rpms/apr-util
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS apr-util-1.6.1-23.el9

Browse Source
This commit is contained in:
eabdullin 2023-09-21 18:03:24 +00:00
parent 0679d17587
commit 9218d9951e
3 changed files with 271 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
SOURCES/apr-util-1.6.1-CVE-2022-25147.patch Normal file
View File

@ -0,0 +1,127 @@
diff --git a/encoding/apr_base64.c b/encoding/apr_base64.c
index 1eed153..2803106 100644
--- a/encoding/apr_base64.c
+++ b/encoding/apr_base64.c
@@ -20,11 +20,20 @@
* ugly 'len' functions, which is quite a nasty cost.
*/
+#undef NDEBUG /* always abort() on assert()ion failure */
+#include <assert.h>
+
#include "apr_base64.h"
#if APR_CHARSET_EBCDIC
#include "apr_xlate.h"
#endif /* APR_CHARSET_EBCDIC */
+/* Above APR_BASE64_ENCODE_MAX length the encoding can't fit in an int >= 0 */
+#define APR_BASE64_ENCODE_MAX 1610612733
+
+/* Above APR_BASE64_DECODE_MAX length the decoding can't fit in an int >= 0 */
+#define APR_BASE64_DECODE_MAX 2863311524u
+
/* aaaack but it's fast and const should make it shared text page. */
static const unsigned char pr2six[256] =
{
@@ -109,7 +118,6 @@ APU_DECLARE(apr_status_t) apr_base64init_ebcdic(apr_xlate_t *to_ascii,
APU_DECLARE(int) apr_base64_decode_len(const char *bufcoded)
{
- int nbytesdecoded;
register const unsigned char *bufin;
register apr_size_t nprbytes;
@@ -117,16 +125,16 @@ APU_DECLARE(int) apr_base64_decode_len(const char *bufcoded)
while (pr2six[*(bufin++)] <= 63);
nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
- nbytesdecoded = (((int)nprbytes + 3) / 4) * 3;
+ assert(nprbytes <= APR_BASE64_DECODE_MAX);
- return nbytesdecoded + 1;
+ return (int)(((nprbytes + 3u) / 4u) * 3u + 1u);
}
APU_DECLARE(int) apr_base64_decode(char *bufplain, const char *bufcoded)
{
#if APR_CHARSET_EBCDIC
apr_size_t inbytes_left, outbytes_left;
-#endif /* APR_CHARSET_EBCDIC */
+#endif /* APR_CHARSET_EBCDIC */
int len;
len = apr_base64_decode_binary((unsigned char *) bufplain, bufcoded);
@@ -153,12 +161,13 @@ APU_DECLARE(int) apr_base64_decode_binary(unsigned char *bufplain,
bufin = (const unsigned char *) bufcoded;
while (pr2six[*(bufin++)] <= 63);
nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
- nbytesdecoded = (((int)nprbytes + 3) / 4) * 3;
+ assert(nprbytes <= APR_BASE64_DECODE_MAX);
+ nbytesdecoded = (int)(((nprbytes + 3u) / 4u) * 3u);
bufout = (unsigned char *) bufplain;
bufin = (const unsigned char *) bufcoded;
- while (nprbytes > 4) {
+ while (nprbytes >= 4) {
*(bufout++) =
(unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
*(bufout++) =
@@ -178,13 +187,8 @@ APU_DECLARE(int) apr_base64_decode_binary(unsigned char *bufplain,
*(bufout++) =
(unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
}
- if (nprbytes > 3) {
- *(bufout++) =
- (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
- }
- nbytesdecoded -= (4 - (int)nprbytes) & 3;
- return nbytesdecoded;
+ return nbytesdecoded - (int)((4u - nprbytes) & 3u);
}
static const char basis_64[] =
@@ -192,6 +196,8 @@ static const char basis_64[] =
APU_DECLARE(int) apr_base64_encode_len(int len)
{
+ assert(len >= 0 && len <= APR_BASE64_ENCODE_MAX);
+
return ((len + 2) / 3 * 4) + 1;
}
@@ -203,6 +209,8 @@ APU_DECLARE(int) apr_base64_encode(char *encoded, const char *string, int len)
int i;
char *p;
+ assert(len >= 0 && len <= APR_BASE64_ENCODE_MAX);
+
p = encoded;
for (i = 0; i < len - 2; i += 3) {
*p++ = basis_64[(os_toascii[string[i]] >> 2) & 0x3F];
@@ -227,7 +235,7 @@ APU_DECLARE(int) apr_base64_encode(char *encoded, const char *string, int len)
}
*p++ = '\0';
- return p - encoded;
+ return (unsigned int)(p - encoded);
#endif /* APR_CHARSET_EBCDIC */
}
@@ -240,6 +248,8 @@ APU_DECLARE(int) apr_base64_encode_binary(char *encoded,
int i;
char *p;
+ assert(len >= 0 && len <= APR_BASE64_ENCODE_MAX);
+
p = encoded;
for (i = 0; i < len - 2; i += 3) {
*p++ = basis_64[(string[i] >> 2) & 0x3F];
@@ -264,5 +274,5 @@ APU_DECLARE(int) apr_base64_encode_binary(char *encoded,
}
*p++ = '\0';
- return (int)(p - encoded);
+ return (unsigned int)(p - encoded);
}

