pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache Fixing two possible security vulnerabilities:
details: https://anonhg.NetBSD.org/pkgsrc/rev/e6388c307212
branches: trunk
changeset: 530372:e6388c307212
user: lkundrak <lkundrak%pkgsrc.org@localhost>
date: Thu Jun 28 00:38:00 2007 +0000
description:
Fixing two possible security vulnerabilities:
CVE-2006-5752 XSS in mod_status with ExtendedStatus on
CVE-2007-3304 Remote DoS if MPM and mod_cache enabled
bumping PKGREVISION
diffstat:
www/apache/Makefile | 4 +-
www/apache/distinfo | 4 ++-
www/apache/patches/patch-ar | 40 +++++++++++++++++++++++++++++++++++++
www/apache/patches/patch-as | 48 +++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 93 insertions(+), 3 deletions(-)
diffs (128 lines):
diff -r b9593206199d -r e6388c307212 www/apache/Makefile
--- a/www/apache/Makefile Wed Jun 27 22:52:44 2007 +0000
+++ b/www/apache/Makefile Thu Jun 28 00:38:00 2007 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.189 2007/01/23 15:45:43 ghen Exp $
+# $NetBSD: Makefile,v 1.190 2007/06/28 00:38:00 lkundrak Exp $
#
# This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
# code hooks that allow mod_ssl to be compiled separately later, if desired).
DISTNAME= apache_1.3.37
PKGNAME= ${DISTNAME:S/_/-/}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
diff -r b9593206199d -r e6388c307212 www/apache/distinfo
--- a/www/apache/distinfo Wed Jun 27 22:52:44 2007 +0000
+++ b/www/apache/distinfo Thu Jun 28 00:38:00 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.53 2006/07/30 11:17:51 jdolecek Exp $
+$NetBSD: distinfo,v 1.54 2007/06/28 00:38:00 lkundrak Exp $
SHA1 (apache_1.3.37.tar.gz) = b422fac1dda10baa483e8f4378dff58faf3f85b4
RMD160 (apache_1.3.37.tar.gz) = de84adf2fd0a745c32072ca5dc5e1374cfcf04f7
@@ -24,3 +24,5 @@
SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0
SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29
SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178
+SHA1 (patch-ar) = fff679923f13c511d0871d3d27b291e989c21a04
+SHA1 (patch-as) = c7e46d8d5b142e8b64d343ff2a5c97509e52a85f
diff -r b9593206199d -r e6388c307212 www/apache/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ar Thu Jun 28 00:38:00 2007 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ar,v 1.5 2007/06/28 00:38:01 lkundrak Exp $
+
+--- src/main/http_main.c.orig 2007-06-28 02:10:30.000000000 +0200
++++ src/main/http_main.c
+@@ -2751,6 +2751,17 @@ static int find_child_by_pid(int pid)
+ return -1;
+ }
+
++static int safe_child_kill(pid_t pid, int sig)
++{
++ if (getpgid(pid) == getpgrp()) {
++ return kill(pid, sig);
++ }
++ else {
++ errno = EINVAL;
++ return -1;
++ }
++}
++
+ static void reclaim_child_processes(int terminate)
+ {
+ #ifndef MULTITHREAD
+@@ -5113,7 +5124,7 @@ static void perform_idle_server_maintena
+ else if (ps->last_rtime + ss->timeout_len < now) {
+ /* no progress, and the timeout length has been exceeded */
+ ss->timeout_len = 0;
+- kill(ps->pid, SIG_TIMEOUT_KILL);
++ safe_child_kill(ps->pid, SIG_TIMEOUT_KILL);
+ }
+ }
+ #endif
+@@ -5126,7 +5137,7 @@ static void perform_idle_server_maintena
+ * while we were counting. Use the define SIG_IDLE_KILL to reflect
+ * which signal should be used on the specific OS.
+ */
+- kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL);
++ safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL);
+ idle_spawn_rate = 1;
+ #ifdef TPF
+ ap_update_child_status(to_kill, SERVER_DEAD, (request_rec *)NULL);
diff -r b9593206199d -r e6388c307212 www/apache/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-as Thu Jun 28 00:38:00 2007 +0000
@@ -0,0 +1,48 @@
+$NetBSD: patch-as,v 1.5 2007/06/28 00:38:01 lkundrak Exp $
+
+--- src/modules/standard/mod_status.c.orig 2007-06-28 02:39:31.000000000 +0200
++++ src/modules/standard/mod_status.c 2007-06-28 02:44:25.000000000 +0200
+@@ -221,7 +221,7 @@ static int status_handler(request_rec *r
+ if (r->method_number != M_GET)
+ return DECLINED;
+
+- r->content_type = "text/html";
++ r->content_type = "text/html; charset=ISO-8859-1";
+
+ /*
+ * Simple table-driven form data set parser that lets you alter the header
+@@ -247,7 +247,7 @@ static int status_handler(request_rec *r
+ no_table_report = 1;
+ break;
+ case STAT_OPT_AUTO:
+- r->content_type = "text/plain";
++ r->content_type = "text/plain; charset=ISO-8859-1";
+ short_report = 1;
+ break;
+ }
+@@ -591,7 +591,7 @@ static int status_handler(request_rec *r
+ ap_rputs(")\n", r);
+ ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n",
+ ap_escape_html(r->pool, score_record.client),
+- ap_escape_html(r->pool, score_record.request),
++ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)),
+ vhost ? ap_escape_html(r->pool,
+ vhost->server_hostname) : "(unavailable)");
+ }
+@@ -686,14 +686,14 @@ static int status_handler(request_rec *r
+ "</tr>\n\n",
+ score_record.client,
+ vhost ? vhost->server_hostname : "(unavailable)",
+- ap_escape_html(r->pool, score_record.request));
++ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)))
+ #else
+ ap_rprintf(r,
+ "<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n",
+ ap_escape_html(r->pool, score_record.client),
+ vhost ? ap_escape_html(r->pool,
+ vhost->server_hostname) : "(unavailable)",
+- ap_escape_html(r->pool, score_record.request));
++ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)))
+ #endif
+ } /* no_table_report */
+ } /* !short_report */
Home |
Main Index |
Thread Index |
Old Index