rpms/httpd/devel httpd-2.2.0-CVE-2005-3352.patch, NONE, 1.1 httpd-2.2.0-CVE-2005-3357.patch, NONE, 1.1 httpd-2.2.0-cppheader.patch, NONE, 1.1 httpd.conf, 1.23, 1.24 httpd.spec, 1.83, 1.84
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Feb 3 10:06:10 UTC 2006
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.135, 1.136 glibc-fedora.patch, 1.128, 1.129 glibc.spec, 1.217, 1.218 sources, 1.157, 1.158 glibc-math_h.patch, 1.1, NONE
- Next message (by thread): rpms/hplip/devel hplip-0.9.8-2.patch, NONE, 1.1 hplip.spec, 1.42, 1.43 hplip-0.9.8-1.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jorton
Update of /cvs/dist/rpms/httpd/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv30694
Modified Files:
httpd.conf httpd.spec
Added Files:
httpd-2.2.0-CVE-2005-3352.patch
httpd-2.2.0-CVE-2005-3357.patch httpd-2.2.0-cppheader.patch
Log Message:
* Fri Feb 3 2006 Joe Orton <jorton at redhat.com> 2.2.0-5
- mod_ssl: add security fix for CVE-2005-3357 (#177914)
- mod_imagemap: add security fix for CVE-2005-3352 (#177913)
- add fix for AP_INIT_* designated initializers with C++ compilers
- httpd.conf: enable HTMLTable in default IndexOptions
- httpd.conf: add more "redirect-carefully" matches for DAV clients
httpd-2.2.0-CVE-2005-3352.patch:
modules/mappers/mod_imagemap.c | 2 +-
server/util.c | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
--- NEW FILE httpd-2.2.0-CVE-2005-3352.patch ---
Author: mjc
Date: Mon Dec 12 09:27:59 2005
New Revision: 356291
URL: http://svn.apache.org/viewcvs?rev=356291&view=rev
Log:
Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw
Submitted by: Mark Cox <mjc apache.org>
Reviewed by: jorton, mjc, fielding
PR: 37874
--- httpd-2.2.0/modules/mappers/mod_imagemap.c.cve3352
+++ httpd-2.2.0/modules/mappers/mod_imagemap.c
@@ -342,7 +342,7 @@
if (!strcasecmp(value, "referer")) {
referer = apr_table_get(r->headers_in, "Referer");
if (referer && *referer) {
- return apr_pstrdup(r->pool, referer);
+ return ap_escape_html(r->pool, referer);
}
else {
/* XXX: This used to do *value = '\0'; ... which is totally bogus
--- httpd-2.2.0/server/util.c.cve3352
+++ httpd-2.2.0/server/util.c
@@ -1748,6 +1748,8 @@
j += 3;
else if (s[i] == '&')
j += 4;
+ else if (s[i] == '"')
+ j += 5;
if (j == 0)
return apr_pstrmemdup(p, s, i);
@@ -1766,6 +1768,10 @@
memcpy(&x[j], "&", 5);
j += 4;
}
+ else if (s[i] == '"') {
+ memcpy(&x[j], """, 6);
+ j += 5;
+ }
else
x[j] = s[i];
httpd-2.2.0-CVE-2005-3357.patch:
ssl_engine_kernel.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
--- NEW FILE httpd-2.2.0-CVE-2005-3357.patch ---
Author: jorton
Date: Fri Jan 13 06:21:42 2006
New Revision: 368730
URL: http://svn.apache.org/viewcvs?rev=368730&view=rev
Log:
Merge r354394 from trunk:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further
access control checks if SSL is not in use regardless of vhost
settings.
Submitted by: Rüdiger Plüm, Joe Orton
Reviewed by: rpluem, jorton, jim
PR: 37791
--- httpd-2.2.0/modules/ssl/ssl_engine_kernel.c.cve3357
+++ httpd-2.2.0/modules/ssl/ssl_engine_kernel.c
@@ -202,11 +202,14 @@
}
/*
- * Check to see if SSL protocol is on
+ * Check to see whether SSL is in use; if it's not, then no
+ * further access control checks are relevant. (the test for
+ * sc->enabled is probably strictly unnecessary)
*/
- if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
+ if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
return DECLINED;
}
+
/*
* Support for per-directory reconfigured SSL connection parameters.
