move CVE patches to the correct number; fix peruser to check for chroot

author: Benedikt Boehm <hollow@gentoo.org> 2007-08-01 19:47:14 +0000
committer: Benedikt Boehm <hollow@gentoo.org> 2007-08-01 19:47:14 +0000
commit: f87bdec29983f8d0bd3e98718eec235b5773051d (patch)
tree: ad5ce5264f810d6b7349a0f11ca9b77411946ec3
parent: add various CVE patches backported from 2.2.5-dev; fix mpm-itk patch (diff)
download: apache-f87bdec29983f8d0bd3e98718eec235b5773051d.tar.gz
apache-f87bdec29983f8d0bd3e98718eec235b5773051d.tar.bz2
apache-f87bdec29983f8d0bd3e98718eec235b5773051d.zip
5 files changed, 94 insertions, 19 deletions
diff --git a/2.2/patches/22_all_peruser_0.2.1_chroot-check.patch b/2.2/patches/22_all_peruser_0.2.1_chroot-check.patch
new file mode 100644
index 0000000..088d06d
--- /dev/null
+++ b/2.2/patches/22_all_peruser_0.2.1_chroot-check.patch
@@ -0,0 +1,51 @@
+Index: httpd-2.2.4/server/mpm/experimental/peruser/peruser.c
+===================================================================
+--- httpd-2.2.4.orig/server/mpm/experimental/peruser/peruser.c
++++ httpd-2.2.4/server/mpm/experimental/peruser/peruser.c
+@@ -1813,7 +1813,7 @@ static const char* child_clone()
+ }
+ 
+ static const char* child_add(int type, int status,
+-                             uid_t uid, gid_t gid, const char* chroot)
++                             apr_pool_t *pool, uid_t uid, gid_t gid, const char* chroot)
+ {
+     _DBG("adding child #%d", NUM_CHILDS);
+ 
+@@ -1823,6 +1823,9 @@ static const char* child_add(int type, i
+                "Increase NumServers in your config file.";
+     }
+ 
++	if (chroot && !ap_is_directory(pool, chroot))
++		return apr_psprintf(pool, "Error: chroot directory [%s] does not exist", chroot);
++
+     CHILD_INFO_TABLE[NUM_CHILDS].senv = senv_add(uid, gid, chroot);
+ 
+     if(CHILD_INFO_TABLE[NUM_CHILDS].senv == NULL)
+@@ -2735,7 +2738,7 @@ static const char *cf_Processor(cmd_parm
+         user_name, uid, group_name, gid, chroot);
+ 
+     return child_add(CHILD_TYPE_PROCESSOR, CHILD_STATUS_STANDBY,
+-                     uid, gid, chroot);
++                     cmd->pool, uid, gid, chroot);
+ }
+ 
+ /* we define an Multiplexer child w/ specific uid/gid */
+@@ -2749,7 +2752,7 @@ static const char *cf_Multiplexer(cmd_pa
+         user_name, uid, group_name, gid, chroot, NUM_CHILDS);
+ 
+     return child_add(CHILD_TYPE_MULTIPLEXER, CHILD_STATUS_STARTING,
+-                     uid, gid, chroot);
++                     cmd->pool, uid, gid, chroot);
+ }
+ 
+ static const char* cf_ServerEnvironment(cmd_parms *cmd, void *dummy,
+@@ -2761,6 +2764,9 @@ static const char* cf_ServerEnvironment(
+ 
+     _DBG("function entered", 0);
+ 
++	if (chroot && !ap_is_directory(cmd->pool, chroot))
++		return apr_psprintf(cmd->pool, "Error: chroot directory [%s] does not exist", chroot);
++
+     sconf->senv = senv_add(uid, gid, chroot);
+ 
+     _DBG("user=%s:%d group=%s:%d chroot=%s numchilds=%d",
diff --git a/2.2/patches/10_all_CVE-2006-5752.patch b/2.2/patches/80_all_CVE-2006-5752.patch
index cbf3297..cbf3297 100644
--- a/2.2/patches/10_all_CVE-2006-5752.patch
+++ b/2.2/patches/80_all_CVE-2006-5752.patch
diff --git a/2.2/patches/11_all_CVE-2007-1862.patch b/2.2/patches/81_all_CVE-2007-1862.patch
index 17e6cc5..17e6cc5 100644
--- a/2.2/patches/11_all_CVE-2007-1862.patch
+++ b/2.2/patches/81_all_CVE-2007-1862.patch
diff --git a/2.2/patches/12_all_CVE-2007-1863.patch b/2.2/patches/82_all_CVE-2007-1863.patch
index 41c3ba7..41c3ba7 100644
--- a/2.2/patches/12_all_CVE-2007-1863.patch
+++ b/2.2/patches/82_all_CVE-2007-1863.patch
diff --git a/2.2/patches/13_all_CVE-2007-3304.patch b/2.2/patches/83_all_CVE-2007-3304.patch
index 32a1af2..0cd7a60 100644
--- a/2.2/patches/13_all_CVE-2007-3304.patch
+++ b/2.2/patches/83_all_CVE-2007-3304.patch
@@ -1,6 +1,8 @@
---- httpd-2.2.3/include/mpm_common.h.cve3304
-+++ httpd-2.2.3/include/mpm_common.h
-@@ -145,6 +145,17 @@
+Index: httpd-2.2.4/include/mpm_common.h
+===================================================================
+--- httpd-2.2.4.orig/include/mpm_common.h
++++ httpd-2.2.4/include/mpm_common.h
+@@ -145,6 +145,17 @@ int ap_unregister_extra_mpm_process(pid_
  #endif
  
