[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
** Changed in: apache2 Status: Unknown = Fix Released ** Changed in: apache2 Importance: Unknown = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. https://bugs.launchpad.net/bugs/609290 Title: overlapping memcpy in ssl_io_input_read -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
** Branch linked: lp:debian/sid/apache2 ** Branch linked: lp:ubuntu/lucid-proposed/apache2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. https://bugs.launchpad.net/bugs/609290 Title: overlapping memcpy in ssl_io_input_read -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Great. It's a very quick bugfix for this high importance bug - after 3 months from the known solutions. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
This bug was fixed in the package apache2 - 2.2.14-5ubuntu8.3 --- apache2 (2.2.14-5ubuntu8.3) lucid-proposed; urgency=low * debian/apache2.2-common.postinst: Don't fail if you can load the reqtimeout module. (LP: #621837) * debian/patches/Backport fix for upstream bug PR 45444: https://issues.apache.org/bugzilla/show_bug.cgi?id=45444. (LP: #609290, #589611, #595116) -- Chuck Short zul...@ubuntu.com Mon, 27 Sep 2010 14:06:57 -0400 ** Changed in: apache2 (Ubuntu Lucid) Status: Fix Committed = Fix Released -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Accepted apache2 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: apache2 (Ubuntu Lucid) Status: Triaged = Fix Committed ** Tags added: verification-needed -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Thx. Fixing this bug is next in queue. See https://bugs.launchpad.net/ubuntu/lucid/+source/apache2/+bug/589611 -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Jiří: your binary seems do to the trick, I haven't seen the error anymore since updating to it, so thanks, even though I don't really feel comfortable using an unofficial binary fix for this.. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Hello. Because ubuntu team is not able to release the bugfix over 1 month, I compiled patched mod_ssl. For those who want to try it, it's at http://engy.dyndns.org/mod_ssl.so -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Jiří: What happened with the patch you posted 2010-08-04? Was it rejected? -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Jiri, I'm trying it out and will watch my logfiles for a few days. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
They used patch from https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/589611 comment #35, but it contains error - comment #14 from this bug. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Can someone please release a fix for this. I have several servers here facing this error. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
2.2.14-5ubuntu8.2 doesn't contain fix for this bug. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
still no news on this issue? I've installed the attempted fix 2.2.14-5ubuntu8.2, from #595116.. But I'm still getting the same error. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Matthias, I reject your upload and take Chuck's, which also refers to two other bugs. ** Changed in: apache2 (Ubuntu Lucid) Status: In Progress = Fix Committed ** Tags added: verification-needed -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
has anyone been able to build the new apache2 from lucid-proposed? I'm
getting an error while building...
$apt-get -b source apache2
..
applying patch 206-report-max-client-mpm-worker to ./ ... ok.
applying patch 209-backport-mod-reqtimeout to ./ ... ok.
applying patch 210-backport-mod-reqtimeout-ftbfs to ./ ... ok.
applying patch upstream-fix-for-lp-609290.patch to ./ ...diff:
httpd-2.2.14.orig//modules/ssl/ssl_engine_io.c: No such file or directory
diff: httpd-2.2.14//modules/ssl/ssl_engine_io.c: No such file or directory
/home/administrator/apache-ssl-fix/apache2-2.2.14/debian/patches/upstream-fix-for-lp-609290.patch:
line 2: ---: command not found
/home/administrator/apache-ssl-fix/apache2-2.2.14/debian/patches/upstream-fix-for-lp-609290.patch:
line 3: +++: command not found
/home/administrator/apache-ssl-fix/apache2-2.2.14/debian/patches/upstream-fix-for-lp-609290.patch:
line 4: @@: command not found
/home/administrator/apache-ssl-fix/apache2-2.2.14/debian/patches/upstream-fix-for-lp-609290.patch:
line 5: ABOUT_APACHE: command not found
/home/administrator/apache-ssl-fix/apache2-2.2.14/debian/patches/upstream-fix-for-lp-609290.patch:
line 21: syntax error near unexpected token `('
/home/administrator/apache-ssl-fix/apache2-2.2.14/debian/patches/upstream-fix-for-lp-609290.patch:
line 21: `-memcpy(in, buffer-value, inl);'
failed.
make: *** [patch-stamp] Error 1
dpkg-buildpackage: error: debian/rules build gave error exit status 2
Build command 'cd apache2-2.2.14 dpkg-buildpackage -b -uc' failed.
