[Pkg-apache-commits] r1208 - in /trunk/apache2: changelog patches/00list patches/076_apxs2_a2enmod.dpatch patches/080_mod_reqtimeout_fixes.dpatch patches/081_apxs_perl_5.12.dpatch

sf at alioth.debian.org sf at alioth.debian.org
Sat Jul 24 19:25:29 UTC 2010 

Author: sf
Date: Sat Jul 24 19:25:28 2010
New Revision: 1208

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1208
Log:
New upstream
adjust patches

Removed:
    trunk/apache2/patches/081_apxs_perl_5.12.dpatch
Modified:
    trunk/apache2/changelog
    trunk/apache2/patches/00list
    trunk/apache2/patches/076_apxs2_a2enmod.dpatch
    trunk/apache2/patches/080_mod_reqtimeout_fixes.dpatch

Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1208&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sat Jul 24 19:25:28 2010
@@ -1,3 +1,14 @@
+apache2 (2.2.16-1) UNRELEASED; urgency=low
+
+  * New upstream release:
+    - CVE-2010-1452: mod_dav, mod_cache: Fix denial of service vulnerability
+      due to incorrect handling of requests without a path segment.
+    - mod_dir: add FallbackResource directive, to enable admin to specify
+      an action to happen when a URL maps to no file, without resorting
+      to ErrorDocument or mod_rewrite
+
+ -- Stefan Fritsch <sf at debian.org>  Sat, 24 Jul 2010 21:00:10 +0200
+
 apache2 (2.2.15-6) unstable; urgency=low
 
   * Fix init script not correctly killing htcacheclean. Closes: #580971

Modified: trunk/apache2/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/patches/00list?rev=1208&op=diff
==============================================================================
--- trunk/apache2/patches/00list (original)
+++ trunk/apache2/patches/00list Sat Jul 24 19:25:28 2010
@@ -24,7 +24,6 @@
 077_CacheIgnoreURLSessionIdentifiers.dpatch
 079_polish_translation.dpatch
 080_mod_reqtimeout_fixes.dpatch
-081_apxs_perl_5.12.dpatch
 082_ab_num_requests
 099_config_guess_sub_update
 200_cp_suexec.dpatch

Modified: trunk/apache2/patches/076_apxs2_a2enmod.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/patches/076_apxs2_a2enmod.dpatch?rev=1208&op=diff
==============================================================================
--- trunk/apache2/patches/076_apxs2_a2enmod.dpatch (original)
+++ trunk/apache2/patches/076_apxs2_a2enmod.dpatch Sat Jul 24 19:25:28 2010
@@ -8,7 +8,7 @@
 diff -urNad trunk~/support/apxs.in trunk/support/apxs.in
 --- trunk~/support/apxs.in	2010-01-02 21:52:57.828866228 +0100
 +++ trunk/support/apxs.in	2010-01-02 21:55:48.375597120 +0100
-@@ -522,7 +522,7 @@
+@@ -521,7 +521,7 @@
  	# $dir =~ s|^$CFG_PREFIX/?||;
          $dir =~ s|(.)$|$1/|;
  	$t =~ s|\.la$|.so|;
@@ -17,15 +17,17 @@
      }
  
