Commits · 01b9a3cdf9a3d5274a2a8b8449eee44ce0fcbc9f · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Jul 18, 2014

Yann Ylavic authored Jul 18, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611809 13f79535-47bb-0310-9956-ffa450edef68

01b9a3cd

Merge r1572092 from trunk: · 2fd9e170

Yann Ylavic authored Jul 18, 2014

mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.

PR: 56062
Submitted by: Lukas Bezdicka
Reviewed by: ylavic, breser, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611806 13f79535-47bb-0310-9956-ffa450edef68

2fd9e170

update transformation · 409529b5

Andre Malo authored Jul 18, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611796 13f79535-47bb-0310-9956-ffa450edef68

409529b5

mod_deflate proposal v3. · ed57c906

Yann Ylavic authored Jul 18, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611771 13f79535-47bb-0310-9956-ffa450edef68

ed57c906

That's the ticket · 070d8977

William A. Rowe Jr authored Jul 18, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611768 13f79535-47bb-0310-9956-ffa450edef68

070d8977

Fix mod_deflate proposal. · 678b007a

Yann Ylavic authored Jul 18, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611766 13f79535-47bb-0310-9956-ffa450edef68

678b007a

Vote up, two are promoted as accepted, defect identified in ylavic's patch · d2ca29e3
William A. Rowe Jr authored Jul 18, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611672 13f79535-47bb-0310-9956-ffa450edef68
```
d2ca29e3

Update porposal -- Ruediger spotted the hand-merge error: · 728f7393

Eric Covener authored Jul 18, 2014

+                    if (!apr_is_empty_table(rp->trailers_in)) {
+                        apr_table_do(add_trailers, rp->trailers_out,
                                                    ^
+                                rp->trailers_in, NULL);
+                        apr_table_clear(rp->trailers_in);
+                    }



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611597 13f79535-47bb-0310-9956-ffa450edef68

728f7393

Fix typo. · b63348ec

Rainer Jung authored Jul 18, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611596 13f79535-47bb-0310-9956-ffa450edef68

b63348ec

· ffb371ad

Eric Covener authored Jul 18, 2014

add patch/proposal for CVE-2013-5704 trailers thing



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611522 13f79535-47bb-0310-9956-ffa450edef68

ffb371ad

Jul 17, 2014

drop CVE-2014-0117 proposal, 2.2 not affected · ef722a09

Eric Covener authored Jul 17, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611499 13f79535-47bb-0310-9956-ffa450edef68

ef722a09

And... vote some · c4f4385f

William A. Rowe Jr authored Jul 17, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611497 13f79535-47bb-0310-9956-ffa450edef68

c4f4385f

Delete BOM, wrap before 80 col · 524561f8

William A. Rowe Jr authored Jul 17, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611468 13f79535-47bb-0310-9956-ffa450edef68

524561f8

Merge r1572896, r1572911, r1603156 from trunk: · f582f975

Jim Jagielski authored Jul 17, 2014

mod_deflate:
Don't fail when asked to flush inflated data to the user-agent and that
coincides with the end of stream ("Zlib error flushing inflate buffer").
PR 56196.

Submitted By: [Christoph Fausak <christoph.fausak glueckkanja com>]
Committed By: ylavic


mod_deflate: follows up r1572896.
Be safe from successive or post end-of-stream flush buckets.


Add missing CHANGES entries for r1572655,1572663,1572668-1572671,1573224,1586745,1587594,1587639,1590509, r1572092, and r1572896,1572911.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611428 13f79535-47bb-0310-9956-ffa450edef68

f582f975

Merge r1610501 from trunk: · c4fc1cc6

Jim Jagielski authored Jul 17, 2014

  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of sevice via highly compressed bodies.  See directives 
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst.

Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.

Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim



Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611426 13f79535-47bb-0310-9956-ffa450edef68

c4fc1cc6

promote · d87b1719

Jim Jagielski authored Jul 17, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611425 13f79535-47bb-0310-9956-ffa450edef68

d87b1719

vote · f621a332

Jim Jagielski authored Jul 17, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611424 13f79535-47bb-0310-9956-ffa450edef68

f621a332

Withdrawal. · 2c9de73f

Yann Ylavic authored Jul 17, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611414 13f79535-47bb-0310-9956-ffa450edef68

2c9de73f

checks out for me · 6cd85809

Eric Covener authored Jul 17, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611331 13f79535-47bb-0310-9956-ffa450edef68

6cd85809

CVE-2014-0117 does not seem to apply to 2.2.x, second set of eyeballs welcome. · baf3f433
Joe Orton authored Jul 17, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611326 13f79535-47bb-0310-9956-ffa450edef68
```
baf3f433
Fooled by weird "svn merge" failing to fail... no this patch doesn't apply. · 82553fdb
Joe Orton authored Jul 17, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611319 13f79535-47bb-0310-9956-ffa450edef68
```
82553fdb

Vote, promote. · bef3960f

Joe Orton authored Jul 17, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611318 13f79535-47bb-0310-9956-ffa450edef68

bef3960f

Jul 16, 2014

Correct CHANGES entry with attribution · cf46e459

William A. Rowe Jr authored Jul 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611195 13f79535-47bb-0310-9956-ffa450edef68

cf46e459

Fix PR 56480: PROPFIND walker doesn't encode hrefs properly · 21f14aba

William A. Rowe Jr authored Jul 16, 2014

Reverts r1529559 partially (specifically the dav_xml_escape_uri) bit.
Reverts r1531505 entirely.

* modules/dav/main/mod_dav.c
  (dav_xml_escape_uri): Revert the piece of r1529559 that removes the URI
    escaping from this function.

* modules/dav/main/props.c
  (dav_do_prop_subreq): Escape the URI before doing a sub request with it.
    This resolves some properties like getcontenttype from failing to be
    returned for files that contain characters that require encoding in their
    path.

* modules/dav/main/mod_dav.h
  (dav_resource): Note the inconsistency in the documentation.

* modules/dav/fs/repos.c
  (dav_fs_get_resource): Don't use the unparsed_uri to set the uri field of
    the resource.  This is the correct fix for the double encoding in mod_dav_fs
    that led to the dav_xml_escape_uri() change and r1531505.
  (dav_fs_walker, dav_fs_append_uri): Revert r1531505 changes.

Submitted by: breser
PR: 56480
Backports: r1602338
Reviewed by: breser, rpluem, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611189 13f79535-47bb-0310-9956-ffa450edef68

21f14aba

SECURITY: CVE-2014-0231 · ca0b7d78

William A. Rowe Jr authored Jul 16, 2014

mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server.

Submitted by: Rainer Jung, Eric Covener, Yann Ylavic
Backports: r1610509, r1535125
Reviewed by: covener, trawick, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611185 13f79535-47bb-0310-9956-ffa450edef68

ca0b7d78

Propose utf-8 service names for winnt · ced3540d

William A. Rowe Jr authored Jul 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611179 13f79535-47bb-0310-9956-ffa450edef68

ced3540d

Vote. · 3ecbbe2b

Yann Ylavic authored Jul 16, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610995 13f79535-47bb-0310-9956-ffa450edef68

3ecbbe2b

Extend the scope of SSLSessionCacheTimeout to sessions · ed4490f0

Rainer Jung authored Jul 16, 2014

resumed by TLS session resumption (RFC 5077).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610914 13f79535-47bb-0310-9956-ffa450edef68

ed4490f0

get proposal CVE-2014-0117 on the books · 4e9616c8

Eric Covener authored Jul 16, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610891 13f79535-47bb-0310-9956-ffa450edef68

4e9616c8

vote/promote · a751029a

Eric Covener authored Jul 16, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610888 13f79535-47bb-0310-9956-ffa450edef68

a751029a

Jul 15, 2014

Merge r1610207 from trunk resp. r1610340 from 2.4.x: · fdcf524a

Rainer Jung authored Jul 15, 2014

Forward local IP address as a custom request attribute
like we already do for the remote port.

Both were forgotten in the original AJP 13 spec
but are needed by the Servlet spec. Until now,
Tomcat simply returns for getLocalAddr() the same as
for getLocalName().

The next round of Tomcat releases will look for the
optional new request attribute.

See also Tomcat BZ 56661.

Submitted by: rjung
Reviewed by: trawick, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610867 13f79535-47bb-0310-9956-ffa450edef68

fdcf524a

Add comment about how to merge CHANGES entry wrt r1587201. · d48154ef

Yann Ylavic authored Jul 15, 2014

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610717 13f79535-47bb-0310-9956-ffa450edef68

d48154ef

Votes, 2.4.x patches references, and new proposal already backported to 2.4.8. · 95c52bbb
Yann Ylavic authored Jul 15, 2014
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610675 13f79535-47bb-0310-9956-ffa450edef68
```
95c52bbb

