Index: trunk/server/common/patches/httpd-2.2.x-CVE-2010-0434.patch =================================================================== --- trunk/server/common/patches/httpd-2.2.x-CVE-2010-0434.patch (revision 1505) +++ trunk/server/common/patches/httpd-2.2.x-CVE-2010-0434.patch (revision 1505) @@ -0,0 +1,41 @@ +--- httpd-2.2.x/server/protocol.c 2010/03/02 04:00:01 917866 ++++ httpd-2.2.x/server/protocol.c 2010/03/02 04:01:29 917867 +@@ -1041,15 +1041,13 @@ + return r; + } + +-/* if a request with a body creates a subrequest, clone the original request's +- * input headers minus any headers pertaining to the body which has already +- * been read. out-of-line helper function for ap_set_sub_req_protocol. ++/* if a request with a body creates a subrequest, remove original request's ++ * input headers which pertain to the body which has already been read. ++ * out-of-line helper function for ap_set_sub_req_protocol. + */ + +-static void clone_headers_no_body(request_rec *rnew, +- const request_rec *r) ++static void strip_headers_request_body(request_rec *rnew) + { +- rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); + apr_table_unset(rnew->headers_in, "Content-Encoding"); + apr_table_unset(rnew->headers_in, "Content-Language"); + apr_table_unset(rnew->headers_in, "Content-Length"); +@@ -1083,15 +1081,14 @@ + + rnew->status = HTTP_OK; + ++ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); ++ + /* did the original request have a body? (e.g. POST w/SSI tags) + * if so, make sure the subrequest doesn't inherit body headers + */ + if (apr_table_get(r->headers_in, "Content-Length") + || apr_table_get(r->headers_in, "Transfer-Encoding")) { +- clone_headers_no_body(rnew, r); +- } else { +- /* no body (common case). clone headers the cheap way */ +- rnew->headers_in = r->headers_in; ++ strip_headers_request_body(rnew); + } + rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); + rnew->headers_out = apr_table_make(rnew->pool, 5); Index: trunk/server/fedora/specs/httpd.spec.patch =================================================================== --- trunk/server/fedora/specs/httpd.spec.patch (revision 1504) +++ trunk/server/fedora/specs/httpd.spec.patch (revision 1505) @@ -1,4 +1,4 @@ --- httpd.spec.orig 2010-02-28 05:01:55.000000000 -0500 -+++ httpd.spec 2010-02-28 05:03:44.000000000 -0500 ++++ httpd.spec 2010-03-11 05:30:54.000000000 -0500 @@ -7,7 +7,7 @@ Summary: Apache HTTP Server @@ -10,5 +10,5 @@ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz Source1: index.html -@@ -57,6 +57,13 @@ +@@ -57,6 +57,14 @@ Conflicts: pcre < 4.0 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap @@ -20,9 +20,10 @@ +Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch +Patch1006: httpd-suexec-cloexec.patch ++Patch1007: httpd-2.2.x-CVE-2010-0434.patch + %description The Apache HTTP Server is a powerful, efficient, and extensible web server. -@@ -104,6 +111,7 @@ +@@ -104,6 +112,7 @@ Requires(post): openssl >= 0.9.7f-4, /bin/cat Requires(pre): httpd @@ -32,5 +33,5 @@ %description -n mod_ssl -@@ -133,6 +141,12 @@ +@@ -133,6 +142,13 @@ # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 @@ -41,9 +42,10 @@ +%patch1005 -p1 -b .ssl-sessioncache +%patch1006 -p1 -b .cloexec ++%patch1007 -p1 -b .cve-2010-0434 + # Safety check: prevent build if defined MMN does not equal upstream MMN. vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` if test "x${vmmn}" != "x%{mmn}"; then -@@ -181,10 +195,12 @@ +@@ -181,10 +197,12 @@ --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \