pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache2 - Add security patch for CAN-2005-2491 fro...
details: https://anonhg.NetBSD.org/pkgsrc/rev/119ee36125e1
branches: trunk
changeset: 498636:119ee36125e1
user: tron <tron%pkgsrc.org@localhost>
date: Sun Aug 28 08:36:55 2005 +0000
description:
- Add security patch for CAN-2005-2491 from Apache SVN repository.
- Add patch for high memory usage caused by "Byterange" support
from Apache SVN repository.
Bump package revision because of the above changes.
diffstat:
www/apache2/Makefile | 4 +-
www/apache2/distinfo | 4 +-
www/apache2/patches/patch-ah | 56 ++++++++++++++++++++++++++++++
www/apache2/patches/patch-aj | 82 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 143 insertions(+), 3 deletions(-)
diffs (181 lines):
diff -r f8820846ba66 -r 119ee36125e1 www/apache2/Makefile
--- a/www/apache2/Makefile Sun Aug 28 04:31:00 2005 +0000
+++ b/www/apache2/Makefile Sun Aug 28 08:36:55 2005 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.80 2005/08/23 11:48:51 rillig Exp $
+# $NetBSD: Makefile,v 1.81 2005/08/28 08:36:55 tron Exp $
.include "Makefile.common"
PKGNAME= apache-${APACHE_VERSION}
CATEGORIES= www
-PKGREVISION= 3
+PKGREVISION= 4
HOMEPAGE= http://httpd.apache.org/
COMMENT= Apache HTTP (Web) server, version 2
diff -r f8820846ba66 -r 119ee36125e1 www/apache2/distinfo
--- a/www/apache2/distinfo Sun Aug 28 04:31:00 2005 +0000
+++ b/www/apache2/distinfo Sun Aug 28 08:36:55 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2005/08/08 18:30:26 tron Exp $
+$NetBSD: distinfo,v 1.40 2005/08/28 08:36:55 tron Exp $
SHA1 (httpd-2.0.54.tar.bz2) = 15b4fc3024cceea6562fb03383fd624e84e5e35a
RMD160 (httpd-2.0.54.tar.bz2) = c511cb2fa396ba04caf77bfc6ca03413df48ea08
@@ -10,7 +10,9 @@
SHA1 (patch-ae) = 0c7b733fe2e46a91dcd3bc29aa18c4b02455ff0d
SHA1 (patch-af) = 9e9a8bae118140cc8a49bd30c4753cab5741bdf3
SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
+SHA1 (patch-ah) = 39109cb9d58f900627ea190e4ce24731735538ea
SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de
+SHA1 (patch-aj) = 32ac362e0d67bfb208a8814b9baf70e20c22ae4b
SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
diff -r f8820846ba66 -r 119ee36125e1 www/apache2/patches/patch-ah
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-ah Sun Aug 28 08:36:55 2005 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-ah,v 1.8 2005/08/28 08:36:55 tron Exp $
+
+--- srclib/pcre/pcre.c.orig Wed Nov 24 20:31:09 2004
++++ srclib/pcre/pcre.c Thu Aug 25 22:14:56 2005
+@@ -714,7 +714,18 @@
+ int min = 0;
+ int max = -1;
+
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
++if (min < 0 || min > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
++
++/* Read the maximum value if there is one, and again do a paranoid on its size.
