Hello community,
here is the log from the commit of package apache2 for openSUSE:Factory checked
in at 2012-04-02 10:50:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
and /work/SRC/openSUSE:Factory/.apache2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2", Maintainer is "dr...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2012-02-22
12:02:05.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes 2012-04-02
10:50:37.000000000 +0200
@@ -1,0 +2,5 @@
+Tue Mar 20 14:05:49 UTC 2012 - adr...@suse.de
+
+- fix truncating and resulting paniking of answer headers (bnc#690734)
+
+-------------------------------------------------------------------
New:
----
httpd-2.2.x-bnc690734.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.l7etHi/_old 2012-04-02 10:50:43.000000000 +0200
+++ /var/tmp/diff_new_pack.l7etHi/_new 2012-04-02 10:50:43.000000000 +0200
@@ -16,7 +16,6 @@
#
-
Name: apache2
BuildRequires: automake
BuildRequires: db-devel
@@ -139,6 +138,7 @@
Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.x.x-logresolve.patch
+Patch69: httpd-2.2.x-bnc690734.patch
Patch100: apache2.2-mpm-itk-20090414-00.patch
Patch101: httpd-2.2.19-linux3.patch
Patch102: httpd-keepalivetimeout-millisecs.patch
@@ -152,15 +152,19 @@
Summary: The Apache Web Server Version 2.2
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
-Provides: httpd http_daemon %{apache_mmn} suse_help_viewer
-Requires: %{pname}-MPM /etc/mime.types
+Provides: %{apache_mmn}
+Provides: http_daemon
+Provides: httpd
+Provides: suse_help_viewer
+Requires: %{pname}-MPM
+Requires: /etc/mime.types
PreReq: %{name}-utils
Requires: logrotate
# in the past, libapr1 >= 1.0 was sufficient. But since 2.2.16, a failure to
# create listen sockets can occur, unless newer libapr1 is used, with certain
kernels.
# see https://bugzilla.redhat.com/show_bug.cgi?id=516331
-Requires: libapr1 >= 1.4.2
Requires: libapr1 < 2.0
+Requires: libapr1 >= 1.4.2
%{?systemd_requires}
PreReq: fileutils textutils grep sed
%if %{?suse_version:1}0
@@ -297,9 +301,12 @@
%package devel
Summary: Apache 2.2 Header and Include Files
Group: Development/Libraries/C and C++
-Requires: %{name} = %{version} %{pname}-MPM
-Requires: libapr1-devel libapr-util1-devel
-Requires: apache2-prefork gcc
+Requires: %{name} = %{version}
+Requires: %{pname}-MPM
+Requires: apache2-prefork
+Requires: gcc
+Requires: libapr-util1-devel
+Requires: libapr1-devel
%description devel
This package contains header files and include files that are needed
@@ -357,6 +364,7 @@
%patch66 -p1
%patch67 -p1
%patch68 -p1
+%patch69
%patch100
%patch101
%patch102
++++++ httpd-2.2.x-bnc690734.patch ++++++
diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c
--- ../httpd-2.2.17-o/server/util_script.c 2009-01-12 14:59:56.000000000
+0100
+++ ./server/util_script.c 2011-07-26 15:39:50.000000000 +0200
@@ -406,6 +406,7 @@
{
char x[MAX_STRING_LEN];
char *w, *l;
+ int wlen;
int p;
int cgi_status = HTTP_UNSET;
apr_table_t *merge;
@@ -414,7 +415,14 @@
if (buffer) {
*buffer = '\0';
}
- w = buffer ? buffer : x;
+
+ if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
+ w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
+ wlen = r->server->limit_req_fieldsize + 2;
+ } else {
+ w = buffer ? buffer : x;
+ wlen = MAX_STRING_LEN;
+ }
/* temporary place to hold headers to merge in later */
merge = apr_table_make(r->pool, 10);
@@ -430,7 +438,7 @@
while (1) {
- int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
+ int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
if (rv == 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
"Premature end of script headers: %s",
@@ -537,9 +545,12 @@
if (!buffer) {
/* Soak up all the script output - may save an outright kill */
- while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
+ while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
continue;
}
+ } else if (w != buffer) {
+ strncpy(buffer, w, MAX_STRING_LEN - 1);
+ buffer[MAX_STRING_LEN - 1] = 0;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
