This commit was manufactured by cvs2git to create branch 'APACHE_2_0'.

Cherrypick from master 2006-02-07 19:38:25 UTC Elan Ruusamäe <glen@pld-linux.org> '- mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with':
    apache-CVE-2005-3352.patch -> 1.1
    apache-CVE-2005-3357.patch -> 1.1
Cherrypick from master 2006-11-22 10:50:48 UTC Arkadiusz Miśkiewicz <arekm@maven.pl> '- skip docroot stat()ing; it's useless':
    apache-bug-40970.patch -> 1.1

diff --git a/apache-CVE-2005-3352.patch b/apache-CVE-2005-3352.patch
new file mode 100644 (file)
index 0000000..2347338
--- /dev/null
+++ b/apache-CVE-2005-3352.patch
@@ -0,0 +1,35 @@
+http://bugs.gentoo.org/show_bug.cgi?id=118875
+
+--- server/util.c      (revision 330526)
++++ server/util.c      (working copy)
+@@ -1762,6 +1762,8 @@
+             j += 3;
+         else if (s[i] == '&')
+             j += 4;
++        else if (s[i] == '"')
++            j += 5;
+ 
+     if (j == 0)
+         return apr_pstrmemdup(p, s, i);
+@@ -1780,6 +1782,10 @@
+             memcpy(&x[j], "&", 5);
+             j += 4;
+         }
++        else if (s[i] == '"') {
++            memcpy(&x[j], """, 6);
++            j += 5;
++        }
+         else
+             x[j] = s[i];
+ 
+--- modules/mappers/mod_imap.c (revision 330526)
++++ modules/mappers/mod_imap.c (working copy)
+@@ -342,7 +342,7 @@
+     if (!strcasecmp(value, "referer")) {
+         referer = apr_table_get(r->headers_in, "Referer");
+         if (referer && *referer) {
+-          return apr_pstrdup(r->pool, referer);
++          return ap_escape_html(r->pool, referer);
+         }
+         else {
+           /* XXX:  This used to do *value = '\0'; ... which is totally bogus

diff --git a/apache-CVE-2005-3357.patch b/apache-CVE-2005-3357.patch
new file mode 100644 (file)
index 0000000..bdd5793
--- /dev/null
+++ b/apache-CVE-2005-3357.patch
@@ -0,0 +1,21 @@
+http://bugs.gentoo.org/show_bug.cgi?id=115324
+
+--- modules/ssl/ssl_engine_kernel.c    (Revision 368148)
++++ modules/ssl/ssl_engine_kernel.c    (Arbeitskopie)
+@@ -202,11 +202,14 @@
+     }
+ 
+     /*
+-     * Check to see if SSL protocol is on
++     * Check to see whether SSL is in use; if it's not, then no
++     * further access control checks are relevant.  (the test for
++     * sc->enabled is probably strictly unnecessary)
+      */
+-    if (!(sc->enabled || ssl)) {
++    if (!sc->enabled || !ssl) {
+         return DECLINED;
+     }
++
+     /*
+      * Support for per-directory reconfigured SSL connection parameters.
+      *

diff --git a/apache-bug-40970.patch b/apache-bug-40970.patch
new file mode 100644 (file)
index 0000000..a1327e6
--- /dev/null
+++ b/apache-bug-40970.patch
@@ -0,0 +1,11 @@
+--- server/core.c.org  2006-11-22 12:37:15.991248750 +0100
++++ server/core.c      2006-11-22 12:39:30.535657250 +0100
+@@ -1129,7 +1129,7 @@
+     /* XXX Shouldn't this be relative to ServerRoot ??? */
+     if (apr_filepath_merge((char**)&conf->ap_document_root, NULL, arg,
+                            APR_FILEPATH_TRUENAME, cmd->pool) != APR_SUCCESS
+-        || !ap_is_directory(cmd->pool, arg)) {
++        ) {
+         if (cmd->server->is_virtual) {
+             ap_log_perror(APLOG_MARK, APLOG_STARTUP, 0,
+                           cmd->pool,