apache2: upgrade to 2.4.12

Remove apache-CVE-2014-0117.patch which apache2 2.4.12 has it Update the apache-ssl-ltmain-rpath.patch Backport the patch to fix CVE-2015-0228 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Roy Li <rongqing.li@windriver.com> 2015-05-06 13:36:50 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2015-05-13 14:34:21 +0200
commit: c1c6d0869976ccbd0545c8317c015f23f40dd6d6 (patch)
tree: ca339b27b5d345337100a1900dbaca8187121f68 /meta-webserver
parent: d24b01b262a9c5e04e179bb6264cf0284ce25092 (diff)
download: meta-openembedded-c1c6d0869976ccbd0545c8317c015f23f40dd6d6.tar.gz
5 files changed, 98 insertions, 321 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.12.bb
index 5963b7943..1704bd927 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.12.bb
@@ -15,8 +15,8 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
 S = "${WORKDIR}/httpd-${PV}"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
-SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"
+SRC_URI[md5sum] = "b8dc8367a57a8d548a9b4ce16d264a13"
-SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a"
+SRC_URI[sha256sum] = "ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4"
 EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
                --with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch b/meta-webserver/recipes-httpd/apache2/apache2/0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
new file mode 100644
index 000000000..264fde710
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
@@ -0,0 +1,58 @@
+From 643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Wed, 4 Feb 2015 14:44:23 +0000
+Subject: [PATCH]   *) SECURITY: CVE-2015-0228 (cve.mitre.org)      mod_lua: A
+ maliciously crafted websockets PING after a script      calls r:wsupgrade()
+ can cause a child process crash.      [Edward Lu <Chaosed0 gmail.com>]
+Upstream-Status: BackPort
+Discovered by Guido Vranken <guidovranken gmail.com>
+Submitted by: Edward Lu
+Committed by: covener
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1657261 13f79535-47bb-0310-9956-ffa450edef68
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ modules/lua/lua_request.c | 6 +++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
+index dded599..1200c55 100644
+--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
+@@ -2227,6 +2227,7 @@ static int lua_websocket_read(lua_State *L)
+ {
+     apr_socket_t *sock;
+     apr_status_t rv;
+    int do_read = 1;
+     int n = 0;
+     apr_size_t len = 1;
+     apr_size_t plen = 0;
+@@ -2244,6 +2245,8 @@ static int lua_websocket_read(lua_State *L)
+     mask_bytes = apr_pcalloc(r->pool, 4);
+     sock = ap_get_conn_socket(r->connection);
+ 
+    while (do_read) { 
+    do_read = 0;
+     /* Get opcode and FIN bit */
+     if (plaintext) {
+         rv = apr_socket_recv(sock, &byte, &len);
+@@ -2377,10 +2380,11 @@ static int lua_websocket_read(lua_State *L)
+                 frame[0] = 0x8A;
+                 frame[1] = 0;
+                 apr_socket_send(sock, frame, &plen); /* Pong! */
+-                lua_websocket_read(L); /* read the next frame instead */
+                do_read = 1;
+             }
+         }
+     }
+    }
+     return 0;
+ }
+ 
+-- 
+1.9.1
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch
deleted file mode 100644
index 8585f0bb3..000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-apache: CVE-2014-0117
-The patch comes from upstream:
-http://svn.apache.org/viewvc?view=revision&revision=1610674
-SECURITY (CVE-2014-0117): Fix a crash in mod_proxy.  In a
-reverse proxy configuration, a remote attacker could send a carefully crafted
-request which could crash a server process, resulting in denial of service.
-Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
-reporting this issue.
-Upstream-Status: Backport
-Submitted by: Edward Lu, breser, covener
-Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
---
- modules/proxy/mod_proxy_http.c | 8  +++-
- include/httpd.h                | 17 ++++++++
- modules/proxy/proxy_util.c     | 67 ++++++++++++++----------------
- server/util.c                  | 89 ++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 143 insertions(+), 38 deletions(-)
-diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
-index cffad2e..f11c16f 100644
--- a/modules/proxy/mod_proxy_http.c
-+++ b/modules/proxy/mod_proxy_http.c
-@@ -1362,6 +1362,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
-          */
-         if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) {
-             int major, minor;
-+            int toclose;
- 
-             major = buffer[5] - '0';
-             minor = buffer[7] - '0';
-@@ -1470,7 +1471,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
-             te = apr_table_get(r->headers_out, "Transfer-Encoding");
- 
-             /* strip connection listed hop-by-hop headers from response */
-            backend->close = ap_proxy_clear_connection_fn(r, r->headers_out);
-+            toclose = ap_proxy_clear_connection_fn(r, r->headers_out);
-+            backend->close = (toclose != 0);
-+            if (toclose < 0) {
-+                return ap_proxyerror(r, HTTP_BAD_REQUEST,
-+                                     "Malformed connection header");
-+            }
- 
-             if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
-                 ap_set_content_type(r, apr_pstrdup(p, buf));
-diff --git a/include/httpd.h b/include/httpd.h
-index 36cd58d..9a2cf5c 100644
--- a/include/httpd.h
-+++ b/include/httpd.h
-@@ -1528,6 +1528,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, const char *t
- AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok);
- 
- /**
-+ * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only
-+ * accepts ',' as a delimiter, does not accept quoted strings, and errors on
-+ * any separator.
