[apache2] 02/03: Adjustments for 2.4.16
Stefan Fritsch
sf at moszumanska.debian.org
Sat Aug 1 22:49:28 UTC 2015
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit d94235c7e636826467e6ac51829f7ab7ed0afa71
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun Aug 2 00:38:09 2015 +0200
Adjustments for 2.4.16
* remove obsolete patches
* add changelog entry
---
debian/changelog | 10 ++-
debian/patches/CVE-2015-0228_mod_lua.diff | 53 --------------
debian/patches/CVE-2015-0253_ErrorDocument.diff | 42 -----------
debian/patches/mpm_event_crash.diff | 96 -------------------------
debian/patches/series | 3 -
5 files changed, 9 insertions(+), 195 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a273fcf..021840f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,13 @@
-apache2 (2.4.12-3) UNRELEASED; urgency=medium
+apache2 (2.4.16-1) UNRELEASED; urgency=medium
+ [ Stefan Fritsch ]
+ * New upstream version, fixing the following security issues:
+ + CVE-2015-3183: Fix chunk header parsing defect.
+ + CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an
+ unfixable way. Add a new replacement API ap_some_authn_required()
+ and ap_force_authn hook.
+
+ [ Jean-Michel Vourgère ]
* Allow "triggers-awaited" and "triggers-pending" states in addition to
"installed" when determining whether to defer actions or process
deferred actions. Thanks Colin Watson. Closes: #787103
diff --git a/debian/patches/CVE-2015-0228_mod_lua.diff b/debian/patches/CVE-2015-0228_mod_lua.diff
deleted file mode 100644
index 1a4847b..0000000
--- a/debian/patches/CVE-2015-0228_mod_lua.diff
+++ /dev/null
@@ -1,53 +0,0 @@
-#commit 1f1375a2a615337d3fd1da2aad7a080243cbdcb7
-#Author: Eric Covener <covener at apache.org>
-#Date: Wed Mar 4 19:18:27 2015 +0000
-#
-# Merge r1657261 from trunk:
-#
-# *) SECURITY: CVE-2015-0228 (cve.mitre.org)
-# mod_lua: A maliciously crafted websockets PING after a script
-# calls r:wsupgrade() can cause a child process crash.
-# [Edward Lu <Chaosed0 gmail.com>]
-#
-# Discovered by Guido Vranken <guidovranken gmail.com>
-#
-# Submitted by: Edward Lu
-# Committed by: covener
-#
-#
-#
-#
-# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664118 13f79535-47bb-0310-9956-ffa450edef68
-#
---- apache2.orig/modules/lua/lua_request.c
-+++ apache2/modules/lua/lua_request.c
-@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State
- {
- apr_socket_t *sock;
- apr_status_t rv;
-+ int do_read = 1;
- int n = 0;
- apr_size_t len = 1;
- apr_size_t plen = 0;
-@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State
- mask_bytes = apr_pcalloc(r->pool, 4);
- sock = ap_get_conn_socket(r->connection);
-
-+ while (do_read) {
-+ do_read = 0;
- /* Get opcode and FIN bit */
- if (plaintext) {
- rv = apr_socket_recv(sock, &byte, &len);
-@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State
- frame[0] = 0x8A;
- frame[1] = 0;
- apr_socket_send(sock, frame, &plen); /* Pong! */
-- lua_websocket_read(L); /* read the next frame instead */
-+ do_read = 1;
- }
- }
- }
-+ }
- return 0;
- }
-
diff --git a/debian/patches/CVE-2015-0253_ErrorDocument.diff b/debian/patches/CVE-2015-0253_ErrorDocument.diff
deleted file mode 100644
index 36a9581..0000000
--- a/debian/patches/CVE-2015-0253_ErrorDocument.diff
+++ /dev/null
@@ -1,42 +0,0 @@
-#commit 9a6f9bcf9594bc946d23b9a27e3510488e9f94a9
-#Author: Eric Covener <covener at apache.org>
-#Date: Tue Mar 24 13:08:44 2015 +0000
-#
-# Merge r1664205 from trunk:
-#
-# *) SECURITY: CVE-2015-0253 (cve.mitre.org)
-# core: Fix a crash introduced in with ErrorDocument 400 pointing
-# to a local URL-path with the INCLUDES filter active, introduced
-# in 2.4.11. PR 57531. [Yann Ylavic]
-#
-#
-# Submitted By: ylavic
-# Committed By: covener
-#
-#
-#
-#
-#
-#
-# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668879 13f79535-47bb-0310-9956-ffa450edef68
-#
---- apache2.orig/server/protocol.c
-+++ apache2/server/protocol.c
-@@ -599,8 +599,6 @@ static int read_request_line(request_rec
- */
- if (APR_STATUS_IS_ENOSPC(rv)) {
- r->status = HTTP_REQUEST_URI_TOO_LARGE;
-- r->proto_num = HTTP_VERSION(1,0);
-- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- }
- else if (APR_STATUS_IS_TIMEUP(rv)) {
- r->status = HTTP_REQUEST_TIME_OUT;
-@@ -608,6 +606,8 @@ static int read_request_line(request_rec
- else if (APR_STATUS_IS_EINVAL(rv)) {
- r->status = HTTP_BAD_REQUEST;
- }
-+ r->proto_num = HTTP_VERSION(1,0);
-+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- return 0;
- }
- } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
diff --git a/debian/patches/mpm_event_crash.diff b/debian/patches/mpm_event_crash.diff
deleted file mode 100644
index 489c0ba..0000000
--- a/debian/patches/mpm_event_crash.diff
+++ /dev/null
@@ -1,96 +0,0 @@
-# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779078
-#
-# https://bz.apache.org/bugzilla/show_bug.cgi?id=57268
-#
-# https://svn.apache.org/r1664365
-#
-# Fix mpm_event crashes due to various race conditions
-#
-#commit a72c0042ab79dc65af1c706ceec0a72296431d4c
-#Author: Jim Jagielski <jim at apache.org>
-#Date: Thu Mar 5 14:54:19 2015 +0000
-#
-# Merge r1663017 from trunk:
-#
-# mpm_event: follow up to r1538490, r1545736, r1604350, r1639614 and r1642868.
