[SCM] Debian packaging for apache2 branch, master, updated. debian/2.4.4-6-33-gb46d990
Stefan Fritsch
sf at sfritsch.de
Sun Jul 21 16:28:52 UTC 2013
The following commit has been merged in the master branch:
commit 09061b266ca0a514cd47df2426cd4e6cc5d882e4
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun Jul 21 17:14:57 2013 +0200
Remove patches that are in 2.4.6
diff --git a/debian/patches/CVE-2013-1896.patch b/debian/patches/CVE-2013-1896.patch
deleted file mode 100644
index be07788..0000000
--- a/debian/patches/CVE-2013-1896.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Description: fix denial of service via MERGE request
-Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1486461
-
-Index: apache2-2.4.4/modules/dav/main/mod_dav.c
-===================================================================
---- apache2-2.4.4.orig/modules/dav/main/mod_dav.c 2011-12-04 19:08:01.000000000 -0500
-+++ apache2-2.4.4/modules/dav/main/mod_dav.c 2013-07-18 11:20:33.353180556 -0400
-@@ -707,6 +707,12 @@
-
- conf = ap_get_module_config(r->per_dir_config, &dav_module);
- /* assert: conf->provider != NULL */
-+ if (conf->provider == NULL) {
-+ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0,
-+ apr_psprintf(r->pool,
-+ "DAV not enabled for %s",
-+ ap_escape_html(r->pool, r->uri)));
-+ }
-
- /* resolve the resource */
- err = (*conf->provider->repos->get_resource)(r, conf->dir,
-@@ -2683,11 +2689,6 @@
- "Destination URI had an error.");
- }
-
-- if (dav_get_provider(lookup.rnew) == NULL) {
-- return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,
-- "DAV not enabled for Destination URI.");
-- }
--
- /* Resolve destination resource */
- err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,
- 0 /* use_checked_in */, &resnew);
diff --git a/debian/patches/allow-strtoul.patch b/debian/patches/allow-strtoul.patch
deleted file mode 100644
index b777192..0000000
--- a/debian/patches/allow-strtoul.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Arno Töll <arno at debian.org>
-Subject: Allow use of strtoul
-
-* include/httpd.h: allow usage of strtoul
-
-We are not sunos4, so we do have strtoul on all ports, especially since it's
-defined in C99.
-
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711534
-Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=55077
---- a/include/httpd.h
-+++ b/include/httpd.h
-@@ -2093,12 +2093,6 @@
- */
- AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r);
-
--/** strtoul does not exist on sunos4. */
--#ifdef strtoul
--#undef strtoul
--#endif
--#define strtoul strtoul_is_not_a_portable_function_use_strtol_instead
--
- /* The C library has functions that allow const to be silently dropped ...
- these macros detect the drop in maintainer mode, but use the native
- methods for normal builds
diff --git a/debian/patches/itk-hook-just-after-merging-perdir-config.patch b/debian/patches/itk-hook-just-after-merging-perdir-config.patch
deleted file mode 100644
index 802256f..0000000
--- a/debian/patches/itk-hook-just-after-merging-perdir-config.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Add an extra hook right after merging per-directory configuration.
-This makes sure we are able to setuid() as early as possible (that
-is, as soon as know what uid/gid to use for this location), so we
-won't run all sorts of subrequests and other stuff as root.
-
-Index: httpd-2.4.1/server/request.c
-===================================================================
---- httpd-2.4.1.orig/server/request.c
-+++ httpd-2.4.1/server/request.c
-@@ -69,6 +69,7 @@ APR_HOOK_STRUCT(
- APR_HOOK_LINK(auth_checker)
- APR_HOOK_LINK(insert_filter)
- APR_HOOK_LINK(create_request)
-+ APR_HOOK_LINK(post_perdir_config)
- )
-
- AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
-@@ -91,6 +92,21 @@ AP_IMPLEMENT_HOOK_VOID(insert_filter, (r
- AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
- (request_rec *r), (r), OK, DECLINED)
-
-+/**
-+ * This hook allows modules to affect the request immediately after the
-+ * per-directory configuration for the request has been generated. This allows
-+ * modules to make decisions based upon the current directory configuration
-+ *
-+ * This hook is private to mpm-itk, so it is not exposed in http_request.h.
-+ *
-+ * @param r The current request
-+ * @return OK or DECLINED
-+ */
-+AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
-+
-+AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config,
-+ (request_rec *r), (r), OK, DECLINED)
-+
- static int auth_internal_per_conf = 0;
- static int auth_internal_per_conf_hooks = 0;
- static int auth_internal_per_conf_providers = 0;
-@@ -191,6 +207,13 @@ AP_DECLARE(int) ap_process_request_inter
- r->log = d->log;
- }
-
-+ /* First chance to handle the request after per-directory configuration is
-+ * generated
-+ */
-+ if ((access_status = ap_run_post_perdir_config(r))) {
-+ return access_status;
-+ }
-+
- /* Only on the main request! */
- if (r->main == NULL) {
- if ((access_status = ap_run_header_parser(r))) {
diff --git a/debian/patches/series b/debian/patches/series
index fdb9562..a48b70c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,9 +14,5 @@ build_suexec-custom.patch
#suexec-custom.patch
# some changes to the core needed for itk:
add-itk-to-build-system.patch
-itk-hook-just-after-merging-perdir-config.patch
itk-fix-htaccess-reads-for-persistent-connections.patch
itk-rerun-configure.patch
-upstream-fixes
-allow-strtoul.patch
-CVE-2013-1896.patch
diff --git a/debian/patches/upstream-fixes b/debian/patches/upstream-fixes
deleted file mode 100644
index d7ba4b4..0000000
--- a/debian/patches/upstream-fixes
+++ /dev/null
@@ -1,1395 +0,0 @@
-Description: Pull various fixes from upstream branch 2.4.x
-
-# ------------------------------------------------------------------------
-# r1449999 | tdonovan | 2013-02-26 03:18:04 +0100 (Tue, 26 Feb 2013) | 3 lines
-#
-# Backport r1449479 from trunk.
-# mod_include: Use new ap_expr for 'elif'. [PR 54548]
-#
-# ------------------------------------------------------------------------
-# r1455219 | jim | 2013-03-11 17:32:28 +0100 (Mon, 11 Mar 2013) | 8 lines
-#
-# Merge r1439623 from trunk:
-#
-# Fix error because of negative rate-limit
-# PR : 52964
-# Submitted by: Tianyin Xu <tixu cs ucsd edu>
-# Submitted by: jailletc36
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1465986 | jim | 2013-04-09 14:15:44 +0200 (Tue, 09 Apr 2013) | 8 lines
-#
-# Merge r1453604 from trunk:
-#
-# fix merge of min/max file size by setting corresponding _set
-#
-#
-# Submitted by: covener
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1467981 | jim | 2013-04-15 14:42:29 +0200 (Mon, 15 Apr 2013) | 14 lines
-#
-# Merge r1467765 from trunk:
-#
-# Fix crash in mod_log_config when logging
-# request end time for a failed request
-# (LogFormat contains %{end}t).
