diff options
| author | sbd <sbd@pkgsrc.org> | 2011-12-14 02:43:13 +0000 |
|---|---|---|
| committer | sbd <sbd@pkgsrc.org> | 2011-12-14 02:43:13 +0000 |
| commit | 4cb0c924b3f6896367677492ec823eba948baeb7 (patch) | |
| tree | 38f3c279fe61200bf42cd5c9fa10bd12a5406795 | |
| parent | f0c7595f93550bf6c52c1a26ddffeaae5476d663 (diff) | |
| download | pkgsrc-4cb0c924b3f6896367677492ec823eba948baeb7.tar.gz | |
Pullup ticket #3631 - requested by spz
www/apache22 security patch
Revisions pulled up:
- www/apache22/Makefile 1.76
- www/apache22/distinfo 1.47
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c 1.1
- www/apache22/patches/patch-modules_proxy_mod_proxy.c 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Dec 13 15:37:57 UTC 2011
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
patch-modules_proxy_mod_proxy.c
Log Message:
add revision 1209432 from http://svn.apache.org/ as patches:
fix for CVE-2011-4317
| -rw-r--r-- | www/apache22/Makefile | 4 | ||||
| -rw-r--r-- | www/apache22/distinfo | 4 | ||||
| -rw-r--r-- | www/apache22/patches/patch-modules_mappers_mod_rewrite.c | 35 | ||||
| -rw-r--r-- | www/apache22/patches/patch-modules_proxy_mod_proxy.c | 35 |
4 files changed, 75 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 23e8851ca6d..949866222a4 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.71.2.3 2011/12/08 04:01:36 sbd Exp $ +# $NetBSD: Makefile,v 1.71.2.4 2011/12/14 02:43:13 sbd Exp $ DISTNAME= httpd-2.2.21 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index af60f138a72..1ed1e0f019c 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42.2.3 2011/12/08 04:01:36 sbd Exp $ +$NetBSD: distinfo,v 1.42.2.4 2011/12/14 02:43:13 sbd Exp $ SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4 RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1 @@ -15,6 +15,8 @@ SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 +SHA1 (patch-modules_mappers_mod_rewrite.c) = de7bbdf02dda38e2542e4967ee6f22745ec0f118 +SHA1 (patch-modules_proxy_mod_proxy.c) = bab58b70eee22d7c08be9a4a9ada3fad886fa796 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 SHA1 (patch-server_protocol.c) = fc77c3293f6f2f73a40e88098ba1483d3e605b66 SHA1 (patch-server_util.c) = b63f73e2a482facd188eecb0864fc612d1b7b3a5 diff --git a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c new file mode 100644 index 00000000000..14e7dcca0c5 --- /dev/null +++ b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c @@ -0,0 +1,35 @@ +$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.1.2.2 2011/12/14 02:43:13 sbd Exp $ + +revision 1209432 from http://svn.apache.org/: + Fix for additional cases of URL rewriting with ProxyPassMatch or + RewriteRule, where particular request-URIs could result in undesired + backend network exposure in some configurations. (CVE-2011-4317) + + Thanks to Prutha Parikh from Qualys for reporting this issue. + + * modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*" + request-URI. Fail for cases where r->uri does not begin with a "/". + + * modules/mappers/mod_rewrite.c (hook_uri2file): Likewise. + +--- modules/mappers/mod_rewrite.c.orig 2011-09-03 22:54:25.000000000 +0000 ++++ modules/mappers/mod_rewrite.c +@@ -4266,6 +4266,18 @@ static int hook_uri2file(request_rec *r) + return DECLINED; + } + ++ if (strcmp(r->unparsed_uri, "*") == 0) { ++ /* Don't apply rewrite rules to "*". */ ++ return DECLINED; ++ } ++ ++ /* Check that the URI is valid. */ ++ if (!r->uri || r->uri[0] != '/') { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Invalid URI in request %s", r->the_request); ++ return HTTP_BAD_REQUEST; ++ } ++ + /* + * add the SCRIPT_URL variable to the env. this is a bit complicated + * due to the fact that apache uses subrequests and internal redirects diff --git a/www/apache22/patches/patch-modules_proxy_mod_proxy.c b/www/apache22/patches/patch-modules_proxy_mod_proxy.c new file mode 100644 index 00000000000..e088a60b1c6 --- /dev/null +++ b/www/apache22/patches/patch-modules_proxy_mod_proxy.c @@ -0,0 +1,35 @@ +$NetBSD: patch-modules_proxy_mod_proxy.c,v 1.1.2.2 2011/12/14 02:43:13 sbd Exp $ + +revision 1209432 from http://svn.apache.org/: + Fix for additional cases of URL rewriting with ProxyPassMatch or + RewriteRule, where particular request-URIs could result in undesired + backend network exposure in some configurations. (CVE-2011-4317) + + Thanks to Prutha Parikh from Qualys for reporting this issue. + + * modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*" + request-URI. Fail for cases where r->uri does not begin with a "/". + + * modules/mappers/mod_rewrite.c (hook_uri2file): Likewise. + +--- modules/proxy/mod_proxy.c.orig 2010-10-07 18:51:18.000000000 +0000 ++++ modules/proxy/mod_proxy.c +@@ -566,6 +566,18 @@ static int proxy_trans(request_rec *r) + return OK; + } + ++ if (strcmp(r->unparsed_uri, "*") == 0) { ++ /* "*" cannot be proxied. */ ++ return DECLINED; ++ } ++ ++ /* Check that the URI is valid. */ ++ if (!r->uri || r->uri[0] != '/') { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Invalid URI in request %s", r->the_request); ++ return HTTP_BAD_REQUEST; ++ } ++ + /* XXX: since r->uri has been manipulated already we're not really + * compliant with RFC1945 at this point. But this probably isn't + * an issue because this is a hybrid proxy/origin server. |