diff options
| author |   Benedikt Boehm <hollow@gentoo.org> | 2008-01-07 22:37:26 +0000 |
|---|---|---|
| committer | Benedikt Boehm <hollow@gentoo.org> | 2008-01-07 22:37:26 +0000 |
| commit | 7b914cc26349b5c7e7849be1cb09eaf16639cd28 (patch) | |
| tree | fe086e586fc34dd1867edaa9dd9bb08c297104a7 /2.2 | |
| parent | use localhost as default ServerName, otherwise virtual hosts for the FQDN wil... (diff) | |
| download | apache-7b914cc26349b5c7e7849be1cb09eaf16639cd28.tar.gz apache-7b914cc26349b5c7e7849be1cb09eaf16639cd28.tar.bz2 apache-7b914cc26349b5c7e7849be1cb09eaf16639cd28.zip | |
add recent CVE patches
Diffstat (limited to '2.2')
| -rw-r--r-- | 2.2/patches/07_all_CVE-2007-6388.patch | 43 | ||||
| -rw-r--r-- | 2.2/patches/08_all_CVE-2007-6421.patch | 32 | ||||
| -rw-r--r-- | 2.2/patches/09_all_CVE-2007-6422.patch | 13 |
3 files changed, 88 insertions, 0 deletions
diff --git a/2.2/patches/07_all_CVE-2007-6388.patch b/2.2/patches/07_all_CVE-2007-6388.patch new file mode 100644 index 0000000..95c3e7e --- /dev/null +++ b/2.2/patches/07_all_CVE-2007-6388.patch @@ -0,0 +1,43 @@ +Index: httpd-2.2.6/modules/generators/mod_status.c +=================================================================== +--- httpd-2.2.6.orig/modules/generators/mod_status.c ++++ httpd-2.2.6/modules/generators/mod_status.c +@@ -71,6 +71,7 @@ + #endif + #define APR_WANT_STRFUNC + #include "apr_want.h" ++#include "apr_strings.h" + + #ifdef NEXT + #if (NX_CURRENT_COMPILER_RELEASE == 410) +@@ -282,19 +283,18 @@ static int status_handler(request_rec *r + if ((loc = ap_strstr_c(r->args, + status_options[i].form_data_str)) != NULL) { + switch (status_options[i].id) { +- case STAT_OPT_REFRESH: +- if (*(loc + strlen(status_options[i].form_data_str)) == '=' +- && atol(loc + strlen(status_options[i].form_data_str) +- + 1) > 0) +- apr_table_set(r->headers_out, +- status_options[i].hdr_out_str, +- loc + +- strlen(status_options[i].hdr_out_str) + +- 1); +- else +- apr_table_set(r->headers_out, +- status_options[i].hdr_out_str, "1"); ++ case STAT_OPT_REFRESH: { ++ apr_size_t len = strlen(status_options[i].form_data_str); ++ long t = 0; ++ ++ if (*(loc + len ) == '=') { ++ t = atol(loc + len + 1); ++ } ++ apr_table_set(r->headers_out, ++ status_options[i].hdr_out_str, ++ apr_ltoa(r->pool, t < 1 ? 1 : t)); + break; ++ } + case STAT_OPT_NOTABLE: + no_table_report = 1; + break; diff --git a/2.2/patches/08_all_CVE-2007-6421.patch b/2.2/patches/08_all_CVE-2007-6421.patch new file mode 100644 index 0000000..d15b5a1 --- /dev/null +++ b/2.2/patches/08_all_CVE-2007-6421.patch @@ -0,0 +1,32 @@ +Index: httpd-2.2.6/modules/proxy/mod_proxy_balancer.c +=================================================================== +--- httpd-2.2.6.orig/modules/proxy/mod_proxy_balancer.c ++++ httpd-2.2.6/modules/proxy/mod_proxy_balancer.c +@@ -769,8 +769,10 @@ static int balancer_handler(request_rec + ap_escape_uri(r->pool, worker->name), + "\">", NULL); + ap_rvputs(r, worker->name, "</a></td>", NULL); +- ap_rvputs(r, "<td>", worker->s->route, NULL); +- ap_rvputs(r, "</td><td>", worker->s->redirect, NULL); ++ ap_rvputs(r, "<td>", ap_escape_html(r->pool, worker->s->route), ++ NULL); ++ ap_rvputs(r, "</td><td>", ++ ap_escape_html(r->pool, worker->s->redirect), NULL); + ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor); + ap_rprintf(r, "<td>%d</td><td>", worker->s->lbset); + if (worker->s->status & PROXY_WORKER_DISABLED) +@@ -808,10 +810,12 @@ static int balancer_handler(request_rec + ap_rputs("<tr><td>LB Set:</td><td><input name=\"ls\" type=text ", r); + ap_rprintf(r, "value=\"%d\"></td></tr>\n", wsel->s->lbset); + ap_rputs("<tr><td>Route:</td><td><input name=\"wr\" type=text ", r); +- ap_rvputs(r, "value=\"", wsel->route, NULL); ++ ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->route), ++ NULL); + ap_rputs("\"></td></tr>\n", r); + ap_rputs("<tr><td>Route Redirect:</td><td><input name=\"rr\" type=text ", r); +- ap_rvputs(r, "value=\"", wsel->redirect, NULL); ++ ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->redirect), ++ NULL); + ap_rputs("\"></td></tr>\n", r); + ap_rputs("<tr><td>Status:</td><td>Disabled: <input name=\"dw\" value=\"Disable\" type=radio", r); + if (wsel->s->status & PROXY_WORKER_DISABLED) diff --git a/2.2/patches/09_all_CVE-2007-6422.patch b/2.2/patches/09_all_CVE-2007-6422.patch new file mode 100644 index 0000000..930d545 --- /dev/null +++ b/2.2/patches/09_all_CVE-2007-6422.patch @@ -0,0 +1,13 @@ +Index: httpd-2.2.6/modules/proxy/mod_proxy_balancer.c +=================================================================== +--- httpd-2.2.6.orig/modules/proxy/mod_proxy_balancer.c ++++ httpd-2.2.6/modules/proxy/mod_proxy_balancer.c +@@ -622,7 +622,7 @@ static int balancer_handler(request_rec + proxy_worker *ws; + + ws = ap_proxy_get_worker(r->pool, conf, name); +- if (ws) { ++ if (bsel && ws) { + worker = (proxy_worker *)bsel->workers->elts; + for (n = 0; n < bsel->workers->nelts; n++) { + if (strcasecmp(worker->name, ws->name) == 0) { |