123
SOURCES/apr-util-1.6.3-r1907242+.patch Normal file
View File

@ -0,0 +1,123 @@
From 828d644c8eba8765843985d9293f033898ed0592 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Fri, 3 Feb 2023 15:12:10 +0000
Subject: [PATCH] * memcache/apr_memcache.c (conn_connect): Allow use of IPv6
rather than forcing name resolution to IPv4 only.
Submitted by: Lubos Uhliarik <luhliari redhat.com>
Github: closes #39
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1907242 13f79535-47bb-0310-9956-ffa450edef68
---
memcache/apr_memcache.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/memcache/apr_memcache.c b/memcache/apr_memcache.c
index 5f8135c52c..18806281a4 100644
--- a/memcache/apr_memcache.c
+++ b/memcache/apr_memcache.c
@@ -290,9 +290,9 @@ static apr_status_t conn_connect(apr_memcache_conn_t *conn)
apr_status_t rv = APR_SUCCESS;
apr_sockaddr_t *sa;
#if APR_HAVE_SOCKADDR_UN
- apr_int32_t family = conn->ms->host[0] != '/' ? APR_INET : APR_UNIX;
+ apr_int32_t family = conn->ms->host[0] != '/' ? APR_UNSPEC : APR_UNIX;
#else
- apr_int32_t family = APR_INET;
+ apr_int32_t family = APR_UNSPEC;
#endif
rv = apr_sockaddr_info_get(&sa, conn->ms->host, family, conn->ms->port, 0, conn->p);
@@ -328,9 +328,9 @@ mc_conn_construct(void **conn_, void *params, apr_pool_t *pool)
apr_pool_t *tp;
apr_memcache_server_t *ms = params;
#if APR_HAVE_SOCKADDR_UN
- apr_int32_t family = ms->host[0] != '/' ? APR_INET : APR_UNIX;
+ apr_int32_t family = ms->host[0] != '/' ? APR_UNSPEC : APR_UNIX;
#else
- apr_int32_t family = APR_INET;
+ apr_int32_t family = APR_UNSPEC;
#endif
rv = apr_pool_create(&np, pool);
From 59341af138dd2c6fe9444ee9c865b769c0053bdd Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Tue, 27 Jun 2023 14:06:09 +0000
Subject: [PATCH] * memcache/apr_memcache.c (conn_connect, mc_conn_construct):
Fix regression in IPv4 handling in r1907242. Cycle through the address
list handling v4/v6 addresses correctly.
Submitted by: Lubos Uhliarik <luhliari redhat.com>
Github: closes #44
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1910629 13f79535-47bb-0310-9956-ffa450edef68
---
memcache/apr_memcache.c | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/memcache/apr_memcache.c b/memcache/apr_memcache.c
index 41b93a0a33..09779d91b5 100644
--- a/memcache/apr_memcache.c
+++ b/memcache/apr_memcache.c
@@ -300,14 +300,26 @@ static apr_status_t conn_connect(apr_memcache_conn_t *conn)
return rv;
}
- rv = apr_socket_timeout_set(conn->sock, 1 * APR_USEC_PER_SEC);
- if (rv != APR_SUCCESS) {
- return rv;
+ /* Cycle through address until a connect() succeeds. */
+ for (; sa; sa = sa->next) {
+ rv = apr_socket_create(&conn->sock, sa->family, SOCK_STREAM, 0, conn->p);
+ if (rv == APR_SUCCESS) {
+ rv = apr_socket_timeout_set(conn->sock, 1 * APR_USEC_PER_SEC);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ rv = apr_socket_connect(conn->sock, sa);
+ if (rv == APR_SUCCESS) {
+ break;
+ }
+
+ apr_socket_close(conn->sock);
+ }
}
- rv = apr_socket_connect(conn->sock, sa);
- if (rv != APR_SUCCESS) {
- return rv;
+ if (!sa) {
+ return APR_ECONNREFUSED;
}
rv = apr_socket_timeout_set(conn->sock, -1);
@@ -327,11 +339,6 @@ mc_conn_construct(void **conn_, void *params, apr_pool_t *pool)
apr_pool_t *np;
apr_pool_t *tp;
apr_memcache_server_t *ms = params;
-#if APR_HAVE_SOCKADDR_UN
- apr_int32_t family = ms->host[0] != '/' ? APR_UNSPEC : APR_UNIX;
-#else
- apr_int32_t family = APR_UNSPEC;
-#endif
rv = apr_pool_create(&np, pool);
if (rv != APR_SUCCESS) {
@@ -349,13 +356,6 @@ mc_conn_construct(void **conn_, void *params, apr_pool_t *pool)
conn->p = np;
conn->tp = tp;
- rv = apr_socket_create(&conn->sock, family, SOCK_STREAM, 0, np);
-
- if (rv != APR_SUCCESS) {
- apr_pool_destroy(np);
- return rv;
- }
-
conn->buffer = apr_palloc(conn->p, BUFFER_SIZE + 1);
conn->blen = 0;
conn->ms = ms;