-# Clear and restore sbh in notify_suspend() and notify_resume() respectively.
-#
-# Submitted by: ylavic
-# Reviewed/backported by: jim
-#
-#
-# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664365 13f79535-47bb-0310-9956-ffa450edef68
-#
---- apache2.orig/server/mpm/event/event.c
-+++ apache2/server/mpm/event/event.c
-@@ -771,10 +771,12 @@ static void notify_suspend(event_conn_st
- {
- ap_run_suspend_connection(cs->c, cs->r);
- cs->suspended = 1;
-+ cs->c->sbh = NULL;
- }
-
--static void notify_resume(event_conn_state_t *cs)
-+static void notify_resume(event_conn_state_t *cs, ap_sb_handle_t *sbh)
- {
-+ cs->c->sbh = sbh;
- cs->suspended = 0;
- ap_run_resume_connection(cs->c, cs->r);
- }
-@@ -810,10 +812,12 @@ static int start_lingering_close_common(
- cs->pub.state = CONN_STATE_LINGER_NORMAL;
- }
- apr_atomic_inc32(&lingering_count);
-- cs->c->sbh = NULL;
- if (in_worker) {
- notify_suspend(cs);
- }
-+ else {
-+ cs->c->sbh = NULL;
-+ }
- apr_thread_mutex_lock(timeout_mutex);
- TO_QUEUE_APPEND(*q, cs);
- cs->pfd.reqevents = (
-@@ -846,7 +850,6 @@ static int start_lingering_close_common(
- static int start_lingering_close_blocking(event_conn_state_t *cs)
- {
- if (ap_start_lingering_close(cs->c)) {
-- cs->c->sbh = NULL;
- notify_suspend(cs);
- ap_push_pool(worker_queue_info, cs->p);
- return 0;
-@@ -910,7 +913,7 @@ static apr_status_t ptrans_pre_cleanup(v
- event_conn_state_t *cs = dummy;
-
- if (cs->suspended) {
-- notify_resume(cs);
-+ notify_resume(cs, NULL);
- }
- return APR_SUCCESS;
- }
-@@ -1009,8 +1012,7 @@ static void process_socket(apr_thread_t
- }
- else {
- c = cs->c;
-- c->sbh = sbh;
-- notify_resume(cs);
-+ notify_resume(cs, sbh);
- c->current_thread = thd;
- /* Subsequent request on a conn, and thread number is part of ID */
- c->id = conn_id;
-@@ -1103,7 +1105,6 @@ read_request:
- */
- cs->expiration_time = ap_server_conf->keep_alive_timeout +
- apr_time_now();
-- c->sbh = NULL;
- notify_suspend(cs);
- apr_thread_mutex_lock(timeout_mutex);
- TO_QUEUE_APPEND(keepalive_q, cs);
-@@ -1121,7 +1122,6 @@ read_request:
- }
- else if (cs->pub.state == CONN_STATE_SUSPENDED) {
- apr_atomic_inc32(&suspended_count);
-- c->sbh = NULL;
- notify_suspend(cs);
- }
- }
diff --git a/debian/patches/series b/debian/patches/series
index 6bedd04..aa0aae4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,9 +3,6 @@ no_LD_LIBRARY_PATH.patch
suexec-CVE-2007-1742.patch
customize_apxs.patch
build_suexec-custom.patch
-CVE-2015-0228_mod_lua.diff
-mpm_event_crash.diff
-CVE-2015-0253_ErrorDocument.diff
reproducible_builds.diff
# This patch is applied manually
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list