OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 04-Oct-2002 21:39:16
Branch: OPENPKG_1_0_SOLID Handle: 2002100420391501
Modified files: (Branch: OPENPKG_1_0_SOLID)
openpkg-src/apache apache.patch apache.spec
Log:
fix security bugs (see OpenPKG-SA-2002.009-apache)
Summary:
Revision Changes Path
1.1.2.2 +158 -0 openpkg-src/apache/apache.patch
1.16.2.7 +1 -1 openpkg-src/apache/apache.spec
____________________________________________________________________________
Index: openpkg-src/apache/apache.patch
============================================================
$ cvs diff -u -r1.1.2.1 -r1.1.2.2 apache.patch
--- openpkg-src/apache/apache.patch 19 Jun 2002 15:36:49 -0000 1.1.2.1
+++ openpkg-src/apache/apache.patch 4 Oct 2002 19:39:15 -0000 1.1.2.2
@@ -64,3 +64,161 @@
}
else {
r->remaining = len_to_read;
+--- apache_1.3.22.orig/src/include/http_conf_globals.h Fri Jul 13 09:32:35
2001
++++ apache_1.3.22/src/include/http_conf_globals.h Fri Oct 4 18:18:29 2002
+@@ -102,6 +102,7 @@
+ extern API_VAR_EXPORT char *ap_server_argv0;
+
+ extern enum server_token_type ap_server_tokens;
++extern int ap_change_shmem_uid;
+
+ /* Trying to allocate these in the config pool gets us into some *nasty*
+ * chicken-and-egg problems in http_main.c --- where do you stick them
+--- apache_1.3.22.orig/src/main/http_core.c Tue Sep 4 20:15:15 2001
++++ apache_1.3.22/src/main/http_core.c Fri Oct 4 18:18:29 2002
+@@ -2693,11 +2693,14 @@
+ return ap_pstrcat(r->pool, prefix, "<ADDRESS>" SERVER_BASEVERSION
+ " Server at <A HREF=\"mailto:";,
+ r->server->server_admin, "\">",
+- ap_get_server_name(r), "</A> Port ", sport,
++ ap_escape_html(r->pool, ap_get_server_name(r)),
++ "</A> Port ", sport,
+ "</ADDRESS>\n", NULL);
+ }
+ return ap_pstrcat(r->pool, prefix, "<ADDRESS>" SERVER_BASEVERSION
+- " Server at ", ap_get_server_name(r), " Port ", sport,
++ " Server at ",
++ ap_escape_html(r->pool, ap_get_server_name(r)),
++ " Port ", sport,
+ "</ADDRESS>\n", NULL);
+ }
+
+@@ -2725,6 +2728,18 @@
+ }
+ #endif /*_OSD_POSIX*/
+
++static const char *set_change_shmem_uid(cmd_parms *cmd,
++ core_dir_config *d, int arg)
++{
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ ap_change_shmem_uid = arg != 0;
++ return NULL;
++}
++
+ /*
+ * Handle a request to include the server's OS platform in the Server
+ * response header field (the ServerTokens directive). Unfortunately
+@@ -3219,6 +3234,8 @@
+ (void*)XtOffsetOf(core_dir_config, limit_req_body),
+ OR_ALL, TAKE1,
+ "Limit (in bytes) on maximum size of request message body" },
++{ "ShmemUIDisUser", set_change_shmem_uid, NULL, RSRC_CONF, FLAG,
++ "Enable the setting of SysV shared memory scoreboard uid/gid to User/Group" },
+ { "AcceptMutex", set_accept_mutex, NULL, RSRC_CONF, TAKE1,
+ "Serialized Accept Mutex; the methods "
+ #ifdef HAVE_USLOCK_SERIALIZED_ACCEPT
+--- apache_1.3.22.orig/src/main/http_main.c Sat Oct 6 04:21:11 2001
++++ apache_1.3.22/src/main/http_main.c Fri Oct 4 18:18:29 2002
+@@ -397,6 +397,8 @@
+ /* Global, alas, so http_core can talk to us */
+ enum server_token_type ap_server_tokens = SrvTk_FULL;
+
++int ap_change_shmem_uid = 0;
++
+ /*
+ * This routine is called when the pconf pool is vacuumed. It resets the
+ * server version string to a known value and [re]enables modifications
+@@ -2243,7 +2245,9 @@
+ * We exit below, after we try to remove the segment
+ */
+ }
+- else { /* only worry about permissions if we attached the
segment */
