+++ /dev/null
-
- Merge https://svn.apache.org/r1796348 from trunk:
-
- *) SECURITY: CVE-2017-3167 (cve.mitre.org)
- Use of the ap_get_basic_auth_pw() by third-party modules outside of the
- authentication phase may lead to authentication requirements being
- bypassed.
- [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]
-
-
- Submitted By: Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener
- Reviewed By: covener, ylavic, wrowe
-
-diff --git include/ap_mmn.h include/ap_mmn.h
-index ce330a5..fcbce6f 100644
---- include/ap_mmn.h
-+++ include/ap_mmn.h
-@@ -167,6 +167,8 @@
- * and ap_scan_vchar_obstext()
- * Replaced fold boolean with with multiple bit flags
- * to ap_[r]getline()
-+ * 20051115.43 (2.2.33) Add ap_get_basic_auth_components() and deprecate
-+ * ap_get_basic_auth_pw()
- */
-
- #define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
-@@ -174,7 +176,7 @@
- #ifndef MODULE_MAGIC_NUMBER_MAJOR
- #define MODULE_MAGIC_NUMBER_MAJOR 20051115
- #endif
--#define MODULE_MAGIC_NUMBER_MINOR 42 /* 0...n */
-+#define MODULE_MAGIC_NUMBER_MINOR 43 /* 0...n */
-
- /**
- * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
-diff --git include/http_protocol.h include/http_protocol.h
-index 1fed3b5..3fed9b2 100644
---- include/http_protocol.h
-+++ include/http_protocol.h
-@@ -486,7 +486,11 @@ AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r);
- AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r);
-
- /**
-- * Get the password from the request headers
-+ * Get the password from the request headers. This function has multiple side
-+ * effects due to its prior use in the old authentication framework.
-+ * ap_get_basic_auth_components() should be preferred.
-+ *
-+ * @deprecated @see ap_get_basic_auth_components
- * @param r The current request
- * @param pw The password as set in the headers
- * @return 0 (OK) if it set the 'pw' argument (and assured
-@@ -499,6 +503,25 @@ AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r);
- */
- AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw);
-
-+#define AP_GET_BASIC_AUTH_PW_NOTE "AP_GET_BASIC_AUTH_PW_NOTE"
-+
-+/**
-+ * Get the username and/or password from the request's Basic authentication
-+ * headers. Unlike ap_get_basic_auth_pw(), calling this function has no side
-+ * effects on the passed request_rec.
-+ *
-+ * @param r The current request
-+ * @param username If not NULL, set to the username sent by the client
-+ * @param password If not NULL, set to the password sent by the client
-+ * @return APR_SUCCESS if the credentials were successfully parsed and returned;
-+ * APR_EINVAL if there was no authentication header sent or if the
-+ * client was not using the Basic authentication scheme. username and
-+ * password are unchanged on failure.
-+ */
-+AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r,
-+ const char **username,
-+ const char **password);
-+
- /**
- * parse_uri: break apart the uri
- * @warning Side Effects:
-diff --git server/protocol.c server/protocol.c
-index bd75766..2705bba 100644
---- server/protocol.c
-+++ server/protocol.c
-@@ -1594,6 +1594,7 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
-
- t = ap_pbase64decode(r->pool, auth_line);
- r->user = ap_getword_nulls (r->pool, &t, ':');
-+ apr_table_setn(r->notes, AP_GET_BASIC_AUTH_PW_NOTE, "1");
- r->ap_auth_type = "Basic";
-
- *pw = t;
-@@ -1601,6 +1602,53 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
- return OK;
- }
-
-+AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r,
-+ const char **username,
-+ const char **password)
-+{
-+ const char *auth_header;
-+ const char *credentials;
-+ const char *decoded;
-+ const char *user;
-+
-+ auth_header = (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
-+ : "Authorization";
-+ credentials = apr_table_get(r->headers_in, auth_header);
-+
-+ if (!credentials) {
-+ /* No auth header. */
-+ return APR_EINVAL;
-+ }
-+
-+ if (strcasecmp(ap_getword(r->pool, &credentials, ' '), "Basic")) {
-+ /* These aren't Basic credentials. */
-+ return APR_EINVAL;
-+ }
-+
-+ while (*credentials == ' ' || *credentials == '\t') {
-+ credentials++;
-+ }
-+
-+ /* XXX Our base64 decoding functions don't actually error out if the string
-+ * we give it isn't base64; they'll just silently stop and hand us whatever
-+ * they've parsed up to that point.
