1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
diff -ur apache_1.3.41/src/CHANGES src/CHANGES
--- apache_1.3.41/src/CHANGES 2008-01-09 15:33:07.000000000 +0100
+++ src/CHANGES 2010-01-07 11:28:00.000000000 +0100
@@ -1,3 +1,33 @@
+Changes with Apache 1.3.42
+
+ *) SECURITY: CVE-2010-0010 (cve.mitre.org)
+ mod_proxy: Prevent chunk-size integer overflow on platforms
+ where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
+ [Colm MacC�rthaigh]
+
+ *) IMPORTANT: This is the final release of Apache httpd 1.3.
+ Apache httpd 1.3 has reached end of life, as of January 2010.
+ No further releases of this software will be made, although critical
+ security updates may be made available as patches from the following
+ website:
+
+ http://www.apache.org/dist/httpd/patches/
+
+ Apache 1.3.x users who wish to avail of security releases,
+ bug-fixes and community support are advised to use Apache 2.2
+ or higher.
+
+ Information on upgrading is available from the following website:
+
+ http://httpd.apache.org/docs/2.2/upgrading.html
+
+ Thank you to everyone who helped make Apache 1.3.x the most
+ successful, and most used, webserver software on the planet!
+ [Apache httpd group]
+
+ *) Protect logresolve from mismanaged DNS records that return
+ blank/null hostnames. [Jim Jagielski]
+
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
@@ -233,7 +263,7 @@
*) Some syntax errors in mod_mime_magic's magic file can result
in a 500 error, which previously was unlogged. Now we log the
- error. [Jeff Trawick]
+ error. PR 8329. [Jeff Trawick]
*) Linux 2.4+: If Apache is started as root and you code
CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
diff -ur apache_1.3.41/src/Configure src/Configure
--- apache_1.3.41/src/Configure 2008-01-04 15:40:05.000000000 +0100
+++ src/Configure 2008-01-10 17:22:19.000000000 +0100
@@ -1936,7 +1936,7 @@
# select the special subtarget for shared core generation
SUBTARGET=target_shared
# determine additional suffixes for libhttpd.so
- V=1 R=3 P=41
+ V=1 R=3 P=42
if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
SHLIB_SUFFIX_LIST=""
fi
diff -ur apache_1.3.41/src/ap/ap_snprintf.c src/ap/ap_snprintf.c
--- apache_1.3.41/src/ap/ap_snprintf.c 2006-07-12 10:16:05.000000000 +0200
+++ src/ap/ap_snprintf.c 2008-05-02 19:31:15.000000000 +0200
@@ -77,8 +77,8 @@
#define NUM_BUF_SIZE 512
/*
- * cvt.c - IEEE floating point formatting routines for FreeBSD
- * from GNU libc-4.6.27. Modified to be thread safe.
+ * cvt - IEEE floating point formatting routines.
+ * Derived from UNIX V7, Copyright(C) Caldera International Inc.
*/
/*
diff -ur apache_1.3.41/src/include/httpd.h src/include/httpd.h
--- apache_1.3.41/src/include/httpd.h 2008-01-10 17:20:45.000000000 +0100
+++ src/include/httpd.h 2010-01-08 12:42:57.000000000 +0100
@@ -389,7 +389,7 @@
#define SERVER_BASEVENDOR "Apache Group"
#define SERVER_BASEPRODUCT "Apache"
-#define SERVER_BASEREVISION "1.3.41"
+#define SERVER_BASEREVISION "1.3.42"
#define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
#define SERVER_PRODUCT SERVER_BASEPRODUCT
@@ -410,7 +410,7 @@
* Always increases along the same track as the source branch.
* For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
*/
-#define APACHE_RELEASE 10341100
+#define APACHE_RELEASE 10342100
#define SERVER_PROTOCOL "HTTP/1.1"
#ifndef SERVER_SUPPORT
diff -ur apache_1.3.41/src/main/buff.c src/main/buff.c
--- apache_1.3.41/src/main/buff.c 2006-07-12 10:16:05.000000000 +0200
+++ src/main/buff.c 2010-01-07 11:28:00.000000000 +0100
@@ -737,7 +737,7 @@
{
int i, nrd;
- if (fb->flags & B_RDERR)
+ if (fb->flags & B_RDERR || nbyte < 0)
return -1;
if (nbyte == 0)
return 0;
@@ -1258,7 +1258,7 @@
static int csize = 0;
#endif /*CHARSET_EBCDIC*/
- if (fb->flags & (B_WRERR | B_EOUT))
+ if (fb->flags & (B_WRERR | B_EOUT) || nbyte < 0)
return -1;
if (nbyte == 0)
return 0;
diff -ur apache_1.3.41/src/modules/proxy/proxy_util.c src/modules/proxy/proxy_util.c
--- apache_1.3.41/src/modules/proxy/proxy_util.c 2007-10-30 20:17:03.000000000 +0100
+++ src/modules/proxy/proxy_util.c 2010-01-07 11:28:00.000000000 +0100
@@ -507,7 +507,7 @@
/* read the chunk */
if (remaining > 0) {
- n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining));
+ n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
if (n > -1) {
remaining -= n;
end_of_chunk = (remaining == 0);
@@ -548,8 +548,8 @@
n = ap_bread(f, buf, buf_size);
}
else {
- n = ap_bread(f, buf, MIN((int)buf_size,
- (int)(len - total_bytes_rcvd)));
+ n = ap_bread(f, buf, (int) MIN(buf_size,
+ (len - total_bytes_rcvd)));
}
}
|
