Commits · bd3a7c902a59b5dc43f542190ab4ac3795e9ab75 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

May 12, 2009

backport 772997, 773322, 773342 from trunk. · bd3a7c90

Eric Covener authored May 12, 2009

Reviewed By: jorton, rpluem, covener

Security fix for CVE-2009-1195: fix Options handling such that
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:

* include/http_core.h: Change semantics of Includes/IncludeNoExec
 options bits to be additive; OPT_INCLUDES now means SSI is enabled
 without exec=.  OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
 with exec=.

* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
 from default override_opts; no functional change.
 (merge_core_dir_configs): Update logic to ensure that exec= is
 disabled in a context where IncludesNoexec is configured, even if
 Includes-with-exec is permitted in the inherited options set.
 (set_allow_opts, set_options): Update to reflect new semantics
 of OPT_INCLUDES, OPT_INC_WITH_EXEC.

* server/config.c: Update to remove OPT_INCNOEXEC from default
 override_opts; no functional change.

* modules/filters/mod_include.c (includes_filter): Update to reflect
 new options semantics - disable exec= support if the
 OPT_INC_WITH_EXEC bit is not set.

Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
         jorton
Thanks to: Vincent Danon <vdanon redhat.com>




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773881 13f79535-47bb-0310-9956-ffa450edef68

bd3a7c90

vote & promote CVE-2009-1195 · 444b2b97

Eric Covener authored May 12, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773880 13f79535-47bb-0310-9956-ffa450edef68

444b2b97

May 10, 2009

Merge r752812 from trunk: · 629fde0d

Ruediger Pluem authored May 10, 2009

* Escape pathes of filenames in 406 responses to avoid HTML injections and
  HTTP response splitting.

PR: 46837
Submitted by: Geoff Keating <geoffk apple.com>
Reviewed by: rpluem, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773354 13f79535-47bb-0310-9956-ffa450edef68

629fde0d

Merge r757376 from trunk: · 8bcc91bf

Ruediger Pluem authored May 10, 2009

Prevent a case of SSI timefmt-smashing with filter chains including
multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773352 13f79535-47bb-0310-9956-ffa450edef68

8bcc91bf

Merge r757427 from trunk: · af540647

Ruediger Pluem authored May 10, 2009

* modules/mappers/mod_rewrite.c (apply_rewrite_rule): When evaluating
  a proxy rule in directory context, do escape the filename by
  default, since mod_proxy will not escape in that case due to the
  (deliberate) fixup hook ordering.

Thanks to: rpluem
PR: 46428

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773351 13f79535-47bb-0310-9956-ffa450edef68

af540647

* Vote · c762b849

Ruediger Pluem authored May 10, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773348 13f79535-47bb-0310-9956-ffa450edef68

c762b849

Propose CVE-2009-1195 backport. · 88325d70

Joe Orton authored May 10, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773345 13f79535-47bb-0310-9956-ffa450edef68

88325d70

May 08, 2009

fix whitespace, explanation · 84a9b99b

William A. Rowe Jr authored May 08, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773058 13f79535-47bb-0310-9956-ffa450edef68

84a9b99b

vote and promote 3 patches · a4a9b19c

William A. Rowe Jr authored May 08, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773056 13f79535-47bb-0310-9956-ffa450edef68

a4a9b19c

May 06, 2009

propose backport · ad1c8263

William A. Rowe Jr authored May 06, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@772393 13f79535-47bb-0310-9956-ffa450edef68