++ /* only worry about permissions if we attached the segment
++ and we want/need to change the uid/gid */
++ else if (ap_change_shmem_uid) {
+ if (shmctl(shmid, IPC_STAT, &shmbuf) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
+ "shmctl() could not stat segment #%d", shmid);
+--- apache_1.3.22.orig/src/main/util_script.c Wed May 9 07:17:11 2001
++++ apache_1.3.22/src/main/util_script.c Fri Oct 4 18:18:29 2002
+@@ -285,7 +285,8 @@
+ ap_table_addn(e, "PATH", env_path);
+ ap_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
+ ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
+- ap_table_addn(e, "SERVER_NAME", ap_get_server_name(r));
++ ap_table_addn(e, "SERVER_NAME",
++ ap_escape_html(r->pool,ap_get_server_name(r)));
+ ap_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
+ ap_table_addn(e, "SERVER_PORT",
+ ap_psprintf(r->pool, "%u", ap_get_server_port(r)));
+--- apache_1.3.22.orig/src/support/ab.c Mon Oct 8 19:54:42 2001
++++ apache_1.3.22/src/support/ab.c Fri Oct 4 18:18:29 2002
+@@ -1068,11 +1068,12 @@
+ * this is first time, extract some interesting info
+ */
+ char *p, *q;
++ int qlen;
+ p = strstr(c->cbuff, "Server:");
+- q = servername;
++ q = servername; qlen = sizeof(servername);
+ if (p) {
+ p += 8;
+- while (*p > 32)
++ while (*p > 32 && qlen-- > 1)
+ *q++ = *p++;
+ }
+ *q = 0;
+@@ -1545,9 +1546,9 @@
+ strcpy(content_type, optarg);
+ break;
+ case 'C':
+- strncat(cookie, "Cookie: ", sizeof(cookie));
+- strncat(cookie, optarg, sizeof(cookie));
+- strncat(cookie, "\r\n", sizeof(cookie));
++ strncat(cookie, "Cookie: ", sizeof(cookie)-strlen(cookie)-1);
++ strncat(cookie, optarg, sizeof(cookie)-strlen(cookie)-1);
++ strncat(cookie, "\r\n", sizeof(cookie)-strlen(cookie)-1);
+ break;
+ case 'A':
+ /*
+@@ -1559,9 +1560,9 @@
+ l = ap_base64encode(tmp, optarg, strlen(optarg));
+ tmp[l] = '\0';
+
+- strncat(auth, "Authorization: Basic ", sizeof(auth));
+- strncat(auth, tmp, sizeof(auth));
+- strncat(auth, "\r\n", sizeof(auth));
++ strncat(auth, "Authorization: Basic ", sizeof(auth)-strlen(auth)-1);
++ strncat(auth, tmp, sizeof(auth)-strlen(auth)-1);
++ strncat(auth, "\r\n", sizeof(auth)-strlen(auth)-1);
+ break;
+ case 'P':
+ /*
+@@ -1572,9 +1573,9 @@
+ l = ap_base64encode(tmp, optarg, strlen(optarg));
+ tmp[l] = '\0';
+
+- strncat(auth, "Proxy-Authorization: Basic ", sizeof(auth));
+- strncat(auth, tmp, sizeof(auth));
+- strncat(auth, "\r\n", sizeof(auth));
++ strncat(auth, "Proxy-Authorization: Basic ", sizeof(auth)-strlen(auth)-1);
++ strncat(auth, tmp, sizeof(auth)-strlen(auth)-1);
++ strncat(auth, "\r\n", sizeof(auth)-strlen(auth)-1);
+ break;
+ case 'X':
+ {
+@@ -1592,8 +1593,8 @@
+ }
+ break;
+ case 'H':
+- strncat(hdrs, optarg, sizeof(hdrs));
+- strncat(hdrs, "\r\n", sizeof(hdrs));
++ strncat(hdrs, optarg, sizeof(hdrs)-strlen(hdrs)-1);
++ strncat(hdrs, "\r\n", sizeof(hdrs)-strlen(hdrs)-1);
+ break;
+ case 'V':
+ copyright();
Index: openpkg-src/apache/apache.spec
============================================================
$ cvs diff -u -r1.16.2.6 -r1.16.2.7 apache.spec
--- openpkg-src/apache/apache.spec 20 Jun 2002 14:05:25 -0000 1.16.2.6
+++ openpkg-src/apache/apache.spec 4 Oct 2002 19:39:16 -0000 1.16.2.7
@@ -71,7 +71,7 @@
Group: Web
License: BSD-style
Version: %{V_apache}
-Release: 1.0.4
+Release: 1.0.5
# list of sources
Source0: http://httpd.apache.org/dist/httpd/apache_%{V_apache}.tar.gz
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
