[Pkg-apache-commits] r1179 - in /branches/lenny-apache2: ./ patches/
sf at alioth.debian.org
sf at alioth.debian.org
Mon Apr 19 19:16:16 UTC 2010
Author: sf
Date: Mon Apr 19 19:16:15 2010
New Revision: 1179
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1179
Log:
- merge changes from DSA
- adjust changelog entry and patch numbering
Added:
branches/lenny-apache2/patches/077_CVE-2010-0408.dpatch
branches/lenny-apache2/patches/078_CVE-2010-0434.dpatch
branches/lenny-apache2/patches/079_avoid_brigade_destroy.dpatch
- copied unchanged from r1178, branches/lenny-apache2/patches/078_avoid_brigade_destroy.dpatch
Removed:
branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch
branches/lenny-apache2/patches/078_avoid_brigade_destroy.dpatch
Modified:
branches/lenny-apache2/changelog
branches/lenny-apache2/patches/00list
Modified: branches/lenny-apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/changelog?rev=1179&op=diff
==============================================================================
--- branches/lenny-apache2/changelog (original)
+++ branches/lenny-apache2/changelog Mon Apr 19 19:16:15 2010
@@ -1,12 +1,19 @@
-apache2 (2.2.9-10+lenny7) UNRELEASED; urgency=low
-
- * Security: CVE-2010-0408: Fix denial of service vulnerability in
- mod_proxy_ajp.
+apache2 (2.2.9-10+lenny8) UNRELEASED; urgency=low
+
* Add missing psmisc dependency for killall used in the init script.
Closes: #568542
* Fix potential memory leaks related to the usage of apr_brigade_destroy().
-- Stefan Fritsch <sf at debian.org> Tue, 02 Mar 2010 21:32:45 +0100
+
+apache2 (2.2.9-10+lenny7) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0408: denial of service via crafted request in mod_proxy_ajp
+ * Fixed CVE-2010-0434: information disclosure via improper handling of
+ headers in subrequests
+
+ -- Giuseppe Iuculano <iuculano at debian.org> Sun, 28 Mar 2010 17:50:02 +0200
apache2 (2.2.9-10+lenny6) stable-security; urgency=high
Modified: branches/lenny-apache2/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/00list?rev=1179&op=diff
==============================================================================
--- branches/lenny-apache2/patches/00list (original)
+++ branches/lenny-apache2/patches/00list Mon Apr 19 19:16:15 2010
@@ -35,8 +35,9 @@
074_CVE-2009-3094.dpatch
075_CVE-2009-3095.dpatch
076_CVE-2009-3555.dpatch
-077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch
-078_avoid_brigade_destroy.dpatch
+077_CVE-2010-0408.dpatch
+078_CVE-2010-0434.dpatch
+079_avoid_brigade_destroy.dpatch
099_config_guess_sub_update
200_cp_suexec.dpatch
201_build_suexec-custom.dpatch
Added: branches/lenny-apache2/patches/077_CVE-2010-0408.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/077_CVE-2010-0408.dpatch?rev=1179&op=file
==============================================================================
--- branches/lenny-apache2/patches/077_CVE-2010-0408.dpatch (added)
+++ branches/lenny-apache2/patches/077_CVE-2010-0408.dpatch Mon Apr 19 19:16:15 2010
@@ -1,0 +1,17 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# Description: fix denial of service via crafted request in mod_proxy_ajp
+# Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=917876
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2~/modules/proxy/mod_proxy_ajp.c apache2/modules/proxy/mod_proxy_ajp.c
+--- apache2~/modules/proxy/mod_proxy_ajp.c 2008-06-05 14:46:43.000000000 +0200
++++ apache2/modules/proxy/mod_proxy_ajp.c 2010-03-28 17:48:17.000000000 +0200
+@@ -231,7 +231,7 @@
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+ "proxy: ap_get_brigade failed");
+ apr_brigade_destroy(input_brigade);
+- return HTTP_INTERNAL_SERVER_ERROR;
++ return HTTP_BAD_REQUEST;
+ }
+
+ /* have something */
Added: branches/lenny-apache2/patches/078_CVE-2010-0434.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/078_CVE-2010-0434.dpatch?rev=1179&op=file
==============================================================================
--- branches/lenny-apache2/patches/078_CVE-2010-0434.dpatch (added)
+++ branches/lenny-apache2/patches/078_CVE-2010-0434.dpatch Mon Apr 19 19:16:15 2010
@@ -1,0 +1,49 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# Description: fix information disclosure via improper handling of
+# headers in subrequests
+# Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=917867
+# Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' apache2~/server/protocol.c apache2/server/protocol.c
+--- apache2~/server/protocol.c 2007-12-12 21:43:04.000000000 +0100
++++ apache2/server/protocol.c 2010-03-28 17:49:17.000000000 +0200
+@@ -1041,15 +1041,13 @@
+ return r;
+ }
+
+-/* if a request with a body creates a subrequest, clone the original request's
+- * input headers minus any headers pertaining to the body which has already
+- * been read. out-of-line helper function for ap_set_sub_req_protocol.
++/* if a request with a body creates a subrequest, remove original request's
++ * input headers which pertain to the body which has already been read.
++ * out-of-line helper function for ap_set_sub_req_protocol.
+ */
+
+-static void clone_headers_no_body(request_rec *rnew,
+- const request_rec *r)
++static void strip_headers_request_body(request_rec *rnew)
+ {
+- rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
+ apr_table_unset(rnew->headers_in, "Content-Encoding");
+ apr_table_unset(rnew->headers_in, "Content-Language");
+ apr_table_unset(rnew->headers_in, "Content-Length");
+@@ -1083,15 +1081,14 @@
+
+ rnew->status = HTTP_OK;
+
++ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
++
+ /* did the original request have a body? (e.g. POST w/SSI tags)
+ * if so, make sure the subrequest doesn't inherit body headers
+ */
+ if (apr_table_get(r->headers_in, "Content-Length")
+ || apr_table_get(r->headers_in, "Transfer-Encoding")) {
+- clone_headers_no_body(rnew, r);
+- } else {
+- /* no body (common case). clone headers the cheap way */
+- rnew->headers_in = r->headers_in;
++ strip_headers_request_body(rnew);
+ }
+ rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
+ rnew->headers_out = apr_table_make(rnew->pool, 5);
More information about the Pkg-apache-commits
mailing list