[Pkg-apache-commits] r1064 - in /branches/lenny-apache2: changelog patches/071_CVE-2009-1891.dpatch
sf at alioth.debian.org
sf at alioth.debian.org
Mon Oct 5 16:50:02 UTC 2009
Author: sf
Date: Mon Oct 5 16:50:02 2009
New Revision: 1064
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1064
Log:
fix regression caused by CVE-2009-1891 fix
Modified:
branches/lenny-apache2/changelog
branches/lenny-apache2/patches/071_CVE-2009-1891.dpatch
Modified: branches/lenny-apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/changelog?rev=1064&op=diff
==============================================================================
--- branches/lenny-apache2/changelog (original)
+++ branches/lenny-apache2/changelog Mon Oct 5 16:50:02 2009
@@ -4,6 +4,8 @@
- DoS by malicious ftp server (CVE-2009-3094)
- missing input sanitization: a user could execute arbitrary ftp commands
on the backend ftp server (CVE-2009-3095)
+ * Fix segfault in legacy ap_r* API which is triggered more often since
+ the fix for CVE-2009-1891 was applied (closes: #537665).
* Take care to not override existing index.shtml files when upgrading from
before 2.2.8-1 (closes: #517089).
* mod_deflate: Fix invalid etag to be emitted for on-the-fly gzip
Modified: branches/lenny-apache2/patches/071_CVE-2009-1891.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/071_CVE-2009-1891.dpatch?rev=1064&op=diff
==============================================================================
--- branches/lenny-apache2/patches/071_CVE-2009-1891.dpatch (original)
+++ branches/lenny-apache2/patches/071_CVE-2009-1891.dpatch Mon Oct 5 16:50:02 2009
@@ -3,6 +3,7 @@
## All lines beginning with `## DP:' are a description of the patch.
## DP: mod_deflate DoS
## DP: http://mail-archives.apache.org/mod_mbox/httpd-dev/200907.mbox/<20090703100048.GA4492@redhat.com>
+## DP: also fix segfault which is triggered more often with this patch (#537665, upstream svn r800333)
@DPATCH@
--- a/server/core_filters.c (revision 790833)
@@ -34,3 +35,27 @@
return APR_SUCCESS;
}
+diff --git a/server/util_filter.c b/server/util_filter.c
+index 7d48b52..b2e7b58 100644
+--- a/server/util_filter.c
++++ b/server/util_filter.c
+@@ -578,8 +578,18 @@ AP_DECLARE_NONSTD(apr_status_t) ap_filter_flush(apr_bucket_brigade *bb,
+ void *ctx)
+ {
+ ap_filter_t *f = ctx;
++ apr_status_t rv;
+
+- return ap_pass_brigade(f, bb);
++ rv = ap_pass_brigade(f, bb);
++
++ /* Before invocation of the flush callback, apr_brigade_write et
++ * al may place transient buckets in the brigade, which will fall
++ * out of scope after returning. Empty the brigade here, to avoid
++ * issues with leaving such buckets in the brigade if some filter
++ * fails and leaves a non-empty brigade. */
++ apr_brigade_cleanup(bb);
++
++ return rv;
+ }
+
+ AP_DECLARE(apr_status_t) ap_fflush(ap_filter_t *f, apr_bucket_brigade *bb)
More information about the Pkg-apache-commits
mailing list