htpasswd/htdbm: fix hash generation bug (#956344)

- do not dump vhosts twice in httpd -S output (#928761)
- mod_cache: fix potential crash caused by uninitialized variable (#954109)

httpd-2.4.4-dump-vhost-twice.patch

@@ -0,0 +1,45 @@
+--- trunk/server/vhost.c	2013/05/11 11:51:28	1481305
++++ trunk/server/vhost.c	2013/05/11 12:05:24	1481306
+@@ -577,14 +577,21 @@
+      */
+ 
+     for (s = main_s->next; s; s = s->next) {
++        server_addr_rec *sar_prev = NULL;
+         has_default_vhost_addr = 0;
+         for (sar = s->addrs; sar; sar = sar->next) {
+             ipaddr_chain *ic;
+             char inaddr_any[16] = {0}; /* big enough to handle IPv4 or IPv6 */
+-
++            /* XXX: this treats 0.0.0.0 as a "default" server which matches no-exact-match for IPv6 */
+             if (!memcmp(sar->host_addr->ipaddr_ptr, inaddr_any, sar->host_addr->ipaddr_len)) {
+                 ic = find_default_server(sar->host_port);
+-                if (!ic || sar->host_port != ic->sar->host_port) {
++
++                if (ic && sar->host_port == ic->sar->host_port) { /* we're a match for an existing "default server"  */
++                    if (!sar_prev || memcmp(sar_prev->host_addr->ipaddr_ptr, inaddr_any, sar_prev->host_addr->ipaddr_len)) { 
++                        add_name_vhost_config(p, main_s, s, sar, ic);
++                    }
++                }
++                else { 
+                     /* No default server, or we found a default server but
+                     ** exactly one of us is a wildcard port, which means we want
+                     ** two ip-based vhosts not an NVH with two names
+@@ -592,6 +599,7 @@
+                     ic = new_ipaddr_chain(p, s, sar);
+                     ic->next = default_list;
+                     default_list = ic;
++                    add_name_vhost_config(p, main_s, s, sar, ic);
+                 }
+                 has_default_vhost_addr = 1;
+             }
+@@ -609,8 +617,9 @@
+                     ic->next = *iphash_table_tail[bucket];
+                     *iphash_table_tail[bucket] = ic;
+                 }
++                add_name_vhost_config(p, main_s, s, sar, ic);
+             }
+-            add_name_vhost_config(p, main_s, s, sar, ic);
++            sar_prev = sar;
+         }
+ 
+         /* Ok now we want to set up a server_hostname if the user was

httpd-2.4.4-mod_cache-tmppath.patch

@@ -0,0 +1,11 @@
+--- a/modules/cache/mod_cache.c	
++++ a/modules/cache/mod_cache.c	
+@@ -1773,7 +1773,7 @@ static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) {
+ 
+ static void * create_cache_config(apr_pool_t *p, server_rec *s)
+ {
+-    const char *tmppath;
++    const char *tmppath = NULL;
+     cache_server_conf *ps = apr_pcalloc(p, sizeof(cache_server_conf));
+ 
+     /* array of URL prefixes for which caching is enabled */

