Kolab Groupware OBS

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 3

apache2.dsc Changed

debian.changelog Changed

@@ -1,3 +1,25 @@
+apache2 (2.2.22-13.2+deb7u5) wheezy; urgency=medium
+
+  * Non-maintainer upload.
+  * Merge patches from Debian 2.2.22-13+deb7u5.
+
+ -- Christoph Erhardt <kolab@sicherha.de>  Wed, 05 Aug 2015 10:10:27 +0200
+
+apache2 (2.2.22-13+deb7u5) wheezy-security; urgency=medium
+
+  * CVE-2015-3183: Fix request smuggling via chunked transfer encoding.
+    Backported by Marc Deslauriers.
+  * Don't limit default DH parameters to 1024 bits. Closes: #780398
+    This may cause problems with some Java based clients. A work-around is to
+    configure these client not to use DHE key exchange but use ECDHE or RSA
+    instead.
+    A server-side work-around that limits the DH parameters to 1024 bits for
+    all clients is described at
+    http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh .
+  * Backport support for adding DH parameters to the SSLCertificateFile.
+
+ -- Stefan Fritsch <sf@debian.org>  Sat, 01 Aug 2015 22:08:57 +0200
+
 apache2 (2.2.22-13.2+deb7u4) wheezy; urgency=medium
 
   * Non-maintainer upload.