vote... · 1b5c6b77

Jeff Trawick authored Jul 15, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610650 13f79535-47bb-0310-9956-ffa450edef68

1b5c6b77

easy vote, more tomorrow I hope... · 96691e0e

Jeff Trawick authored Jul 15, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610566 13f79535-47bb-0310-9956-ffa450edef68

96691e0e

Jul 14, 2014

propose CVE-2014-0118 backport · 54d3bc09

Eric Covener authored Jul 14, 2014



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610527 13f79535-47bb-0310-9956-ffa450edef68

54d3bc09

propose CVE-2014-0231 · a1de4ef2

Eric Covener authored Jul 14, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610519 13f79535-47bb-0310-9956-ffa450edef68

a1de4ef2

Merge 1610491 from trunk: · 9a08d996

Joe Orton authored Jul 14, 2014

SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow.  Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.

* include/scoreboard.h: Add ap_copy_scoreboard_worker.

* server/scoreboard.c (ap_copy_scoreboard_worker): New function.

* modules/generators/mod_status.c (status_handler): Use it.

Reviewed by: trawick, jorton, covener
Submitted by: jorton, trawick, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610515 13f79535-47bb-0310-9956-ffa450edef68

9a08d996

Add 2.4.x rev to proposal. · da2bf418

Rainer Jung authored Jul 14, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610342 13f79535-47bb-0310-9956-ffa450edef68

da2bf418

Jul 13, 2014

Propose. · e7f15712

Rainer Jung authored Jul 13, 2014


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1610316 13f79535-47bb-0310-9956-ffa450edef68

e7f15712