Hello community, here is the log from the commit of package apache2 for openSUSE:11.4 checked in at Tue Jul 26 17:22:12 CEST 2011.
-------- --- old-versions/11.4/all/apache2/apache2.changes 2010-10-21 16:13:51.000000000 +0200 +++ 11.4/apache2/apache2.changes 2011-07-26 15:43:36.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Jul 26 15:42:26 CEST 2011 - dr...@suse.de + +- httpd-2.2.x-bnc690734.patch: take LimitRequestFieldsize config + option into account when parsing headers from backend. bnc#690734 +- recommend the default MPM (prefork) via Recommends: in .spec + [bnc#670027] + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/apache2 Destination is old-versions/11.4/UPDATES/all/apache2 calling whatdependson for 11.4-i586 New: ---- httpd-2.2.x-bnc690734.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.MZdysq/_old 2011-07-26 17:21:49.000000000 +0200 +++ /var/tmp/diff_new_pack.MZdysq/_new 2011-07-26 17:21:49.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package apache2 (Version 2.2.17) +# spec file for package apache2 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -69,7 +69,7 @@ Group: Productivity/Networking/Web/Servers %define realver 2.2.17 Version: 2.2.17 -Release: 1 +Release: 4.<RELEASE5> #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 # Add file to take mtime from it in prep section @@ -124,6 +124,7 @@ Patch66: httpd-2.0.54-envvars.dif Patch67: httpd-2.2.0-apxs-a2enmod.dif Patch68: httpd-2.x.x-logresolve.patch +Patch69: httpd-2.2.x-bnc690734.patch Patch100: apache2.2-mpm-itk-20090414-00.patch Url: http://httpd.apache.org/ Icon: Apache.xpm @@ -148,6 +149,9 @@ Obsoletes: mod_ssl < 2.8.16 %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} >= 1110 +Recommends: apache2-%default_mpm +%endif %description Apache 2, the successor to Apache 1. @@ -346,6 +350,7 @@ %patch66 -p1 %patch67 -p1 %patch68 -p1 +%patch69 -p0 %patch100 -p1 # cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE ++++++ httpd-2.2.x-bnc690734.patch ++++++ diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c --- ../httpd-2.2.17-o/server/util_script.c 2009-01-12 14:59:56.000000000 +0100 +++ ./server/util_script.c 2011-07-26 15:39:50.000000000 +0200 @@ -406,6 +406,7 @@ { char x[MAX_STRING_LEN]; char *w, *l; + int wlen; int p; int cgi_status = HTTP_UNSET; apr_table_t *merge; @@ -414,7 +415,14 @@ if (buffer) { *buffer = '\0'; } - w = buffer ? buffer : x; + + if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) { + w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2); + wlen = r->server->limit_req_fieldsize + 2; + } else { + w = buffer ? buffer : x; + wlen = MAX_STRING_LEN; + } /* temporary place to hold headers to merge in later */ merge = apr_table_make(r->pool, 10); @@ -430,7 +438,7 @@ while (1) { - int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data); + int rv = (*getsfunc) (w, wlen - 1, getsfunc_data); if (rv == 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, "Premature end of script headers: %s", @@ -537,9 +545,12 @@ if (!buffer) { /* Soak up all the script output - may save an outright kill */ - while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) { + while ((*getsfunc) (w, wlen - 1, getsfunc_data)) { continue; } + } else if (w != buffer) { + strncpy(buffer, w, MAX_STRING_LEN - 1); + buffer[MAX_STRING_LEN - 1] = 0; } ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org