-+ * @param p The pool to allocate from
-+ * @param tok The line to read tokens from
-+ * @param tokens Pointer to an array of tokens. If not NULL, must be an array
-+ *    of char*, otherwise it will be allocated on @a p when a token is found
-+ * @param skip_invalid If true, when an invalid separator is encountered, it
-+ *    will be ignored.
-+ * @return NULL on success, an error string otherwise.
-+ * @remark *tokens may be NULL on output if NULL in input and no token is found
-+ */
-+AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *tok,
-+                                                    apr_array_header_t **tokens,
-+                                                    int skip_invalid);
-+
-+/**
-  * Retrieve a token, spacing over it and adjusting the pointer to
-  * the first non-white byte afterwards.  Note that these tokens
-  * are delimited by semis and commas and can also be delimited
-diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
-index 67dc939..58daa21 100644
--- a/modules/proxy/proxy_util.c
-+++ b/modules/proxy/proxy_util.c
-@@ -2847,68 +2847,59 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_prov
- typedef struct header_connection {
-     apr_pool_t *pool;
-     apr_array_header_t *array;
-    const char *first;
-    unsigned int closed:1;
-+    const char *error;
-+    int is_req;
- } header_connection;
- 
- static int find_conn_headers(void *data, const char *key, const char *val)
- {
-     header_connection *x = data;
-    const char *name;
-
-    do {
-        while (*val == ',' || *val == ';') {
-            val++;
-        }
-        name = ap_get_token(x->pool, &val, 0);
-        if (!strcasecmp(name, "close")) {
-            x->closed = 1;
-        }
-        if (!x->first) {
-            x->first = name;
-        }
-        else {
-            const char **elt;
-            if (!x->array) {
-                x->array = apr_array_make(x->pool, 4, sizeof(char *));
-            }
-            elt = apr_array_push(x->array);
-            *elt = name;
-        }
-    } while (*val);
- 
-    return 1;
-+    x->error = ap_parse_token_list_strict(x->pool, val, &x->array, !x->is_req);
-+    return !x->error;
- }
- 
- /**
-  * Remove all headers referred to by the Connection header.
-+ * Returns -1 on error. Otherwise, returns 1 if 'Close' was seen in
-+ * the Connection header tokens, and 0 if not.
-  */
- static int ap_proxy_clear_connection(request_rec *r, apr_table_t *headers)
- {
-    const char **name;
-+    int closed = 0;
-     header_connection x;
- 
-     x.pool = r->pool;
-     x.array = NULL;
-    x.first = NULL;
-    x.closed = 0;
-+    x.error = NULL;
-+    x.is_req = (headers == r->headers_in);
- 
-     apr_table_unset(headers, "Proxy-Connection");
- 
-     apr_table_do(find_conn_headers, &x, headers, "Connection", NULL);
-    if (x.first) {
-        /* fast path - no memory allocated for one header */
-        apr_table_unset(headers, "Connection");
-        apr_table_unset(headers, x.first);
-+    apr_table_unset(headers, "Connection");
-+
-+    if (x.error) {
-+        ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO()
-+                "Error parsing Connection header: %s", x.error);
-+        return -1;
-     }
-+
-     if (x.array) {
-        /* two or more headers */
-        while ((name = apr_array_pop(x.array))) {
-            apr_table_unset(headers, *name);
-+        int i;
-+        for (i = 0; i < x.array->nelts; i++) {
-+            const char *name = APR_ARRAY_IDX(x.array, i, const char *);
-+            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
-+                          "Removing header '%s' listed in Connection header",
-+                          name);
-+            if (!strcasecmp(name, "close")) {
-+                closed = 1;
-+            }
-+            apr_table_unset(headers, name);
-         }
-     }
- 
-    return x.closed;
-+    return closed;
- }
- 
- PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
-@@ -3095,7 +3086,9 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
-      * apr is compiled with APR_POOL_DEBUG.