ad1c8263

Commit no-op/comment to allow proposed backport to apply cleanly' proxy_util.c · 556f85ac
William A. Rowe Jr authored May 06, 2009
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@772388 13f79535-47bb-0310-9956-ffa450edef68
```
556f85ac

May 05, 2009

* Revive old proposal, update it and reset comments and votes. · 794d5d6f

Ruediger Pluem authored May 05, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771967 13f79535-47bb-0310-9956-ffa450edef68

794d5d6f

May 04, 2009

Committed revision 771433. · b2a20f6f

Jim Jagielski authored May 04, 2009



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771434 13f79535-47bb-0310-9956-ffa450edef68

b2a20f6f

Merge r680082 from trunk: · 4414e992

Jim Jagielski authored May 04, 2009

Change r->content_type when mod_headers sets the Content-Type header
Submitted by: issac
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771433 13f79535-47bb-0310-9956-ffa450edef68

4414e992

approve · 167f7b89

Jim Jagielski authored May 04, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771430 13f79535-47bb-0310-9956-ffa450edef68

167f7b89

Cast votes · 1d1bb8c1

Jim Jagielski authored May 04, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771429 13f79535-47bb-0310-9956-ffa450edef68

1d1bb8c1

Add Ctrl-Break to Windows platform docs · 9d62b801

Rainer Jung authored May 04, 2009

(triggers restart for console use).
Documentation backport of r769134 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771328 13f79535-47bb-0310-9956-ffa450edef68

9d62b801

* Vote · c16c88b9

Ruediger Pluem authored May 04, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771255 13f79535-47bb-0310-9956-ffa450edef68

c16c88b9

* Add proposal · ff61929f

Ruediger Pluem authored May 04, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771249 13f79535-47bb-0310-9956-ffa450edef68

ff61929f

May 03, 2009

One typo. · 4bf30dbe

Lucien Gentis authored May 03, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@771068 13f79535-47bb-0310-9956-ffa450edef68

4bf30dbe

Apr 30, 2009

Arrange BalancerMember explainations. · 0ad96169

Jean-Frederic Clere authored Apr 30, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@770332 13f79535-47bb-0310-9956-ffa450edef68

0ad96169

Apr 27, 2009

propose mod_headers content-type handling for 2.2.x · a8e302df

William A. Rowe Jr authored Apr 27, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@769163 13f79535-47bb-0310-9956-ffa450edef68

a8e302df

Apr 25, 2009

Merge r768535 from trunk: · 4753b241

Ruediger Pluem authored Apr 25, 2009

* Fix an error in the documentation.

Submitted by: rpluem
Reviewed by: pluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768536 13f79535-47bb-0310-9956-ffa450edef68

4753b241

Merge r764239 from trunk: · b5b5e5a0

Ruediger Pluem authored Apr 25, 2009

* Check more strictly that the backend follows the AJP protocol.

Submitted by: mturk
Reviewed by: rpluem, jim, jfclere


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768507 13f79535-47bb-0310-9956-ffa450edef68

b5b5e5a0

Merge r763394 from trunk: · eac933c8

Ruediger Pluem authored Apr 25, 2009

* Avoid delivering content from a previous request which failed to send a request
  body by closing the connection to the backend in this case instead of reusing it.

CVE: CVE-2009-1191 (cve.mitre.org)
PR: 46949
Submitted by: rpluem
Reviewed by: rpluem, wrowe, jfclere


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768506 13f79535-47bb-0310-9956-ffa450edef68

eac933c8

Backport of r760866: · 6f5e5a93

Ruediger Pluem authored Apr 25, 2009

* Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable
  stricter checking of remote server certificates.

  (docs/manual/mod/mod_ssl.xml)
    Documentation of SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

  (modules/proxy/mod_proxy_http.c)
    Set the hostname of the request URL as note on the connection.

  (modules/ssl/ssl_private.h)
    Add proxy_ssl_check_peer_expire and proxy_ssl_check_peer_cn fields to
    the SSLSrvConfigRec.

  (modules/ssl/ssl_engine_config.c)
    Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

  (modules/ssl/ssl_engine_io.c)
    Check whether the remote servers certificate is expired / if there is a
    mismatch between the requested hostanme and the remote server certificates