  /**
@@ -18,9 +20,11 @@
   * Determine if any child process has died.  If no child process died, then
   * this process sleeps for the amount of time specified by the MPM defined
   * macro SCOREBOARD_MAINTENANCE_INTERVAL.
---- httpd-2.2.3/server/mpm_common.c.cve3304
-+++ httpd-2.2.3/server/mpm_common.c
-@@ -126,6 +126,10 @@
+Index: httpd-2.2.4/server/mpm_common.c
+===================================================================
+--- httpd-2.2.4.orig/server/mpm_common.c
++++ httpd-2.2.4/server/mpm_common.c
+@@ -126,6 +126,10 @@ static int reclaim_one_pid(pid_t pid, ac
      apr_proc_t proc;
      apr_status_t waitret;
  
@@ -31,7 +35,7 @@
      proc.pid = pid;
      waitret = apr_proc_wait(&proc, NULL, NULL, APR_NOWAIT);
      if (waitret != APR_CHILD_NOTDONE) {
-@@ -305,6 +309,16 @@
+@@ -305,6 +309,16 @@ void ap_relieve_child_processes(void)
          cur_extra = next;
      }
  }
@@ -48,9 +52,11 @@
  #endif /* AP_MPM_WANT_RECLAIM_CHILD_PROCESSES */
  
