked_trailers(ctx, f, b,
+ conf->merge_trailers == AP_MERGE_TRAILERS_ENABLE);
}
}
}
@@ -534,13 +576,8 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
}
if (!ctx->remaining) {
- /* Handle trailers by calling ap_get_mime_headers again! */
- ctx->state = BODY_NONE;
- ap_get_mime_headers(f->r);
- e = apr_bucket_eos_create(f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(b, e);
- ctx->eos_sent = 1;
- return APR_SUCCESS;
+ return read_chunked_trailers(ctx, f, b,
+ conf->merge_trailers == AP_MERGE_TRAILERS_ENABLE);
}
}
break;
diff --git a/modules/http/http_request.c b/modules/http/http_request.c
index 796d506..cdfec8b 100644
--- a/modules/http/http_request.c
+++ b/modules/http/http_request.c
@@ -463,6 +463,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
new->main = r->main;
new->headers_in = r->headers_in;
+ new->trailers_in = r->trailers_in;
new->headers_out = apr_table_make(r->pool, 12);
if (ap_is_HTTP_REDIRECT(new->status)) {
const char *location = apr_table_get(r->headers_out, "Location");
@@ -470,6 +471,7 @@ static request_rec *internal_internal_redirect(const char *new_uri,
apr_table_setn(new->headers_out, "Location", location);
}
new->err_headers_out = r->err_headers_out;
+ new->trailers_out = apr_table_make(r->pool, 5);
new->subprocess_env = rename_original_env(r->pool, r->subprocess_env);
new->notes = apr_table_make(r->pool, 5);
@@ -583,6 +585,8 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r)
r->headers_out);
r->err_headers_out = apr_table_overlay(r->pool, rr->err_headers_out,
r->err_headers_out);
+ r->trailers_out = apr_table_overlay(r->pool, rr->trailers_out,
+ r->trailers_out);
r->subprocess_env = apr_table_overlay(r->pool, rr->subprocess_env,
r->subprocess_env);
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
index 792756d..c1b0e1b 100644
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -431,6 +431,12 @@ static const char *log_header_in(request_rec *r, char *a)
return ap_escape_logitem(r->pool, apr_table_get(r->headers_in, a));
}
+static const char *log_trailer_in(request_rec *r, char *a)
+{
+ return ap_escape_logitem(r->pool, apr_table_get(r->trailers_in, a));
+}
+
+
static APR_INLINE char *find_multiple_headers(apr_pool_t *pool,
const apr_table_t *table,
const char *key)
@@ -514,6 +520,11 @@ static const char *log_header_out(request_rec *r, char *a)
return ap_escape_logitem(r->pool, cp);
}
+static const char *log_trailer_out(request_rec *r, char *a)
+{
+ return ap_escape_logitem(r->pool, apr_table_get(r->trailers_out, a));
+}
+
static const char *log_note(request_rec *r, char *a)
{
return ap_escape_logitem(r->pool, apr_table_get(r->notes, a));
@@ -916,7 +927,7 @@ static char *parse_log_misc_string(apr_pool_t *p, log_format_item *it,
static char *parse_log_item(apr_pool_t *p, log_format_item *it, const char **sa)
{
const char *s = *sa;
- ap_log_handler *handler;
+ ap_log_handler *handler = NULL;
if (*s != '%') {
return parse_log_misc_string(p, it, sa);
@@ -986,7 +997,16 @@ static char *parse_log_item(apr_pool_t *p, log_format_item *it, const char **sa)
break;
default:
- handler = (ap_log_handler *)apr_hash_get(log_hash, s++, 1);
+ /* check for '^' + two character format first */
+ if (*s == '^' && *(s+1) && *(s+2)) {
+ handler = (ap_log_handler *)apr_hash_get(log_hash, s, 3);
+ if (handler) {
+ s += 3;
+ }
+ }
+ if (!handler) {
+ handler = (ap_log_handler *)apr_hash_get(log_hash, s++, 1);
+ }
if (!handler) {
char dummy[2];
@@ -1516,7 +1536,7 @@ static void ap_register_log_handler(apr_pool_t *p, char *tag,
log_struct->func = handler;
log_struct->want_orig_default = def;
- apr_hash_set(log_hash, tag, 1, (const void *)log_struct);
+ apr_hash_set(log_hash, tag, strlen(tag), (const void *)log_struct);
}
static ap_log_writer_init *ap_log_set_writer_init(ap_log_writer_init *handle)
{
@@ -1694,6 +1714,9 @@ static int log_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
log_pfn_register(p, "U", log_request_uri, 1);
log_pfn_register(p, "s", log_status, 1);
log_pfn_register(p, "R", log_handler, 1);
