pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache22 Use official fix for CVE-2009-3094 taken ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8effc746d6b9
branches: trunk
changeset: 399209:8effc746d6b9
user: tron <tron%pkgsrc.org@localhost>
date: Mon Sep 14 22:09:33 2009 +0000
description:
Use official fix for CVE-2009-3094 taken from the Apache SVN repository.
diffstat:
www/apache22/Makefile | 4 +-
www/apache22/distinfo | 4 +-
www/apache22/patches/patch-ab | 108 +++++++++++++++++++++++++++++++++++++----
3 files changed, 100 insertions(+), 16 deletions(-)
diffs (149 lines):
diff -r 4fbe18a033d2 -r 8effc746d6b9 www/apache22/Makefile
--- a/www/apache22/Makefile Mon Sep 14 22:08:21 2009 +0000
+++ b/www/apache22/Makefile Mon Sep 14 22:09:33 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.50 2009/09/13 13:32:50 tron Exp $
+# $NetBSD: Makefile,v 1.51 2009/09/14 22:09:33 tron Exp $
DISTNAME= httpd-2.2.13
PKGNAME= ${DISTNAME:S/httpd/apache/}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
diff -r 4fbe18a033d2 -r 8effc746d6b9 www/apache22/distinfo
--- a/www/apache22/distinfo Mon Sep 14 22:08:21 2009 +0000
+++ b/www/apache22/distinfo Mon Sep 14 22:09:33 2009 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.25 2009/09/13 13:32:50 tron Exp $
+$NetBSD: distinfo,v 1.26 2009/09/14 22:09:33 tron Exp $
SHA1 (httpd-2.2.13.tar.bz2) = 44d85da1b8e6c579d4514cfefbea00b284717b69
RMD160 (httpd-2.2.13.tar.bz2) = 4a6a2247cc118175a9a36f1e14344ee71da24627
Size (httpd-2.2.13.tar.bz2) = 5300199 bytes
SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf
-SHA1 (patch-ab) = 76e50e1603c37e982a6ae9179009457aa9589e87
+SHA1 (patch-ab) = 4427989bec4faadbd64c46dced5e57b4d6649270
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
diff -r 4fbe18a033d2 -r 8effc746d6b9 www/apache22/patches/patch-ab
--- a/www/apache22/patches/patch-ab Mon Sep 14 22:08:21 2009 +0000
+++ b/www/apache22/patches/patch-ab Mon Sep 14 22:09:33 2009 +0000
@@ -1,19 +1,103 @@
-$NetBSD: patch-ab,v 1.12 2009/09/13 13:32:50 tron Exp $
+$NetBSD: patch-ab,v 1.13 2009/09/14 22:09:33 tron Exp $
-Fix for CVE-2009-3094 based on the description of the problem:
+Fix for CVE-2009-3094 taken from the Apache SVN repository:
-http://www.intevydis.com/blog/?p=59
+http://svn.apache.org/viewvc?view=rev&revision=814652
---- modules/proxy/mod_proxy_ftp.c.orig 2008-11-11 20:04:34.000000000 +0000
-+++ modules/proxy/mod_proxy_ftp.c 2009-09-13 14:23:13.000000000 +0100
-@@ -1274,7 +1274,9 @@
+--- modules/proxy/mod_proxy_ftp.c 2009/09/14 14:15:34 814651
++++ modules/proxy/mod_proxy_ftp.c 2009/09/14 14:16:14 814652
+@@ -683,6 +683,31 @@
+ return APR_SUCCESS;
+ }
+
++/* Parse EPSV reply and return port, or zero on error. Modifies
++ * 'reply'. */
++static apr_port_t parse_epsv_reply(char *reply)
++{
++ char *p, *ep;
++ long port;
++
++ /* Reply syntax per RFC 2428: "229 blah blah (|||port|)" where '|'
++ * can be any character in ASCII from 33-126, obscurely. Verify
++ * the syntax. */
++ p = ap_strchr(reply, '(');
++ if (p == NULL || !p[0] || !p[1] || p[1] != p[2] || p[1] != p[3]
++ || p[4] == p[1]) {
++ return 0;
++ }
++
++ errno = 0;
++ port = strtol(p + 4, &ep, 10);
++ if (errno || port < 1 || port > 65535 || ep[0] != p[1] || ep[1] != ')') {
++ return 0;
++ }
++
++ return (apr_port_t)port;
++}
++
+ /*
+ * Generic "send FTP command to server" routine, using the control socket.
+ * Returns the FTP returncode (3 digit code)
+@@ -1296,26 +1321,11 @@
+ return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage);
+ }
+ else if (rc == 229) {
+- char *pstr;
+- char *tok_cntx;
++ /* Parse the port out of the EPSV reply. */
++ data_port = parse_epsv_reply(ftpmessage);
+
+- pstr = ftpmessage;
+- pstr = apr_strtok(pstr, " ", &tok_cntx); /* separate result code */
+- if (pstr != NULL) {
+- if (*(pstr + strlen(pstr) + 1) == '=') {
+- pstr += strlen(pstr) + 2;
+- }
+- else {
+- pstr = apr_strtok(NULL, "(", &tok_cntx); /* separate address &
+- * port params */
+- if (pstr != NULL)
+- pstr = apr_strtok(NULL, ")", &tok_cntx);
+- }
+- }
+-
+- if (pstr) {
++ if (data_port) {
+ apr_sockaddr_t *epsv_addr;
+- data_port = atoi(pstr + 3);
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+ "proxy: FTP: EPSV contacting remote host on port %d",
+@@ -1356,10 +1366,6 @@
+ connect = 1;
+ }
}
- else {
- /* and try the regular way */
+- else {
+- /* and try the regular way */
- apr_socket_close(data_sock);
-+ if (data_sock != NULL) {
+- }
+ }
+ }
+
+@@ -1446,10 +1452,6 @@
+ connect = 1;
+ }
+ }
+- else {
+- /* and try the regular way */
+- apr_socket_close(data_sock);
+- }
+ }
+ }
+ /*bypass:*/
+@@ -1929,7 +1931,9 @@
+ * for a slow client to eat these bytes
+ */
+ ap_flush_conn(data);
+- apr_socket_close(data_sock);
++ if (data_sock) {
+ apr_socket_close(data_sock);
+ }
- }
- }
- }
+ data_sock = NULL;
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+ "proxy: FTP: data connection closed");
Home |
Main Index |
Thread Index |
Old Index