-#
-# The request_config for mod_log_config might
-# not be initialized.
-#
-# PR 54828.
-#
-# Submitted by: rjung
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1476089 | rjung | 2013-04-26 09:42:01 +0200 (Fri, 26 Apr 2013) | 10 lines
-#
-# htdigest: Fix buffer overflow when reading digest
-# password file with very long lines.
-#
-# PR 54893.
-#
-# Backport of r1475878 from trunk.
-#
-# Proposed/Backported by: rjung
-# Reviewed by: humbedooh, covener
-#
-# ------------------------------------------------------------------------
-# r1455225 | jim | 2013-03-11 17:38:39 +0100 (Mon, 11 Mar 2013) | 41 lines
-#
-# Merge r1442865, r1442759, r1442326, r1442309, r1448171, r1418556, r1448453, r1425771, r1425772, r1425775 from trunk:
-#
-# Change bzero/bcopy into memset/memcpy
-#
-# PR 54346
-#
-# Can't figure out why we allocate len+2 bytes here. Len+1 should be enough.
-#
-# Fix valgrind warning about uninitialized memory in argument to semctl
-#
-# PR: 53690
-# Submitted by: Mikhail T. <mi+apache aldan algebra com>
-#
-#
-# fix valgrind warnings about uninitialized memory in syscall arguments
-#
-#
-# This is useful info for mod_status ;)
-#
-# Add some __attribute__ for automatic format checking.
-# Correct one catch in sed0.c.
-#
-# Correct some spelling.
-#
-#
-# Replace strdup by ap_malloc to ensure a proper error message if out-of-memory.
-# While there, only allocate memory for the string part we actually use.
-#
-# PR: 54345
-#
-#
-# Exit with error message if out of mem
-#
-#
-# htdbm, htpasswd: print error message if out of memory
-#
-# PR: 54345
-#
-# Submitted by: jailletc36, sf, sf, jim, jailletc36, minfrin, sf, sf, sf
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1467978 | jim | 2013-04-15 14:39:55 +0200 (Mon, 15 Apr 2013) | 11 lines
-#
-# Merge r1463750, r1463754, r1464675 from trunk:
-#
-# Use apr_file_printf(... "%pm"...) instead of explicit call to apr_strerror
-#
-# Use apr_psprintf(... "%pm"...) instead of explicit call to apr_strerror
-#
-# Use apr_file_printf(... "%pm"...) instead of explicit call to apr_strerror
-# + add some spaces to improve formatting
-# Submitted by: jailletc36
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1467980 | jim | 2013-04-15 14:42:00 +0200 (Mon, 15 Apr 2013) | 11 lines
-#
-# Merge r1452128 from trunk:
-#
-# Remove useless tests.
-#
-# Turn
-# if (*x && apr_isspace(*x))
-# into
-# if (apr_isspace(*x))
-# Submitted by: jailletc36
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1476674 | minfrin | 2013-04-27 23:27:43 +0200 (Sat, 27 Apr 2013) | 7 lines
-#
-# htpasswd/htdbm: Fix hash generation bug. PR 54735
-#
-# trunk patch: https://svn.apache.org/r1465115
-#
-# Submitted by: MadMaverick9 <asfbugzilla meinkino.ch>
-# Reviewed by: sf, covener, minfrin
-#
-# ------------------------------------------------------------------------
-# r1476143 | rpluem | 2013-04-26 13:31:59 +0200 (Fri, 26 Apr 2013) | 10 lines
-#
-# Merge r1471449 from trunk:
-#
-# * Fix null pointer dereference in case SetEnvif and SetEnvIfExpr are used
-# together.
-#
-# PR: 54881
-#
-# Submitted by: rpluem
-# Reviewed by: rpluem, covener, humbedooh
-#
-# ------------------------------------------------------------------------
-# r1476676 | minfrin | 2013-04-27 23:32:55 +0200 (Sat, 27 Apr 2013) | 6 lines
-#
-# mod_auth_digest: avoid crash if shm init fails.
-#
-# trunk patch: https://svn.apache.org/r1463047
-# Submitted by: sf
-# Reviewed by: humbedooh, covener
-#
-# ------------------------------------------------------------------------
-# r1476685 | minfrin | 2013-04-28 00:18:02 +0200 (Sun, 28 Apr 2013) | 13 lines
-#
-# mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
-# with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
-# (check at startup, to prevent segfaults at proxy request time)
-#
-# trunk patches: https://svn.apache.org/r1374214
-# https://svn.apache.org/r1374216
-# https://svn.apache.org/r1375445
-# https://svn.apache.org/r1467593
-# 2.4.x patch: https://people.apache.org/~kbrand/PR52212_54698_2.4.x.patch
-#
-# Submitted by: kbrand
-# Reviewed by: jorton, minfrin
-#
-# ------------------------------------------------------------------------
-# r1477651 | jim | 2013-04-30 16:19:43 +0200 (Tue, 30 Apr 2013) | 9 lines
-#
-# Merge r1465116 from trunk:
-#
-# htpasswd: Add -v option to verify a password
-#
-# htpasswd and htdbm could use some more refactoring...
