pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache24 Fix CVE-2015-0228 (lua module) with upstr...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9f4d8f253b84
branches:  trunk
changeset: 649024:9f4d8f253b84
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Sat Mar 28 06:28:04 2015 +0000

description:
Fix CVE-2015-0228 (lua module) with upstream patch.
lua module is not enabled by default.

diffstat:

 www/apache24/distinfo                    |   3 +-
 www/apache24/patches/patch-CVE-2015-0228 |  36 ++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletions(-)

diffs (54 lines):

diff -r 48647d70aca4 -r 9f4d8f253b84 www/apache24/distinfo
--- a/www/apache24/distinfo     Sat Mar 28 04:32:42 2015 +0000
+++ b/www/apache24/distinfo     Sat Mar 28 06:28:04 2015 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.18 2015/02/02 14:45:51 adam Exp $
+$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $
 
 SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17
 RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa
 Size (httpd-2.4.12.tar.bz2) = 5054838 bytes
+SHA1 (patch-CVE-2015-0228) = 2a6ec79cc8feb546b3d4ede08877ad72347b55a7
 SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
diff -r 48647d70aca4 -r 9f4d8f253b84 www/apache24/patches/patch-CVE-2015-0228
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache24/patches/patch-CVE-2015-0228  Sat Mar 28 06:28:04 2015 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2015-0228,v 1.1 2015/03/28 06:28:04 ryoon Exp $
+
+http://svn.apache.org/viewvc?view=revision&revision=1657261
+
+--- modules/lua/lua_request.c.orig     2014-09-05 14:20:27.000000000 +0000
++++ modules/lua/lua_request.c
+@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State 
+ {
+     apr_socket_t *sock;
+     apr_status_t rv;
++    int do_read = 1;
+     int n = 0;
+     apr_size_t len = 1;
+     apr_size_t plen = 0;
+@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State 
+     mask_bytes = apr_pcalloc(r->pool, 4);
+     sock = ap_get_conn_socket(r->connection);
+ 
++    while (do_read) { 
++    do_read = 0;
+     /* Get opcode and FIN bit */
+     if (plaintext) {
+         rv = apr_socket_recv(sock, &byte, &len);
+@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State 
+                 frame[0] = 0x8A;
+                 frame[1] = 0;
+                 apr_socket_send(sock, frame, &plen); /* Pong! */
+-                lua_websocket_read(L); /* read the next frame instead */
++                do_read = 1;
+             }
+         }
+     }
++    }
+     return 0;
+ }
+ 



Home | Main Index | Thread Index | Old Index