Pullup ticket 2786 - requested by tron

Security update Revisions pulled up: - pkgsrc/www/apache22/Makefile 1.45 - pkgsrc/www/apache22/distinfo 1.19 Files added: - pkgsrc/www/apache22/patches/patch-ba 1.1 - pkgsrc/www/apache22/patches/patch-bb 1.1 - pkgsrc/www/apache22/patches/patch-bc 1.1 - pkgsrc/www/apache22/patches/patch-bd 1.1 Module Name: pkgsrc Committed By: tron Date: Thu Jun 4 08:51:52 UTC 2009 Modified Files: pkgsrc/www/apache22: Makefile distinfo Added Files: pkgsrc/www/apache22/patches: patch-ba patch-bb patch-bc patch-bd Log Message: Add patches from the Apache SVN repository to fix the security bypass vulnerability reported in CVE-2009-1195. To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/apache22/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/apache22/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache22/patches/patch-ba \ pkgsrc/www/apache22/patches/patch-bb pkgsrc/www/apache22/patches/patch-bc \ pkgsrc/www/apache22/patches/patch-bd
author: spz <spz> 2009-06-04 20:41:20 +0000
committer: spz <spz> 2009-06-04 20:41:20 +0000
commit: 2de6716fadaae32553759c08b2692651d5aacb3c (patch)
tree: d59957a1934f99d850a417dd3eadb18ac25dcbc2
parent: 8ef6864c768559d07da1f70f86f5274241d3a811 (diff)
download: pkgsrc-2de6716fadaae32553759c08b2692651d5aacb3c.tar.gz
6 files changed, 156 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 6e199723a1f..9d5fe2c7c7e 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.39.2.1 2009/05/23 07:12:45 spz Exp $
+# $NetBSD: Makefile,v 1.39.2.2 2009/06/04 20:41:20 spz Exp $
 
 DISTNAME=	httpd-2.2.11
-PKGREVISION=	3
+PKGREVISION=	4
 PKGNAME=	${DISTNAME:S/httpd/apache/}
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index a62cd6a5b1b..68e6e91add5 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17.2.1 2009/05/23 07:15:36 spz Exp $
+$NetBSD: distinfo,v 1.17.2.2 2009/06/04 20:41:20 spz Exp $
 
 SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a
 RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d
@@ -17,3 +17,7 @@ SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c
 SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1
 SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf
 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
+SHA1 (patch-ba) = fad28e9305c46ec27efdf51f9a4103b870c51be0
+SHA1 (patch-bb) = a577c9ab28dd6cb2ec0805cadb3650709d960c7e
+SHA1 (patch-bc) = f7f17cd31dfb0f0522933a3ef662f5a4f201dc12
+SHA1 (patch-bd) = 88b156067ea75196b1d82587c439c2cf524656cf
diff --git a/www/apache22/patches/patch-ba b/www/apache22/patches/patch-ba
new file mode 100644
index 00000000000..c65510d2533
--- /dev/null
+++ b/www/apache22/patches/patch-ba
@@ -0,0 +1,35 @@
+$NetBSD: patch-ba,v 1.1.2.2 2009/06/04 20:41:20 spz Exp $
+
+Patch for CVE-2009-1195 taken from:
+
+http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?r1=739382&r2=772997&pathrev=772997
+
+--- include/http_core.h.orig	2008-02-26 19:47:51.000000000 +0000
++++ include/http_core.h	2009-06-04 09:39:58.000000000 +0100
+@@ -65,7 +65,7 @@
+ #define OPT_NONE 0
+ /** Indexes directive */
+ #define OPT_INDEXES 1
+-/**  Includes directive */
++/** SSI is enabled without exec= permission  */
+ #define OPT_INCLUDES 2
+ /**  FollowSymLinks directive */
+ #define OPT_SYM_LINKS 4
+@@ -73,14 +73,14 @@
+ #define OPT_EXECCGI 8
+ /**  directive unset */
+ #define OPT_UNSET 16
+-/**  IncludesNOEXEC directive */
+-#define OPT_INCNOEXEC 32
++/**  SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
++#define OPT_INC_WITH_EXEC 32
+ /** SymLinksIfOwnerMatch directive */
+ #define OPT_SYM_OWNER 64
+ /** MultiViews directive */
+ #define OPT_MULTI 128
+ /**  All directives */
+-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
++#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
+ /** @} */
+ 
+ /**
diff --git a/www/apache22/patches/patch-bb b/www/apache22/patches/patch-bb
new file mode 100644
index 00000000000..c16cb88dedc
--- /dev/null
+++ b/www/apache22/patches/patch-bb
@@ -0,0 +1,17 @@
+$NetBSD: patch-bb,v 1.1.2.2 2009/06/04 20:41:20 spz Exp $
+
+Patch for CVE-2009-1195 taken from:
+
+http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_include.c?r1=758929&r2=772997&pathrev=772997
+
+--- modules/filters/mod_include.c.orig	2008-03-17 14:32:47.000000000 +0000
++++ modules/filters/mod_include.c	2009-06-04 09:41:46.000000000 +0100
+@@ -3573,7 +3573,7 @@
+         intern->seen_eos = 0;
+         intern->state = PARSE_PRE_HEAD;
+         ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
+-        if (ap_allow_options(r) & OPT_INCNOEXEC) {
++        if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
+             ctx->flags |= SSI_FLAG_NO_EXEC;
+         }
+         intern->accessenable = conf->accessenable;
diff --git a/www/apache22/patches/patch-bc b/www/apache22/patches/patch-bc
new file mode 100644
index 00000000000..224de34cc15
--- /dev/null
+++ b/www/apache22/patches/patch-bc
@@ -0,0 +1,35 @@
+$NetBSD: patch-bc,v 1.1.2.2 2009/06/04 20:41:20 spz Exp $
+
+Patch for CVE-2009-1195 taken from:
+
+http://svn.apache.org/viewvc/httpd/httpd/trunk/server/config.c?r1=759924&r2=772997&pathrev=772997
+
+--- server/config.c.orig	2008-12-02 22:28:21.000000000 +0000
++++ server/config.c	2009-06-04 09:44:24.000000000 +0100
+@@ -1510,7 +1510,7 @@
+     parms.temp_pool = ptemp;
+     parms.server = s;
+     parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
+-    parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
++    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
+ 
+     parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
+                                             &arr_parms, NULL,
+@@ -1617,7 +1617,7 @@
+     parms.temp_pool = ptemp;
+     parms.server = s;
+     parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
+-    parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
++    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
+ 
+     rv = ap_pcfg_openfile(&cfp, p, fname);
+     if (rv != APR_SUCCESS) {
+@@ -1755,7 +1755,7 @@
+     parms.temp_pool = ptemp;
+     parms.server = s;
+     parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
+-    parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
++    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
+     parms.limited = -1;
+ 
+     errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults);
diff --git a/www/apache22/patches/patch-bd b/www/apache22/patches/patch-bd
new file mode 100644
index 00000000000..a2457fa6c7b
--- /dev/null
+++ b/www/apache22/patches/patch-bd
@@ -0,0 +1,62 @@
+$NetBSD: patch-bd,v 1.1.2.2 2009/06/04 20:41:20 spz Exp $
+
+Patch for CVE-2009-1195 taken from:
+
+http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?r1=759699&r2=772997&pathrev=772997
+
+--- server/core.c.orig	2008-06-02 22:18:18.000000000 +0100
++++ server/core.c	2009-06-04 09:46:04.000000000 +0100
+@@ -108,8 +108,7 @@
+     conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
+     conf->opts_add = conf->opts_remove = OPT_NONE;
+     conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL;
+-    conf->override_opts = OPT_UNSET | OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER
+-                          | OPT_MULTI;
++    conf->override_opts = OPT_UNSET | OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
+ 
+     conf->content_md5 = 2;
+     conf->accept_path_info = 3;
+@@ -242,8 +241,13 @@
+         conf->opts_remove = (conf->opts_remove & ~new->opts_add)
+                             | new->opts_remove;
+         conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add;
+-        if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES)) {
+-            conf->opts = (conf->opts & ~OPT_INCNOEXEC) | OPT_INCLUDES;
++
++        /* if Includes was enabled without exec in the new config, but
++         * was enabled with exec in the base, then disable exec in the
++         * resulting options. */
++        if ((base->opts & OPT_INC_WITH_EXEC) 
++            && (new->opts & OPT_INC_WITH_EXEC) == 0) {
++            conf->opts &= ~OPT_INC_WITH_EXEC;
+         }
+     }
+     else {
+@@ -1304,10 +1308,12 @@
+             opt = OPT_INDEXES;
+         }
+         else if (!strcasecmp(w, "Includes")) {
+-            opt = OPT_INCLUDES;
++            /* If Includes is permitted, both Includes and
++             * IncludesNOEXEC may be changed. */
++            opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC);
+         }
+         else if (!strcasecmp(w, "IncludesNOEXEC")) {
+-            opt = (OPT_INCLUDES | OPT_INCNOEXEC);
++            opt = OPT_INCLUDES;
+         }
+         else if (!strcasecmp(w, "FollowSymLinks")) {
+             opt = OPT_SYM_LINKS;
+@@ -1428,10 +1434,10 @@
+             opt = OPT_INDEXES;
+         }
+         else if (!strcasecmp(w, "Includes")) {
+-            opt = OPT_INCLUDES;
++            opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC);
+         }
+         else if (!strcasecmp(w, "IncludesNOEXEC")) {
+-            opt = (OPT_INCLUDES | OPT_INCNOEXEC);
++            opt = OPT_INCLUDES;
+         }
+         else if (!strcasecmp(w, "FollowSymLinks")) {
+             opt = OPT_SYM_LINKS;
author	spz <spz>	2009-06-04 20:41:20 +0000
committer	spz <spz>	2009-06-04 20:41:20 +0000
commit	2de6716fadaae32553759c08b2692651d5aacb3c (patch)
tree	d59957a1934f99d850a417dd3eadb18ac25dcbc2
parent	8ef6864c768559d07da1f70f86f5274241d3a811 (diff)
download	pkgsrc-2de6716fadaae32553759c08b2692651d5aacb3c.tar.gz