-#
-# Submitted by: sf
-# Reviewed/backported by: jim
-#
-# ------------------------------------------------------------------------
-# r1481512 | minfrin | 2013-05-12 12:21:18 +0200 (Sun, 12 May 2013) | 7 lines
-#
-# core: Improve error message where client's request-line exceeds LimitRequestLine
-# PR 54384
-#
-# trunk patch: http://svn.apache.org/r1433613
-# Submitted by: jailletc36
-# Reviewed by: minfrin, jim
-#
-# ------------------------------------------------------------------------
-# r1481513 | minfrin | 2013-05-12 12:26:22 +0200 (Sun, 12 May 2013) | 6 lines
-#
-# mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559
-#
-# trunk patch: http://svn.apache.org/r1476645
-# Submitted by: Diego Santa Cruz <diego.santaCruz spinetix.com>
-# Reviewed by: minfrin, covener, sf
-#
-# ------------------------------------------------------------------------
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,4 +1,38 @@
- -*- coding: utf-8 -*-
-+
-+Changes backported from unreleased 2.4.x branch
-+
-+ *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
-+ PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
-+
-+ *) core: Improve error message where client's request-line exceeds
-+ LimitRequestLine. PR 54384 [Christophe Jaillet]
-+
-+ *) htpasswd: Add -v option to verify a password. [Stefan Fritsch]
-+
-+ *) mod_auth_digest: Fix crashes if shm initialization failed. [Stefan
-+ Fritsch]
-+
-+ *) htpasswd, htdbm: Fix password generation. PR 54735. [Stefan Fritsch]
-+
-+ *) mod_setenvif: Fix crash in case SetEnvif and SetEnvIfExpr are used
-+ together. PR 54881. [Ruediger Pluem]
-+
-+ *) htdigest: Fix buffer overflow when reading digest password file
-+ with very long lines. PR 54893. [Rainer Jung]
-+
-+ *) mod_log_config: Fix crash when logging request end time for a failed
-+ request. PR 54828 [Rainer Jung]
-+
-+ *) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
-+ with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
-+ [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
-+
-+ *) mod_cache_disk: CacheMinFileSize and CacheMaxFileSize were always
-+ using compiled in defaults of 1000000/1 respectively. [Eric Covener]
-+
-+ * mod_include: Use new ap_expr for 'elif', like 'if',
-+ if legacy parser is not specified. PR 54548 [Tom Donovan]
-
- Changes with Apache 2.4.4
-
---- a/include/httpd.h
-+++ b/include/httpd.h
-@@ -1388,7 +1388,7 @@
- char **) */
-
- /**
-- * Get the characters until the first occurance of a specified character
-+ * Get the characters until the first occurrence of a specified character
- * @param p The pool to allocate memory from
- * @param line The string to get the characters from
- * @param stop The character to stop at
-@@ -1397,7 +1397,7 @@
- AP_DECLARE(char *) ap_getword(apr_pool_t *p, const char **line, char stop);
-
- /**
-- * Get the characters until the first occurance of a specified character
-+ * Get the characters until the first occurrence of a specified character
- * @param p The pool to allocate memory from
- * @param line The string to get the characters from
- * @param stop The character to stop at
-@@ -1426,22 +1426,22 @@
- AP_DECLARE(char *) ap_getword_white_nc(apr_pool_t *p, char **line);
-
- /**
-- * Get all characters from the first occurance of @a stop to the first "\0"
-+ * Get all characters from the first occurrence of @a stop to the first "\0"
- * @param p The pool to allocate memory from
- * @param line The line to traverse
- * @param stop The character to start at
-- * @return A copy of all caracters after the first occurance of the specified
-+ * @return A copy of all characters after the first occurrence of the specified
- * character
- */
- AP_DECLARE(char *) ap_getword_nulls(apr_pool_t *p, const char **line,
- char stop);
-
- /**
-- * Get all characters from the first occurance of @a stop to the first "\0"
-+ * Get all characters from the first occurrence of @a stop to the first "\0"
- * @param p The pool to allocate memory from
- * @param line The line to traverse
- * @param stop The character to start at
-- * @return A copy of all caracters after the first occurance of the specified
-+ * @return A copy of all characters after the first occurrence of the specified
- * character
- * @note The same as ap_getword_nulls(), except it doesn't use const char **.
- */
---- a/include/util_filter.h
-+++ b/include/util_filter.h
-@@ -332,8 +332,8 @@
- AP_DECLARE(apr_status_t) ap_pass_brigade_fchk(request_rec *r,
- apr_bucket_brigade *bucket,
- const char *fmt,
-- ...);
--
-+ ...)
-+ __attribute__((format(printf,3,4)));
-
- /**
- * This function is used to register an input filter with the system.
---- a/modules/aaa/mod_auth_digest.c
-+++ b/modules/aaa/mod_auth_digest.c
-@@ -223,6 +223,8 @@
- opaque_lock = NULL;
- }
-
-+ client_list = NULL;
-+
- return APR_SUCCESS;
- }
-
---- a/modules/aaa/mod_authz_host.c
-+++ b/modules/aaa/mod_authz_host.c
-@@ -131,10 +131,8 @@
- return apr_psprintf(p, "ip address '%s' appears to be invalid", w);
- }
- else if (rv != APR_SUCCESS) {
-- char msgbuf[120];
-- apr_strerror(rv, msgbuf, sizeof msgbuf);
-- return apr_psprintf(p, "ip address '%s' appears to be invalid: %s",
-- w, msgbuf);
-+ return apr_psprintf(p, "ip address '%s' appears to be invalid: %pm",
-+ w, &rv);
- }
-
- if (parsed_subnets)
---- a/modules/cache/mod_cache_disk.c
-+++ b/modules/cache/mod_cache_disk.c
-@@ -841,7 +841,7 @@
- }
-
- *l++ = '\0';
-- while (*l && apr_isspace(*l)) {
-+ while (apr_isspace(*l)) {
- ++l;
- }
-
-@@ -1447,6 +1447,7 @@
- {
- return "CacheMinFileSize argument must be a non-negative integer representing the min size of a file to cache in bytes.";
- }
-+ dconf->minfs_set = 1;
- return NULL;
- }
-
-@@ -1460,6 +1461,7 @@
- {
- return "CacheMaxFileSize argument must be a non-negative integer representing the max size of a file to cache in bytes.";
- }
-+ dconf->maxfs_set = 1;
- return NULL;
- }
-
---- a/modules/dav/main/props.c
-+++ b/modules/dav/main/props.c
-@@ -594,13 +594,14 @@
- if (propdb->db != NULL) {
- dav_xmlns_info *xi = dav_xmlns_create(propdb->p);
- dav_prop_name name;
-+ dav_error *err;
-
- /* define (up front) any namespaces the db might need */
- (void) (*db_hooks->define_namespaces)(propdb->db, xi);
-
- /* get the first property name, beginning the scan */
-- (void) (*db_hooks->first_name)(propdb->db, &name);
-- while (name.ns != NULL) {
-+ err = (*db_hooks->first_name)(propdb->db, &name);
-+ while (!err && name.ns) {
-
- /*
- ** We also look for <DAV:getcontenttype> and
-@@ -619,7 +620,6 @@
- }
-
- if (what == DAV_PROP_INSERT_VALUE) {
-- dav_error *err;
- int found;
-
- if ((err = (*db_hooks->output_value)(propdb->db, &name,
-@@ -638,7 +638,7 @@
- }
-
- next_key:
-- (void) (*db_hooks->next_name)(propdb->db, &name);
-+ err = (*db_hooks->next_name)(propdb->db, &name);
- }
-
- /* all namespaces have been entered into xi. generate them into
---- a/modules/filters/mod_include.c
-+++ b/modules/filters/mod_include.c
-@@ -2411,7 +2411,10 @@
- return APR_SUCCESS;
- }
-
-- expr_ret = parse_expr(ctx, expr, &was_error);
-+ if (ctx->intern->legacy_expr)
-+ expr_ret = parse_expr(ctx, expr, &was_error);
-+ else
-+ expr_ret = parse_ap_expr(ctx, expr, &was_error);
-
- if (was_error) {
- SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
---- a/modules/filters/mod_proxy_html.c
-+++ b/modules/filters/mod_proxy_html.c
-@@ -668,7 +668,7 @@
- if (p != NULL) {
- while (*p) {
- p += 7;
-- while (*p && apr_isspace(*p))
-+ while (apr_isspace(*p))
- ++p;
- if (*p != '=')
- continue;
---- a/modules/filters/mod_ratelimit.c
-+++ b/modules/filters/mod_ratelimit.c
-@@ -74,6 +74,7 @@
- if (ctx == NULL) {
-
- const char *rl = NULL;
-+ int ratelimit;
-
- /* no subrequests. */
- if (f->r->main != NULL) {
-@@ -87,22 +88,21 @@
- ap_remove_output_filter(f);
- return ap_pass_brigade(f->next, bb);
- }
--
-- /* first run, init stuff */
-- ctx = apr_palloc(f->r->pool, sizeof(rl_ctx_t));
-- f->ctx = ctx;
-- ctx->speed = 0;
-- ctx->state = RATE_LIMIT;
--
-+
- /* rl is in kilo bytes / second */
-- ctx->speed = atoi(rl) * 1024;
--
-- if (ctx->speed == 0) {
-+ ratelimit = atoi(rl) * 1024;
-+ if (ratelimit <= 0) {
- /* remove ourselves */
- ap_remove_output_filter(f);
- return ap_pass_brigade(f->next, bb);
- }
-
-+ /* first run, init stuff */
-+ ctx = apr_palloc(f->r->pool, sizeof(rl_ctx_t));
-+ f->ctx = ctx;
-+ ctx->state = RATE_LIMIT;
-+ ctx->speed = ratelimit;
-+
- /* calculate how many bytes / interval we want to send */
- /* speed is bytes / second, so, how many (speed / 1000 % interval) */
- ctx->chunk_size = (ctx->speed / (1000 / RATE_INTERVAL_MS));
---- a/modules/filters/regexp.h
-+++ b/modules/filters/regexp.h
-@@ -69,7 +69,8 @@
-
- extern char *sed_compile(sed_commands_t *commands, sed_comp_args *compargs,
- char *ep, char *endbuf, int seof);
--extern void command_errf(sed_commands_t *commands, const char *fmt, ...);
-+extern void command_errf(sed_commands_t *commands, const char *fmt, ...)