-      */
-     headers_in_copy = apr_table_copy(r->pool, r->headers_in);
-    ap_proxy_clear_connection(r, headers_in_copy);
-+    if (ap_proxy_clear_connection(r, headers_in_copy) < 0) {
-+        return HTTP_BAD_REQUEST;
-+    }
-     /* send request headers */
-     headers_in_array = apr_table_elts(headers_in_copy);
-     headers_in = (const apr_table_entry_t *) headers_in_array->elts;
-diff --git a/server/util.c b/server/util.c
-index e0ba5c2..541c9f0 100644
--- a/server/util.c
-+++ b/server/util.c
-@@ -1449,6 +1449,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line,
-     return find_list_item(p, line, tok, AP_ETAG_WEAK);
- }
- 
-+/* Grab a list of tokens of the format 1#token (from RFC7230) */
-+AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p,
-+                                                const char *str_in,
-+                                                apr_array_header_t **tokens,
-+                                                int skip_invalid)
-+{
-+    int in_leading_space = 1;
-+    int in_trailing_space = 0;
-+    int string_end = 0;
-+    const char *tok_begin;
-+    const char *cur;
-+
-+    if (!str_in) {
-+        return NULL;
-+    }
-+
-+    tok_begin = cur = str_in;
-+
-+    while (!string_end) {
-+        const unsigned char c = (unsigned char)*cur;
-+
-+        if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') {
-+            /* Non-separator character; we are finished with leading
-+             * whitespace. We must never have encountered any trailing
-+             * whitespace before the delimiter (comma) */
-+            in_leading_space = 0;
-+            if (in_trailing_space) {
-+                return "Encountered illegal whitespace in token";
-+            }
-+        }
-+        else if (c == ' ' || c == '\t') {
-+            /* "Linear whitespace" only includes ASCII CRLF, space, and tab;
-+             * we can't get a CRLF since headers are split on them already,
-+             * so only look for a space or a tab */
-+            if (in_leading_space) {
-+                /* We're still in leading whitespace */
-+                ++tok_begin;
-+            }
-+            else {
-+                /* We must be in trailing whitespace */
-+                ++in_trailing_space;
-+            }
-+        }
-+        else if (c == ',' || c == '\0') {
-+            if (!in_leading_space) {
-+                /* If we're out of the leading space, we know we've read some
-+                 * characters of a token */
-+                if (*tokens == NULL) {
-+                    *tokens = apr_array_make(p, 4, sizeof(char *));
-+                }
-+                APR_ARRAY_PUSH(*tokens, char *) =
-+                    apr_pstrmemdup((*tokens)->pool, tok_begin,
-+                                   (cur - tok_begin) - in_trailing_space);
-+            }
-+            /* We're allowed to have null elements, just don't add them to the
-+             * array */
-+
-+            tok_begin = cur + 1;
-+            in_leading_space = 1;
-+            in_trailing_space = 0;
-+            string_end = (c == '\0');
-+        }
-+        else {
-+            /* Encountered illegal separator char */
-+            if (skip_invalid) {
-+                /* Skip to the next separator */
-+                const char *temp;
-+                temp = ap_strchr_c(cur, ',');
-+                if(!temp) {
-+                    temp = ap_strchr_c(cur, '\0');
-+                }
-+
-+                /* Act like we haven't seen a token so we reset */
-+                cur = temp - 1;
-+                in_leading_space = 1;
-+                in_trailing_space = 0;
-+            }
-+            else {
-+                return apr_psprintf(p, "Encountered illegal separator "
-+                                    "'\\x%.2x'", (unsigned int)c);
-+            }
-+        }
-+
-+        ++cur;
-+    }
-+
-+    return NULL;
-+}
-+
- /* Retrieve a token, spacing over it and returning a pointer to
-  * the first non-white byte afterwards.  Note that these tokens
-  * are delimited by semis and commas; and can also be delimited
-- 
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
index 3a59fb079..413dc535e 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
+++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
@@ -1,52 +1,57 @@
--- httpd-2.2.8.orig/build/ltmain.sh
+ build/ltmain.sh | 32 +++++++++++++++++++++++++++-----
-+++ httpd-2.2.8/build/ltmain.sh
+ 1 file changed, 27 insertions(+), 5 deletions(-)
-@@ -1515,7 +1515,7 @@ EOF
-        dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+diff --git a/build/ltmain.sh b/build/ltmain.sh
+index 5eca4ae..805b461 100644
+--- a/build/ltmain.sh
+++ b/build/ltmain.sh
+@@ -6944,7 +6944,7 @@ func_mode_link ()
+        dir=$func_resolve_sysroot_result
        # We need an absolute path.
        case $dir in
 -       [\\/]* | [A-Za-z]:[\\/]*) ;;
 +       =* | [\\/]* | [A-Za-z]:[\\/]*) ;;
        *)
          absdir=`cd "$dir" && pwd`
-          if test -z "$absdir"; then
+          test -z "$absdir" && \
-@@ -2558,7 +2558,7 @@ EOF
+@@ -8137,7 +8137,7 @@ func_mode_link ()
-            $echo "*** $linklib is not portable!"
