[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/apache/ apache.patch apa...

Tue, 28 Oct 2003 07:35:24 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src openpkg-web          Date:   28-Oct-2003 15:30:57
  Branch: OPENPKG_1_2_SOLID HEAD           Handle: 2003102814305403

  Added files:              (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/apache      apache.patch
  Modified files:
    openpkg-web             news.txt
  Modified files:           (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/apache      apache.spec

  Log:
    Security Bugfix (CAN-2003-0542, OpenPKG-SA-2003.046-apache)

  Summary:
    Revision    Changes     Path
    1.1.8.1     +110 -0     openpkg-src/apache/apache.patch
    1.106.2.1.2.4+3  -1      openpkg-src/apache/apache.spec
    1.7203      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/apache/apache.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.8.1 apache.patch
  --- /dev/null 2003-10-28 15:30:57.000000000 +0100
  +++ apache.patch      2003-10-28 15:30:57.000000000 +0100
  @@ -0,0 +1,110 @@
  +Security Bugfix (CAN-2003-0542, OpenPKG-SA-2003.046-apache):
  +
  +Index: apache_1.3.27/src/include/httpd.h
  +--- apache_1.3.27/src/include/httpd.h.orig   2002-09-30 18:35:21.000000000 +0200
  ++++ apache_1.3.27/src/include/httpd.h        2003-10-28 15:19:40.000000000 +0100
  +@@ -273,6 +273,9 @@
  + /* The size of the server's internal read-write buffers */
  + #define IOBUFSIZE 8192
  + 
  ++/* The max number of regex captures that can be expanded by ap_pregsub */
  ++#define AP_MAX_REG_MATCH 10
  ++
  + /* Number of servers to spawn off by default --- also, if fewer than
  +  * this free when the caretaker checks, it will spawn more.
  +  */
  +Index: apache_1.3.27/src/modules/standard/mod_alias.c
  +--- apache_1.3.27/src/modules/standard/mod_alias.c.orig      2002-03-13 
22:05:33.000000000 +0100
  ++++ apache_1.3.27/src/modules/standard/mod_alias.c   2003-10-28 15:19:40.000000000 
+0100
  +@@ -299,7 +299,7 @@
  + static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int 
*status)
  + {
  +     alias_entry *entries = (alias_entry *) aliases->elts;
  +-    regmatch_t regm[10];
  ++    regmatch_t regm[AP_MAX_REG_MATCH];
  +     char *found = NULL;
  +     int i;
  + 
  +@@ -308,10 +308,10 @@
  +     int l;
  + 
  +     if (p->regexp) {
  +-        if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) {
  ++        if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
  +             if (p->real) {
  +                 found = ap_pregsub(r->pool, p->real, r->uri,
  +-                                p->regexp->re_nsub + 1, regm);
  ++                                       AP_MAX_REG_MATCH, regm);
  +                 if (found && doesc) {
  +                     found = ap_escape_uri(r->pool, found);
  +                 }
  +Index: apache_1.3.27/src/modules/standard/mod_rewrite.c
  +--- apache_1.3.27/src/modules/standard/mod_rewrite.c.orig    2002-07-08 
19:18:32.000000000 +0200
  ++++ apache_1.3.27/src/modules/standard/mod_rewrite.c 2003-10-28 15:19:40.000000000 
+0100
  +@@ -1759,7 +1759,7 @@
  +     const char *vary;
  +     char newuri[MAX_STRING_LEN];
  +     regex_t *regexp;
  +-    regmatch_t regmatch[MAX_NMATCH];
  ++    regmatch_t regmatch[AP_MAX_REG_MATCH];
  +     backrefinfo *briRR = NULL;
  +     backrefinfo *briRC = NULL;
  +     int prefixstrip;
  +@@ -1816,7 +1816,7 @@
  +         rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
  +                    perdir, p->pattern, uri);
  +     }