-+ __attribute__((format(printf,2,3)));
-
- #define SEDERR_CGMES "command garbled: %s"
- #define SEDERR_SMMES "Space missing before filename: %s"
---- a/modules/filters/sed0.c
-+++ b/modules/filters/sed0.c
-@@ -275,7 +275,7 @@
- }
-
- if(p > &commands->respace[RESIZE-1]) {
-- command_errf(commands, SEDERR_TMMES);
-+ command_errf(commands, SEDERR_TMMES, commands->linebuf);
- return -1;
- }
-
---- a/modules/generators/mod_status.c
-+++ b/modules/generators/mod_status.c
-@@ -405,6 +405,8 @@
- ")</h1>\n\n", NULL);
- ap_rvputs(r, "<dl><dt>Server Version: ",
- ap_get_server_description(), "</dt>\n", NULL);
-+ ap_rvputs(r, "<dt>Server MPM: ",
-+ ap_show_mpm(), "</dt>\n", NULL);
- ap_rvputs(r, "<dt>Server Built: ",
- ap_get_server_built(), "\n</dt></dl><hr /><dl>\n", NULL);
- ap_rvputs(r, "<dt>Current Time: ",
-@@ -981,4 +983,3 @@
- NULL, /* command table */
- register_hooks /* register_hooks */
- };
--
---- a/modules/loggers/mod_log_config.c
-+++ b/modules/loggers/mod_log_config.c
-@@ -597,6 +597,10 @@
- {
- log_request_state *state = (log_request_state *)ap_get_module_config(r->request_config,
- &log_config_module);
-+ if (!state) {
-+ state = apr_pcalloc(r->pool, sizeof(log_request_state));
-+ ap_set_module_config(r->request_config, &log_config_module, state);
-+ }
- if (state->request_end_time == 0) {
- state->request_end_time = apr_time_now();
- }
---- a/modules/mappers/mod_imagemap.c
-+++ b/modules/mappers/mod_imagemap.c
-@@ -686,7 +686,7 @@
- if (!*string_pos) { /* need at least two fields */
- goto need_2_fields;
- }
-- while(*string_pos && apr_isspace(*string_pos)) { /* past whitespace */
-+ while (apr_isspace(*string_pos)) { /* past whitespace */
- ++string_pos;
- }
-
---- a/modules/mappers/mod_negotiation.c
-+++ b/modules/mappers/mod_negotiation.c
-@@ -366,7 +366,7 @@
- return 1.0f;
- }
-
-- while (*string && apr_isspace(*string)) {
-+ while (apr_isspace(*string)) {
- ++string;
- }
-
-@@ -464,7 +464,7 @@
- }
-
- *cp++ = '\0'; /* Delimit var */
-- while (*cp && (apr_isspace(*cp) || *cp == '=')) {
-+ while (apr_isspace(*cp) || *cp == '=') {
- ++cp;
- }
-
-@@ -757,7 +757,7 @@
-
- /* If blank, just return it --- this ends information on this variant */
-
-- for (cp = buffer; (*cp && apr_isspace(*cp)); ++cp) {
-+ for (cp = buffer; apr_isspace(*cp); ++cp) {
- continue;
- }
-
-@@ -924,7 +924,7 @@
-
- do {
- ++cp;
-- } while (*cp && apr_isspace(*cp));
-+ } while (apr_isspace(*cp));
-
- if (!*cp) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00682)
---- a/modules/mappers/mod_rewrite.c
-+++ b/modules/mappers/mod_rewrite.c
-@@ -1255,7 +1255,7 @@
- }
-
- /* jump to the value */
-- while (*p && apr_isspace(*p)) {
-+ while (apr_isspace(*p)) {
- ++p;
- }
-
---- a/modules/metadata/mod_cern_meta.c
-+++ b/modules/metadata/mod_cern_meta.c
-@@ -237,7 +237,7 @@
- }
-
- *l++ = '\0';
-- while (*l && apr_isspace(*l))
-+ while (apr_isspace(*l))
- ++l;
-
- if (!strcasecmp(w, "Content-type")) {
---- a/modules/metadata/mod_headers.c
-+++ b/modules/metadata/mod_headers.c
-@@ -722,7 +722,7 @@
- while (*val) {
- const char *tok_start;
-
-- while (*val && apr_isspace(*val))
-+ while (apr_isspace(*val))
- ++val;
-
- tok_start = val;
---- a/modules/metadata/mod_setenvif.c
-+++ b/modules/metadata/mod_setenvif.c
-@@ -314,7 +314,7 @@
- */
- for (i = 0; i < sconf->conditionals->nelts; ++i) {
- new = &entries[i];
-- if (!strcasecmp(new->name, fname)) {
-+ if (new->name && !strcasecmp(new->name, fname)) {
- fname = new->name;
- break;
- }
---- a/modules/slotmem/mod_slotmem_shm.c
-+++ b/modules/slotmem/mod_slotmem_shm.c
-@@ -91,7 +91,7 @@
- {
- #ifdef AP_NEED_SET_MUTEX_PERMS
- #if APR_USE_SHMEM_SHMGET || APR_USE_SHMEM_SHMGET_ANON
-- struct shmid_ds shmbuf;
-+ struct shmid_ds shmbuf = { { 0 } };
- key_t shmkey;
- int shmid;
-
---- a/modules/ssl/ssl_engine_init.c
-+++ b/modules/ssl/ssl_engine_init.c
-@@ -1354,7 +1354,8 @@
- for (n = 0; n < ncerts; n++) {
- X509_INFO *inf = sk_X509_INFO_value(sk, n);
-
-- if (!inf->x509 || !inf->x_pkey) {
-+ if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey ||
-+ inf->enc_data) {
- sk_X509_INFO_free(sk);
- ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252)
- "incomplete client cert configured for SSL proxy "
-@@ -1362,6 +1363,15 @@
- ssl_die(s);
- return;
- }
-+
-+ if (X509_check_private_key(inf->x509, inf->x_pkey->dec_pkey) != 1) {
-+ ssl_log_xerror(SSLLOG_MARK, APLOG_STARTUP, 0, ptemp, s, inf->x509,
-+ APLOGNO(02326) "proxy client certificate and "
-+ "private key do not match");
-+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
-+ ssl_die(s);
-+ return;
-+ }
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02207)
-@@ -1374,7 +1384,11 @@
- return;
- }
-
-- /* Load all of the CA certs and construct a chain */
-+ /* If SSLProxyMachineCertificateChainFile is configured, load all
-+ * the CA certs and have OpenSSL attempt to construct a full chain