debian.tar.gz/README.Debian Changed

debian.tar.gz/patches/CVE-2015-3183.patch Added

@@ -0,0 +1,801 @@
+Description: fix request smuggling via chunked transfer encoding
+Origin: backport, http://svn.apache.org/viewvc?view=revision&revision=1687338
+Origin: backport, http://svn.apache.org/viewvc?view=revision&revision=1687339
+Origin: backport, http://svn.apache.org/viewvc?view=revision&revision=1688936
+Origin: backport, http://svn.apache.org/viewvc?view=revision&revision=1689522
+
+Index: apache2-2.2.22/modules/http/http_filters.c
+===================================================================
+--- apache2-2.2.22.orig/modules/http/http_filters.c	2015-07-24 09:33:00.000000000 -0400
++++ apache2-2.2.22/modules/http/http_filters.c	2015-07-24 13:06:08.276786883 -0400
+@@ -56,27 +56,33 @@
+ #include <unistd.h>
+ #endif
+ 
+-#define INVALID_CHAR -2
+-
+-static long get_chunk_size(char *);
+-
+-typedef struct http_filter_ctx {
++typedef struct http_filter_ctx
++{
+     apr_off_t remaining;
+     apr_off_t limit;
+     apr_off_t limit_used;
+-    enum {
+-        BODY_NONE,
+-        BODY_LENGTH,
+-        BODY_CHUNK,
+-        BODY_CHUNK_PART
++    apr_int32_t chunk_used;
++    apr_int32_t chunk_bws;
++    apr_int32_t chunkbits;
++    enum
++    {
++        BODY_NONE, /* streamed data */
++        BODY_LENGTH, /* data constrained by content length */
++        BODY_CHUNK, /* chunk expected */
++        BODY_CHUNK_PART, /* chunk digits */
++        BODY_CHUNK_EXT, /* chunk extension */
++        BODY_CHUNK_CR, /* got space(s) after digits, expect [CR]LF or ext */
++        BODY_CHUNK_LF, /* got CR after digits or ext, expect LF */
++        BODY_CHUNK_DATA, /* data constrained by chunked encoding */
++        BODY_CHUNK_END, /* chunked data terminating CRLF */
++        BODY_CHUNK_END_LF, /* got CR after data, expect LF */
++        BODY_CHUNK_TRAILER /* trailers */
+     } state;
+-    int eos_sent;
+-    char chunk_ln[32];
+-    char *pos;
+-    apr_off_t linesize;
++    unsigned int eos_sent :1;
+     apr_bucket_brigade *bb;
+ } http_ctx_t;
+ 
++/* bail out if some error in the HTTP input filter happens */
+ static apr_status_t bail_out_on_error(http_ctx_t *ctx,
+                                       ap_filter_t *f,
+                                       int http_error)
+@@ -92,119 +98,162 @@
+     e = apr_bucket_eos_create(f->c->bucket_alloc);
+     APR_BRIGADE_INSERT_TAIL(bb, e);
+     ctx->eos_sent = 1;
++    /* If chunked encoding / content-length are corrupt, we may treat parts
++     * of this request's body as the next one's headers.
++     * To be safe, disable keep-alive.
++     */
++    f->r->connection->keepalive = AP_CONN_CLOSE;
+     return ap_pass_brigade(f->r->output_filters, bb);
+ }
+ 
+-static apr_status_t get_remaining_chunk_line(http_ctx_t *ctx,
+-                                             apr_bucket_brigade *b,
+-                                             int linelimit)
++/**
++ * Parse a chunk line with optional extension, detect overflow.
++ * There are two error cases:
++ *  1) If the conversion would require too many bits, APR_EGENERAL is returned.
++ *  2) If the conversion used the correct number of bits, but an overflow
++ *     caused only the sign bit to flip, then APR_ENOSPC is returned.
++ * In general, any negative number can be considered an overflow error.
++ */
++static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
++                                     apr_size_t len, int linelimit)
+ {
+-    apr_status_t rv;
+-    apr_off_t brigade_length;
+-    apr_bucket *e;
+-    const char *lineend;
+-    apr_size_t len;
++    apr_size_t i = 0;
+ 
+-    /*
+-     * As the brigade b should have been requested in mode AP_MODE_GETLINE
+-     * all buckets in this brigade are already some type of memory
+-     * buckets (due to the needed scanning for LF in mode AP_MODE_GETLINE)
+-     * or META buckets.
+-     */
+-    rv = apr_brigade_length(b, 0, &brigade_length);
+-    if (rv != APR_SUCCESS) {
+-        return rv;
+-    }
+-    /* Sanity check. Should never happen. See above. */
+-    if (brigade_length == -1) {
+-        return APR_EGENERAL;
+-    }
+-    if (!brigade_length) {
+-        return APR_EAGAIN;
+-    }
+-    ctx->linesize += brigade_length;
+-    if (ctx->linesize > linelimit) {
+-        return APR_ENOSPC;
+-    }
+-    /*
+-     * As all buckets are already some type of memory buckets or META buckets
+-     * (see above), we only need to check the last byte in the last data bucket.
+-     */
+-    for (e = APR_BRIGADE_LAST(b);
+-         e != APR_BRIGADE_SENTINEL(b);
+-         e = APR_BUCKET_PREV(e)) {
++    while (i < len) {
++        char c = buffer[i];
++
++        ap_xlate_proto_from_ascii(&c, 1);
+ 
+-        if (APR_BUCKET_IS_METADATA(e)) {
++        /* handle CRLF after the chunk */
++        if (ctx->state == BODY_CHUNK_END
++                || ctx->state == BODY_CHUNK_END_LF) {
++            if (c == LF) {
++                ctx->state = BODY_CHUNK;
++            }
++            else if (c == CR && ctx->state == BODY_CHUNK_END) {
++                ctx->state = BODY_CHUNK_END_LF;
++            }
++            else {
++                /*
++                 * LF expected.
++                 */
++                return APR_EINVAL;
++            }
++            i++;
+             continue;
+         }
+-        rv = apr_bucket_read(e, &lineend, &len, APR_BLOCK_READ);
+-        if (rv != APR_SUCCESS) {
+-            return rv;
++
++        /* handle start of the chunk */
++        if (ctx->state == BODY_CHUNK) {
++            if (!apr_isxdigit(c)) {
++                /*
++                 * Detect invalid character at beginning. This also works for
++                 * empty chunk size lines.
++                 */
++                return APR_EINVAL;
++            }
++            else {
++                ctx->state = BODY_CHUNK_PART;
++            }
++            ctx->remaining = 0;
++            ctx->chunkbits = sizeof(apr_off_t) * 8;
++            ctx->chunk_used = 0;
++            ctx->chunk_bws = 0;
+         }
+-        if (len > 0) {
+-            break;  /* we got the data we want */
++
++        if (c == LF) {
++            if (ctx->remaining) {
++                ctx->state = BODY_CHUNK_DATA;
++            }
++            else {
++                ctx->state = BODY_CHUNK_TRAILER;
++            }
+         }
+-        /* If we got a zero-length data bucket, we try the next one */
+-    }
+-    /* We had no data in this brigade */
+-    if (!len || e == APR_BRIGADE_SENTINEL(b)) {
+-        return APR_EAGAIN;
+-    }
+-    if (lineend[len - 1] != APR_ASCII_LF) {
+-        return APR_EAGAIN;
+-    }
+-    /* Line is complete. So reset ctx->linesize for next round. */
+-    ctx->linesize = 0;
+-    return APR_SUCCESS;
+-}
++        else if (ctx->state == BODY_CHUNK_LF) {
++            /*
++             * LF expected.
++             */
++            return APR_EINVAL;
++        }
++        else if (c == CR) {
++            ctx->state = BODY_CHUNK_LF;
++        }
++        else if (c == ';') {
++            ctx->state = BODY_CHUNK_EXT;