  +-    rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0);
  ++    rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
  +     if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
  +            (!rc &&  (p->flags & RULEFLAG_NOTMATCH))   ) ) {
  +         return 0;
  +@@ -2117,7 +2117,7 @@
  +     char input[MAX_STRING_LEN];
  +     struct stat sb;
  +     request_rec *rsub;
  +-    regmatch_t regmatch[MAX_NMATCH];
  ++    regmatch_t regmatch[AP_MAX_REG_MATCH];
  +     int rc;
  + 
  +     /*
  +@@ -2221,8 +2221,7 @@
  +     }
  +     else {
  +         /* it is really a regexp pattern, so apply it */
  +-        rc = (ap_regexec(p->regexp, input,
  +-                         p->regexp->re_nsub+1, regmatch,0) == 0);
  ++        rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
  + 
  +         /* if it isn't a negated pattern and really matched
  +            we update the passed-through regex subst info structure */
  +@@ -2380,7 +2379,7 @@
  +             bri = briRC;
  +         }
  +         /* see ap_pregsub() in src/main/util.c */
  +-            if (bri && n <= bri->nsub &&
  ++            if (bri && n < AP_MAX_REG_MATCH &&
  +             bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
  +             span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
  +             if (span > space) {
  +Index: apache_1.3.27/src/modules/standard/mod_rewrite.h
  +--- apache_1.3.27/src/modules/standard/mod_rewrite.h.orig    2002-03-13 
22:05:34.000000000 +0100
  ++++ apache_1.3.27/src/modules/standard/mod_rewrite.h 2003-10-28 15:20:13.000000000 
+0100
  +@@ -253,8 +253,6 @@
  + 
  + #define MAX_ENV_FLAGS 15
  + 
  +-#define MAX_NMATCH    10
  +-
  + /*
  + **
  + **  our private data structures we handle with
  +@@ -356,7 +354,7 @@
  + typedef struct backrefinfo {
  +     char *source;
  +     int nsub;
  +-    regmatch_t regmatch[10];
  ++    regmatch_t regmatch[AP_MAX_REG_MATCH];
  + } backrefinfo;
  + 
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/apache/apache.spec
  ============================================================================
  $ cvs diff -u -r1.106.2.1.2.3 -r1.106.2.1.2.4 apache.spec
  --- openpkg-src/apache/apache.spec    18 Mar 2003 15:08:11 -0000      1.106.2.1.2.3
  +++ openpkg-src/apache/apache.spec    28 Oct 2003 14:30:57 -0000      1.106.2.1.2.4
  @@ -60,7 +60,7 @@
   Group:        Web
   License:      ASF
   Version:      %{V_apache}
  -Release:      1.2.2
  +Release:      1.2.3
   
   #   package options (additionally used Apache modules; can be enabled without 
thinking)
   %option       with_mod_ssl            no
  @@ -168,6 +168,7 @@
   Source23:     rc.apache
   Patch0:       http://www.php.net/distributions/php-4.3.0-to-4.3.1.patch.gz
   Patch1:       mod_ssl.patch
  +Patch2:       apache.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -277,6 +278,7 @@
   %prep
       #   unpack Apache distribution
       %setup0 -q -c
  +    %patch2 -p0
   
       #   unpack optional extension modules
   %if "%{with_mod_ssl}" == "yes"
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.7202 -r1.7203 news.txt
  --- openpkg-web/news.txt      28 Oct 2003 14:26:41 -0000      1.7202
  +++ openpkg-web/news.txt      28 Oct 2003 14:30:54 -0000      1.7203
  @@ -1,3 +1,4 @@
  +28-Oct-2003: Upgraded package: P<apache-1.3.27-1.2.3>
   28-Oct-2003: Upgraded package: P<apache-1.3.28-1.3.1>
   28-Oct-2003: Upgraded package: P<apache2-2.0.48-20031028>
   28-Oct-2003: Upgraded package: P<apache-1.3.29-20031028>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to