httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1231058 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/scoreboard.c
Date Fri, 13 Jan 2012 13:27:47 GMT
Author: jim
Date: Fri Jan 13 13:27:46 2012
New Revision: 1231058

URL: http://svn.apache.org/viewvc?rev=1231058&view=rev
Log:
Merge r1230069 from trunk:
Submitted by: jorton
Reviewed/backported by: jim

SECURITY (CVE-2012-0031) patch

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/server/scoreboard.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1231058&r1=1231057&r2=1231058&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Jan 13 13:27:46 2012
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.22
 
+  *) SECURITY (CVE-2012-0031): Fix scoreboard issue which could allow
+     an unprivileged child process could cause the parent to crash at
+     shutdown rather than terminate cleanly.  [Joe Orton]
+
   *) SECURITY: CVE-2011-3368 (cve.mitre.org)
      Reject requests where the request-URI does not match the HTTP
      specification, preventing unexpected expansion of target URLs in
@@ -24,7 +28,7 @@ Changes with Apache 2.2.22
   *) core: Fix segfault in ap_send_interim_response(). PR 52315.
      [Stefan Fritsch]
 
-  *) mod_log_config: Prevent segfault. PR 50861. [Torsten F�rtsch
+  *) mod_log_config: Prevent segfault. PR 50861. [Torsten F�rtsch
      <torsten.foertsch gmx.net>]
 
   *) mod_win32: Invert logic for env var UTF-8 fixing.

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1231058&r1=1231057&r2=1231058&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Jan 13 13:27:46 2012
@@ -92,11 +92,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * Fix CVE-2012-0031, scoreboard issue.
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1230065
-     2.2.x patch: use patch in 2.4.x which avoids MMN bump, 
-           http://svn.apache.org/viewvc?view=revision&revision=1230069
-     +1: jorton, trawick, covener, jim
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/server/scoreboard.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/scoreboard.c?rev=1231058&r1=1231057&r2=1231058&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/scoreboard.c (original)
+++ httpd/httpd/branches/2.2.x/server/scoreboard.c Fri Jan 13 13:27:46 2012
@@ -42,6 +42,8 @@ AP_DECLARE_DATA const char *ap_scoreboar
 AP_DECLARE_DATA int ap_extended_status = 0;
 AP_DECLARE_DATA int ap_mod_status_reqtail = 0;
 
+static ap_scoreboard_e scoreboard_type;
+
 #if APR_HAS_SHARED_MEMORY
 
 #include "apr_shm.h"
@@ -250,7 +252,7 @@ apr_status_t ap_cleanup_scoreboard(void 
     if (ap_scoreboard_image == NULL) {
         return APR_SUCCESS;
     }
-    if (ap_scoreboard_image->global->sb_type == SB_SHARED) {
+    if (scoreboard_type == SB_SHARED) {
         ap_cleanup_shared_mem(NULL);
     }
     else {
@@ -312,7 +314,7 @@ int ap_create_scoreboard(apr_pool_t *p, 
         ap_init_scoreboard(sb_mem);
     }
 
-    ap_scoreboard_image->global->sb_type = sb_type;
+    ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type;
     ap_scoreboard_image->global->running_generation = 0;
     ap_scoreboard_image->global->restart_time = apr_time_now();
 



Mime
View raw message