-+ *
-+ * Since this function is supposed to be a drop-in replacement for the
-+ * deprecated ap_get_basic_auth_pw(), don't fix this for 2.4.x.
-+ */
-+ decoded = ap_pbase64decode(r->pool, credentials);
-+ user = ap_getword_nulls(r->pool, &decoded, ':');
-+
-+ if (username) {
-+ *username = user;
-+ }
-+ if (password) {
-+ *password = decoded;
-+ }
-+
-+ return APR_SUCCESS;
-+}
-+
- struct content_length_ctx {
- int data_sent; /* true if the C-L filter has already sent at
- * least one bucket on to the next output filter
-diff --git server/request.c server/request.c
-index 7005ca9..f81bbe0 100644
---- server/request.c
-+++ server/request.c
-@@ -179,6 +179,14 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
- r->ap_auth_type = r->prev->ap_auth_type;
- }
- else {
-+ /* A module using a confusing API (ap_get_basic_auth_pw) caused
-+ ** r->user to be filled out prior to check_authn hook. We treat
-+ ** it is inadvertent.
-+ */
-+ if (r->user && apr_table_get(r->notes, AP_GET_BASIC_AUTH_PW_NOTE)) {
-+ r->user = NULL;
-+ }
-+
- switch (ap_satisfies(r)) {
- case SATISFY_ALL:
- case SATISFY_NOSPEC:
+++ /dev/null
-
- Merge https://svn.apache.org/r1796343 from trunk:
-
- *) SECURITY: CVE-2017-3169 (cve.mitre.org)
- mod_ssl may dereference a NULL pointer when third-party modules call
- ap_hook_process_connection() during an HTTP request to an HTTPS port.
- [Yann Ylavic]
-
-
- Submitted By: ylavic
- Reviewed By: covener, ylavic, wrowe
-
-diff --git modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_io.c
-index d6016d3..c633be1 100644
---- modules/ssl/ssl_engine_io.c
-+++ modules/ssl/ssl_engine_io.c
-@@ -865,19 +865,20 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
- sizeof(HTTP_ON_HTTPS_PORT) - 1, \
- alloc)
-
--static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
-+static void ssl_io_filter_disable(SSLConnRec *sslconn,
-+ bio_filter_in_ctx_t *inctx)
- {
-- bio_filter_in_ctx_t *inctx = f->ctx;
- SSL_free(inctx->ssl);
- sslconn->ssl = NULL;
- inctx->ssl = NULL;
- inctx->filter_ctx->pssl = NULL;
- }
-
--static apr_status_t ssl_io_filter_error(ap_filter_t *f,
-+static apr_status_t ssl_io_filter_error(bio_filter_in_ctx_t *inctx,
- apr_bucket_brigade *bb,
- apr_status_t status)
- {
-+ ap_filter_t *f = inctx->f;
- SSLConnRec *sslconn = myConnConfig(f->c);
- apr_bucket *bucket;
- int send_eos = 1;
-@@ -891,7 +892,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, sslconn->server);
-
- sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
-- ssl_io_filter_disable(sslconn, f);
-+ ssl_io_filter_disable(sslconn, inctx);
-
- /* fake the request line */
- bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
-@@ -1407,7 +1408,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
- * rather than have SSLEngine On configured.