    CN field.
    Be able to parse ASN1 times.

  (modules/ssl/mod_ssl.c)
    Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

Submitted by: rpluem
Reviewed by: rpluem, jim, jfclere


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768504 13f79535-47bb-0310-9956-ffa450edef68

6f5e5a93

* Correct logic with non-seq lbsets config'ed · ab99ec54

Ruediger Pluem authored Apr 25, 2009

Submitted by: jim
Reviewed by: jim, rpluem, jfclere


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768503 13f79535-47bb-0310-9956-ffa450edef68

ab99ec54

* Promote · 6b33c3f8

Ruediger Pluem authored Apr 25, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@768502 13f79535-47bb-0310-9956-ffa450edef68

6b33c3f8

Apr 23, 2009

* Add a comment to the showstoppers. · 0c6f0d09

Ruediger Pluem authored Apr 23, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@767815 13f79535-47bb-0310-9956-ffa450edef68

0c6f0d09

Apr 22, 2009

My votes. · 670152a4

Jean-Frederic Clere authored Apr 22, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@767419 13f79535-47bb-0310-9956-ffa450edef68

670152a4

Apr 20, 2009

update transformation · 37a8aab4

Andre Malo authored Apr 20, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766684 13f79535-47bb-0310-9956-ffa450edef68

37a8aab4

backport: fix ID · 7675e020

Andre Malo authored Apr 20, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766682 13f79535-47bb-0310-9956-ffa450edef68

7675e020

update convmap · 64cdda96

Andre Malo authored Apr 20, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766677 13f79535-47bb-0310-9956-ffa450edef68

64cdda96

Apr 19, 2009

syncing · 6497f497

Nilgun Belma Buguner authored Apr 19, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766474 13f79535-47bb-0310-9956-ffa450edef68

6497f497

Version update. · fe84a50a

Lucien Gentis authored Apr 19, 2009


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766469 13f79535-47bb-0310-9956-ffa450edef68

fe84a50a

Apr 18, 2009

update xforms · 5deb5743

Vincent Bray authored Apr 18, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766351 13f79535-47bb-0310-9956-ffa450edef68

5deb5743

s/MMapStatic/MMapFile/ and copy changes from trunk · 906b9042

Vincent Bray authored Apr 18, 2009

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766350 13f79535-47bb-0310-9956-ffa450edef68

906b9042

Apr 17, 2009

Merge r757741 from trunk: · f0928daf

Jim Jagielski authored Apr 17, 2009

* Fix a memory leak by freeing the memory consumed by the bucket.

PR: 44948
Submitted by: Dan Poirier <poirier pobox.com>
Reviewed by: rpluem

Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766002 13f79535-47bb-0310-9956-ffa450edef68

f0928daf

Merge r755190 from trunk: · 5cfcf8c9

Jim Jagielski authored Apr 17, 2009

* APR_BUCKET_NEXT is wrong here as we are already a doing a APR_BUCKET_NEXT in
  the for loop and this causes us to jump *two* buckets forward. This can cause
  us to jump over the Sentinel of the brigade and thus causes an endless loop.


Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@766001 13f79535-47bb-0310-9956-ffa450edef68

5cfcf8c9

Merge r756671, r756675, r756678, r756683 from trunk: · 83d5298a

Jim Jagielski authored Apr 17, 2009

Creation of external gzip process fails, if we
try to set the working directory to r->filename.
Use ap_make_dirstr_parent() instead, like in all
other similar places.


Creating the external gzip process fails, because we
call execve() with "gzip" without full path.
Let's look for it in the PATH instead and drop the
passing of the environment. There seems to be no
reason why gzip should need the httpd environment.


Set the content encoding for compressed content
even if we can't detect the content type of the
uncompressed content.


When trying to detect the content type of the
uncompressed content it is often not enough
to read the same number of bytes, we already
read compressed. Since uncompress() allocates a
new buffer, we can increase the number of bytes
to read to the same size, we use in the case,
where the content isn't compressed.

Furthermore zero-terminate the read data to keep
assumptions consistent with the uncompressed case.

Submitted by: rjung
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@765999 13f79535-47bb-0310-9956-ffa450edef68

83d5298a