--
overlapping memcpy in ssl_io_input_read
https://bugs.launchpad.net/bugs/609290
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
No, this package has failed to build on all architectures. I've pulled the package back out of lucid-proposed. Chuck, please build test packages before uploading them as SRUs. ** Changed in: apache2 (Ubuntu Lucid) Status: Fix Committed = Triaged ** Tags removed: verification-needed -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Is there any news on this issue? We're waiting anxiously for a fix =) What kind of test case should be added, wasn't this a bug which was fixed in apache-trunk over two years ago? -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
ACK from SRU team, but I'd like a test case to be added for the meantime. The code for the test case is there, but the procedure is not. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
It's my first debdiff, so I don't know if it is correct. ** Patch added: apache.debdiff http://launchpadlibrarian.net/53045267/apache.debdiff -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Bug should have a debdiff and test case included Waiting in lucid-proposed unapproved queue for ubuntu-sru approval -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
I hope this will be fixed as soon as possible. It's very simple patch. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
This bug was fixed in the package apache2 - 2.2.16-1ubuntu1
---
apache2 (2.2.16-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
- debian/control: Add bzr tag and point it to our tree.
- debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
apache2 (2.2.16-1) unstable; urgency=medium
* Urgency medium for security fix.
* New upstream release:
- CVE-2010-1452: mod_dav, mod_cache: Fix denial of service vulnerability
due to incorrect handling of requests without a path segment.
- mod_dir: add FallbackResource directive, to enable admin to specify
an action to happen when a URL maps to no file, without resorting
to ErrorDocument or mod_rewrite
* Fix mod_ssl header line corruption because of using memcpy for overlapping
buffers. PR 45444. LP: #609290, #589611, #595116
apache2 (2.2.15-6) unstable; urgency=low
* Fix init script not correctly killing htcacheclean. Closes: #580971
* Add a separate entry in README.Debian about the need to use apache2ctl
for starting instead of calling apache2 directly. Closes: #580445
* Fix debug info to allow gdb loading it automatically. Closes: #581514
* Fix install target in Makefile created by apxs2 -n. Closes: #588787
* Fix ab sending more requests than specified by the -n parameter.
Closes: #541158
* Add apache2 monit configuration to apache2.2-commons examples dir.
Closes: #583127
* Build as PIE, since gdb in squeeze now supports it.
* Update the postrm script to also purge the version of /var/www/index.html
introduced in 2.2.11-7.
* Bump Standards-Version (no changes).
-- Chuck Short zul...@ubuntu.com Mon, 26 Jul 2010 20:21:37 +0100
** Changed in: apache2 (Ubuntu Maverick)
Status: Triaged = Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1452
--
overlapping memcpy in ssl_io_input_read
https://bugs.launchpad.net/bugs/609290
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
** Summary changed: - Critical bug in memcpy-ssse3-rep.S + overlapping memcpy in ssl_io_input_read ** Changed in: apache2 (Ubuntu Lucid) Importance: Undecided = High ** Changed in: apache2 (Ubuntu Lucid) Status: New = In Progress ** Changed in: apache2 (Ubuntu Lucid) Milestone: None = lucid-updates ** Also affects: apache2 via http://issues.apache.org/bugzilla/show_bug.cgi?id=45444 Importance: Unknown Status: Unknown ** Changed in: apache2 (Ubuntu Maverick) Importance: Undecided = High ** Changed in: apache2 (Ubuntu Maverick) Status: New = Triaged ** Changed in: apache2 (Ubuntu Maverick) Milestone: None = maverick-alpha-3 -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 609290] Re: overlapping memcpy in ssl_io_input_read
Yes you are right. The bug was fixed in main trunk of apache but not in 2.2.x branch. memcpy-ssse3 has code for forward and reverse copy. Why? However, I suggest you add a debug statement to memcpy, to monitor overlapping calls, whether it's just the isolated case. Maybe some developers quietly ignore the note about overlapping in memcpy and then they are surprises. -- overlapping memcpy in ssl_io_input_read https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
