diff options
| author | spz <spz> | 2009-10-04 13:26:13 +0000 |
|---|---|---|
| committer | spz <spz> | 2009-10-04 13:26:13 +0000 |
| commit | a5125a0fb336847558ec004eb9a0fd7a67312106 (patch) | |
| tree | 38c4e41e8d5aa696f38d07a01e0756c3cd4ab335 | |
| parent | addb272ceb8fd8b2bed26f84fae527dbff2b74f9 (diff) | |
| download | pkgsrc-a5125a0fb336847558ec004eb9a0fd7a67312106.tar.gz | |
Pullup ticket 2908 - requested by tron
security update
Revisions pulled up:
- pkgsrc/www/apache22/Makefile by patch to 1.52
- pkgsrc/www/apache22/distinfo by patch to 1.27
- pkgsrc/www/apache22/patches/patch-ab by patch to 1.14
Files removed:
pkgsrc/www/apache22/patches/patch-av
pkgsrc/www/apache22/patches/patch-ba
pkgsrc/www/apache22/patches/patch-bb
The patches update the package to the state in HEAD.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Oct 4 12:21:35 UTC 2009
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
pkgsrc/www/apache22/patches: patch-ab
Log Message:
Add patch from the Apache SVN repository to the vulnerability reported
in CVE-2009-3095.
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/apache22/patches/patch-ab
| -rw-r--r-- | www/apache22/Makefile | 6 | ||||
| -rw-r--r-- | www/apache22/distinfo | 13 | ||||
| -rw-r--r-- | www/apache22/patches/patch-ab | 117 | ||||
| -rw-r--r-- | www/apache22/patches/patch-av | 13 | ||||
| -rw-r--r-- | www/apache22/patches/patch-ba | 15 | ||||
| -rw-r--r-- | www/apache22/patches/patch-bb | 33 |
6 files changed, 115 insertions, 82 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 30d896cc2f0..2468631e6ea 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.46.2.3 2009/09/13 15:03:35 spz Exp $ +# $NetBSD: Makefile,v 1.46.2.4 2009/10/04 13:26:13 spz Exp $ -DISTNAME= httpd-2.2.12 +DISTNAME= httpd-2.2.13 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 1 +PKGREVISION= 3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 4a4777be399..6e44b1b6c15 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.20.2.3 2009/09/13 15:03:35 spz Exp $ +$NetBSD: distinfo,v 1.20.2.4 2009/10/04 13:26:13 spz Exp $ -SHA1 (httpd-2.2.12.tar.bz2) = 76e243a5b7dc9896e83bdfac1aa98bbfdc85aeae -RMD160 (httpd-2.2.12.tar.bz2) = 4c8e781e5e60a7a332383a798fe0ddc1adffc914 -Size (httpd-2.2.12.tar.bz2) = 5140433 bytes +SHA1 (httpd-2.2.13.tar.bz2) = 44d85da1b8e6c579d4514cfefbea00b284717b69 +RMD160 (httpd-2.2.13.tar.bz2) = 4a6a2247cc118175a9a36f1e14344ee71da24627 +Size (httpd-2.2.13.tar.bz2) = 5300199 bytes SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf -SHA1 (patch-ab) = 76e50e1603c37e982a6ae9179009457aa9589e87 +SHA1 (patch-ab) = 6aec00f6dc38eee2e8648b4e95df3dbf166ac548 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 @@ -15,7 +15,4 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 -SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 -SHA1 (patch-ba) = c6ec284b27721bf7081afa261146c38e2c2d0063 -SHA1 (patch-bb) = 23c0b0436de72bdf70deeca1d5e243a6180e6b55 diff --git a/www/apache22/patches/patch-ab b/www/apache22/patches/patch-ab index 5e5e109ed02..0da0f795344 100644 --- a/www/apache22/patches/patch-ab +++ b/www/apache22/patches/patch-ab @@ -1,19 +1,116 @@ -$NetBSD: patch-ab,v 1.10.4.2 2009/09/13 15:03:36 spz Exp $ +$NetBSD: patch-ab,v 1.10.4.3 2009/10/04 13:26:13 spz Exp $ -Fix for CVE-2009-3094 based on the description of the problem: +Fixes for CVE-2009-3094 and CVE-2009-3095 taken from the Apache SVN repository: -http://www.intevydis.com/blog/?p=59 +http://svn.apache.org/viewvc?view=rev&revision=814844 +http://svn.apache.org/viewvc?view=rev&revision=814847 --- modules/proxy/mod_proxy_ftp.c.orig 2008-11-11 20:04:34.000000000 +0000 -+++ modules/proxy/mod_proxy_ftp.c 2009-09-13 14:23:13.000000000 +0100 -@@ -1274,7 +1274,9 @@ ++++ modules/proxy/mod_proxy_ftp.c 2009-10-04 12:49:43.000000000 +0100 +@@ -604,6 +604,31 @@ + return APR_SUCCESS; + } + ++/* Parse EPSV reply and return port, or zero on error. Modifies ++ * 'reply'. */ ++static apr_port_t parse_epsv_reply(char *reply) ++{ ++ char *p, *ep; ++ long port; ++ ++ /* Reply syntax per RFC 2428: "229 blah blah (|||port|)" where '|' ++ * can be any character in ASCII from 33-126, obscurely. Verify ++ * the syntax. */ ++ p = ap_strchr(reply, '('); ++ if (p == NULL || !p[0] || !p[1] || p[1] != p[2] || p[1] != p[3] ++ || p[4] == p[1]) { ++ return 0; ++ } ++ ++ errno = 0; ++ port = strtol(p + 4, &ep, 10); ++ if (errno || port < 1 || port > 65535 || ep[0] != p[1] || ep[1] != ')') { ++ return 0; ++ } ++ ++ return (apr_port_t)port; ++} ++ + /* + * Generic "send FTP command to server" routine, using the control