httpd-2.4.4-r1476674.patch

@@ -0,0 +1,110 @@
+Index: support/passwd_common.c
+===================================================================
+--- a/support/passwd_common.c	(revision 1476673)
++++ b/support/passwd_common.c	(working copy)
+@@ -113,17 +113,17 @@
+ 
+ int get_password(struct passwd_ctx *ctx)
+ {
++    char buf[MAX_STRING_LEN + 1];
+     if (ctx->passwd_src == PW_STDIN) {
+-        char *buf = ctx->out;
+         apr_file_t *file_stdin;
+         apr_size_t nread;
+         if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
+             ctx->errstr = "Unable to read from stdin.";
+             return ERR_GENERAL;
+         }
+-        if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
++        if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
+                                &nread) != APR_EOF
+-            || nread == ctx->out_len - 1) {
++            || nread == sizeof(buf) - 1) {
+             goto err_too_long;
+         }
+         buf[nread] = '\0';
+@@ -133,21 +133,24 @@
+                 buf[nread-2] = '\0';
+         }
+         apr_file_close(file_stdin);
++        ctx->passwd = apr_pstrdup(ctx->pool, buf);
+     }
+     else {
+-        char buf[MAX_STRING_LEN + 1];
+         apr_size_t bufsize = sizeof(buf);
+-        if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
++        if (apr_password_get("New password: ", buf, &bufsize) != 0)
+             goto err_too_long;
++        ctx->passwd = apr_pstrdup(ctx->pool, buf);
++        bufsize = sizeof(buf);
++        buf[0] = '\0';
+         apr_password_get("Re-type new password: ", buf, &bufsize);
+-        if (strcmp(ctx->out, buf) != 0) {
++        if (strcmp(ctx->passwd, buf) != 0) {
+             ctx->errstr = "password verification error";
+-            memset(ctx->out, '\0', ctx->out_len);
++            memset(ctx->passwd, '\0', strlen(ctx->passwd));
+             memset(buf, '\0', sizeof(buf));
+             return ERR_PWMISMATCH;
+         }
+-        memset(buf, '\0', sizeof(buf));
+     }
++    memset(buf, '\0', sizeof(buf));
+     return 0;
+ 
+ err_too_long:
+@@ -164,7 +167,6 @@
+ int mkhash(struct passwd_ctx *ctx)
+ {
+     char *pw;
+-    char pwin[MAX_STRING_LEN];
+     char salt[16];
+     apr_status_t rv;
+     int ret = 0;
+@@ -177,14 +179,11 @@
+                         "Warning: Ignoring -C argument for this algorithm." NL);
+     }
+ 
+-    if (ctx->passwd != NULL) {
+-        pw = ctx->passwd;
+-    }
+-    else {
++    if (ctx->passwd == NULL) {
+         if ((ret = get_password(ctx)) != 0)
+             return ret;
+-        pw = pwin;
+     }
++    pw = ctx->passwd;
+ 
+     switch (ctx->alg) {
+     case ALG_APSHA:
+@@ -224,7 +223,7 @@
+ 
+         apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
+         if (strlen(pw) > 8) {
+-            char *truncpw = strdup(pw);
++            char *truncpw = apr_pstrdup(ctx->pool, pw);
+             truncpw[8] = '\0';
+             if (!strcmp(ctx->out, crypt(truncpw, salt))) {
+                 apr_file_printf(errfile, "Warning: Password truncated to 8 "
+Index: support/htpasswd.c
+===================================================================
+--- a/support/htpasswd.c	(revision 1476673)
++++ b/support/htpasswd.c	(working copy)
+@@ -253,7 +253,6 @@
+ int main(int argc, const char * const argv[])
+ {
+     apr_file_t *fpw = NULL;
+-    const char *errstr = NULL;
+     char line[MAX_STRING_LEN];
+     char *pwfilename = NULL;
+     char *user = NULL;
+@@ -345,7 +344,7 @@
+     if (!(mask & APHTP_DELUSER)) {
+         i = mkrecord(&ctx, user);
+         if (i != 0) {
+-            apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr);
++            apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr);
+             exit(i);
+         }
+         if (mask & APHTP_NOFILE) {

httpd.spec

@@ -14,7 +14,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -64,6 +64,9 @@ Patch31: httpd-2.4.4-sslmultiproxy.patch
 # Bug fixes
 Patch50: httpd-2.4.2-r1374214+.patch
 Patch51: httpd-2.4.3-sslsninotreq.patch
+Patch52: httpd-2.4.4-r1476674.patch
+Patch53: httpd-2.4.4-mod_cache-tmppath.patch
+Patch54: httpd-2.4.4-dump-vhost-twice.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -188,6 +191,9 @@ interface for storing and accessing per-user session data.
 
 %patch50 -p1 -b .r1374214+
 %patch51 -p1 -b .sninotreq
+%patch52 -p1 -b .r1476674
+%patch53 -p1 -b .tmppath
+%patch54 -p1 -b .vhosttwice
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -610,6 +616,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
+* Mon May 20 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-6
+- htpasswd/htdbm: fix hash generation bug (#956344)
+- do not dump vhosts twice in httpd -S output (#928761)
+- mod_cache: fix potential crash caused by uninitialized variable (#954109)
+
 * Thu Apr 18 2013 Jan Kaluza <jkaluza@redhat.com> - 2.4.4-5
 - execute systemctl reload as result of apachectl graceful
 - mod_ssl: ignore SNI hints unless required by config