diff options
author | Benedikt Boehm <hollow@gentoo.org> | 2007-08-01 19:47:14 +0000 |
---|---|---|
committer | Benedikt Boehm <hollow@gentoo.org> | 2007-08-01 19:47:14 +0000 |
commit | f87bdec29983f8d0bd3e98718eec235b5773051d (patch) | |
tree | ad5ce5264f810d6b7349a0f11ca9b77411946ec3 | |
parent | add various CVE patches backported from 2.2.5-dev; fix mpm-itk patch (diff) | |
download | apache-f87bdec29983f8d0bd3e98718eec235b5773051d.tar.gz apache-f87bdec29983f8d0bd3e98718eec235b5773051d.tar.bz2 apache-f87bdec29983f8d0bd3e98718eec235b5773051d.zip |
move CVE patches to the correct number; fix peruser to check for chroot
-rw-r--r-- | 2.2/patches/22_all_peruser_0.2.1_chroot-check.patch | 51 | ||||
-rw-r--r-- | 2.2/patches/80_all_CVE-2006-5752.patch (renamed from 2.2/patches/10_all_CVE-2006-5752.patch) | 0 | ||||
-rw-r--r-- | 2.2/patches/81_all_CVE-2007-1862.patch (renamed from 2.2/patches/11_all_CVE-2007-1862.patch) | 0 | ||||
-rw-r--r-- | 2.2/patches/82_all_CVE-2007-1863.patch (renamed from 2.2/patches/12_all_CVE-2007-1863.patch) | 0 | ||||
-rw-r--r-- | 2.2/patches/83_all_CVE-2007-3304.patch (renamed from 2.2/patches/13_all_CVE-2007-3304.patch) | 62 |
5 files changed, 94 insertions, 19 deletions
diff --git a/2.2/patches/22_all_peruser_0.2.1_chroot-check.patch b/2.2/patches/22_all_peruser_0.2.1_chroot-check.patch new file mode 100644 index 0000000..088d06d --- /dev/null +++ b/2.2/patches/22_all_peruser_0.2.1_chroot-check.patch @@ -0,0 +1,51 @@ +Index: httpd-2.2.4/server/mpm/experimental/peruser/peruser.c +=================================================================== +--- httpd-2.2.4.orig/server/mpm/experimental/peruser/peruser.c ++++ httpd-2.2.4/server/mpm/experimental/peruser/peruser.c +@@ -1813,7 +1813,7 @@ static const char* child_clone() + } + + static const char* child_add(int type, int status, +- uid_t uid, gid_t gid, const char* chroot) ++ apr_pool_t *pool, uid_t uid, gid_t gid, const char* chroot) + { + _DBG("adding child #%d", NUM_CHILDS); + +@@ -1823,6 +1823,9 @@ static const char* child_add(int type, i + "Increase NumServers in your config file."; + } + ++ if (chroot && !ap_is_directory(pool, chroot)) ++ return apr_psprintf(pool, "Error: chroot directory [%s] does not exist", chroot); ++ + CHILD_INFO_TABLE[NUM_CHILDS].senv = senv_add(uid, gid, chroot); + + if(CHILD_INFO_TABLE[NUM_CHILDS].senv == NULL) +@@ -2735,7 +2738,7 @@ static const char *cf_Processor(cmd_parm + user_name, uid, group_name, gid, chroot); + + return child_add(CHILD_TYPE_PROCESSOR, CHILD_STATUS_STANDBY, +- uid, gid, chroot); ++ cmd->pool, uid, gid, chroot); + } + + /* we define an Multiplexer child w/ specific uid/gid */ +@@ -2749,7 +2752,7 @@ static const char *cf_Multiplexer(cmd_pa + user_name, uid, group_name, gid, chroot, NUM_CHILDS); + + return child_add(CHILD_TYPE_MULTIPLEXER, CHILD_STATUS_STARTING, +- uid, gid, chroot); ++ cmd->pool, uid, gid, chroot); + } + + static const char* cf_ServerEnvironment(cmd_parms *cmd, void *dummy, +@@ -2761,6 +2764,9 @@ static const char* cf_ServerEnvironment( + + _DBG("function entered", 0); + ++ if (chroot && !ap_is_directory(cmd->pool, chroot)) ++ return apr_psprintf(cmd->pool, "Error: chroot directory [%s] does not exist", chroot); ++ + sconf->senv = senv_add(uid, gid, chroot); + + _DBG("user=%s:%d group=%s:%d chroot=%s numchilds=%d", diff --git a/2.2/patches/10_all_CVE-2006-5752.patch b/2.2/patches/80_all_CVE-2006-5752.patch index cbf3297..cbf3297 100644 --- a/2.2/patches/10_all_CVE-2006-5752.patch +++ b/2.2/patches/80_all_CVE-2006-5752.patch diff --git a/2.2/patches/11_all_CVE-2007-1862.patch b/2.2/patches/81_all_CVE-2007-1862.patch index 17e6cc5..17e6cc5 100644 --- a/2.2/patches/11_all_CVE-2007-1862.patch +++ b/2.2/patches/81_all_CVE-2007-1862.patch diff --git a/2.2/patches/12_all_CVE-2007-1863.patch b/2.2/patches/82_all_CVE-2007-1863.patch index 41c3ba7..41c3ba7 100644 --- a/2.2/patches/12_all_CVE-2007-1863.patch +++ b/2.2/patches/82_all_CVE-2007-1863.patch diff --git a/2.2/patches/13_all_CVE-2007-3304.patch b/2.2/patches/83_all_CVE-2007-3304.patch index 32a1af2..0cd7a60 100644 --- a/2.2/patches/13_all_CVE-2007-3304.patch +++ b/2.2/patches/83_all_CVE-2007-3304.patch @@ -1,6 +1,8 @@ ---- httpd-2.2.3/include/mpm_common.h.cve3304 -+++ httpd-2.2.3/include/mpm_common.h -@@ -145,6 +145,17 @@ +Index: httpd-2.2.4/include/mpm_common.h +=================================================================== +--- httpd-2.2.4.orig/include/mpm_common.h ++++ httpd-2.2.4/include/mpm_common.h +@@ -145,6 +145,17 @@ int ap_unregister_extra_mpm_process(pid_ #endif /** @@ -18,9 +20,11 @@ * Determine if any child process has died. If no child process died, then * this process sleeps for the amount of time specified by the MPM defined * macro SCOREBOARD_MAINTENANCE_INTERVAL. ---- httpd-2.2.3/server/mpm_common.c.cve3304 -+++ httpd-2.2.3/server/mpm_common.c -@@ -126,6 +126,10 @@ +Index: httpd-2.2.4/server/mpm_common.c +=================================================================== +--- httpd-2.2.4.orig/server/mpm_common.c ++++ httpd-2.2.4/server/mpm_common.c +@@ -126,6 +126,10 @@ static int reclaim_one_pid(pid_t pid, ac apr_proc_t proc; apr_status_t waitret; @@ -31,7 +35,7 @@ proc.pid = pid; waitret = apr_proc_wait(&proc, NULL, NULL, APR_NOWAIT); if (waitret != APR_CHILD_NOTDONE) { -@@ -305,6 +309,16 @@ +@@ -305,6 +309,16 @@ void ap_relieve_child_processes(void) cur_extra = next; } } @@ -48,9 +52,11 @@ #endif /* AP_MPM_WANT_RECLAIM_CHILD_PROCESSES */ #ifdef AP_MPM_WANT_WAIT_OR_TIMEOUT ---- httpd-2.2.3/server/mpm/prefork/prefork.c.cve3304 -+++ httpd-2.2.3/server/mpm/prefork/prefork.c -@@ -1127,7 +1127,7 @@ +Index: httpd-2.2.4/server/mpm/prefork/prefork.c +=================================================================== +--- httpd-2.2.4.orig/server/mpm/prefork/prefork.c ++++ httpd-2.2.4/server/mpm/prefork/prefork.c +@@ -1127,7 +1127,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p for (index = 0; index < ap_daemons_limit; ++index) { if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { /* Ask each child to close its listeners. */ @@ -59,7 +65,7 @@ active_children++; } } -@@ -1166,7 +1166,7 @@ +@@ -1166,7 +1166,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p active_children = 0; for (index = 0; index < ap_daemons_limit; ++index) { if (MPM_CHILD_PID(index) != 0) { @@ -68,7 +74,7 @@ active_children = 1; /* Having just one child is enough to stay around */ break; -@@ -1222,7 +1222,7 @@ +@@ -1222,7 +1222,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p * piped loggers, etc. They almost certainly won't handle * it gracefully. */ @@ -77,8 +83,10 @@ } } } ---- httpd-2.2.3/server/mpm/prefork/mpm.h.cve3304 -+++ httpd-2.2.3/server/mpm/prefork/mpm.h +Index: httpd-2.2.4/server/mpm/prefork/mpm.h +=================================================================== +--- httpd-2.2.4.orig/server/mpm/prefork/mpm.h ++++ httpd-2.2.4/server/mpm/prefork/mpm.h @@ -53,6 +53,7 @@ #define AP_MPM_USES_POD 1 #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) @@ -87,9 +95,11 @@ #define MPM_ACCEPT_FUNC unixd_accept extern int ap_threads_per_child; ---- httpd-2.2.3/server/mpm/worker/worker.c.cve3304 -+++ httpd-2.2.3/server/mpm/worker/worker.c -@@ -1814,7 +1814,7 @@ +Index: httpd-2.2.4/server/mpm/worker/worker.c +=================================================================== +--- httpd-2.2.4.orig/server/mpm/worker/worker.c ++++ httpd-2.2.4/server/mpm/worker/worker.c +@@ -1814,7 +1814,7 @@ int ap_mpm_run(apr_pool_t *_pconf, apr_p active_children = 0; for (index = 0; index < ap_daemons_limit; ++index) { if (MPM_CHILD_PID(index) != 0) { @@ -98,8 +108,10 @@ active_children = 1; /* Having just one child is enough to stay around */ break; ---- httpd-2.2.3/server/mpm/worker/mpm.h.cve3304 -+++ httpd-2.2.3/server/mpm/worker/mpm.h +Index: httpd-2.2.4/server/mpm/worker/mpm.h +=================================================================== +--- httpd-2.2.4.orig/server/mpm/worker/mpm.h ++++ httpd-2.2.4/server/mpm/worker/mpm.h @@ -52,6 +52,7 @@ #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) @@ -108,3 +120,15 @@ extern int ap_threads_per_child; extern int ap_max_daemons_limit; +Index: httpd-2.2.4/server/mpm/experimental/peruser/mpm.h +=================================================================== +--- httpd-2.2.4.orig/server/mpm/experimental/peruser/mpm.h ++++ httpd-2.2.4/server/mpm/experimental/peruser/mpm.h +@@ -85,6 +85,7 @@ + #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) + #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) + #define MPM_ACCEPT_FUNC unixd_accept ++#define MPM_VALID_PID(p) (getpgid(p) == getpgrp()) + + extern int ap_threads_per_child; + extern int ap_max_daemons_limit; |