*
httpd-2.2.0-cppheader.patch:
configure.in | 4 ----
include/ap_config.h | 8 ++++++++
2 files changed, 8 insertions(+), 4 deletions(-)
--- NEW FILE httpd-2.2.0-cppheader.patch ---
--- httpd-2.2.0/include/ap_config.h.cppheader
+++ httpd-2.2.0/include/ap_config.h
@@ -252,4 +252,12 @@
#define AP_HAVE_RELIABLE_PIPED_LOGS TRUE
#endif
+/* Presume that the compiler supports C99-style designated
+ * initializers if using GCC (but not G++), or for any other compiler
+ * which claims C99 support. */
+#if (defined(__GNUC__) && !defined(__cplusplus)) \
+ || (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L)
+#define AP_HAVE_DESIGNATED_INITIALIZER
+#endif
+
#endif /* AP_CONFIG_H */
--- httpd-2.2.0/configure.in.cppheader
+++ httpd-2.2.0/configure.in
@@ -360,10 +360,6 @@
dnl ## Check for typedefs, structures, and compiler characteristics.
AC_C_CONST
-if test "x$GCC" = "xyes"; then
- AC_DEFINE([AP_HAVE_DESIGNATED_INITIALIZER], 1,
- [Define if the compiler supports designated initializers])
-fi
dnl ## Check for library functions
AC_SEARCH_LIBS(sqrt, m)
Index: httpd.conf
===================================================================
RCS file: /cvs/dist/rpms/httpd/devel/httpd.conf,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- httpd.conf 5 Dec 2005 17:26:03 -0000 1.23
+++ httpd.conf 3 Feb 2006 10:06:08 -0000 1.24
@@ -588,7 +588,7 @@
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
-IndexOptions FancyIndexing VersionSort NameWidth=*
+IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
#
# AddIcon* directives tell the server which icon to show for different
@@ -887,9 +887,12 @@
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
-BrowserMatch "^gnome-vfs" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
#
# Allow server status reports generated by mod_status,
Index: httpd.spec
===================================================================
RCS file: /cvs/dist/rpms/httpd/devel/httpd.spec,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- httpd.spec 5 Jan 2006 11:49:42 -0000 1.83
+++ httpd.spec 3 Feb 2006 10:06:08 -0000 1.84
@@ -7,7 +7,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.2.0
-Release: 4
+Release: 5
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
Source1: index.html
@@ -41,7 +41,11 @@
# Bug fixes
Patch50: httpd-2.0.45-encode.patch
Patch51: httpd-2.2.0-headclength.patch
-patch52: httpd-2.2.0-ajpcookie.patch
+Patch52: httpd-2.2.0-ajpcookie.patch
+Patch53: httpd-2.2.0-cppheader.patch
+# Security fixes
+Patch200: httpd-2.2.0-CVE-2005-3352.patch
+Patch201: httpd-2.2.0-CVE-2005-3357.patch
License: Apache Software License
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-root
@@ -121,6 +125,10 @@
%patch50 -p1
%patch51 -p1 -b .headclength
%patch52 -p1 -b .ajpcookie
+%patch53 -p1 -b .cppheader
+
+%patch200 -p1 -b .cve3352
+%patch201 -p1 -b .cve3352
# Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@@ -481,6 +489,13 @@
%{_libdir}/httpd/build/*.sh
%changelog
+* Fri Feb 3 2006 Joe Orton <jorton at redhat.com> 2.2.0-5
+- mod_ssl: add security fix for CVE-2005-3357 (#177914)
+- mod_imagemap: add security fix for CVE-2005-3352 (#177913)
+- add fix for AP_INIT_* designated initializers with C++ compilers
+- httpd.conf: enable HTMLTable in default IndexOptions
+- httpd.conf: add more "redirect-carefully" matches for DAV clients
+
* Thu Jan 5 2006 Joe Orton <jorton at redhat.com> 2.2.0-4
- mod_proxy_ajp: fix Cookie handling (Mladen Turk, r358769)
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.135, 1.136 glibc-fedora.patch, 1.128, 1.129 glibc.spec, 1.217, 1.218 sources, 1.157, 1.158 glibc-math_h.patch, 1.1, NONE
- Next message (by thread): rpms/hplip/devel hplip-0.9.8-2.patch, NONE, 1.1 hplip.spec, 1.42, 1.43 hplip-0.9.8-1.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list