diff options
| author | salo <salo@pkgsrc.org> | 2007-06-13 14:16:32 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2007-06-13 14:16:32 +0000 |
| commit | 1a71f24dc8aacec3e2d72566ed1dadff3097dbb0 (patch) | |
| tree | 8ea0177634b752b8c6277fc42d13983feeae67f7 | |
| parent | cbb53dfb749c36842c764f971b28618225e07e44 (diff) | |
| download | pkgsrc-1a71f24dc8aacec3e2d72566ed1dadff3097dbb0.tar.gz | |
Pullup ticket 2105 - requested by lkundrak
security fix for apache22
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.12
- pkgsrc/www/apache22/distinfo 1.5
- pkgsrc/www/apache22/patches/patch-an 1.1
Module Name: pkgsrc
Committed By: lkundrak
Date: Tue Jun 5 01:43:45 UTC 2007
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-an
Log Message:
Bump apache22 to 2.2.4nb4 due to:
Security fix for CVE-2007-1862 sensitive information disclosure
http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
http://issues.apache.org/bugzilla/attachment.cgi?id=20065
| -rw-r--r-- | www/apache22/Makefile | 4 | ||||
| -rw-r--r-- | www/apache22/distinfo | 3 | ||||
| -rw-r--r-- | www/apache22/patches/patch-an | 55 |
3 files changed, 59 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index c384a1ac719..d458a19f730 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.10 2007/02/25 00:02:35 sborrill Exp $ +# $NetBSD: Makefile,v 1.10.2.1 2007/06/13 14:16:32 salo Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 9d7782a7e15..19a8b915682 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2007/02/25 00:02:35 sborrill Exp $ +$NetBSD: distinfo,v 1.4.2.1 2007/06/13 14:16:32 salo Exp $ SHA1 (httpd-2.2.4.tar.bz2) = 64ceae373434a986dc99b8ed953afa0d4fad85ce RMD160 (httpd-2.2.4.tar.bz2) = bb6e8a7447fa8e8f629010f30b548068de518523 @@ -12,3 +12,4 @@ SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 +SHA1 (patch-an) = 1d02b10e92ad1f613b17b6ebc812d8931b54d3da diff --git a/www/apache22/patches/patch-an b/www/apache22/patches/patch-an new file mode 100644 index 00000000000..1b943e2d0ec --- /dev/null +++ b/www/apache22/patches/patch-an @@ -0,0 +1,55 @@ +$NetBSD: patch-an,v 1.1.2.2 2007/06/13 14:16:33 salo Exp $ + +Security fix for CVE-2007-1862 sensitive information disclosure +http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 +http://issues.apache.org/bugzilla/attachment.cgi?id=20065 + +--- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200 ++++ modules/cache/mod_mem_cache.c +@@ -539,12 +539,26 @@ static int remove_url(cache_handle_t *h, + return OK; + } + ++static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table) ++{ ++ const apr_array_header_t *array = apr_table_elts(table); ++ apr_table_entry_t *elts = (apr_table_entry_t *) array->elts; ++ apr_table_t *copy = apr_table_make(p, array->nelts); ++ int i; ++ ++ for (i = 0; i < array->nelts; i++) { ++ apr_table_add(copy, elts[i].key, elts[i].val); ++ } ++ ++ return copy; ++} ++ + static apr_status_t recall_headers(cache_handle_t *h, request_rec *r) + { + mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj; + +- h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs); +- h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out); ++ h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs); ++ h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out); + + return OK; + } +@@ -585,7 +599,7 @@ static apr_status_t store_headers(cache_ + * - The original response headers (for returning with a cached response) + * - The body of the message + */ +- mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in); ++ mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in); + + /* Precompute how much storage we need to hold the headers */ + headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out, +@@ -599,7 +613,7 @@ static apr_status_t store_headers(cache_ + } + + headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out); +- mobj->header_out = apr_table_copy(mobj->pool, headers_out); ++ mobj->header_out = deep_table_copy(mobj->pool, headers_out); + + /* Init the info struct */ + obj->info.status = info->status; |