      #   execute the commands
-@@ -530,105 +530,35 @@
+@@ -529,108 +529,35 @@
  
      #   activate module via LoadModule/AddModule directive
      if ($opt_a or $opt_A) {
 -        if (not -f "$CFG_SYSCONFDIR/httpd.conf") {
 -            error("Config file $CFG_SYSCONFDIR/httpd.conf not found");
--            exit(1);
--        }
--
++        if (not -d "$CFG_SYSCONFDIR/mods-available") {
++            error("Config file $CFG_SYSCONFDIR/mods-available not found");
+             exit(1);
+         }
+ 
 -        open(FP, "<$CFG_SYSCONFDIR/httpd.conf") || die;
 -        my $content = join('', <FP>);
 -        close(FP);
@@ -33,17 +35,18 @@
 -        if ($content !~ m|\n#?\s*LoadModule\s+|) {
 -            error("Activation failed for custom $CFG_SYSCONFDIR/httpd.conf file.");
 -            error("At least one `LoadModule' directive already has to exist.");
-+        if (not -d "$CFG_SYSCONFDIR/mods-available") {
-+            error("Config file $CFG_SYSCONFDIR/mods-available not found");
-             exit(1);
-         }
- 
+-            exit(1);
+-        }
+-
 -        my $lmd;
 -        my $c = '';
 -        $c = '#' if ($opt_A);
 -        foreach $lmd (@lmd) {
 -            my $what = $opt_A ? "preparing" : "activating";
--            if ($content !~ m|\n#?\s*$lmd|) {
+-            my $lmd_re = $lmd;
+-            $lmd_re =~ s/\s+/\\s+/g;
+-
+-            if ($content !~ m|\n#?\s*$lmd_re|) {
 -                # check for open <containers>, so that the new LoadModule
 -                # directive always appears *outside* of an <container>.
 -
@@ -63,15 +66,7 @@
 -                    error('Configuration file is not valid. There are sections'
 -                          . ' closed before opened.');
 -                    exit(1);
-+        my $entry;
-+        foreach $entry (@lmd) {
-+            my ($name, $lmd) = @{$entry};
-+            my $filename = "$CFG_SYSCONFDIR/mods-available/$name.load";
-+            if (-f $filename) {
-+                my $cmd = "mv $filename $filename.bak~";
-+                if (system($cmd) != 0) {
-+                    die "'$cmd' failed\n";
-                 }
+-                }
 -                else {
 -                    # put our cmd after the section containing the last
 -                    # LoadModule.
@@ -102,31 +97,41 @@
 -                                                     # be repeated $cntopen
 -                                                     # times. That's it.
 -                                                     # Simple, eh? ;-)
-+            }
- 
+-
 -                                  )                  # capture end
 -                                 !$1$c$lmd\n!mx;
-+            notice("[preparing module `$name' in $filename]");
-+            open(FP, ">$filename") || die;
-+            print FP "$lmd\n";
-+            close(FP);
- 
+-
 -                    unless ($found) {
 -                        error('Configuration file is not valid. There are '
 -                              . 'sections opened and not closed.');
 -                        exit(1);
 -                    }
-+            if ($opt_a) {
-+                my $cmd = "a2enmod $name";
++        my $entry;
++        foreach $entry (@lmd) {
++            my ($name, $lmd) = @{$entry};
++            my $filename = "$CFG_SYSCONFDIR/mods-available/$name.load";
++            if (-f $filename) {
++                my $cmd = "mv $filename $filename.bak~";
 +                if (system($cmd) != 0) {
 +                    die "'$cmd' failed\n";
                  }
 -            } else {
 -                # replace already existing LoadModule line
--                $content =~ s|^(.*\n)#?\s*$lmd[^\n]*\n|$1$c$lmd\n|s;
--            }
+-                $content =~ s|^(.*\n)#?\s*$lmd_re[^\n]*\n|$1$c$lmd\n|s;
+             }
 -            $lmd =~ m|LoadModule\s+(.+?)_module.*|;
 -            notice("[$what module `$1' in $CFG_SYSCONFDIR/httpd.conf]");
++
++            notice("[preparing module `$name' in $filename]");
++            open(FP, ">$filename") || die;
++            print FP "$lmd\n";
++            close(FP);
++
++            if ($opt_a) {
++                my $cmd = "a2enmod $name";
++                if (system($cmd) != 0) {
++                    die "'$cmd' failed\n";
++                }
 +            }               
 +
          }

Modified: trunk/apache2/patches/080_mod_reqtimeout_fixes.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/patches/080_mod_reqtimeout_fixes.dpatch?rev=1208&op=diff
==============================================================================
--- trunk/apache2/patches/080_mod_reqtimeout_fixes.dpatch (original)
+++ trunk/apache2/patches/080_mod_reqtimeout_fixes.dpatch Sat Jul 24 19:25:28 2010
@@ -240,7 +240,7 @@
 +    apr_socket_timeout_set(ccfg->socket, saved_sock_timeout);
  
 +out:
-     if (rv == APR_TIMEUP) {
+     if (APR_STATUS_IS_TIMEUP(rv)) {
          ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
                        "Request %s read timeout", ccfg->type);
 +        /*

More information about the Pkg-apache-commits mailing list