Date: Thu, 19 May 2011 17:20:55 +0000 From: "Philip M. Gollucci" <pgollucci@taximagic.com> To: apache@FreeBSD.org Subject: Fwd: [Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11 Message-ID: <4DD55177.7060806@taximagic.com>
index | next in thread | raw e-mail
[-- Attachment #1 --]
-------- Original Message --------
Subject: [Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util
1.3.11
Resent-Date: Thu, 19 May 2011 10:19:28 -0700 (PDT)
Resent-From: <philip@taximagic.com>
Date: Thu, 19 May 2011 12:17:06 -0500
From: William A. Rowe Jr. <wrowe@apache.org>
To: <announce@httpd.apache.org>
New releases are in progress for each of these projects and are
expected to be available in the coming days. The upcoming httpd
2.2.19 will bundle new releases of apr and apr-util which correct
the regressions described below. An announcement of these releases
will be broadcast.
Note: httpd 2.2.18 bundles apr 1.4.4 and apr-util 1.3.11.
Summary of regressions:
httpd 2.2.18: The ap_unescape_url_keep2f() function signature was changed.
This breaks binary compatibility of a number of third-party modules. In
addition, a regression in apr 1.4.4 (see below) could cause httpd to hang.
apr 1.4.4: A fix in apr 1.4.4 apr_fnmatch() to address CVE-2011-0419
introduced a new vulnerability. A patch is attached and should be used
if httpd workers enter a hung state (100% cpu utilization) after updating
to httpd 2.2.18 or apr-util 1.4.4, or if hangs are seen in other apr
applications which use apr_fnmatch().
apr-util 1.3.11: A fix to LDAP support in apr-util 1.3.11 could cause
crashes with httpd's mod_authnz_ldap in some situations.
[-- Attachment #2 --]
--- srclib\apr\strings\apr_fnmatch.orig Mon May 02 23:51:24 2011
+++ srclib\apr\strings\apr_fnmatch.c Wed May 18 13:09:52 2011
@@ -196,7 +196,10 @@
const char *mismatch = NULL;
int matchlen = 0;
- while (*pattern)
+ if (*pattern == '*')
+ goto firstsegment;
+
+ while (*pattern && *string)
{
/* Match balanced slashes, starting a new segment pattern
*/
@@ -207,6 +210,7 @@
++string;
}
+firstsegment:
/* At the beginning of each segment, validate leading period behavior.
*/
if ((flags & APR_FNM_PERIOD) && (*string == '.'))
@@ -361,9 +365,9 @@
return APR_FNM_NOMATCH;
}
- /* pattern is at EOS; if string is also, declare success
+ /* Where both pattern and string are at EOS, declare success
*/
- if (!*string)
+ if (!*string && !*pattern)
return 0;
/* pattern didn't match to the end of string */
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DD55177.7060806>