+            $ECHO "*** $linklib is not portable!"
          fi
-          if test "$linkmode" = lib &&
+          if test lib = "$linkmode" &&
-            test "$hardcode_into_libs" = yes; then
+-            test yes = "$hardcode_into_libs"; then
-+             test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
+            test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
            # Hardcode the library path.
            # Skip directories that are in the system default run-time
            # search path.
-@@ -2832,7 +2832,7 @@ EOF
+@@ -8404,7 +8404,7 @@ func_mode_link ()
 
-        if test "$linkmode" = lib; then
+        if test lib = "$linkmode"; then
          if test -n "$dependency_libs" &&
-            { test "$hardcode_into_libs" != yes ||
+-            { test yes != "$hardcode_into_libs" ||
-+             { test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
+              { test yes != "$hardcode_into_libs" || test "x$wrs_use_rpaths" != "xyes" ||
-               test "$build_old_libs" = yes ||
+               test yes = "$build_old_libs" ||
-               test "$link_static" = yes; }; then
+               test yes = "$link_static"; }; then
            # Extract -R from dependency_libs
-@@ -3426,7 +3426,8 @@ EOF
+@@ -9025,7 +9025,8 @@ func_mode_link ()
-          *) finalize_rpath="$finalize_rpath $libdir" ;;
+          *) func_append finalize_rpath " $libdir" ;;
          esac
        done
-       if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+-       if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then
-+        if test "$hardcode_into_libs" != yes || test "x$wrs_use_rpaths" != "xyes" ||
+        if test yes != "$hardcode_into_libs"  || test "x$wrs_use_rpaths" != "xyes" ||
-+           test "$build_old_libs" = yes; then
+           test yes = "$build_old_libs"; then
          dependency_libs="$temp_xrpath $dependency_libs"
        fi
       fi
-@@ -3843,7 +3844,7 @@ EOF
+@@ -9473,7 +9474,7 @@ EOF
-         case $archive_cmds in
+        case $archive_cmds in
-           *\$LD\ *) wl= ;;
+          *\$LD\ *) wl= ;;
         esac
-       if test "$hardcode_into_libs" = yes; then
+-       if test yes = "$hardcode_into_libs"; then
-+        if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then
+       if test yes = "$hardcode_into_libs" && test "x$wrs_use_rpaths" = "xyes"; then
          # Hardcode the library paths
          hardcode_libdirs=
          dep_rpath=
-@@ -4397,6 +4398,27 @@ EOF
+@@ -10211,6 +10212,27 @@ EOF
       # Now hardcode the library paths
       rpath=
       hardcode_libdirs=
@@ -74,3 +79,6 @@
       for libdir in $compile_rpath $finalize_rpath; do
        if test -n "$hardcode_libdir_flag_spec"; then
          if test -n "$hardcode_libdir_separator"; then
+-- 
+1.9.1
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.12.bb
index 55d507f75..0712b4a93 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.12.bb
@@ -21,12 +21,12 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
           file://init \
           file://apache2-volatile.conf \
           file://apache2.service \
-           file://apache-CVE-2014-0117.patch \
+           file://0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch \
          "
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
-SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"
+SRC_URI[md5sum] = "b8dc8367a57a8d548a9b4ce16d264a13"
-SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a"
+SRC_URI[sha256sum] = "ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4"
 S = "${WORKDIR}/httpd-${PV}"
author	Roy Li <rongqing.li@windriver.com>	2015-05-06 13:36:50 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-05-13 14:34:21 +0200
commit	c1c6d0869976ccbd0545c8317c015f23f40dd6d6 (patch)
tree	ca339b27b5d345337100a1900dbaca8187121f68 /meta-webserver
parent	d24b01b262a9c5e04e179bb6264cf0284ce25092 (diff)
download	meta-openembedded-c1c6d0869976ccbd0545c8317c015f23f40dd6d6.tar.gz

diff --git a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.12.bb index 5963b7943..1704bd927 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.10.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2-native_2.4.12.bb
@@ -15,8 +15,8 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
15	S = "${WORKDIR}/httpd-${PV}"	15	S = "${WORKDIR}/httpd-${PV}"
16		16
17	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"	17	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
18	SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"	18	SRC_URI[md5sum] = "b8dc8367a57a8d548a9b4ce16d264a13"
19	SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a"	19	SRC_URI[sha256sum] = "ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4"
20		20
21	EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \	21	EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
22	--with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \	22	--with-apr-util=${STAGING_BINDIR_CROSS}/apu-1-config \


diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch b/meta-webserver/recipes-httpd/apache2/apache2/0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch new file mode 100644 index 000000000..264fde710 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch
@@ -0,0 +1,58 @@
		1	From 643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef Mon Sep 17 00:00:00 2001
		2	From: Eric Covener <covener@apache.org>
		3	Date: Wed, 4 Feb 2015 14:44:23 +0000
		4	Subject: [PATCH] *) SECURITY: CVE-2015-0228 (cve.mitre.org) mod_lua: A
		5	maliciously crafted websockets PING after a script calls r:wsupgrade()
		6	can cause a child process crash. [Edward Lu <Chaosed0 gmail.com>]
		7
		8	Upstream-Status: BackPort
		9
		10	Discovered by Guido Vranken <guidovranken gmail.com>
		11
		12	Submitted by: Edward Lu
		13	Committed by: covener
		14
		15	git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1657261 13f79535-47bb-0310-9956-ffa450edef68
		16
		17	Signed-off-by: Roy Li <rongqing.li@windriver.com>
		18	---
		19	modules/lua/lua_request.c \| 6 +++++-
		20	2 files changed, 10 insertions(+), 1 deletion(-)
		21
		22	diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
		23	index dded599..1200c55 100644
		24	--- a/modules/lua/lua_request.c
		25	+++ b/modules/lua/lua_request.c
		26	@@ -2227,6 +2227,7 @@ static int lua_websocket_read(lua_State *L)
		27	{
		28	apr_socket_t *sock;
		29	apr_status_t rv;
		30	+ int do_read = 1;
		31	int n = 0;
		32	apr_size_t len = 1;
		33	apr_size_t plen = 0;
		34	@@ -2244,6 +2245,8 @@ static int lua_websocket_read(lua_State *L)
		35	mask_bytes = apr_pcalloc(r->pool, 4);
		36	sock = ap_get_conn_socket(r->connection);
		37
		38	+ while (do_read) {
		39	+ do_read = 0;
		40	/* Get opcode and FIN bit */
		41	if (plaintext) {
		42	rv = apr_socket_recv(sock, &byte, &len);
		43	@@ -2377,10 +2380,11 @@ static int lua_websocket_read(lua_State *L)
		44	frame[0] = 0x8A;
		45	frame[1] = 0;
		46	apr_socket_send(sock, frame, &plen); /* Pong! */
		47	- lua_websocket_read(L); /* read the next frame instead */
		48	+ do_read = 1;
		49	}
		50	}
		51	}
		52	+ }
		53	return 0;
		54	}
		55
		56	--
		57	1.9.1
		58


diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch deleted file mode 100644 index 8585f0bb3..000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2/apache-CVE-2014-0117.patch +++ /dev/null
@@ -1,289 +0,0 @@
1	apache: CVE-2014-0117
2
3	The patch comes from upstream:
4	http://svn.apache.org/viewvc?view=revision&revision=1610674
5
6	SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a
7	reverse proxy configuration, a remote attacker could send a carefully crafted
8	request which could crash a server process, resulting in denial of service.
9
10	Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
11	reporting this issue.
12
13	Upstream-Status: Backport
14
15	Submitted by: Edward Lu, breser, covener
16	Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
17	---
18	modules/proxy/mod_proxy_http.c \| 8 +++-
19	include/httpd.h \| 17 ++++++++
20	modules/proxy/proxy_util.c \| 67 ++++++++++++++----------------
21	server/util.c \| 89 ++++++++++++++++++++++++++++++++++++++++++
22	4 files changed, 143 insertions(+), 38 deletions(-)
23
24	diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
25	index cffad2e..f11c16f 100644
26	--- a/modules/proxy/mod_proxy_http.c
27	+++ b/modules/proxy/mod_proxy_http.c
28	@@ -1362,6 +1362,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
29	*/
30	if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) {
31	int major, minor;
32	+ int toclose;
33
34	major = buffer[5] - '0';
35	minor = buffer[7] - '0';
36	@@ -1470,7 +1471,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
37	te = apr_table_get(r->headers_out, "Transfer-Encoding");
38
39	/* strip connection listed hop-by-hop headers from response */
40	- backend->close = ap_proxy_clear_connection_fn(r, r->headers_out);
41	+ toclose = ap_proxy_clear_connection_fn(r, r->headers_out);
42	+ backend->close = (toclose != 0);
43	+ if (toclose < 0) {
44	+ return ap_proxyerror(r, HTTP_BAD_REQUEST,
45	+ "Malformed connection header");
46	+ }
47
48	if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
49	ap_set_content_type(r, apr_pstrdup(p, buf));
50	diff --git a/include/httpd.h b/include/httpd.h
51	index 36cd58d..9a2cf5c 100644
52	--- a/include/httpd.h
53	+++ b/include/httpd.h
54	@@ -1528,6 +1528,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t p, const char line, const char *t
55	AP_DECLARE(int) ap_find_etag_strong(apr_pool_t p, const char line, const char *tok);
56
57	/**
58	+ * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only
59	+ * accepts ',' as a delimiter, does not accept quoted strings, and errors on
60	+ * any separator.
61	+ * @param p The pool to allocate from
62	+ * @param tok The line to read tokens from
63	+ * @param tokens Pointer to an array of tokens. If not NULL, must be an array
64	+ * of char*, otherwise it will be allocated on @a p when a token is found
65	+ * @param skip_invalid If true, when an invalid separator is encountered, it
66	+ * will be ignored.
67	+ * @return NULL on success, an error string otherwise.