  #ifdef AP_MPM_WANT_WAIT_OR_TIMEOUT
---- httpd-2.2.3/server/mpm/prefork/prefork.c.cve3304
-+++ httpd-2.2.3/server/mpm/prefork/prefork.c
-@@ -1127,7 +1127,7 @@
+Index: httpd-2.2.4/server/mpm/prefork/prefork.c
+===================================================================
+--- httpd-2.2.4.orig/server/mpm/prefork/prefork.c
++++ httpd-2.2.4/server/mpm/prefork/prefork.c
+@@ -1127,7 +1127,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p
          for (index = 0; index < ap_daemons_limit; ++index) {
              if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) {
                  /* Ask each child to close its listeners. */
@@ -59,7 +65,7 @@
                  active_children++;
              }
          }
-@@ -1166,7 +1166,7 @@
+@@ -1166,7 +1166,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p
              active_children = 0;
              for (index = 0; index < ap_daemons_limit; ++index) {
                  if (MPM_CHILD_PID(index) != 0) {
@@ -68,7 +74,7 @@
                              active_children = 1;
                              /* Having just one child is enough to stay around */
                              break;
-@@ -1222,7 +1222,7 @@
+@@ -1222,7 +1222,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p
                   * piped loggers, etc. They almost certainly won't handle
                   * it gracefully.
                   */
@@ -77,8 +83,10 @@
              }
          }
      }
---- httpd-2.2.3/server/mpm/prefork/mpm.h.cve3304
-+++ httpd-2.2.3/server/mpm/prefork/mpm.h
+Index: httpd-2.2.4/server/mpm/prefork/mpm.h
+===================================================================
+--- httpd-2.2.4.orig/server/mpm/prefork/mpm.h
++++ httpd-2.2.4/server/mpm/prefork/mpm.h
 @@ -53,6 +53,7 @@
  #define AP_MPM_USES_POD 1
  #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
@@ -87,9 +95,11 @@
  #define MPM_ACCEPT_FUNC unixd_accept
  
  extern int ap_threads_per_child;
---- httpd-2.2.3/server/mpm/worker/worker.c.cve3304
-+++ httpd-2.2.3/server/mpm/worker/worker.c
-@@ -1814,7 +1814,7 @@
+Index: httpd-2.2.4/server/mpm/worker/worker.c
+===================================================================
+--- httpd-2.2.4.orig/server/mpm/worker/worker.c
++++ httpd-2.2.4/server/mpm/worker/worker.c
+@@ -1814,7 +1814,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p
              active_children = 0;
              for (index = 0; index < ap_daemons_limit; ++index) {
                  if (MPM_CHILD_PID(index) != 0) {
@@ -98,8 +108,10 @@
                              active_children = 1;
                              /* Having just one child is enough to stay around */
                              break;
---- httpd-2.2.3/server/mpm/worker/mpm.h.cve3304
-+++ httpd-2.2.3/server/mpm/worker/mpm.h
+Index: httpd-2.2.4/server/mpm/worker/mpm.h
+===================================================================
+--- httpd-2.2.4.orig/server/mpm/worker/mpm.h
++++ httpd-2.2.4/server/mpm/worker/mpm.h
 @@ -52,6 +52,7 @@
  #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
  #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
@@ -108,3 +120,15 @@
  
  extern int ap_threads_per_child;
  extern int ap_max_daemons_limit;
+Index: httpd-2.2.4/server/mpm/experimental/peruser/mpm.h
+===================================================================
+--- httpd-2.2.4.orig/server/mpm/experimental/peruser/mpm.h
++++ httpd-2.2.4/server/mpm/experimental/peruser/mpm.h
+@@ -85,6 +85,7 @@
+ #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
+ #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
+ #define MPM_ACCEPT_FUNC unixd_accept
++#define MPM_VALID_PID(p) (getpgid(p) == getpgrp())
+ 
+ extern int ap_threads_per_child;
+ extern int ap_max_daemons_limit;
author	Benedikt Boehm <hollow@gentoo.org>	2007-08-01 19:47:14 +0000
committer	Benedikt Boehm <hollow@gentoo.org>	2007-08-01 19:47:14 +0000
commit	f87bdec29983f8d0bd3e98718eec235b5773051d (patch)
tree	ad5ce5264f810d6b7349a0f11ca9b77411946ec3
parent	add various CVE patches backported from 2.2.5-dev; fix mpm-itk patch (diff)
download	apache-f87bdec29983f8d0bd3e98718eec235b5773051d.tar.gz apache-f87bdec29983f8d0bd3e98718eec235b5773051d.tar.bz2 apache-f87bdec29983f8d0bd3e98718eec235b5773051d.zip