-+ * from each configured end-entity cert up to a root. This will
-+ * allow selection of the correct cert given a list of root CA
-+ * names in the certificate request from the server. */
- pkp->ca_certs = (STACK_OF(X509) **) apr_pcalloc(p, ncerts * sizeof(sk));
- sctx = X509_STORE_CTX_new();
-
---- a/os/unix/unixd.c
-+++ b/os/unix/unixd.c
-@@ -241,7 +241,7 @@
- };
- #endif
- union semun ick;
-- struct semid_ds buf;
-+ struct semid_ds buf = { { 0 } };
-
- apr_os_proc_mutex_get(&ospmutex, pmutex);
- buf.sem_perm.uid = ap_unixd_config.user_id;
---- a/server/config.c
-+++ b/server/config.c
-@@ -601,7 +601,8 @@
- len -= slen;
- }
-
-- ap_module_short_names[m->module_index] = strdup(sym_name);
-+ ap_module_short_names[m->module_index] = ap_malloc(len + 1);
-+ memcpy(ap_module_short_names[m->module_index], sym_name, len);
- ap_module_short_names[m->module_index][len] = '\0';
- merger_func_cache[m->module_index] = m->merge_dir_config;
- }
-@@ -625,8 +626,9 @@
-
- /* We cannot fix the string in-place, because it's const */
- if (m->name[strlen(m->name)-1] == ')') {
-- char *tmp = strdup(m->name); /* FIXME: memory leak, albeit a small one */
-- tmp[strlen(tmp)-1] = '\0';
-+ char *tmp = ap_malloc(strlen(m->name)); /* FIXME: memory leak, albeit a small one */
-+ memcpy(tmp, m->name, strlen(m->name)-1);
-+ tmp[strlen(m->name)-1] = '\0';
- m->name = tmp;
- }
- #endif /*_OSD_POSIX*/
---- a/server/protocol.c
-+++ b/server/protocol.c
-@@ -964,7 +964,7 @@
- || r->status == HTTP_BAD_REQUEST) {
- if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00565)
-- "request failed: URI too long (longer than %d)",
-+ "request failed: client's request-line exceeds LimitRequestLine (longer than %d)",
- r->server->limit_req_line);
- }
- else if (r->method == NULL) {
---- a/server/util.c
-+++ b/server/util.c
-@@ -752,7 +752,7 @@
- static char *substring_conf(apr_pool_t *p, const char *start, int len,
- char quote)
- {
-- char *result = apr_palloc(p, len + 2);
-+ char *result = apr_palloc(p, len + 1);
- char *resp = result;
- int i;
-
-@@ -783,7 +783,7 @@
- char *res;
- char quote;
-
-- while (*str && apr_isspace(*str))
-+ while (apr_isspace(*str))
- ++str;
-
- if (!*str) {
-@@ -815,7 +815,7 @@
- res = substring_conf(p, str, strend - str, 0);
- }
-
-- while (*strend && apr_isspace(*strend))
-+ while (apr_isspace(*strend))
- ++strend;
- *line = strend;
- return res;
-@@ -1405,7 +1405,7 @@
-
- /* Find first non-white byte */
-
-- while (*ptr && apr_isspace(*ptr))
-+ while (apr_isspace(*ptr))
- ++ptr;
-
- tok_start = ptr;
-@@ -1427,7 +1427,7 @@
-
- /* Advance accept_line pointer to the next non-white byte */
-
-- while (*ptr && apr_isspace(*ptr))
-+ while (apr_isspace(*ptr))
- ++ptr;
-
- *accept_line = ptr;
---- a/server/util_script.c
-+++ b/server/util_script.c
-@@ -565,7 +565,7 @@
- }
-
- *l++ = '\0';
-- while (*l && apr_isspace(*l)) {
-+ while (apr_isspace(*l)) {
- ++l;
- }
-
---- a/support/htdbm.c
-+++ b/support/htdbm.c
-@@ -110,6 +110,7 @@
- #endif
-
- apr_pool_create( pool, NULL);
-+ apr_pool_abort_set(abort_on_oom, *pool);
- apr_file_open_stderr(&errfile, *pool);
- apr_signal(SIGINT, (void (*)(int)) htdbm_interrupted);
-
---- a/support/htdigest.c
-+++ b/support/htdigest.c
-@@ -96,12 +96,15 @@
- char ch;
- apr_status_t rv = APR_EINVAL;
-
-- while (i < (n - 1) &&
-+ /* we need 2 remaining bytes in buffer */
-+ while (i < (n - 2) &&
- ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
- s[i++] = ch;
- }
-+ /* First remaining byte potentially used here */
- if (ch == '\n')
- s[i++] = ch;
-+ /* Second remaining byte used here */
- s[i] = '\0';
-
- if (rv != APR_SUCCESS)
-@@ -202,8 +205,8 @@
- #if APR_CHARSET_EBCDIC
- rv = apr_xlate_open(&to_ascii, "ISO-8859-1", APR_DEFAULT_CHARSET, cntxt);
- if (rv) {
-- apr_file_printf(errfile, "apr_xlate_open(): %s (%d)\n",
-- apr_strerror(rv, line, sizeof(line)), rv);
-+ apr_file_printf(errfile, "apr_xlate_open(): %pm (%d)\n",
-+ &rv, rv);
- exit(1);
- }
- #endif
-@@ -215,11 +218,8 @@
- rv = apr_file_open(&f, argv[2], APR_WRITE | APR_CREATE,
- APR_OS_DEFAULT, cntxt);
- if (rv != APR_SUCCESS) {
-- char errmsg[120];
--
-- apr_file_printf(errfile, "Could not open passwd file %s for writing: %s\n",
-- argv[2],
-- apr_strerror(rv, errmsg, sizeof errmsg));
-+ apr_file_printf(errfile, "Could not open passwd file %s for writing: %pm\n",
-+ argv[2], &rv);
- exit(1);
- }
- apr_cpystrn(user, argv[4], sizeof(user));
---- a/support/htpasswd.c
-+++ b/support/htpasswd.c
-@@ -67,6 +67,7 @@
- #define APHTP_NEWFILE 1
- #define APHTP_NOFILE 2
- #define APHTP_DELUSER 4
-+#define APHTP_VERIFY 8
-
- apr_file_t *ftemp = NULL;
-
-@@ -92,8 +93,8 @@
- static void usage(void)
- {
- apr_file_printf(errfile, "Usage:" NL
-- "\thtpasswd [-cimBdpsD] [-C cost] passwordfile username" NL
-- "\thtpasswd -b[cmBdpsD] [-C cost] passwordfile username password" NL
