Return-Path: 
 <cvs-return-32814-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 58024 invoked from network); 28 May 2009 08:04:24 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 28 May 2009 08:04:24 -0000
Received: (qmail 70688 invoked by uid 500); 28 May 2009 08:04:36 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 70605 invoked by uid 500); 28 May 2009 08:04:35 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 70596 invoked by uid 99); 28 May 2009 08:04:35 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 May 2009 08:04:35 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 May 2009 08:04:24 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 52FDE2388897; Thu, 28 May 2009 08:04:04 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r779472 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
 include/http_core.h modules/filters/mod_include.c server/core.c
Date: Thu, 28 May 2009 08:04:04 -0000
To: cvs@httpd.apache.org
From: jorton@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090528080404.52FDE2388897@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: jorton
Date: Thu May 28 08:04:03 2009
New Revision: 779472

URL: http://svn.apache.org/viewvc?rev=779472&view=rev
Log:
Restore backwards compatibility of OPT_* handling in the fix for
CVE-2009-1195:

* include/http_core.h: Add back the OPT_INCNOEXEC and hide
  OPT_INC_WITH_EXEC as internal-only.

* server/core.c (ap_allow_options): Invert the returned
  OPT_INC_WITH_EXEC bit such that the exposed semantics of
  OPT_INCNOEXEC are retained.

* modules/filters/mod_include.c (includes_filter): Revert to using
  OPT_INCNOEXEC.

Submitted by: trawick, jorton
Reviewed by: jorton, trawick, rpluem

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/include/http_core.h
    httpd/httpd/branches/2.2.x/modules/filters/mod_include.c
    httpd/httpd/branches/2.2.x/server/core.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=779472&r1=779471&r2=779472&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu May 28 08:04:03 2009
@@ -5,7 +5,7 @@
      Prevent the "Includes" Option from being enabled in an .htaccess 
      file if the AllowOverride restrictions do not permit it.
      [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
-      Ruediger Pluem]
+      Ruediger Pluem, Jeff Trawick]
 
   *) SECURITY: CVE-2009-1191 (cve.mitre.org)
      mod_proxy_ajp: Avoid delivering content from a previous request which

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=779472&r1=779471&r2=779472&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu May 28 08:04:03 2009
@@ -84,15 +84,6 @@
 * We should wait for a release of APR 1.3.4 at least for
   http://svn.apache.org/viewvc?view=rev&revision=727605
 
-* Resolve API breakage with OPT_INC* changes.  See thread
-  "CVE-2009-1195 tweaks to preserve binary compatibility for stable branches"
-
- * Fix backwards compat of options handling in CVE-2009-1105 fix:
-   trunk: N/A (2.2.x compat issue only)
-   2.2.x patch: 
-     http://people.apache.org/~jorton/ssi-opt-compat-v1.diff
-   +1: jorton, trawick, rpluem
-
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 

Modified: httpd/httpd/branches/2.2.x/include/http_core.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/http_core.h?rev=779472&r1=779471&r2=779472&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/http_core.h (original)
+++ httpd/httpd/branches/2.2.x/include/http_core.h Thu May 28 08:04:03 2009
@@ -73,16 +73,29 @@
 #define OPT_EXECCGI 8
 /**  directive unset */
 #define OPT_UNSET 16
-/**  SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
-#define OPT_INC_WITH_EXEC 32
+/**  IncludesNOEXEC directive */
+#define OPT_INCNOEXEC 32
 /** SymLinksIfOwnerMatch directive */
 #define OPT_SYM_OWNER 64
 /** MultiViews directive */
 #define OPT_MULTI 128
 /**  All directives */
-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
+#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)
 /** @} */
 
+#ifdef CORE_PRIVATE
+/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
+ * internally replaced by OPT_INC_WITH_EXEC.  The internal semantics
+ * of the two SSI-related bits are hence:
+ *
+ *  OPT_INCLUDES => "enable SSI, without exec= permission"
+ *  OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
+ *
+ * The set of options exposed via ap_allow_options() retains the
+ * semantics of OPT_INCNOEXEC by flipping the bit. */
+#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
+#endif
+
 /**
  * @defgroup get_remote_host Remote Host Resolution 
  * @ingroup APACHE_CORE_HTTPD

Modified: httpd/httpd/branches/2.2.x/modules/filters/mod_include.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/filters/mod_include.c?rev=779472&r1=779471&r2=779472&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/filters/mod_include.c (original)
+++ httpd/httpd/branches/2.2.x/modules/filters/mod_include.c Thu May 28 08:04:03 2009
@@ -3565,7 +3565,7 @@
         intern->seen_eos = 0;
         intern->state = PARSE_PRE_HEAD;
         ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
-        if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
+        if (ap_allow_options(r) & OPT_INCNOEXEC) {
             ctx->flags |= SSI_FLAG_NO_EXEC;
         }
         intern->accessenable = conf->accessenable;

Modified: httpd/httpd/branches/2.2.x/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core.c?rev=779472&r1=779471&r2=779472&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/core.c (original)
+++ httpd/httpd/branches/2.2.x/server/core.c Thu May 28 08:04:03 2009
@@ -661,7 +661,11 @@
     core_dir_config *conf =
       (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
 
-    return conf->opts;
+    /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is
+     * inverted, such that the exposed semantics match that of
+     * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
+     * permitted. */
+    return conf->opts ^ OPT_INC_WITH_EXEC;
 }
 
 AP_DECLARE(int) ap_allow_overrides(request_rec *r)