+
+ log_pfn_register(p, "^ti", log_trailer_in, 0);
+ log_pfn_register(p, "^to", log_trailer_out, 0);
}
/* reset to default conditions */
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 141452b..1a4d593 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -1011,8 +1011,11 @@ static request_rec *make_fake_req(conn_rec *c, request_rec *r)
rp->status = HTTP_OK;
rp->headers_in = apr_table_make(pool, 50);
+ rp->trailers_in = apr_table_make(pool, 5);
+
rp->subprocess_env = apr_table_make(pool, 50);
rp->headers_out = apr_table_make(pool, 12);
+ rp->trailers_out = apr_table_make(pool, 5);
rp->err_headers_out = apr_table_make(pool, 5);
rp->notes = apr_table_make(pool, 5);
@@ -1093,6 +1096,7 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
psc = (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
r->headers_out = apr_table_make(r->pool, 20);
+ r->trailers_out = apr_table_make(r->pool, 5);
*pread_len = 0;
/*
@@ -1223,6 +1227,14 @@ apr_status_t ap_proxygetline(apr_bucket_brigade *bb, char *s, int n, request_rec
#define AP_MAX_INTERIM_RESPONSES 10
#endif
+static int add_trailers(void *data, const char *key, const char *val)
+{
+ if (val) {
+ apr_table_add((apr_table_t*)data, key, val);
+ }
+ return 1;
+}
+
static
apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
proxy_conn_rec **backend_ptr,
@@ -1735,6 +1747,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
/* next time try a non-blocking read */
mode = APR_NONBLOCK_READ;
+ if (!apr_is_empty_table(backend->r->trailers_in)) {
+ apr_table_do(add_trailers, r->trailers_out,
+ backend->r->trailers_in, NULL);
+ apr_table_clear(backend->r->trailers_in);
+ }
+
apr_brigade_length(bb, 0, &readbytes);
backend->worker->s->read += readbytes;
#if DEBUGGING
diff --git a/server/core.c b/server/core.c
index dd1a375..613ffa4 100644
--- a/server/core.c
+++ b/server/core.c
@@ -520,6 +520,10 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
if (virt->error_log_req)
conf->error_log_req = virt->error_log_req;
+ conf->merge_trailers = (virt->merge_trailers != AP_MERGE_TRAILERS_UNSET)
+ ? virt->merge_trailers
+ : base->merge_trailers;
+
return conf;
}
@@ -3882,6 +3886,16 @@ AP_DECLARE(void) ap_register_errorlog_handler(apr_pool_t *p, char *tag,
}
+static const char *set_merge_trailers(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf = ap_get_module_config(cmd->server->module_config,
+ &core_module);
+ conf->merge_trailers = (arg ? AP_MERGE_TRAILERS_ENABLE :
+ AP_MERGE_TRAILERS_DISABLE);
+
+ return NULL;
+}
+
/* Note --- ErrorDocument will now work from .htaccess files.
* The AllowOverride of Fileinfo allows webmasters to turn it off
*/
@@ -4129,6 +4143,8 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF,
#endif
AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
"'on' (default), 'off' or 'extended' to trace request body content"),
+AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
+ "merge request trailers into request headers or not"),
{ NULL }
};
@@ -4211,7 +4227,6 @@ static int core_map_to_storage(request_rec *r)
static int do_nothing(request_rec *r) { return OK; }
-
static int core_override_type(request_rec *r)
{
core_dir_config *conf =
diff --git a/server/protocol.c b/server/protocol.c
index bf915a0..960117d 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -718,6 +718,8 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
r->status = HTTP_REQUEST_TIME_OUT;
}
else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r,
+ "Failed to read request header line %s", field);
r->status = HTTP_BAD_REQUEST;
}
@@ -917,9 +919,11 @@ request_rec *ap_read_request(conn_rec *conn)
r->allowed_methods = ap_make_method_list(p, 2);
r->headers_in = apr_table_make(r->pool, 25);
+ r->trailers_in = apr_table_make(r->pool, 5);
r->subprocess_env = apr_table_make(r->pool, 25);
r->headers_out = apr_table_make(r->pool, 12);
r->err_headers_out = apr_table_make(r->pool, 5);
+ r->trailers_out = apr_table_make(r->pool, 5);
r->notes = apr_table_make(r->pool, 5);