debian.tar.gz/patches/DH-SSLCertificateFile.patch Added

@@ -0,0 +1,1373 @@
+# DP: backport support for adding DH parameters to the SSLCertificateFile
+
+--- a/docs/manual/mod/mod_ssl.html.en
++++ b/docs/manual/mod/mod_ssl.html.en
+@@ -388,12 +388,47 @@ SSLCertificateChainFile /usr/local/apach
+ <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+ </table>
+ <p>
+-This directive points to the PEM-encoded Certificate file for the server and
+-optionally also to the corresponding RSA or DSA Private Key file for it
+-(contained in the same file). If the contained Private Key is encrypted the
+-Pass Phrase dialog is forced at startup time. This directive can be used up to
+-two times (referencing different filenames) when both a RSA and a DSA based
+-server certificate is used in parallel.</p>
++This directive points to a file with certificate data in PEM format.
++At a minimum, the file must include an end-entity (leaf) certificate.
++The directive can be used up to three times (referencing different filenames)
++when an RSA, a DSA, and an ECC based server certificate is used in parallel.
++</p>
++
++<p>
++Custom DH parameters and an EC curve name for ephemeral keys,
++can be added to end of the first file configured using
++<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>.
++Such parameters can be generated using the commands
++<code>openssl dhparam</code> and <code>openssl ecparam</code>.
++The parameters can be added as-is to the end of the first
++certificate file. Only the first file can be used for custom
++parameters, as they are applied independently of the authentication
++algorithm type.
++</p>
++
++<p>
++Finally the the end-entity certificate's private key can also be
++added to the certificate file instead of using a separate
++<code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
++directive. This practice is highly discouraged. If the private
++key is encrypted, the pass phrase dialog is forced at startup time.
++</p>
++
++<div class="note">
++<h3>DH parameter interoperability with primes &gt; 1024 bit</h3>
++<p>
++Beginning with version 2.2.30, mod_ssl makes use of
++standardized DH parameters with prime lengths of 2048, 3072, 4096, 6144 and
++8192 bits (from <a href="http://www.ietf.org/rfc/rfc3526.txt">RFC 3526</a>),
++and hands them out to clients based on the length of the certificate's RSA/DSA
++key.
++With Java-based clients in particular (Java 7 or earlier), this may lead
++to handshake failures - see this
++<a href="../ssl/ssl_faq.html#javadh">FAQ answer</a> for working around
++such issues.
++</p>
++</div>
++
+ <div class="example"><h3>Example</h3><p><code>
+ SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
+ </code></p></div>
+@@ -409,18 +444,22 @@ SSLCertificateFile /usr/local/apache2/co
+ <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+ </table>
+ <p>
+-This directive points to the PEM-encoded Private Key file for the
+-server. If the Private Key is not combined with the Certificate in the
+-<code class="directive">SSLCertificateFile</code>, use this additional directive to
+-point to the file with the stand-alone Private Key. When
+-<code class="directive">SSLCertificateFile</code> is used and the file
+-contains both the Certificate and the Private Key this directive need
+-not be used. But we strongly discourage this practice.  Instead we
+-recommend you to separate the Certificate and the Private Key. If the
+-contained Private Key is encrypted, the Pass Phrase dialog is forced
+-at startup time. This directive can be used up to two times
+-(referencing different filenames) when both a RSA and a DSA based
+-private key is used in parallel.</p>
++This directive points to the PEM-encoded private key file for the
++server. If the contained private key is encrypted, the pass phrase
++dialog is forced at startup time.</p>
++
++<p>
++The directive can be used up to three times (referencing different filenames)
++when an RSA, a DSA, and an ECC based private key is used in parallel. For each
++<code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code>
++directive, there must be a matching <code class="directive">SSLCertificateFile</code>
++directive.</p>
++
++<p>
++The private key may also be combined with the certificate in the file given by
++<code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>, but this practice
++is highly discouraged.</p>
++
+ <div class="example"><h3>Example</h3><p><code>
+ SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
+ </code></p></div>
+@@ -1886,6 +1925,6 @@ SSLVerifyDepth 10
+ <div class="bottomlang">
+ <p><span>Available Languages: </span><a href="../en/mod/mod_ssl.html" title="English">&nbsp;en&nbsp;</a></p>
+ </div><div id="footer">
+-<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
++<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+ <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