++Also, max must not be less than min. */
+
+ if (*p == '}') max = min; else
+ {
+@@ -722,6 +733,11 @@
+ {
+ max = 0;
+ while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min)
+ {
+ *errorptr = ERR4;
+@@ -730,16 +746,11 @@
+ }
+ }
+
+-/* Do paranoid checks, then fill in the required variables, and pass back the
+-pointer to the terminating '}'. */
++/* Fill in the required variables, and pass back the pointer to the terminating
++'}'. */
+
+-if (min > 65535 || max > 65535)
+- *errorptr = ERR5;
+-else
+- {
+- *minp = min;
+- *maxp = max;
+- }
++*minp = min;
++*maxp = max;
+ return p;
+ }
+
diff -r f8820846ba66 -r 119ee36125e1 www/apache2/patches/patch-aj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-aj Sun Aug 28 08:36:55 2005 +0000
@@ -0,0 +1,82 @@
+$NetBSD: patch-aj,v 1.3 2005/08/28 08:36:55 tron Exp $
+
+--- modules/http/http_protocol.c.orig
++++ modules/http/http_protocol.c Tue Aug 23 01:36:16 2005
+@@ -2856,18 +2856,35 @@
+ #define MIN_LENGTH(len1, len2) ((len1 > len2) ? len2 : len1)
+ request_rec *r = f->r;
+ conn_rec *c = r->connection;
+- byterange_ctx *ctx = f->ctx;
++ byterange_ctx *ctx;
+ apr_bucket *e;
+ apr_bucket_brigade *bsend;
+ apr_off_t range_start;
+ apr_off_t range_end;
+ char *current;
+- apr_off_t bb_length;
+ apr_off_t clength = 0;
+ apr_status_t rv;
+ int found = 0;
+
+- if (!ctx) {
++ /* Iterate through the brigade until reaching EOS or a bucket with
++ * unknown length. */
++ for (e = APR_BRIGADE_FIRST(bb);
++ (e != APR_BRIGADE_SENTINEL(bb) && !APR_BUCKET_IS_EOS(e)
++ && e->length != (apr_size_t)-1);
++ e = APR_BUCKET_NEXT(e)) {
++ clength += e->length;
++ }
++
++ /* Don't attempt to do byte range work if this brigade doesn't
++ * contain an EOS, or if any of the buckets has an unknown length;
++ * this avoids the cases where it is expensive to perform
++ * byteranging (i.e. may require arbitrary amounts of memory). */
++ if (!APR_BUCKET_IS_EOS(e) || clength <= 0) {
++ ap_remove_output_filter(f);
++ return ap_pass_brigade(f->next, bb);
++ }
++
++ {
+ int num_ranges = ap_set_byterange(r);
+
+ /* We have nothing to do, get out of the way. */
+@@ -2876,7 +2893,7 @@
+ return ap_pass_brigade(f->next, bb);
+ }
+
+- ctx = f->ctx = apr_pcalloc(r->pool, sizeof(*ctx));
++ ctx = apr_pcalloc(r->pool, sizeof(*ctx));
+ ctx->num_ranges = num_ranges;
+ /* create a brigade in case we never call ap_save_brigade() */
+ ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc);
+@@ -2902,29 +2919,6 @@
+ ap_xlate_proto_to_ascii(ctx->bound_head, strlen(ctx->bound_head));
+ }
+ }
+-
+- /* We can't actually deal with byte-ranges until we have the whole brigade
+- * because the byte-ranges can be in any order, and according to the RFC,
+- * we SHOULD return the data in the same order it was requested.
+- *
+- * XXX: We really need to dump all bytes prior to the start of the earliest
+- * range, and only slurp up to the end of the latest range. By this we
+- * mean that we should peek-ahead at the lowest first byte of any range,
+- * and the highest last byte of any range.
+- */
+- if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
+- ap_save_brigade(f, &ctx->bb, &bb, r->pool);
+- return APR_SUCCESS;
+- }
+-
+- /* Prepend any earlier saved brigades. */
+- APR_BRIGADE_PREPEND(bb, ctx->bb);
+-
+- /* It is possible that we won't have a content length yet, so we have to
+- * compute the length before we can actually do the byterange work.
+- */
+- apr_brigade_length(bb, 1, &bb_length);
+- clength = (apr_off_t)bb_length;
+
+ /* this brigade holds what we will be sending */
+ bsend = apr_brigade_create(r->pool, c->bucket_alloc);
Home |
Main Index |
Thread Index |
Old Index