[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, squeeze, updated. a40771997c44c700df5a3baf73d15af08b31aa9f

Stefan Fritsch sf at sfritsch.de
Sun Feb 5 20:35:44 UTC 2012 

The following commit has been merged in the squeeze branch:
commit 1f504ab2026b915f946dab744782397de652c2bd
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sat Feb 4 17:48:35 2012 +0100

    CVE-2012-0031: Fix client process being able to crash parent process
    during shutdown.

diff --git a/debian/changelog b/debian/changelog
index ce79d7e..04322c7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ apache2 (2.2.16-6+squeeze5) UNRELEASED; urgency=high
     CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
   * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
     privilege escalation.
+  * CVE-2012-0031: Fix client process being able to crash parent process
+    during shutdown.
 
  -- Stefan Fritsch <sf at debian.org>  Sat, 03 Dec 2011 18:38:51 +0100
 
diff --git a/debian/patches/00list b/debian/patches/00list
index 3f627e6..32b1e0c 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -34,6 +34,7 @@
 090_CVE-2011-4317.dpatch
 091_CVE-2011-3639.dpatch
 092_CVE-2011-3607.dpatch
+093_CVE-2012-0031.dpatch
 099_config_guess_sub_update
 200_cp_suexec.dpatch
 201_build_suexec-custom.dpatch
diff --git a/debian/patches/093_CVE-2012-0031.dpatch b/debian/patches/093_CVE-2012-0031.dpatch
new file mode 100644
index 0000000..27b03a9
--- /dev/null
+++ b/debian/patches/093_CVE-2012-0031.dpatch
@@ -0,0 +1,41 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: backport of upstream r1231058
+
+    Merge r1230069 from trunk:
+    Submitted by: jorton
+    Reviewed/backported by: jim
+    
+    SECURITY (CVE-2012-0031) patch
+    
+diff --git a/server/scoreboard.c b/server/scoreboard.c
+index 060de5c..1c60fdd 100644
+--- a/server/scoreboard.c
++++ b/server/scoreboard.c
+@@ -42,6 +42,8 @@ AP_DECLARE_DATA const char *ap_scoreboard_fname = NULL;
+ AP_DECLARE_DATA int ap_extended_status = 0;
+ AP_DECLARE_DATA int ap_mod_status_reqtail = 0;
+ 
++static ap_scoreboard_e scoreboard_type;
++
+ #if APR_HAS_SHARED_MEMORY
+ 
+ #include "apr_shm.h"
+@@ -250,7 +252,7 @@ apr_status_t ap_cleanup_scoreboard(void *d)
+     if (ap_scoreboard_image == NULL) {
+         return APR_SUCCESS;
+     }
+-    if (ap_scoreboard_image->global->sb_type == SB_SHARED) {
++    if (scoreboard_type == SB_SHARED) {
+         ap_cleanup_shared_mem(NULL);
+     }
+     else {
+@@ -314,7 +316,7 @@ int ap_create_scoreboard(apr_pool_t *p, ap_scoreboard_e sb_type)
+         ap_init_scoreboard(sb_mem);
+     }
+ 
+-    ap_scoreboard_image->global->sb_type = sb_type;
++    ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type;
+     ap_scoreboard_image->global->running_generation = running_gen;
+     ap_scoreboard_image->global->restart_time = apr_time_now();
+ 

-- 
Debian packaging for apache2 (Apache HTTPD 2.x)

More information about the Pkg-apache-commits mailing list