22
SPECS/apr-util.spec
View File

@ -16,13 +16,20 @@
Summary: Apache Portable Runtime Utility library
Name: apr-util
Version: 1.6.1
Release: 20%{?dist}
Release: 23%{?dist}
License: ASL 2.0
URL: https://apr.apache.org/
Source0: https://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2
Patch1: apr-util-1.2.7-pkgconf.patch
Patch4: apr-util-1.4.1-private.patch
Patch5: apr-util-mariadb-upstream.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2168760
Patch6: apr-util-1.6.3-r1907242+.patch
# Security patches:
# https://bugzilla.redhat.com/show_bug.cgi?id=2169652
Patch100: apr-util-1.6.1-CVE-2022-25147.patch
BuildRequires: gcc
BuildRequires: autoconf, apr-devel >= 1.3.0
BuildRequires: %{dbdep}, expat-devel, libuuid-devel
@ -126,6 +133,9 @@ This package provides the NSS crypto support for the apr-util.
%patch1 -p1 -b .pkgconf
%patch4 -p1 -b .private
%patch5 -p1 -b .maria
%patch6 -p1 -b .r1907242
%patch100 -p1 -b .CVE-2022-25147
%build
autoheader && autoconf
@ -220,6 +230,16 @@ export LD_LIBRARY_PATH=%{buildroot}/%{_libdir}/apr-util-%{apuver}
%{_datadir}/aclocal/*.m4
%changelog
* Tue Jun 27 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.6.1-23
- Related: #2168760 - mod_auth_openidc fails with IPv6 OIDCMemCacheServers
* Mon Jun 12 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.6.1-22
- Resolves: #2168760 - mod_auth_openidc fails with IPv6 OIDCMemCacheServers
* Wed May 31 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.6.1-21
- Resolves: #2196576 - CVE-2022-25147 apr-util: out-of-bounds writes in the
apr_base64
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.1-20
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688