pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache2 Add patch for Apache security issue.

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f525597f2814
branches:  trunk
changeset: 480998:f525597f2814
user:      reed <reed%pkgsrc.org@localhost>
date:      Thu Sep 23 21:07:25 2004 +0000

description:
Add patch for Apache security issue.

2.0.51 had a regression where the Satisfy directive could take
effect for different directories (and could bypass some access
control).

This patch is direct from Apache.

Also bumped the package revision.

diffstat:

 www/apache2/Makefile         |   3 ++-
 www/apache2/patches/patch-ab |  29 +++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletions(-)

diffs (45 lines):

diff -r 55a5d199fc7a -r f525597f2814 www/apache2/Makefile
--- a/www/apache2/Makefile      Thu Sep 23 20:01:34 2004 +0000
+++ b/www/apache2/Makefile      Thu Sep 23 21:07:25 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.44 2004/09/20 17:19:33 adrianp Exp $
+# $NetBSD: Makefile,v 1.45 2004/09/23 21:07:25 reed Exp $
 
 PKGNAME=               apache-${APACHE_VERSION}
+PKGREVISION=           1
 CATEGORIES=            www
 
 HOMEPAGE=              http://httpd.apache.org/
diff -r 55a5d199fc7a -r f525597f2814 www/apache2/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-ab      Thu Sep 23 21:07:25 2004 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-ab,v 1.3 2004/09/23 21:07:25 reed Exp $
+
+http://www.apache.org/dist/httpd/patches/apply_to_2.0.51/CAN-2004-0811.patch
+
+SECURITY: CAN-2004-0811 (cve.mitre.org)
+
+Fix merging of the Satisfy directive, which was applied to
+the surrounding context and could allow access despite configured
+authentication.  (a regression in 2.0.51)
+
+Apache PR: 31315
+Submitted by:  Rici Lake <rici ricilake.net>
+
+--- server/core.c      2004/08/31 08:16:56     1.225.2.27
++++ server/core.c      2004/09/21 13:21:16     1.225.2.28
+@@ -351,9 +351,13 @@
+     /* Otherwise we simply use the base->sec_file array
+      */
+ 
++    /* use a separate ->satisfy[] array either way */
++    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
+     for (i = 0; i < METHODS; ++i) {
+         if (new->satisfy[i] != SATISFY_NOSPEC) {
+             conf->satisfy[i] = new->satisfy[i];
++        } else {
++            conf->satisfy[i] = base->satisfy[i];
+         }
+     }
+
Home | Main Index | Thread Index | Old Index