OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 28-Oct-2003 15:26:44 Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003102814264102 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/apache apache.patch apache.spec Log: Security Bugfix (CAN-2003-0542, OpenPKG-SA-2003.046-apache) Summary: Revision Changes Path 1.1.6.2.2.1 +114 -0 openpkg-src/apache/apache.patch 1.106.2.6.2.2+1 -1 openpkg-src/apache/apache.spec 1.7202 +1 -0 openpkg-web/news.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/apache/apache.patch ============================================================================ $ cvs diff -u -r1.1.6.2 -r1.1.6.2.2.1 apache.patch --- openpkg-src/apache/apache.patch 29 Jul 2003 14:32:19 -0000 1.1.6.2 +++ openpkg-src/apache/apache.patch 28 Oct 2003 14:26:43 -0000 1.1.6.2.2.1 @@ -75,3 +75,117 @@ if (!(env_path = ap_pstrdup(r->pool, getenv("PATH")))) { env_path = DEFAULT_PATH; } + + +----------------------------------------------------------------------------- + +Security Bugfix (CAN-2003-0542, OpenPKG-SA-2003.046-apache): + +Index: apache_1.3.28/src/include/httpd.h +--- apache_1.3.28/src/include/httpd.h.orig 2003-07-16 22:20:26.000000000 +0200 ++++ apache_1.3.28/src/include/httpd.h 2003-10-28 14:10:48.000000000 +0100 +@@ -274,6 +274,9 @@ + /* The size of the server's internal read-write buffers */ + #define IOBUFSIZE 8192 + ++/* The max number of regex captures that can be expanded by ap_pregsub */ ++#define AP_MAX_REG_MATCH 10 ++ + /* Number of servers to spawn off by default --- also, if fewer than + * this free when the caretaker checks, it will spawn more. + */ +Index: apache_1.3.28/src/modules/standard/mod_alias.c +--- apache_1.3.28/src/modules/standard/mod_alias.c.orig 2003-04-24 18:08:21.000000000 +0200 ++++ apache_1.3.28/src/modules/standard/mod_alias.c 2003-10-28 14:10:48.000000000 +0100 +@@ -299,7 +299,7 @@ + static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status) + { + alias_entry *entries = (alias_entry *) aliases->elts; +- regmatch_t regm[10]; ++ regmatch_t regm[AP_MAX_REG_MATCH]; + char *found = NULL; + int i; + +@@ -308,10 +308,10 @@ + int l; + + if (p->regexp) { +- if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) { ++ if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) { + if (p->real) { + found = ap_pregsub(r->pool, p->real, r->uri, +- p->regexp->re_nsub + 1, regm); ++ AP_MAX_REG_MATCH, regm); + if (found && doesc) { + found = ap_escape_uri(r->pool, found); + } +Index: apache_1.3.28/src/modules/standard/mod_rewrite.c +--- apache_1.3.28/src/modules/standard/mod_rewrite.c.orig 2003-05-19 04:35:31.000000000 +0200 ++++ apache_1.3.28/src/modules/standard/mod_rewrite.c 2003-10-28 14:10:48.000000000 +0100 +@@ -1834,7 +1834,7 @@ + const char *vary; + char newuri[MAX_STRING_LEN]; + regex_t *regexp; +- regmatch_t regmatch[MAX_NMATCH]; ++ regmatch_t regmatch[AP_MAX_REG_MATCH]; + backrefinfo *briRR = NULL; + backrefinfo *briRC = NULL; + int prefixstrip; +@@ -1891,7 +1891,7 @@ + rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'", + perdir, p->pattern, uri); + } +- rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0); ++ rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0); + if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) || + (!rc && (p->flags & RULEFLAG_NOTMATCH)) ) ) { + return 0; +@@ -2179,7 +2179,7 @@ + char input[MAX_STRING_LEN]; + struct stat sb; + request_rec *rsub; +- regmatch_t regmatch[MAX_NMATCH]; ++ regmatch_t regmatch[AP_MAX_REG_MATCH]; + int rc; + + /* +@@ -2283,8 +2283,7 @@ + } + else { + /* it is really a regexp pattern, so apply it */ +- rc = (ap_regexec(p->regexp, input, +- p->regexp->re_nsub+1, regmatch,0) == 0); ++ rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0); + + /* if it isn't a negated pattern and really matched + we update the passed-through regex subst info structure */ +@@ -2442,7 +2441,7 @@ + bri = briRC; + } + /* see ap_pregsub() in src/main/util.c */ +- if (bri && n <= bri->nsub && ++ if (bri && n < AP_MAX_REG_MATCH && + bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) { + span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so; + if (span > space) { +Index: apache_1.3.28/src/modules/standard/mod_rewrite.h +--- apache_1.3.28/src/modules/standard/mod_rewrite.h.orig 2003-05-19 04:35:31.000000000 +0200 ++++ apache_1.3.28/src/modules/standard/mod_rewrite.h 2003-10-28 14:10:48.000000000 +0100 +@@ -253,8 +253,6 @@ + + #define MAX_ENV_FLAGS 15 + +-#define MAX_NMATCH 10 +- + /* default maximum number of internal redirects */ + #define REWRITE_REDIRECT_LIMIT 10 + +@@ -368,7 +366,7 @@ + typedef struct backrefinfo { + char *source; + int nsub; +- regmatch_t regmatch[10]; ++ regmatch_t regmatch[AP_MAX_REG_MATCH]; + } backrefinfo; + + @@ . patch -p0 <<'@@ .' Index: openpkg-src/apache/apache.spec ============================================================================ $ cvs diff -u -r1.106.2.6.2.1 -r1.106.2.6.2.2 apache.spec --- openpkg-src/apache/apache.spec 29 Jul 2003 14:58:13 -0000 1.106.2.6.2.1 +++ openpkg-src/apache/apache.spec 28 Oct 2003 14:26:43 -0000 1.106.2.6.2.2 @@ -60,7 +60,7 @@ Group: Web License: ASF Version: %{V_apache} -Release: 1.3.0 +Release: 1.3.1 # package options (suexec related) %option with_suexec yes @@ . patch -p0 <<'@@ .' Index: openpkg-web/news.txt ============================================================================ $ cvs diff -u -r1.7201 -r1.7202 news.txt --- openpkg-web/news.txt 28 Oct 2003 11:07:28 -0000 1.7201 +++ openpkg-web/news.txt 28 Oct 2003 14:26:41 -0000 1.7202 @@ -1,3 +1,4 @@ +28-Oct-2003: Upgraded package: P<apache-1.3.28-1.3.1> 28-Oct-2003: Upgraded package: P<apache2-2.0.48-20031028> 28-Oct-2003: Upgraded package: P<apache-1.3.29-20031028> 28-Oct-2003: Upgraded package: P<postfix-2.0.16-20031028> @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]