diff options
author | agc <agc> | 2004-04-27 08:14:40 +0000 |
---|---|---|
committer | agc <agc> | 2004-04-27 08:14:40 +0000 |
commit | b0292dd4c031f6a0db643bd927a09d895243b9ca (patch) | |
tree | 2a20cc0b0dcafdcd0338a29dad1b5b7b8e364dbe | |
parent | f4ed20d3c9aeb6ca034ba037c4c8149a4db6cf28 (diff) | |
download | pkgsrc-b0292dd4c031f6a0db643bd927a09d895243b9ca.tar.gz |
Pull up security fix to the pkgsrc-2004Q1 branch.
Requested by taca in ticket pkgsrc-16 (and 12, I think).
"Add three patches to resolve security issue:
SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
The three patches are from Apache cvs.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/
Also bump PKGREVISION too."
-rw-r--r-- | www/apache/Makefile | 3 | ||||
-rw-r--r-- | www/apache/distinfo | 5 | ||||
-rw-r--r-- | www/apache/patches/patch-ap | 30 | ||||
-rw-r--r-- | www/apache/patches/patch-aq | 14 | ||||
-rw-r--r-- | www/apache/patches/patch-ar | 75 |
5 files changed, 125 insertions, 2 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile index 2166ae17f89..2c60134e384 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.139 2004/02/28 22:18:35 snj Exp $ +# $NetBSD: Makefile,v 1.139.2.1 2004/04/27 08:14:40 agc Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). DISTNAME= apache_${APACHE_VERSION} PKGNAME= apache-${APACHE_VERSION} +PKGREVISION= 1 APACHE_VERSION= 1.3.29 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ diff --git a/www/apache/distinfo b/www/apache/distinfo index 18c22e87a5f..f4035c80718 100644 --- a/www/apache/distinfo +++ b/www/apache/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.30 2004/02/28 22:15:30 snj Exp $ +$NetBSD: distinfo,v 1.30.2.1 2004/04/27 08:14:40 agc Exp $ SHA1 (apache_1.3.29.tar.gz) = 0fb055dfd8c86457996edb36f19fb66f09dccd6a Size (apache_1.3.29.tar.gz) = 2435809 bytes @@ -20,3 +20,6 @@ SHA1 (patch-ak) = 8f790a692ed9b2dd6943be43fa1cf7629c673955 SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2 SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02 SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4 +SHA1 (patch-ap) = 3dfa2396d481aca2b746d02cb2b161bd956825f8 +SHA1 (patch-aq) = 80032eadbbb546df8eac7fe08800a784c06a06f0 +SHA1 (patch-ar) = b422847735a9a4821cfa8ba8e2e7639ce1605b39 diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap new file mode 100644 index 00000000000..7bfc0cc4616 --- /dev/null +++ b/www/apache/patches/patch-ap @@ -0,0 +1,30 @@ +$NetBSD: patch-ap,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $ +SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog + +--- src/main/http_log.c.orig 2003-02-03 09:13:21.000000000 -0800 ++++ src/main/http_log.c +@@ -314,6 +314,9 @@ static void log_error_core(const char *f + const char *fmt, va_list args) + { + char errstr[MAX_STRING_LEN]; ++#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED ++ char scratch[MAX_STRING_LEN]; ++#endif + size_t len; + int save_errno = errno; + FILE *logf; +@@ -445,7 +448,14 @@ static void log_error_core(const char *f + } + #endif + ++#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED ++ if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) { ++ len += ap_escape_errorlog_item(errstr + len, scratch, ++ sizeof(errstr) - len); ++ } ++#else + len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args); ++#endif + + /* NULL if we are logging to syslog */ + if (logf) { diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq new file mode 100644 index 00000000000..3c4c78d4221 --- /dev/null +++ b/www/apache/patches/patch-aq @@ -0,0 +1,14 @@ +$NetBSD: patch-aq,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $ +SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog + +--- src/include/httpd.h.orig 2004-04-07 12:24:10.967724616 -0700 ++++ src/include/httpd.h +@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool * + API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname, + unsigned port, const request_rec *r); + API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str); ++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, ++ size_t buflen); + API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s); + + API_EXPORT(int) ap_count_dirs(const char *path); diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar new file mode 100644 index 00000000000..ee788e50d44 --- /dev/null +++ b/www/apache/patches/patch-ar @@ -0,0 +1,75 @@ +$NetBSD: patch-ar,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $ +SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog + +--- src/main/util.c.orig 2003-02-03 09:13:23.000000000 -0800 ++++ src/main/util.c +@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo + return ret; + } + ++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, ++ size_t buflen) ++{ ++ unsigned char *d, *ep; ++ const unsigned char *s; ++ ++ if (!source || !buflen) { /* be safe */ ++ return 0; ++ } ++ ++ d = (unsigned char *)dest; ++ s = (const unsigned char *)source; ++ ep = d + buflen - 1; ++ ++ for (; d < ep && *s; ++s) { ++ ++ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) { ++ *d++ = '\\'; ++ if (d >= ep) { ++ --d; ++ break; ++ } ++ ++ switch(*s) { ++ case '\b': ++ *d++ = 'b'; ++ break; ++ case '\n': ++ *d++ = 'n'; ++ break; ++ case '\r': ++ *d++ = 'r'; ++ break; ++ case '\t': ++ *d++ = 't'; ++ break; ++ case '\v': ++ *d++ = 'v'; ++ break; ++ case '\\': ++ *d++ = *s; ++ break; ++ case '"': /* no need for this in error log */ ++ d[-1] = *s; ++ break; ++ default: ++ if (d >= ep - 2) { ++ ep = --d; /* break the for loop as well */ ++ break; ++ } ++ c2x(*s, d); ++ *d = 'x'; ++ d += 3; ++ } ++ } ++ else { ++ *d++ = *s; ++ } ++ } ++ *d = '\0'; ++ ++ return (d - (unsigned char *)dest); ++} + + API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str) + { |