-+ "\thtpasswd [-cimBdpsDv] [-C cost] passwordfile username" NL
-+ "\thtpasswd -b[cmBdpsDv] [-C cost] passwordfile username password" NL
- NL
- "\thtpasswd -n[imBdps] [-C cost] username" NL
- "\thtpasswd -nb[mBdps] [-C cost] username password" NL
-@@ -110,6 +111,7 @@
- " -s Force SHA encryption of the password (insecure)." NL
- " -p Do not encrypt the password (plaintext, insecure)." NL
- " -D Delete the specified user." NL
-+ " -v Verify password for the specified user." NL
- "On other systems than Windows and NetWare the '-p' flag will "
- "probably not work." NL
- "The SHA algorithm does not use a salt and is less secure than the "
-@@ -155,7 +157,7 @@
- }
-
- static void check_args(int argc, const char *const argv[],
-- struct passwd_ctx *ctx, int *mask, char **user,
-+ struct passwd_ctx *ctx, unsigned *mask, char **user,
- char **pwfilename)
- {
- const char *arg;
-@@ -171,7 +173,7 @@
- if (rv != APR_SUCCESS)
- exit(ERR_SYNTAX);
-
-- while ((rv = apr_getopt(state, "cnmspdBbDiC:", &opt, &opt_arg)) == APR_SUCCESS) {
-+ while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) {
- switch (opt) {
- case 'c':
- *mask |= APHTP_NEWFILE;
-@@ -183,6 +185,9 @@
- case 'D':
- *mask |= APHTP_DELUSER;
- break;
-+ case 'v':
-+ *mask |= APHTP_VERIFY;
-+ break;
- default:
- ret = parse_common_options(ctx, opt, opt_arg);
- if (ret) {
-@@ -196,18 +201,15 @@
- if (rv != APR_EOF)
- usage();
-
-- if ((*mask & APHTP_NEWFILE) && (*mask & APHTP_NOFILE)) {
-- apr_file_printf(errfile, "%s: -c and -n options conflict" NL, argv[0]);
-- exit(ERR_SYNTAX);
-- }
-- if ((*mask & APHTP_NEWFILE) && (*mask & APHTP_DELUSER)) {
-- apr_file_printf(errfile, "%s: -c and -D options conflict" NL, argv[0]);
-- exit(ERR_SYNTAX);
-- }
-- if ((*mask & APHTP_NOFILE) && (*mask & APHTP_DELUSER)) {
-- apr_file_printf(errfile, "%s: -n and -D options conflict" NL, argv[0]);
-+ if ((*mask) & (*mask - 1)) {
-+ /* not a power of two, i.e. more than one flag specified */
-+ apr_file_printf(errfile, "%s: only one of -c -n -v -D may be specified" NL,
-+ argv[0]);
- exit(ERR_SYNTAX);
- }
-+ if ((*mask & APHTP_VERIFY) && ctx->passwd_src == PW_PROMPT)
-+ ctx->passwd_src = PW_PROMPT_VERIFY;
-+
- /*
- * Make sure we still have exactly the right number of arguments left
- * (the filename, the username, and possibly the password if -b was
-@@ -246,6 +248,25 @@
- }
- }
-
-+static int verify(struct passwd_ctx *ctx, const char *hash)
-+{
-+ apr_status_t rv;
-+ int ret;
-+
-+ if (ctx->passwd == NULL && (ret = get_password(ctx)) != 0)
-+ return ret;
-+ rv = apr_password_validate(ctx->passwd, hash);
-+ if (rv == APR_SUCCESS)
-+ return 0;
-+ if (APR_STATUS_IS_EMISMATCH(rv)) {
-+ ctx->errstr = "password verification failed";
-+ return ERR_PWMISMATCH;
-+ }
-+ ctx->errstr = apr_psprintf(ctx->pool, "Could not verify password: %pm",
-+ &rv);
-+ return ERR_GENERAL;
-+}
-+
- /*
- * Let's do it. We end up doing a lot of file opening and closing,
- * but what do we care? This application isn't run constantly.
-@@ -253,7 +274,6 @@
- int main(int argc, const char * const argv[])
- {
- apr_file_t *fpw = NULL;
-- const char *errstr = NULL;
- char line[MAX_STRING_LEN];
- char *pwfilename = NULL;
- char *user = NULL;
-@@ -262,7 +282,7 @@
- char *scratch, cp[MAX_STRING_LEN];
- int found = 0;
- int i;
-- int mask = 0;
-+ unsigned mask = 0;
- apr_pool_t *pool;
- int existing_file = 0;
- struct passwd_ctx ctx = { 0 };
-@@ -274,6 +294,7 @@
- apr_app_initialize(&argc, &argv, NULL);
- atexit(terminate);
- apr_pool_create(&pool, NULL);
-+ apr_pool_abort_set(abort_on_oom, pool);
- apr_file_open_stderr(&errfile, pool);
- ctx.pool = pool;
- ctx.alg = ALG_APMD5;
-@@ -341,10 +362,10 @@
- * Any error message text is returned in the record buffer, since
- * the mkrecord() routine doesn't have access to argv[].
- */
-- if (!(mask & APHTP_DELUSER)) {
-+ if ((mask & (APHTP_DELUSER|APHTP_VERIFY)) == 0) {
- i = mkrecord(&ctx, user);
- if (i != 0) {
-- apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr);
-+ apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr);
- exit(i);
- }
- if (mask & APHTP_NOFILE) {
-@@ -353,21 +374,23 @@
- }
- }
-
-- /*
-- * We can access the files the right way, and we have a record
-- * to add or update. Let's do it..
-- */
-- if (apr_temp_dir_get((const char**)&dirname, pool) != APR_SUCCESS) {
-- apr_file_printf(errfile, "%s: could not determine temp dir" NL,
-- argv[0]);
-- exit(ERR_FILEPERM);
-- }
-- dirname = apr_psprintf(pool, "%s/%s", dirname, tn);
--
-- if (apr_file_mktemp(&ftemp, dirname, 0, pool) != APR_SUCCESS) {
-- apr_file_printf(errfile, "%s: unable to create temporary file %s" NL,
-- argv[0], dirname);
-- exit(ERR_FILEPERM);
-+ if ((mask & APHTP_VERIFY) == 0) {
-+ /*
-+ * We can access the files the right way, and we have a record
-+ * to add or update. Let's do it..