socket. + * Returns the FTP returncode (3 digit code) +@@ -887,6 +912,11 @@ + if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL + && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0 + && (password = ap_pbase64decode(r->pool, password))[0] != ':') { ++ /* Check the decoded string for special characters. */ ++ if (!ftp_check_string(password)) { ++ return ap_proxyerror(r, HTTP_BAD_REQUEST, ++ "user credentials contained invalid character"); ++ } + /* + * Note that this allocation has to be made from r->connection->pool + * because it has the lifetime of the connection. The other +@@ -1210,26 +1240,11 @@ + return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage); + } + else if (rc == 229) { +- char *pstr; +- char *tok_cntx; ++ /* Parse the port out of the EPSV reply. */ ++ data_port = parse_epsv_reply(ftpmessage); + +- pstr = ftpmessage; +- pstr = apr_strtok(pstr, " ", &tok_cntx); /* separate result code */ +- if (pstr != NULL) { +- if (*(pstr + strlen(pstr) + 1) == '=') { +- pstr += strlen(pstr) + 2; +- } +- else { +- pstr = apr_strtok(NULL, "(", &tok_cntx); /* separate address & +- * port params */ +- if (pstr != NULL) +- pstr = apr_strtok(NULL, ")", &tok_cntx); +- } +- } +- +- if (pstr) { ++ if (data_port) { + apr_sockaddr_t *epsv_addr; +- data_port = atoi(pstr + 3); + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: FTP: EPSV contacting remote host on port %d", +@@ -1272,10 +1287,6 @@ + connect = 1; + } } - else { - /* and try the regular way */ +- else { +- /* and try the regular way */ - apr_socket_close(data_sock); -+ if (data_sock != NULL) { -+ apr_socket_close(data_sock); -+ } +- } + } + } + +@@ -1364,10 +1375,6 @@ + connect = 1; + } } +- else { +- /* and try the regular way */ +- apr_socket_close(data_sock); +- } } } + /*bypass:*/ +@@ -1851,7 +1858,9 @@ + * for a slow client to eat these bytes + */ + ap_flush_conn(data); +- apr_socket_close(data_sock); ++ if (data_sock) { ++ apr_socket_close(data_sock); ++ } + data_sock = NULL; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: FTP: data connection closed"); diff --git a/www/apache22/patches/patch-av b/www/apache22/patches/patch-av deleted file mode 100644 index e3309c7bb7b..00000000000 --- a/www/apache22/patches/patch-av +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-av,v 1.2 2009/01/25 09:59:51 tron Exp $ - ---- modules/generators/mod_cgid.c.orig 2008-08-15 18:08:05.000000000 -0400 -+++ modules/generators/mod_cgid.c -@@ -203,7 +203,7 @@ static char **create_argv(apr_pool_t *p, - char *w; - int idx = 0; - -- if (ap_strchr_c(args, '=')) { -+ if (!(*args) || ap_strchr_c(args, '=')) { - numwords = 0; - } - else { diff --git a/www/apache22/patches/patch-ba b/www/apache22/patches/patch-ba deleted file mode 100644 index 9ad3d4056a2..00000000000 --- a/www/apache22/patches/patch-ba +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ba,v 1.2.2.1 2009/08/07 21:08:15 spz Exp $ - -Fix build problems with newer versions of OpenSSL. - ---- modules/ssl/ssl_engine_init.c.orig 2009-08-05 09:37:09.000000000 +0200 -+++ modules/ssl/ssl_engine_init.c -@@ -573,7 +573,7 @@ static void ssl_init_ctx_verify(server_r - ssl_die(); - } - -- SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list); -+ SSL_CTX_set_client_CA_list(ctx, ca_list); - } - - /* diff --git a/www/apache22/patches/patch-bb b/www/apache22/patches/patch-bb deleted file mode 100644 index 1f8b8b23650..00000000000 --- a/www/apache22/patches/patch-bb +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-bb,v 1.3.2.2 2009/08/07 21:08:15 spz Exp $ - -Fix build problems with newer versions of OpenSSL. - ---- modules/ssl/ssl_util_ssl.c.orig 2009-08-05 09:33:37.000000000 +0200 -+++ modules/ssl/ssl_util_ssl.c -@@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert) - #ifdef HAVE_SSL_X509V3_EXT_d2i - X509_EXTENSION *ext; - int ext_nid; -- STACK *sk; -+ STACK_OF(SSL_CIPHER) *sk; - BOOL is_sgc; - int idx; - int i; -@@ -303,7 +303,7 @@ BOOL SSL_X509_isSGC(X509 *cert) - idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1); - if (idx >= 0) { - ext = X509_get_ext(cert, idx); -- if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) { -+ if ((sk = X509V3_EXT_d2i(ext)) != NULL) { - for (i = 0; i < sk_num(sk); i++) { - ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i)); - if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) { -@@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain( - X509 *x509; - unsigned long err; - int n; -- STACK *extra_certs; -+ STACK_OF(X509) *extra_certs; - - if ((bio = BIO_new(BIO_s_file_internal())) == NULL) - return -1; |