15819621 SUNBT7202142 Upgrade Apache Web Server to version 2.2.23 s11-update
authorPetr Sumbera <petr.sumbera@oracle.com>
Thu, 22 Nov 2012 06:15:30 -0800
branchs11-update
changeset 2428 77b26ec5be97
parent 2427 fab42c961366
child 2429 cf97b079f90d
15819621 SUNBT7202142 Upgrade Apache Web Server to version 2.2.23 15816381 problem in UTILITY/APACHE
components/apache2/Makefile
components/apache2/apache-22.p5m
components/apache2/patches/bug52774.patch
--- a/components/apache2/Makefile	Wed Nov 21 22:12:45 2012 -0800
+++ b/components/apache2/Makefile	Thu Nov 22 06:15:30 2012 -0800
@@ -23,12 +23,12 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		httpd
-COMPONENT_VERSION=	2.2.22
+COMPONENT_VERSION=	2.2.23
 COMPONENT_PROJECT_URL=	http://httpd.apache.org/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c
+    sha256:227c85a5c57f2edae0c5c54c68ccc127f06f6e7cff5340efa00de04f463fa3a4
 COMPONENT_ARCHIVE_URL=	http://archive.apache.org/dist/httpd/$(COMPONENT_ARCHIVE)
 
 CONFIGURE_DEFAULT_DIRS=no
--- a/components/apache2/apache-22.p5m	Wed Nov 21 22:12:45 2012 -0800
+++ b/components/apache2/apache-22.p5m	Thu Nov 22 06:15:30 2012 -0800
@@ -348,17 +348,17 @@
 file path=usr/apache2/2.2/libexec/mod_usertrack.so
 file path=usr/apache2/2.2/libexec/mod_version.so
 file path=usr/apache2/2.2/libexec/mod_vhost_alias.so
-file path=usr/apache2/2.2/man/man1/ab.1
-file path=usr/apache2/2.2/man/man1/apxs.1
 file path=usr/apache2/2.2/man/man1/dbmmanage.1
 file path=usr/apache2/2.2/man/man1/htdbm.1
 file path=usr/apache2/2.2/man/man1/httxt2dbm.1
 file path=usr/apache2/2.2/man/man1/htdigest.1
 file path=usr/apache2/2.2/man/man1/htpasswd.1
-file path=usr/apache2/2.2/man/man1/logresolve.1
+file path=usr/apache2/2.2/man/man8/ab.8
 file path=usr/apache2/2.2/man/man8/apachectl.8
+file path=usr/apache2/2.2/man/man8/apxs.8
 file path=usr/apache2/2.2/man/man8/htcacheclean.8
 file path=usr/apache2/2.2/man/man8/httpd.8
+file path=usr/apache2/2.2/man/man8/logresolve.8
 file path=usr/apache2/2.2/man/man8/rotatelogs.8
 file path=usr/apache2/2.2/man/man8/suexec.8
 file Solaris/apache2.1m.sunman path=usr/share/man/man1m/apache2.1m
@@ -633,17 +633,17 @@
 link path=usr/bin/httxt2dbm target=../apache2/2.2/bin/httxt2dbm
 link path=usr/bin/logresolve target=../apache2/2.2/bin/logresolve
 link path=usr/bin/rotatelogs target=../apache2/2.2/bin/rotatelogs
-link path=usr/share/man/man1/ab.1 target=../../../apache2/2.2/man/man1/ab.1
-link path=usr/share/man/man1/apxs.1 target=../../../apache2/2.2/man/man1/apxs.1
 link path=usr/share/man/man1/dbmmanage.1 target=../../../apache2/2.2/man/man1/dbmmanage.1
 link path=usr/share/man/man1/htdbm.1 target=../../../apache2/2.2/man/man1/htdbm.1
 link path=usr/share/man/man1/httxt2dbm.1 target=../../../apache2/2.2/man/man1/httxt2dbm.1
 link path=usr/share/man/man1/htdigest.1 target=../../../apache2/2.2/man/man1/htdigest.1
 link path=usr/share/man/man1/htpasswd.1 target=../../../apache2/2.2/man/man1/htpasswd.1
-link path=usr/share/man/man1/logresolve.1 target=../../../apache2/2.2/man/man1/logresolve.1
+link path=usr/share/man/man8/ab.8 target=../../../apache2/2.2/man/man8/ab.8
+link path=usr/share/man/man8/apxs.8 target=../../../apache2/2.2/man/man8/apxs.8
 link path=usr/share/man/man8/apachectl.8 target=../../../apache2/2.2/man/man8/apachectl.8
 link path=usr/share/man/man8/htcacheclean.8 target=../../../apache2/2.2/man/man8/htcacheclean.8
 link path=usr/share/man/man8/httpd.8 target=../../../apache2/2.2/man/man8/httpd.8
+link path=usr/share/man/man8/logresolve.8 target=../../../apache2/2.2/man/man8/logresolve.8
 link path=usr/share/man/man8/rotatelogs.8 target=../../../apache2/2.2/man/man8/rotatelogs.8
 link path=usr/share/man/man8/suexec.8 target=../../../apache2/2.2/man/man8/suexec.8
 link path=var/apache2/2.2/libexec/64 target=$(MACH64)
--- a/components/apache2/patches/bug52774.patch	Wed Nov 21 22:12:45 2012 -0800
+++ b/components/apache2/patches/bug52774.patch	Thu Nov 22 06:15:30 2012 -0800
@@ -1,18 +1,33 @@
 https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
 
---- modules/mappers/mod_rewrite.c	Tue Jan 24 11:39:31 2012
-+++ modules/mappers/mod_rewrite.c	Thu Apr  5 07:37:37 2012
[email protected]@ -4266,9 +4266,13 @@
+--- modules/mappers/mod_rewrite.c	Mon Aug 20 10:22:53 2012
++++ modules/mappers/mod_rewrite.c	Tue Sep 18 04:02:33 2012
[email protected]@ -4302,14 +4302,29 @@
+     /* Unless the anyuri option is set, ensure that the input to the
+      * first rule really is a URL-path, avoiding security issues with
+      * poorly configured rules.  See CVE-2011-3368, CVE-2011-4317. */
++    /*
++     * We believe that URI starting with "http://" is valid and thus we fork
++     * here little bit from upstream. I'm intentionally not optimizing
++     * following if statement to keep changes against upstream clear.
++     * See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
++     */
+     if ((dconf->options & OPTION_ANYURI) == 0
+         && ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
+-            || !r->uri || r->uri[0] != '/')) {
++            || !r->uri)) {
+         rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
+                     "Consult the manual entry for the RewriteOptions directive "
+                     "for options and caveats about matching other strings.",
+                     r->uri));
          return DECLINED;
-     }
- 
--    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
--        || !r->uri || r->uri[0] != '/') {
-+    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') || !r->uri) {
-         return DECLINED;
-+    } else if (r->uri[0] != '/') {
++    } else if ((dconf->options & OPTION_ANYURI) == 0 && r->uri[0] != '/') {
 +        if (strncmp(r->uri, "http://" , 7) != 0 && 
 +            strncmp(r->uri, "https://", 8 )!= 0) {
++              rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
++                          "Consult the manual entry for the RewriteOptions directive "
++                          "for options and caveats about matching other strings.",
++                          r->uri));
 +             return DECLINED;
 +        }
      }