68	+ * @remark *tokens may be NULL on output if NULL in input and no token is found
69	+ */
70	+AP_DECLARE(const char ) ap_parse_token_list_strict(apr_pool_t p, const char *tok,
71	+ apr_array_header_t **tokens,
72	+ int skip_invalid);
73	+
74	+/**
75	* Retrieve a token, spacing over it and adjusting the pointer to
76	* the first non-white byte afterwards. Note that these tokens
77	* are delimited by semis and commas and can also be delimited
78	diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
79	index 67dc939..58daa21 100644
80	--- a/modules/proxy/proxy_util.c
81	+++ b/modules/proxy/proxy_util.c
82	@@ -2847,68 +2847,59 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_prov
83	typedef struct header_connection {
84	apr_pool_t *pool;
85	apr_array_header_t *array;
86	- const char *first;
87	- unsigned int closed:1;
88	+ const char *error;
89	+ int is_req;
90	} header_connection;
91
92	static int find_conn_headers(void data, const char key, const char *val)
93	{
94	header_connection *x = data;
95	- const char *name;
96	-
97	- do {
98	- while (val == ',' \|\| val == ';') {
99	- val++;
100	- }
101	- name = ap_get_token(x->pool, &val, 0);
102	- if (!strcasecmp(name, "close")) {
103	- x->closed = 1;
104	- }
105	- if (!x->first) {
106	- x->first = name;
107	- }
108	- else {
109	- const char **elt;
110	- if (!x->array) {
111	- x->array = apr_array_make(x->pool, 4, sizeof(char *));
112	- }
113	- elt = apr_array_push(x->array);
114	- *elt = name;
115	- }
116	- } while (*val);
117
118	- return 1;
119	+ x->error = ap_parse_token_list_strict(x->pool, val, &x->array, !x->is_req);
120	+ return !x->error;
121	}
122
123	/**
124	* Remove all headers referred to by the Connection header.
125	+ * Returns -1 on error. Otherwise, returns 1 if 'Close' was seen in
126	+ * the Connection header tokens, and 0 if not.
127	*/
128	static int ap_proxy_clear_connection(request_rec r, apr_table_t headers)
129	{
130	- const char **name;
131	+ int closed = 0;
132	header_connection x;
133
134	x.pool = r->pool;
135	x.array = NULL;
136	- x.first = NULL;
137	- x.closed = 0;
138	+ x.error = NULL;
139	+ x.is_req = (headers == r->headers_in);
140
141	apr_table_unset(headers, "Proxy-Connection");
142
143	apr_table_do(find_conn_headers, &x, headers, "Connection", NULL);
144	- if (x.first) {
145	- /* fast path - no memory allocated for one header */
146	- apr_table_unset(headers, "Connection");
147	- apr_table_unset(headers, x.first);
148	+ apr_table_unset(headers, "Connection");
149	+
150	+ if (x.error) {
151	+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO()
152	+ "Error parsing Connection header: %s", x.error);
153	+ return -1;
154	}
155	+
156	if (x.array) {
157	- /* two or more headers */
158	- while ((name = apr_array_pop(x.array))) {
159	- apr_table_unset(headers, *name);
160	+ int i;
161	+ for (i = 0; i < x.array->nelts; i++) {
162	+ const char name = APR_ARRAY_IDX(x.array, i, const char );
163	+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
164	+ "Removing header '%s' listed in Connection header",
165	+ name);
166	+ if (!strcasecmp(name, "close")) {
167	+ closed = 1;
168	+ }
169	+ apr_table_unset(headers, name);
170	}
171	}
172
173	- return x.closed;
174	+ return closed;
175	}
176
177	PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
178	@@ -3095,7 +3086,9 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
179	* apr is compiled with APR_POOL_DEBUG.