- */
- if ((status = ssl_io_filter_connect(inctx->filter_ctx)) != APR_SUCCESS) {
-- return ssl_io_filter_error(f, bb, status);
-+ return ssl_io_filter_error(inctx, bb, status);
- }
-
- if (is_init) {
-@@ -1443,7 +1444,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
-
- /* Handle custom errors. */
- if (status != APR_SUCCESS) {
-- return ssl_io_filter_error(f, bb, status);
-+ return ssl_io_filter_error(inctx, bb, status);
- }
-
- /* Create a transient bucket out of the decrypted data. */
-@@ -1486,7 +1487,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
- inctx->block = APR_BLOCK_READ;
-
- if ((status = ssl_io_filter_connect(filter_ctx)) != APR_SUCCESS) {
-- return ssl_io_filter_error(f, bb, status);
-+ return ssl_io_filter_error(inctx, bb, status);
- }
-
- while (!APR_BRIGADE_EMPTY(bb)) {
+++ /dev/null
-
- Merge r1796350 from trunk:
-
- *) SECURITY: CVE-2017-7668 (cve.mitre.org)
- The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
- bug in token list parsing, which allows ap_find_token() to search past
- the end of its input string. By maliciously crafting a sequence of
- request headers, an attacker may be able to cause a segmentation fault,
- or to force ap_find_token() to return an incorrect value.
-
- Submitted By: jchampion
- Reviewed By: jchampion, wrowe, ylavic
-
-diff --git server/util.c server/util.c
-index 054cc17..9a805b6 100644
---- server/util.c
-+++ server/util.c
-@@ -1513,10 +1513,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t *p, const char *line, const char *tok)
-
- s = (const unsigned char *)line;
- for (;;) {
-- /* find start of token, skip all stop characters, note NUL
-- * isn't a token stop, so we don't need to test for it
-- */
-- while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
-+ /* find start of token, skip all stop characters */
-+ while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
- ++s;
- }
- if (!*s) {
+++ /dev/null
-
- Merge r1797550 from trunk:
-
- *) SECURITY: CVE-2017-7679 (cve.mitre.org)
- mod_mime can read one byte past the end of a buffer when sending a
- malicious Content-Type response header. [Yann Ylavic]
-
- Submitted By: ylavic
-
-diff --git modules/http/mod_mime.c modules/http/mod_mime.c
-index eed6ebd..f3c643c 100644
---- modules/http/mod_mime.c
-+++ modules/http/mod_mime.c
-@@ -528,9 +528,9 @@ static int is_quoted_pair(const char *s)
- int res = -1;
- int c;
-
-- if (((s + 1) != NULL) && (*s == '\\')) {
-+ if (*s == '\\') {
- c = (int) *(s + 1);
-- if (apr_isascii(c)) {
-+ if (c && apr_isascii(c)) {
- res = 1;
- }
- }
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.2.32
-Release: 2
+Version: 2.2.34
+Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
-Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
-# Source0-md5: 8141657cf0c58f14de2a5ce9426df2bc
+Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
+# Source0-md5: fc33e64a9d4bca2f7ef7023189cb5ee6
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
Patch29: libtool-tag.patch
Patch30: %{name}-bug-39653.patch
Patch31: httpd-dummy-connection-result.patch
-# https://www.apache.org/dist/httpd/patches/apply_to_2.2.32/
-Patch32: CVE-2017-3167.patch
-Patch33: CVE-2017-3169.patch
-Patch34: CVE-2017-7668.patch
-Patch35: CVE-2017-7679.patch
URL: http://httpd.apache.org/
BuildRequires: apr-devel >= %{apr_ver}
BuildRequires: apr-util-devel >= 1:1.3.10-2
%patch29 -p1
%patch30 -p1
%patch31 -p1
-%patch32 -p0
-%patch33 -p0
-%patch34 -p0
-%patch35 -p0
# using system apr, apr-util and pcre
%{__rm} -r srclib/{apr,apr-util,pcre}