-+ */
-+ if (apr_temp_dir_get((const char**)&dirname, pool) != APR_SUCCESS) {
-+ apr_file_printf(errfile, "%s: could not determine temp dir" NL,
-+ argv[0]);
-+ exit(ERR_FILEPERM);
-+ }
-+ dirname = apr_psprintf(pool, "%s/%s", dirname, tn);
-+
-+ if (apr_file_mktemp(&ftemp, dirname, 0, pool) != APR_SUCCESS) {
-+ apr_file_printf(errfile, "%s: unable to create temporary file %s" NL,
-+ argv[0], dirname);
-+ exit(ERR_FILEPERM);
-+ }
- }
-
- /*
-@@ -418,33 +441,59 @@
- continue;
- }
- else {
-- if (!(mask & APHTP_DELUSER)) {
-- /* We found the user we were looking for.
-- * Add him to the file.
-- */
-- apr_file_printf(errfile, "Updating ");
-- putline(ftemp, ctx.out);
-- found++;
-+ /* We found the user we were looking for */
-+ found++;
-+ if ((mask & APHTP_DELUSER)) {
-+ /* Delete entry from the file */
-+ apr_file_printf(errfile, "Deleting ");
-+ }
-+ else if ((mask & APHTP_VERIFY)) {
-+ /* Verify */
-+ char *hash = colon + 1;
-+ size_t len;
-+
-+ len = strcspn(hash, "\r\n");
-+ if (len == 0) {
-+ apr_file_printf(errfile, "Empty hash for user %s" NL,
-+ user);
-+ exit(ERR_INVALID);
-+ }
-+ hash[len] = '\0';
-+
-+ i = verify(&ctx, hash);
-+ if (i != 0) {
-+ apr_file_printf(errfile, "%s" NL, ctx.errstr);
-+ exit(i);
-+ }
- }
- else {
-- /* We found the user we were looking for.
-- * Delete them from the file.
-- */
-- apr_file_printf(errfile, "Deleting ");
-- found++;
-+ /* Update entry */
-+ apr_file_printf(errfile, "Updating ");
-+ putline(ftemp, ctx.out);
- }
- }
- }
- apr_file_close(fpw);
- }
-- if (!found && !(mask & APHTP_DELUSER)) {
-- apr_file_printf(errfile, "Adding ");
-- putline(ftemp, ctx.out);
-+ if (!found) {
-+ if (mask & APHTP_DELUSER) {
-+ apr_file_printf(errfile, "User %s not found" NL, user);
-+ exit(0);
-+ }
-+ else if (mask & APHTP_VERIFY) {
-+ apr_file_printf(errfile, "User %s not found" NL, user);
-+ exit(ERR_BADUSER);
-+ }
-+ else {
-+ apr_file_printf(errfile, "Adding ");
-+ putline(ftemp, ctx.out);
-+ }
- }
-- else if (!found && (mask & APHTP_DELUSER)) {
-- apr_file_printf(errfile, "User %s not found" NL, user);
-+ if (mask & APHTP_VERIFY) {
-+ apr_file_printf(errfile, "Password for user %s correct." NL, user);
- exit(0);
- }
-+
- apr_file_printf(errfile, "password for user %s" NL, user);
-
- /* The temporary file has all the data, just copy it to the new location.
---- a/support/httxt2dbm.c
-+++ b/support/httxt2dbm.c
-@@ -39,7 +39,6 @@
- static const char *format;
- static const char *shortname;
- static apr_file_t *errfile;
--static char errbuf[120];
- static int verbose;
-
- /* From mod_rewrite.c */
-@@ -85,11 +84,11 @@
- "Usage: %s [-v] [-f format] -i SOURCE_TXT -o OUTPUT_DBM" NL
- NL
- "Options: " NL
-- " -v More verbose output"NL
-+ " -v More verbose output" NL
- NL
-- " -i Source Text File. If '-', use stdin."NL
-+ " -i Source Text File. If '-', use stdin." NL
- NL
-- " -o Output DBM."NL
-+ " -o Output DBM." NL
- NL
- " -f DBM Format. If not specified, will use the APR Default." NL
- " GDBM for GDBM files (%s)" NL
-@@ -138,7 +137,7 @@
- dbmkey.dptr = apr_pstrmemdup(p, line, c - line);
- dbmkey.dsize = (c - line);
-
-- while (*c && apr_isspace(*c)) {
-+ while (apr_isspace(*c)) {
- ++c;
- }
-
-@@ -157,7 +156,7 @@
- dbmval.dsize = (c - value);
-
- if (verbose) {
-- apr_file_printf(errfile, " '%s' -> '%s'"NL,
-+ apr_file_printf(errfile, " '%s' -> '%s'" NL,
- dbmkey.dptr, dbmval.dptr);
- }
-
-@@ -204,7 +203,7 @@
- rv = apr_getopt_init(&opt, pool, argc, argv);
-
- if (rv != APR_SUCCESS) {
-- apr_file_printf(errfile, "Error: apr_getopt_init failed."NL NL);
-+ apr_file_printf(errfile, "Error: apr_getopt_init failed." NL NL);
- return 1;
- }
-
-@@ -273,7 +272,7 @@
- }
-
- if (verbose) {
-- apr_file_printf(errfile, "DBM Format: %s"NL, format);
-+ apr_file_printf(errfile, "DBM Format: %s" NL, format);
- }
-
- if (!strcmp(input, "-")) {
-@@ -286,13 +285,13 @@
-
- if (rv != APR_SUCCESS) {
- apr_file_printf(errfile,
-- "Error: Cannot open input file '%s': (%d) %s" NL NL,
-- input, rv, apr_strerror(rv, errbuf, sizeof(errbuf)));
-+ "Error: Cannot open input file '%s': (%d) %pm" NL NL,
-+ input, rv, &rv);
- return 1;
- }
-
- if (verbose) {
-- apr_file_printf(errfile, "Input File: %s"NL, input);
-+ apr_file_printf(errfile, "Input File: %s" NL, input);
- }
-
- rv = apr_dbm_open_ex(&outdbm, format, output, APR_DBM_RWCREATE,
-@@ -307,21 +306,21 @@
-
- if (rv != APR_SUCCESS) {
- apr_file_printf(errfile,
-- "Error: Cannot open output DBM '%s': (%d) %s" NL NL,
-- output, rv, apr_strerror(rv, errbuf, sizeof(errbuf)));
-+ "Error: Cannot open output DBM '%s': (%d) %pm" NL NL,
-+ output, rv, &rv);
- return 1;
- }
-
- if (verbose) {
-- apr_file_printf(errfile, "DBM File: %s"NL, output);
-+ apr_file_printf(errfile, "DBM File: %s" NL, output);
- }
-
- rv = to_dbm(outdbm, infile, pool);
-
- if (rv != APR_SUCCESS) {
- apr_file_printf(errfile,
-- "Error: Converting to DBM: (%d) %s" NL NL,
-- rv, apr_strerror(rv, errbuf, sizeof(errbuf)));
-+ "Error: Converting to DBM: (%d) %pm" NL NL,
-+ rv, &rv);
- return 1;
- }
-
---- a/support/passwd_common.c
-+++ b/support/passwd_common.c
