commit apache2 for openSUSE:Factory

2 Apr 2012

Hello community,

here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2012-04-02 10:50:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
 and      /work/SRC/openSUSE:Factory/.apache2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2", Maintainer is "draht@suse.com"

Changes:
--------

--- /work/SRC/openSUSE:Factory/apache2/apache2.changes	2012-02-22 12:02:05.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.apache2.new/apache2.changes	2012-04-02 10:50:37.000000000 +0200
@@ -1,0 +2,5 @@
+Tue Mar 20 14:05:49 UTC 2012 - adrian@suse.de
+
+- fix truncating and resulting paniking of answer headers (bnc#690734)
+
+-------------------------------------------------------------------

New:
----
  httpd-2.2.x-bnc690734.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.l7etHi/_old	2012-04-02 10:50:43.000000000 +0200
+++ /var/tmp/diff_new_pack.l7etHi/_new	2012-04-02 10:50:43.000000000 +0200
@@ -16,7 +16,6 @@
 #
 
 
-
 Name:           apache2
 BuildRequires:  automake
 BuildRequires:  db-devel
@@ -139,6 +138,7 @@
 Patch66:        httpd-2.0.54-envvars.dif
 Patch67:        httpd-2.2.0-apxs-a2enmod.dif
 Patch68:        httpd-2.x.x-logresolve.patch
+Patch69:        httpd-2.2.x-bnc690734.patch
 Patch100:       apache2.2-mpm-itk-20090414-00.patch
 Patch101:       httpd-2.2.19-linux3.patch
 Patch102:       httpd-keepalivetimeout-millisecs.patch
@@ -152,15 +152,19 @@
 Summary:        The Apache Web Server Version 2.2
 License:        Apache-2.0
 Group:          Productivity/Networking/Web/Servers
-Provides:       httpd http_daemon %{apache_mmn} suse_help_viewer
-Requires:       %{pname}-MPM /etc/mime.types
+Provides:       %{apache_mmn}
+Provides:       http_daemon
+Provides:       httpd
+Provides:       suse_help_viewer
+Requires:       %{pname}-MPM
+Requires:       /etc/mime.types
 PreReq:         %{name}-utils
 Requires:       logrotate
 # in the past, libapr1 >= 1.0 was sufficient. But since 2.2.16, a failure to
 # create listen sockets can occur, unless newer libapr1 is used, with certain kernels.
 # see https://bugzilla.redhat.com/show_bug.cgi?id=516331
-Requires:       libapr1 >= 1.4.2
 Requires:       libapr1 < 2.0
+Requires:       libapr1 >= 1.4.2
 %{?systemd_requires}
 PreReq:         fileutils textutils grep sed 
 %if %{?suse_version:1}0
@@ -297,9 +301,12 @@
 %package devel
 Summary:        Apache 2.2 Header and Include Files
 Group:          Development/Libraries/C and C++
-Requires:       %{name} = %{version} %{pname}-MPM
-Requires:       libapr1-devel libapr-util1-devel
-Requires:       apache2-prefork gcc
+Requires:       %{name} = %{version}
+Requires:       %{pname}-MPM
+Requires:       apache2-prefork
+Requires:       gcc
+Requires:       libapr-util1-devel
+Requires:       libapr1-devel
 
 %description devel
 This package contains header files and include files that are needed
@@ -357,6 +364,7 @@
 %patch66 -p1
 %patch67 -p1
 %patch68 -p1
+%patch69
 %patch100
 %patch101
 %patch102





++++++ httpd-2.2.x-bnc690734.patch ++++++
diff -ruN ../httpd-2.2.17-o/server/util_script.c ./server/util_script.c
--- ../httpd-2.2.17-o/server/util_script.c	2009-01-12 14:59:56.000000000 +0100
+++ ./server/util_script.c	2011-07-26 15:39:50.000000000 +0200
@@ -406,6 +406,7 @@
 {
     char x[MAX_STRING_LEN];
     char *w, *l;
+    int wlen;
     int p;
     int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
@@ -414,7 +415,14 @@
     if (buffer) {
         *buffer = '\0';
     }
-    w = buffer ? buffer : x;
+
+    if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
+        w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
+        wlen = r->server->limit_req_fieldsize + 2;
+    } else {
+        w = buffer ? buffer : x;
+        wlen = MAX_STRING_LEN;
+    }
 
     /* temporary place to hold headers to merge in later */
     merge = apr_table_make(r->pool, 10);
@@ -430,7 +438,7 @@
 
     while (1) {
 
-        int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
+        int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
         if (rv == 0) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
                           "Premature end of script headers: %s",
@@ -537,9 +545,12 @@
 
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
-                while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
+                while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
                     continue;
                 }
+	    } else if (w != buffer) {
+		strncpy(buffer, w, MAX_STRING_LEN - 1);
+		buffer[MAX_STRING_LEN - 1] = 0;
             }
 
             ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠hilbert.suse.de

tags

participants (1)