pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache24 Fix CVE-2015-0228 (lua module) with upstr...
details: https://anonhg.NetBSD.org/pkgsrc/rev/9f4d8f253b84
branches: trunk
changeset: 649024:9f4d8f253b84
user: ryoon <ryoon%pkgsrc.org@localhost>
date: Sat Mar 28 06:28:04 2015 +0000
description:
Fix CVE-2015-0228 (lua module) with upstream patch.
lua module is not enabled by default.
diffstat:
www/apache24/distinfo | 3 +-
www/apache24/patches/patch-CVE-2015-0228 | 36 ++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+), 1 deletions(-)
diffs (54 lines):
diff -r 48647d70aca4 -r 9f4d8f253b84 www/apache24/distinfo
--- a/www/apache24/distinfo Sat Mar 28 04:32:42 2015 +0000
+++ b/www/apache24/distinfo Sat Mar 28 06:28:04 2015 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.18 2015/02/02 14:45:51 adam Exp $
+$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $
SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17
RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa
Size (httpd-2.4.12.tar.bz2) = 5054838 bytes
+SHA1 (patch-CVE-2015-0228) = 2a6ec79cc8feb546b3d4ede08877ad72347b55a7
SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
diff -r 48647d70aca4 -r 9f4d8f253b84 www/apache24/patches/patch-CVE-2015-0228
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache24/patches/patch-CVE-2015-0228 Sat Mar 28 06:28:04 2015 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2015-0228,v 1.1 2015/03/28 06:28:04 ryoon Exp $
+
+http://svn.apache.org/viewvc?view=revision&revision=1657261
+
+--- modules/lua/lua_request.c.orig 2014-09-05 14:20:27.000000000 +0000
++++ modules/lua/lua_request.c
+@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State
+ {
+ apr_socket_t *sock;
+ apr_status_t rv;
++ int do_read = 1;
+ int n = 0;
+ apr_size_t len = 1;
+ apr_size_t plen = 0;
+@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State
+ mask_bytes = apr_pcalloc(r->pool, 4);
+ sock = ap_get_conn_socket(r->connection);
+
++ while (do_read) {
++ do_read = 0;
+ /* Get opcode and FIN bit */
+ if (plaintext) {
+ rv = apr_socket_recv(sock, &byte, &len);
+@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State
+ frame[0] = 0x8A;
+ frame[1] = 0;
+ apr_socket_send(sock, frame, &plen); /* Pong! */
+- lua_websocket_read(L); /* read the next frame instead */
++ do_read = 1;
+ }
+ }
+ }
++ }
+ return 0;
+ }
+
Home |
Main Index |
Thread Index |
Old Index