pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache22 Add patches from the Apache SVN repositor...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3a3001ba820c
branches: trunk
changeset: 561680:3a3001ba820c
user: tron <tron%pkgsrc.org@localhost>
date: Tue Jul 14 12:23:39 2009 +0000
description:
Add patches from the Apache SVN repository to fix the security
vulnerabilities reported in CVE-2009-1890 and CVE-2009-1891.
diffstat:
www/apache22/Makefile | 4 +-
www/apache22/distinfo | 4 ++-
www/apache22/patches/patch-af | 35 ++++++++++++++++++++++++++++++++++
www/apache22/patches/patch-ah | 44 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 84 insertions(+), 3 deletions(-)
diffs (119 lines):
diff -r 130abf8efb9b -r 3a3001ba820c www/apache22/Makefile
--- a/www/apache22/Makefile Tue Jul 14 11:17:11 2009 +0000
+++ b/www/apache22/Makefile Tue Jul 14 12:23:39 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2009/06/11 20:30:58 tron Exp $
+# $NetBSD: Makefile,v 1.47 2009/07/14 12:23:39 tron Exp $
DISTNAME= httpd-2.2.11
-PKGREVISION= 5
+PKGREVISION= 6
PKGNAME= ${DISTNAME:S/httpd/apache/}
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
diff -r 130abf8efb9b -r 3a3001ba820c www/apache22/distinfo
--- a/www/apache22/distinfo Tue Jul 14 11:17:11 2009 +0000
+++ b/www/apache22/distinfo Tue Jul 14 12:23:39 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2009/06/11 20:30:58 tron Exp $
+$NetBSD: distinfo,v 1.21 2009/07/14 12:23:39 tron Exp $
SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a
RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d
@@ -8,7 +8,9 @@
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
+SHA1 (patch-af) = cf7cc7d09e0379830d1ce0be4be74c8f2bbb1719
SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
+SHA1 (patch-ah) = 5fc2a3fad42fa67669c219123b8c27e138927452
SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
diff -r 130abf8efb9b -r 3a3001ba820c www/apache22/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-af Tue Jul 14 12:23:39 2009 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-af,v 1.1 2009/07/14 12:23:40 tron Exp $
+
+Fix for CVE-2009-1891 taken from here:
+
+http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core_filters.c?r1=421103&r2=791454&pathrev=791454
+
+--- server/core_filters.c.orig 2006-07-12 04:38:44.000000000 +0100
++++ server/core_filters.c 2009-07-14 13:01:09.000000000 +0100
+@@ -542,6 +542,12 @@
+ apr_read_type_e eblock = APR_NONBLOCK_READ;
+ apr_pool_t *input_pool = b->p;
+
++ /* Fail quickly if the connection has already been aborted. */
++ if (c->aborted) {
++ apr_brigade_cleanup(b);
++ return APR_ECONNABORTED;
++ }
++
+ if (ctx == NULL) {
+ ctx = apr_pcalloc(c->pool, sizeof(*ctx));
+ net->out_ctx = ctx;
+@@ -909,12 +915,9 @@
+ /* No need to check for SUCCESS, we did that above. */
+ if (!APR_STATUS_IS_EAGAIN(rv)) {
+ c->aborted = 1;
++ return APR_ECONNABORTED;
+ }
+
+- /* The client has aborted, but the request was successful. We
+- * will report success, and leave it to the access and error
+- * logs to note that the connection was aborted.
+- */
+ return APR_SUCCESS;
+ }
+
diff -r 130abf8efb9b -r 3a3001ba820c www/apache22/patches/patch-ah
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-ah Tue Jul 14 12:23:39 2009 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-ah,v 1.1 2009/07/14 12:23:40 tron Exp $
+
+Fix for CVE-2009-1890 taken from here:
+
+http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587
+
+--- modules/proxy/mod_proxy_http.c.orig 2008-11-11 20:04:34.000000000 +0000
++++ modules/proxy/mod_proxy_http.c 2009-07-14 13:03:49.000000000 +0100
+@@ -422,10 +422,16 @@
+ apr_off_t bytes_streamed = 0;
+
+ if (old_cl_val) {
++ char *endstr;
++
+ add_cl(p, bucket_alloc, header_brigade, old_cl_val);
+- if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL,
+- 0))) {
+- return HTTP_INTERNAL_SERVER_ERROR;
++ status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10);
++
++ if (status || *endstr || endstr == old_cl_val || cl_val < 0) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
++ "proxy: could not parse request Content-Length (%s)",
++ old_cl_val);
++ return HTTP_BAD_REQUEST;
+ }
+ }
+ terminate_headers(bucket_alloc, header_brigade);
+@@ -453,8 +459,13 @@
+ *
+ * Prevents HTTP Response Splitting.
+ */
+- if (bytes_streamed > cl_val)
+- continue;
++ if (bytes_streamed > cl_val) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++ "proxy: read more bytes of request body than expected "
++ "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")",
++ bytes_streamed, cl_val);
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
+
+ if (header_brigade) {
+ /* we never sent the header brigade, so go ahead and
Home |
Main Index |
Thread Index |
Old Index