-@@ -46,6 +46,24 @@
-
- apr_file_t *errfile;
-
-+int abort_on_oom(int rc)
-+{
-+ const char *buf = "Error: out of memory\n";
-+ int written, count = strlen(buf);
-+ do {
-+ written = write(STDERR_FILENO, buf, count);
-+ if (written == count)
-+ break;
-+ if (written > 0) {
-+ buf += written;
-+ count -= written;
-+ }
-+ } while (written >= 0 || errno == EINTR);
-+ abort();
-+ /* NOTREACHED */
-+ return 0;
-+}
-+
- static int generate_salt(char *s, size_t size, const char **errstr,
- apr_pool_t *pool)
- {
-@@ -85,6 +103,8 @@
- void putline(apr_file_t *f, const char *l)
- {
- apr_status_t rv;
-+ if (f == NULL)
-+ return;
- rv = apr_file_puts(l, f);
- if (rv != APR_SUCCESS) {
- apr_file_printf(errfile, "Error writing temp file: %pm", &rv);
-@@ -95,17 +115,17 @@
-
- int get_password(struct passwd_ctx *ctx)
- {
-+ char buf[MAX_STRING_LEN + 1];
- if (ctx->passwd_src == PW_STDIN) {
-- char *buf = ctx->out;
- apr_file_t *file_stdin;
- apr_size_t nread;
- if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
- ctx->errstr = "Unable to read from stdin.";
- return ERR_GENERAL;
- }
-- if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
-+ if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
- &nread) != APR_EOF
-- || nread == ctx->out_len - 1) {
-+ || nread == sizeof(buf) - 1) {
- goto err_too_long;
- }
- buf[nread] = '\0';
-@@ -115,21 +135,30 @@
- buf[nread-2] = '\0';
- }
- apr_file_close(file_stdin);
-+ ctx->passwd = apr_pstrdup(ctx->pool, buf);
-+ }
-+ else if (ctx->passwd_src == PW_PROMPT_VERIFY) {
-+ apr_size_t bufsize = sizeof(buf);
-+ if (apr_password_get("Enter password: ", buf, &bufsize) != 0)
-+ goto err_too_long;
-+ ctx->passwd = apr_pstrdup(ctx->pool, buf);
- }
- else {
-- char buf[MAX_STRING_LEN + 1];
- apr_size_t bufsize = sizeof(buf);
-- if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
-+ if (apr_password_get("New password: ", buf, &bufsize) != 0)
- goto err_too_long;
-+ ctx->passwd = apr_pstrdup(ctx->pool, buf);
-+ bufsize = sizeof(buf);
-+ buf[0] = '\0';
- apr_password_get("Re-type new password: ", buf, &bufsize);
-- if (strcmp(ctx->out, buf) != 0) {
-+ if (strcmp(ctx->passwd, buf) != 0) {
- ctx->errstr = "password verification error";
-- memset(ctx->out, '\0', ctx->out_len);
-+ memset(ctx->passwd, '\0', strlen(ctx->passwd));
- memset(buf, '\0', sizeof(buf));
- return ERR_PWMISMATCH;
- }
-- memset(buf, '\0', sizeof(buf));
- }
-+ memset(buf, '\0', sizeof(buf));
- return 0;
-
- err_too_long:
-@@ -146,7 +175,6 @@
- int mkhash(struct passwd_ctx *ctx)
- {
- char *pw;
-- char pwin[MAX_STRING_LEN];
- char salt[16];
- apr_status_t rv;
- int ret = 0;
-@@ -159,14 +187,11 @@
- "Warning: Ignoring -C argument for this algorithm." NL);
- }
-
-- if (ctx->passwd != NULL) {
-- pw = ctx->passwd;
-- }
-- else {
-+ if (ctx->passwd == NULL) {
- if ((ret = get_password(ctx)) != 0)
- return ret;
-- pw = pwin;
- }
-+ pw = ctx->passwd;
-
- switch (ctx->alg) {
- case ALG_APSHA:
-@@ -206,7 +231,7 @@
-
- apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
- if (strlen(pw) > 8) {
-- char *truncpw = strdup(pw);
-+ char *truncpw = apr_pstrdup(ctx->pool, pw);
- truncpw[8] = '\0';
- if (!strcmp(ctx->out, crypt(truncpw, salt))) {
- apr_file_printf(errfile, "Warning: Password truncated to 8 "
---- a/support/passwd_common.h
-+++ b/support/passwd_common.h
-@@ -80,10 +80,17 @@
- enum {
- PW_PROMPT = 0,
- PW_ARG,
-- PW_STDIN
-+ PW_STDIN,
-+ PW_PROMPT_VERIFY,
- } passwd_src;
- };
-
-+
-+/*
-+ * To be used as apr_pool_abort_fn
-+ */
-+int abort_on_oom(int rc);
-+
- /*
- * Write a line to the file. On error, print a message and exit
- */
---- a/support/suexec.c
-+++ b/support/suexec.c
-@@ -218,11 +218,15 @@
-
- if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
- log_err("failed to malloc memory for environment\n");
-- exit(120);
-+ exit(123);
- }
-
- sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
- cleanenv[cidx] = strdup(pathbuf);
-+ if (cleanenv[cidx] == NULL) {
-+ log_err("failed to malloc memory for environment\n");
-+ exit(124);
-+ }
- cidx++;
-
- for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
-@@ -398,7 +402,10 @@
- }
- }
- gid = gr->gr_gid;
-- actual_gname = strdup(gr->gr_name);
-+ if ((actual_gname = strdup(gr->gr_name)) == NULL) {
-+ log_err("failed to alloc memory\n");
-+ exit(125);
-+ }
-
- #ifdef _OSD_POSIX
- /*
-@@ -433,6 +440,10 @@
- uid = pw->pw_uid;
- actual_uname = strdup(pw->pw_name);
- target_homedir = strdup(pw->pw_dir);
-+ if (actual_uname == NULL || target_homedir == NULL) {
-+ log_err("failed to alloc memory\n");
-+ exit(126);
-+ }
-
- /*
- * Log the transaction here to be sure we have an open log
---- a/test/test_limits.c
-+++ b/test/test_limits.c
-@@ -124,8 +124,8 @@
- perror("gethostbyname");
- exit(1);
- }
-- bzero(&sin, sizeof(sin));
-- bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
-+ memset(&sin, sizeof(sin));
-+ memcpy((char *)&sin.sin_addr, he->h_addr, he->h_length);
- sin.sin_family = he->h_addrtype;
- sin.sin_port = htons(port);
-
--
Debian packaging for apache2
More information about the Pkg-apache-commits
mailing list