Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 12508 Details for
Bug 21839
Apache 2.0.46 released - Security Bug Fix
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Potential gentoo-patch for 2.0.46 ebuild.
apache-2.0.46-gentoo.diff (text/plain), 5.79 KB, created by
Paul Kronenwetter
on 2003-05-28 14:16:47 UTC
(
hide
)
Description:
Potential gentoo-patch for 2.0.46 ebuild.
Filename:
MIME Type:
Creator:
Paul Kronenwetter
Created:
2003-05-28 14:16:47 UTC
Size:
5.79 KB
patch
obsolete
>diff -uNr httpd-2.0.46.orig/acinclude.m4 httpd-2.0.46/acinclude.m4 >--- httpd-2.0.46.orig/acinclude.m4 2002-11-29 06:05:57.000000000 -0500 >+++ httpd-2.0.46/acinclude.m4 2003-05-28 13:44:03.000000000 -0400 >@@ -60,6 +60,7 @@ > APACHE_SUBST(HTTPD_LDFLAGS) > APACHE_SUBST(UTIL_LDFLAGS) > APACHE_SUBST(LIBS) >+ APACHE_SUBST(SSL_LIBS) > APACHE_SUBST(DEFS) > APACHE_SUBST(INCLUDES) > APACHE_SUBST(NOTEST_CPPFLAGS) >@@ -190,7 +191,7 @@ > ])dnl > > dnl >-dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config]]]]) >+dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config[, libs]]]]]) > dnl > dnl default is one of: > dnl yes -- enabled by default. user must explicitly disable. >@@ -266,7 +267,7 @@ > fi > shared="";; > esac >- APACHE_MODPATH_ADD($1, $shared, $3) >+ APACHE_MODPATH_ADD($1, $shared, $3,, $7) > fi > ])dnl > >@@ -488,7 +489,7 @@ > APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_ssltk_libdir]) > fi > fi >- APR_ADDTO(LIBS, [-lssl -lcrypto]) >+ APR_ADDTO(SSL_LIBS, [-lssl -lcrypto]) > ap_cv_ssltk="$ap_ssltk_base" > fi > ]) >diff -uNr httpd-2.0.46.orig/docs/man/suexec.8 httpd-2.0.46/docs/man/suexec.8 >--- httpd-2.0.46.orig/docs/man/suexec.8 2003-04-29 16:19:11.000000000 -0400 >+++ httpd-2.0.46/docs/man/suexec.8 2003-05-28 13:48:44.000000000 -0400 >@@ -19,7 +19,7 @@ > .el .ne 3 > .IP "\\$1" \\$2 > .. >-.TH "SUEXEC" 8 "2003-04-29" "Apache HTTP Server" "suexec" >+.TH "SUEXEC2" 8 "2003-04-29" "Apache HTTP Server" "suexec" > > .SH NAME > suexec \- Switch user before executing external programs >@@ -27,16 +27,16 @@ > .SH "SYNOPSIS" > > .PP >-\fBsuexec\fR -\fBV\fR >+\fBsuexec2\fR -\fBV\fR > > > .SH "SUMMARY" > > .PP >-suexec is used by the Apache HTTP Server to switch to another user before executing CGI programs\&. In order to achieve this, it must run as root\&. Since the HTTP daemon normally doesn't run as root, the suexec executable needs the setuid bit set and must be owned by root\&. It should never be writable for any other person than root\&. >+suexec2 is used by the Apache HTTP Server to switch to another user before executing CGI programs\&. In order to achieve this, it must run as root\&. Since the HTTP daemon normally doesn't run as root, the suexec executable needs the setuid bit set and must be owned by root\&. It should never be writable for any other person than root\&. > > .PP >-For further information about the concepts and and the security model of suexec please refer to the suexec documentation (http://httpd\&.apache\&.org/docs-2\&.0/suexec\&.html)\&. >+For further information about the concepts and and the security model of suexec2 please refer to the suexec documentation (http://httpd\&.apache\&.org/docs-2\&.0/suexec\&.html)\&. > > > .SH "OPTIONS" >@@ -45,6 +45,6 @@ > > .TP > -V >-If you are root, this option displays the compile options of suexec\&. For security reasons all configuration options are changable only at compile time\&. >+If you are root, this option displays the compile options of suexec2\&. For security reasons all configuration options are changable only at compile time\&. > .RE > >diff -uNr httpd-2.0.46.orig/modules/ssl/config.m4 httpd-2.0.46/modules/ssl/config.m4 >--- httpd-2.0.46.orig/modules/ssl/config.m4 2002-03-29 02:36:01.000000000 -0500 >+++ httpd-2.0.46/modules/ssl/config.m4 2003-05-28 13:44:03.000000000 -0400 >@@ -79,7 +79,7 @@ > APACHE_CHECK_SSL_TOOLKIT > AC_CHECK_FUNCS(SSL_set_state) > AC_CHECK_FUNCS(SSL_set_cert_store) >-]) >+], [\$(SSL_LIBS)]) > > dnl # end of module specific part > APACHE_MODPATH_FINISH >diff -uNr httpd-2.0.46.orig/os/unix/unixd.c httpd-2.0.46/os/unix/unixd.c >--- httpd-2.0.46.orig/os/unix/unixd.c 2003-05-15 16:28:18.000000000 -0400 >+++ httpd-2.0.46/os/unix/unixd.c 2003-05-28 13:44:03.000000000 -0400 >@@ -243,23 +243,20 @@ > > AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) > { >- apr_finfo_t wrapper; >+ struct stat wrapper; > > unixd_config.user_name = DEFAULT_USER; > unixd_config.user_id = ap_uname2id(DEFAULT_USER); > unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); > > /* Check for suexec */ >- unixd_config.suexec_enabled = 0; >- if ((apr_stat(&wrapper, SUEXEC_BIN, >- APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { >- return; >- } >- >- /* XXX - apr_stat is incapable of checking suid bits (grumble) */ >- /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */ >+ if (stat(SUEXEC_BIN, &wrapper) == 0 && >+ (wrapper.st_mode & S_ISUID) && wrapper.st_uid == 0) { > unixd_config.suexec_enabled = 1; >- /* } */ >+ } else { >+ unixd_config.suexec_enabled = 0; >+ } >+ > } > > >diff -uNr httpd-2.0.46.orig/support/apachectl.in httpd-2.0.46/support/apachectl.in >--- httpd-2.0.46.orig/support/apachectl.in 2003-02-03 12:32:08.000000000 -0500 >+++ httpd-2.0.46/support/apachectl.in 2003-05-28 13:44:03.000000000 -0400 >@@ -28,7 +28,8 @@ > # -------------------- -------------------- > # > # the path to your httpd binary, including options if necessary >-HTTPD='@exp_sbindir@/@progname@' >+. /etc/conf.d/apache2 >+HTTPD="@exp_sbindir@/@progname@ ${APACHE2_OPTS}" > # > # pick up any necessary environment variables > if test -f @exp_bindir@/envvars; then >diff -uNr httpd-2.0.46.orig/support/apxs.in httpd-2.0.46/support/apxs.in >--- httpd-2.0.46.orig/support/apxs.in 2003-05-21 07:39:52.000000000 -0400 >+++ httpd-2.0.46/support/apxs.in 2003-05-28 13:44:03.000000000 -0400 >@@ -237,19 +237,6 @@ > ($httpd = $0) =~ s:support/apxs$::; > } > >-unless (-x "$httpd") { >- error("$httpd not found or not executable"); >- exit 1; >-} >- >-unless (grep /mod_so/, `. $envvars && $httpd -l`) { >- error("Sorry, no shared object support for Apache"); >- error("available under your platform. Make sure"); >- error("the Apache module mod_so is compiled into"); >- error("your server binary `$httpd'."); >- exit 1; >-} >- > sub get_config_vars{ > my ($file, $rh_config) = @_; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 21839
: 12508