180	*/
181	headers_in_copy = apr_table_copy(r->pool, r->headers_in);
182	- ap_proxy_clear_connection(r, headers_in_copy);
183	+ if (ap_proxy_clear_connection(r, headers_in_copy) < 0) {
184	+ return HTTP_BAD_REQUEST;
185	+ }
186	/* send request headers */
187	headers_in_array = apr_table_elts(headers_in_copy);
188	headers_in = (const apr_table_entry_t *) headers_in_array->elts;
189	diff --git a/server/util.c b/server/util.c
190	index e0ba5c2..541c9f0 100644
191	--- a/server/util.c
192	+++ b/server/util.c
193	@@ -1449,6 +1449,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t p, const char line,
194	return find_list_item(p, line, tok, AP_ETAG_WEAK);
195	}
196
197	+/* Grab a list of tokens of the format 1#token (from RFC7230) */
198	+AP_DECLARE(const char ) ap_parse_token_list_strict(apr_pool_t p,
199	+ const char *str_in,
200	+ apr_array_header_t **tokens,
201	+ int skip_invalid)
202	+{
203	+ int in_leading_space = 1;
204	+ int in_trailing_space = 0;
205	+ int string_end = 0;
206	+ const char *tok_begin;
207	+ const char *cur;
208	+
209	+ if (!str_in) {
210	+ return NULL;
211	+ }
212	+
213	+ tok_begin = cur = str_in;
214	+
215	+ while (!string_end) {
216	+ const unsigned char c = (unsigned char)*cur;
217	+
218	+ if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') {
219	+ /* Non-separator character; we are finished with leading
220	+ * whitespace. We must never have encountered any trailing
221	+ * whitespace before the delimiter (comma) */
222	+ in_leading_space = 0;
223	+ if (in_trailing_space) {
224	+ return "Encountered illegal whitespace in token";
225	+ }
226	+ }
227	+ else if (c == ' ' \|\| c == '\t') {
228	+ /* "Linear whitespace" only includes ASCII CRLF, space, and tab;
229	+ * we can't get a CRLF since headers are split on them already,
230	+ * so only look for a space or a tab */
231	+ if (in_leading_space) {
232	+ /* We're still in leading whitespace */
233	+ ++tok_begin;
234	+ }
235	+ else {
236	+ /* We must be in trailing whitespace */
237	+ ++in_trailing_space;
238	+ }
239	+ }
240	+ else if (c == ',' \|\| c == '\0') {
241	+ if (!in_leading_space) {
242	+ /* If we're out of the leading space, we know we've read some
243	+ * characters of a token */
244	+ if (*tokens == NULL) {
245	+ tokens = apr_array_make(p, 4, sizeof(char ));
246	+ }
247	+ APR_ARRAY_PUSH(tokens, char ) =
248	+ apr_pstrmemdup((*tokens)->pool, tok_begin,
249	+ (cur - tok_begin) - in_trailing_space);
250	+ }
251	+ /* We're allowed to have null elements, just don't add them to the
252	+ * array */
253	+
254	+ tok_begin = cur + 1;
255	+ in_leading_space = 1;
256	+ in_trailing_space = 0;
257	+ string_end = (c == '\0');
258	+ }
259	+ else {
260	+ /* Encountered illegal separator char */
261	+ if (skip_invalid) {
262	+ /* Skip to the next separator */
263	+ const char *temp;
264	+ temp = ap_strchr_c(cur, ',');
265	+ if(!temp) {
266	+ temp = ap_strchr_c(cur, '\0');
267	+ }
268	+
269	+ /* Act like we haven't seen a token so we reset */
270	+ cur = temp - 1;
271	+ in_leading_space = 1;
272	+ in_trailing_space = 0;
273	+ }
274	+ else {
275	+ return apr_psprintf(p, "Encountered illegal separator "
276	+ "'\\x%.2x'", (unsigned int)c);
277	+ }
278	+ }
279	+
280	+ ++cur;
281	+ }
282	+
283	+ return NULL;
284	+}
285	+
286	/* Retrieve a token, spacing over it and returning a pointer to
287	* the first non-white byte afterwards. Note that these tokens
288	* are delimited by semis and commas; and can also be delimited
289	--


diff --git a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch index 3a59fb079..413dc535e 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch +++ b/meta-webserver/recipes-httpd/apache2/apache2/apache-ssl-ltmain-rpath.patch
@@ -1,52 +1,57 @@
1	--- httpd-2.2.8.orig/build/ltmain.sh	1	build/ltmain.sh \| 32 +++++++++++++++++++++++++++-----
2	+++ httpd-2.2.8/build/ltmain.sh	2	1 file changed, 27 insertions(+), 5 deletions(-)
3	@@ -1515,7 +1515,7 @@ EOF	3
4	dir=`$echo "X$arg" \| $Xsed -e 's/^-L//'`	4	diff --git a/build/ltmain.sh b/build/ltmain.sh
		5	index 5eca4ae..805b461 100644
		6	--- a/build/ltmain.sh
		7	+++ b/build/ltmain.sh
		8	@@ -6944,7 +6944,7 @@ func_mode_link ()
		9	dir=$func_resolve_sysroot_result
5	# We need an absolute path.	10	# We need an absolute path.
6	case $dir in	11	case $dir in
7	- [\\/]* \| [A-Za-z]:[\\/]*) ;;	12	- [\\/]* \| [A-Za-z]:[\\/]*) ;;
8	+ =* \| [\\/]* \| [A-Za-z]:[\\/]*) ;;	13	+ =* \| [\\/]* \| [A-Za-z]:[\\/]*) ;;
9	*)	14	*)
10	absdir=`cd "$dir" && pwd`	15	absdir=`cd "$dir" && pwd`
11	if test -z "$absdir"; then	16	test -z "$absdir" && \
12	@@ -2558,7 +2558,7 @@ EOF	17	@@ -8137,7 +8137,7 @@ func_mode_link ()
13	$echo "*** $linklib is not portable!"	18	$ECHO "*** $linklib is not portable!"
