pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache24 Add fix for CVE-2015-0253.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9f348071d472
branches:  trunk
changeset: 653011:9f348071d472
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Jun 11 15:38:48 2015 +0000

description:
Add fix for CVE-2015-0253.

Bump PKGREVISION.

diffstat:

 www/apache24/Makefile                        |   3 ++-
 www/apache24/distinfo                        |   3 ++-
 www/apache24/patches/patch-server_protocol.c |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 2 deletions(-)

diffs (55 lines):

diff -r 1b75538bb2be -r 9f348071d472 www/apache24/Makefile
--- a/www/apache24/Makefile     Thu Jun 11 15:37:21 2015 +0000
+++ b/www/apache24/Makefile     Thu Jun 11 15:38:48 2015 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2015/02/02 14:45:51 adam Exp $
+# $NetBSD: Makefile,v 1.35 2015/06/11 15:38:48 taca Exp $
 
 DISTNAME=      httpd-2.4.12
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/} \
                http://archive.apache.org/dist/httpd/ \
diff -r 1b75538bb2be -r 9f348071d472 www/apache24/distinfo
--- a/www/apache24/distinfo     Thu Jun 11 15:37:21 2015 +0000
+++ b/www/apache24/distinfo     Thu Jun 11 15:38:48 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $
+$NetBSD: distinfo,v 1.20 2015/06/11 15:38:48 taca Exp $
 
 SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17
 RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa
@@ -16,3 +16,4 @@
 SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df
 SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96
 SHA1 (patch-server_core__filters.c) = 331672c9a65691229518f31dcdae64382b392287
+SHA1 (patch-server_protocol.c) = 73f9cfad3217784fcdc6e5c7948eefd47b2a5a42
diff -r 1b75538bb2be -r 9f348071d472 www/apache24/patches/patch-server_protocol.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache24/patches/patch-server_protocol.c      Thu Jun 11 15:38:48 2015 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-server_protocol.c,v 1.1 2015/06/11 15:38:48 taca Exp $
+
+Fix for CVE-2015-0253, introduced in Apache 2.4.11.
+
+--- server/protocol.c.orig     2014-11-29 09:22:43.000000000 +0000
++++ server/protocol.c
+@@ -599,8 +599,6 @@ static int read_request_line(request_rec
+              */
+             if (APR_STATUS_IS_ENOSPC(rv)) {
+                 r->status    = HTTP_REQUEST_URI_TOO_LARGE;
+-                r->proto_num = HTTP_VERSION(1,0);
+-                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             }
+             else if (APR_STATUS_IS_TIMEUP(rv)) {
+                 r->status = HTTP_REQUEST_TIME_OUT;
+@@ -608,6 +606,8 @@ static int read_request_line(request_rec
+             else if (APR_STATUS_IS_EINVAL(rv)) {
+                 r->status = HTTP_BAD_REQUEST;
+             }
++          r->proto_num = HTTP_VERSION(1,0);
++          r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             return 0;
+         }
+     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));



Home | Main Index | Thread Index | Old Index