[pkgsrc/pkgsrc-2009Q1]: pkgsrc/www/apache22 Pullup ticket 2778 - requested by...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/www/apache22 Pullup ticket 2778 - requested by...
From: spz <spz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 07:32:12 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/847d59f507ee
branches:  pkgsrc-2009Q1
changeset: 556835:847d59f507ee
user:      spz <spz%pkgsrc.org@localhost>
date:      Sat May 23 07:12:45 2009 +0000

description:
Pullup ticket 2778 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/www/apache22/Makefile                  1.43
- pkgsrc/www/apache22/distinfo                  1.18
- pkgsrc/www/apache22/patches/patch-ab          1.10

   Module Name: pkgsrc
   Committed By:        tron
   Date:                Fri May 22 09:46:06 UTC 2009

   Modified Files:
        pkgsrc/www/apache22: Makefile distinfo
   Added Files:
        pkgsrc/www/apache22/patches: patch-ab

   Log Message:
   Add patch from the Apache SVN repository to fix the information leak
   in the "mod_proxy_ajp" module reported in CVE-2009-1191.


   To generate a diff of this commit:
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/apache22/Makefile
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/apache22/distinfo
   cvs rdiff -u -r0 -r1.10 pkgsrc/www/apache22/patches/patch-ab

diffstat:

 www/apache22/Makefile         |   4 ++--
 www/apache22/distinfo         |   3 ++-
 www/apache22/patches/patch-ab |  40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+), 3 deletions(-)

diffs (72 lines):

diff -r 089989997cd0 -r 847d59f507ee www/apache22/Makefile
--- a/www/apache22/Makefile     Fri May 22 11:56:18 2009 +0000
+++ b/www/apache22/Makefile     Sat May 23 07:12:45 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2009/02/25 15:39:38 tron Exp $
+# $NetBSD: Makefile,v 1.39.2.1 2009/05/23 07:12:45 spz Exp $
 
 DISTNAME=      httpd-2.2.11
-PKGREVISION=   2
+PKGREVISION=   3
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/} \
diff -r 089989997cd0 -r 847d59f507ee www/apache22/distinfo
--- a/www/apache22/distinfo     Fri May 22 11:56:18 2009 +0000
+++ b/www/apache22/distinfo     Sat May 23 07:12:45 2009 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.17 2009/02/15 23:14:40 rillig Exp $
+$NetBSD: distinfo,v 1.17.2.1 2009/05/23 07:15:36 spz Exp $
 
 SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a
 RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d
 Size (httpd-2.2.11.tar.bz2) = 5230130 bytes
 SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf
+SHA1 (patch-ab) = d5391ca1af9d817d35cb472b0feb05b86a95e560
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
diff -r 089989997cd0 -r 847d59f507ee www/apache22/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-ab     Sat May 23 07:12:45 2009 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ab,v 1.10.2.2 2009/05/23 07:12:45 spz Exp $
+
+Patch for CVE-2009-1191 taken from the Apache SVN repository:
+http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?view=markup&pathrev=768506
+
+--- modules/proxy/mod_proxy_ajp.c      2008/11/15 14:25:54     714273
++++ modules/proxy/mod_proxy_ajp.c      2009/04/25 09:58:52     768506
+@@ -307,21 +307,17 @@
+                          "proxy: read zero bytes, expecting"
+                          " %" APR_OFF_T_FMT " bytes",
+                          content_length);
+-            status = ajp_send_data_msg(conn->sock, msg, 0);
+-            if (status != APR_SUCCESS) {
+-                /* We had a failure: Close connection to backend */
+-                conn->close++;
+-                ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
+-                            "proxy: send failed to %pI (%s)",
+-                            conn->worker->cp->addr,
+-                            conn->worker->hostname);
+-                return HTTP_INTERNAL_SERVER_ERROR;
+-            }
+-            else {
+-                /* Client send zero bytes with C-L > 0
+-                 */
+-                return HTTP_BAD_REQUEST;
+-            }
++            /*
++             * We can only get here if the client closed the connection
++             * to us without sending the body.
++             * Now the connection is in the wrong state on the backend.
++             * Sending an empty data msg doesn't help either as it does
++             * not move this connection to the correct state on the backend
++             * for later resusage by the next request again.
++             * Close it to clean things up.
++             */
++            conn->close++;
++            return HTTP_BAD_REQUEST;
+         }
+     }
+

Prev by Date: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/doc Pullup ticket #2761.
Next by Date: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/devel/libffi Pullup ticket #2781 - requested b...
Previous by Thread: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/doc Pullup ticket #2761.
Next by Thread: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/devel/libffi Pullup ticket #2781 - requested b...
Indexes:

Home | Main Index | Thread Index | Old Index