14	fi	19	fi
15	if test "$linkmode" = lib &&	20	if test lib = "$linkmode" &&
16	- test "$hardcode_into_libs" = yes; then	21	- test yes = "$hardcode_into_libs"; then
17	+ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then	22	+ test "x$wrs_use_rpaths" = "xyes" && test "$hardcode_into_libs" = yes; then
18	# Hardcode the library path.	23	# Hardcode the library path.
19	# Skip directories that are in the system default run-time	24	# Skip directories that are in the system default run-time
20	# search path.	25	# search path.
21	@@ -2832,7 +2832,7 @@ EOF	26	@@ -8404,7 +8404,7 @@ func_mode_link ()
22		27
23	if test "$linkmode" = lib; then	28	if test lib = "$linkmode"; then
24	if test -n "$dependency_libs" &&	29	if test -n "$dependency_libs" &&
25	- { test "$hardcode_into_libs" != yes \|\|	30	- { test yes != "$hardcode_into_libs" \|\|
26	+ { test "$hardcode_into_libs" != yes \|\| test "x$wrs_use_rpaths" != "xyes" \|\|	31	+ { test yes != "$hardcode_into_libs" \|\| test "x$wrs_use_rpaths" != "xyes" \|\|
27	test "$build_old_libs" = yes \|\|	32	test yes = "$build_old_libs" \|\|
28	test "$link_static" = yes; }; then	33	test yes = "$link_static"; }; then
29	# Extract -R from dependency_libs	34	# Extract -R from dependency_libs
30	@@ -3426,7 +3426,8 @@ EOF	35	@@ -9025,7 +9025,8 @@ func_mode_link ()
31	*) finalize_rpath="$finalize_rpath $libdir" ;;	36	*) func_append finalize_rpath " $libdir" ;;
32	esac	37	esac
33	done	38	done
34	- if test "$hardcode_into_libs" != yes \|\| test "$build_old_libs" = yes; then	39	- if test yes != "$hardcode_into_libs" \|\| test yes = "$build_old_libs"; then
35	+ if test "$hardcode_into_libs" != yes \|\| test "x$wrs_use_rpaths" != "xyes" \|\|	40	+ if test yes != "$hardcode_into_libs" \|\| test "x$wrs_use_rpaths" != "xyes" \|\|
36	+ test "$build_old_libs" = yes; then	41	+ test yes = "$build_old_libs"; then
37	dependency_libs="$temp_xrpath $dependency_libs"	42	dependency_libs="$temp_xrpath $dependency_libs"
38	fi	43	fi
39	fi	44	fi
40	@@ -3843,7 +3844,7 @@ EOF	45	@@ -9473,7 +9474,7 @@ EOF
41	case $archive_cmds in	46	case $archive_cmds in
42	\$LD\ ) wl= ;;	47	\$LD\ ) wl= ;;
43	esac	48	esac
44	- if test "$hardcode_into_libs" = yes; then	49	- if test yes = "$hardcode_into_libs"; then
45	+ if test "$hardcode_into_libs" = yes && test "x$wrs_use_rpaths" = "xyes" ; then	50	+ if test yes = "$hardcode_into_libs" && test "x$wrs_use_rpaths" = "xyes"; then
46	# Hardcode the library paths	51	# Hardcode the library paths
47	hardcode_libdirs=	52	hardcode_libdirs=
48	dep_rpath=	53	dep_rpath=
49	@@ -4397,6 +4398,27 @@ EOF	54	@@ -10211,6 +10212,27 @@ EOF
50	# Now hardcode the library paths	55	# Now hardcode the library paths
51	rpath=	56	rpath=
52	hardcode_libdirs=	57	hardcode_libdirs=
@@ -74,3 +79,6 @@
74	for libdir in $compile_rpath $finalize_rpath; do	79	for libdir in $compile_rpath $finalize_rpath; do
75	if test -n "$hardcode_libdir_flag_spec"; then	80	if test -n "$hardcode_libdir_flag_spec"; then
76	if test -n "$hardcode_libdir_separator"; then	81	if test -n "$hardcode_libdir_separator"; then
		82	--
		83	1.9.1
		84


diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.12.bb index 55d507f75..0712b4a93 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.12.bb
@@ -21,12 +21,12 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
21	file://init \	21	file://init \
22	file://apache2-volatile.conf \	22	file://apache2-volatile.conf \
23	file://apache2.service \	23	file://apache2.service \
24	file://apache-CVE-2014-0117.patch \	24	file://0001-SECURITY-CVE-2015-0228-cve.mitre.org.patch \
25	"	25	"
26		26
27	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"	27	LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
28	SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"	28	SRC_URI[md5sum] = "b8dc8367a57a8d548a9b4ce16d264a13"
29	SRC_URI[sha256sum] = "176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a"	29	SRC_URI[sha256sum] = "ad6d39edfe4621d8cc9a2791f6f8d6876943a9da41ac8533d77407a2e630eae4"
30		30
31	S = "${WORKDIR}/httpd-${PV}"	31	S = "${WORKDIR}/httpd-${PV}"
32		32