r->request_config = ap_create_request_config(r->pool);
@@ -1185,6 +1189,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
rnew->status = HTTP_OK;
rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
+ rnew->trailers_in = apr_table_copy(rnew->pool, r->trailers_in);
/* did the original request have a body? (e.g. POST w/SSI tags)
* if so, make sure the subrequest doesn't inherit body headers
@@ -1196,6 +1201,7 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
rnew->headers_out = apr_table_make(rnew->pool, 5);
rnew->err_headers_out = apr_table_make(rnew->pool, 5);
+ rnew->trailers_out = apr_table_make(rnew->pool, 5);
rnew->notes = apr_table_make(rnew->pool, 5);
rnew->expecting_100 = r->expecting_100;

83
httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
View File

@ -1,83 +0,0 @@
Index: httpd-2.4.10/modules/lua/mod_lua.c
===================================================================
--- httpd-2.4.10.orig/modules/lua/mod_lua.c
+++ httpd-2.4.10/modules/lua/mod_lua.c
@@ -66,9 +66,13 @@ typedef struct {
const char *file_name;
const char *function_name;
ap_lua_vm_spec *spec;
- apr_array_header_t *args;
} lua_authz_provider_spec;
+typedef struct {
+ lua_authz_provider_spec *spec;
+ apr_array_header_t *args;
+} lua_authz_provider_func;
+
apr_hash_t *lua_authz_providers;
typedef struct
@@ -1692,6 +1696,7 @@ static const char *lua_authz_parse(cmd_p
{
const char *provider_name;
lua_authz_provider_spec *spec;
+ lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func));
apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE,
cmd->temp_pool);
@@ -1699,16 +1704,17 @@ static const char *lua_authz_parse(cmd_p
spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING);
ap_assert(spec != NULL);
+ func->spec = spec;
if (require_line && *require_line) {
const char *arg;
- spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
+ func->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) {
- APR_ARRAY_PUSH(spec->args, const char *) = arg;
+ APR_ARRAY_PUSH(func->args, const char *) = arg;
}
}
- *parsed_require_line = spec;
+ *parsed_require_line = func;
return NULL;
}
@@ -1722,7 +1728,8 @@ static authz_status lua_authz_check(requ
&lua_module);
const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config,
&lua_module);
- const lua_authz_provider_spec *prov_spec = parsed_require_line;
+ const lua_authz_provider_func *prov_func = parsed_require_line;
+ const lua_authz_provider_spec *prov_spec = prov_func->spec;
int result;
int nargs = 0;
@@ -1744,19 +1751,19 @@ static authz_status lua_authz_check(requ
return AUTHZ_GENERAL_ERROR;
}
ap_lua_run_lua_request(L, r);
- if (prov_spec->args) {
+ if (prov_func->args) {
int i;
- if (!lua_checkstack(L, prov_spec->args->nelts)) {
+ if (!lua_checkstack(L, prov_func->args->nelts)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315)
"Error: authz provider %s: too many arguments", prov_spec->name);
ap_lua_release_state(L, spec, r);
return AUTHZ_GENERAL_ERROR;
}
- for (i = 0; i < prov_spec->args->nelts; i++) {
- const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *);
+ for (i = 0; i < prov_func->args->nelts; i++) {
+ const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *);
lua_pushstring(L, arg);
}
- nargs = prov_spec->args->nelts;
+ nargs = prov_func->args->nelts;
}
if (lua_pcall(L, 1 + nargs, 1, 0)) {
const char *err = lua_tostring(L, -1);

18
httpd-event-deadlock.patch
View File

@ -1,18 +0,0 @@
--- httpd-2.4.10.orig/server/mpm/event/event.c
+++ httpd-2.4.10/server/mpm/event/event.c
@@ -1271,13 +1271,13 @@ static void get_worker(int *have_idle_wo
else
rc = ap_queue_info_try_get_idler(worker_queue_info);
- if (rc == APR_SUCCESS) {
+ if (rc == APR_SUCCESS || APR_STATUS_IS_EOF(rc)) {
*have_idle_worker_p = 1;
}
else if (!blocking && rc == APR_EAGAIN) {
*all_busy = 1;
}
- else if (!APR_STATUS_IS_EOF(rc)) {
+ else {
ap_log_error(APLOG_MARK, APLOG_ERR, rc, ap_server_conf, APLOGNO(00472)
"ap_queue_info_wait_for_idler failed. "
"Attempting to shutdown process gracefully");