+ </body></html>
+\ No newline at end of file
+--- a/docs/manual/ssl/ssl_faq.html.en
++++ b/docs/manual/ssl/ssl_faq.html.en
+@@ -675,6 +675,7 @@ HTTPS to an Apache+mod_ssl server with M
+ <li><a href="#nn">Why do I get I/O errors, or the message "Netscape has 
+ encountered bad data from the server", when connecting via
+ HTTPS to an Apache+mod_ssl server with Netscape Navigator?</a></li>
++<li><a href="#javadh">Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits?</a></li>
+ </ul>
+ 
+ <h3><a name="random" id="random">Why do I get lots of random SSL protocol 
+@@ -907,6 +908,40 @@ HTTPS to an Apache+mod_ssl server with N
+     implementation is correct, so when you encounter I/O errors with Netscape
+     Navigator it is usually caused by the configured certificates.</p>
+ 
++
++<h3><a name="javadh" id="javadh">Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits?</a></h3>
++    <p>Beginning with version 2.2.30,
++    <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> will use DH parameters which include primes
++    with lengths of more than 1024 bits. Java 7 and earlier limit their
++    support for DH prime sizes to a maximum of 1024 bits, however.</p>
++
++    <p>If your Java-based client aborts with exceptions such as
++    <code>java.lang.RuntimeException: Could not generate DH keypair</code> and
++    <code>java.security.InvalidAlgorithmParameterException: Prime size must be
++    multiple of 64, and can only range from 512 to 1024 (inclusive)</code>,
++    and httpd logs <code>tlsv1 alert internal error (SSL alert number 80)</code>
++    (at <code class="directive"><a href="../mod/core.html#loglevel">LogLevel</a></code> <code>info</code>
++    or higher), you can either rearrange mod_ssl's cipher list with
++    <code class="directive"><a href="../mod/mod_ssl.html#sslciphersuite">SSLCipherSuite</a></code>
++    (possibly in conjunction with <code class="directive"><a href="../mod/mod_ssl.html#sslhonorcipherorder">SSLHonorCipherOrder</a></code>),
++    or you can use custom DH parameters with a 1024-bit prime, which
++    will always have precedence over any of the built-in DH parameters.</p>
++
++    <p>To generate custom DH parameters, use the <code>openssl dhparam 1024</code>
++    command. Alternatively, you can use the following standard 1024-bit DH
++    parameters from <a href="http://www.ietf.org/rfc/rfc2409.txt">RFC 2409</a>,
++    section 6.2:</p>
++    <div class="example"><pre>-----BEGIN DH PARAMETERS-----
++MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
++Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
++/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
++-----END DH PARAMETERS-----</pre></div>
++    <p>Add the custom parameters including the "BEGIN DH PARAMETERS" and
++    "END DH PARAMETERS" lines to the end of the first certificate file
++    you have configured using the
++    <code class="directive"><a href="../mod/mod_ssl.html#sslcertificatefile">SSLCertificateFile</a></code> directive.</p>
++
++
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+ <div class="section">
+ <h2><a name="support" id="support">mod_ssl Support</a></h2>
+@@ -1054,6 +1089,6 @@ the reason for my core dump?</a></h3>
+ <div class="bottomlang">
+ <p><span>Available Languages: </span><a href="../en/ssl/ssl_faq.html" title="English">&nbsp;en&nbsp;</a></p>
+ </div><div id="footer">
+-<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
++<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+ <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
+ </body></html>
+\ No newline at end of file
+--- a/modules/ssl/mod_ssl.c
++++ b/modules/ssl/mod_ssl.c
+@@ -422,15 +422,6 @@ int ssl_init_ssl_connection(conn_rec *c)
+ 
+     sslconn->ssl = ssl;
+ 
+-    /*
+-     *  Configure callbacks for SSL connection
+-     */
+-    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
+-    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
+-#ifndef OPENSSL_NO_EC
+-    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
+-#endif
+-
+     SSL_set_verify_result(ssl, X509_V_OK);
+ 
+     ssl_io_filter_init(c, ssl);
+--- a/modules/ssl/ssl_engine_config.c
++++ b/modules/ssl/ssl_engine_config.c
+@@ -76,8 +76,6 @@ SSLModConfigRec *ssl_config_global_creat
+     mc->szCryptoDevice         = NULL;
+ #endif
+ 
+-    memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
+-
+     apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
+                           apr_pool_cleanup_null,
+                           pool);
+--- a/modules/ssl/ssl_engine_dh.c
++++ b/modules/ssl/ssl_engine_dh.c
+@@ -41,21 +41,9 @@
+ **         0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
+ **         e6:aa:87:10:33
+ **     generator: 2 (0x2)
+-** Diffie-Hellman-Parameters: (1024 bit)
+-**     prime:

debian.tar.gz/patches/series Changed