diff options
| author | spz <spz> | 2010-06-12 20:57:46 +0000 |
|---|---|---|
| committer | spz <spz> | 2010-06-12 20:57:46 +0000 |
| commit | 778f3dce4f5ef4eb99f9af7d90eb3ca7c54e62d5 (patch) | |
| tree | 26d2f50fae757dafa8b95090c0c4e35c012083b6 | |
| parent | 5d21710a521bbbe13a467e9274721897555a6aa7 (diff) | |
| download | pkgsrc-778f3dce4f5ef4eb99f9af7d90eb3ca7c54e62d5.tar.gz | |
Pullup ticket 3145 - requested by tron
security fix
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.59
- pkgsrc/www/apache22/distinfo 1.33
- pkgsrc/www/apache22/patches/patch-af 1.3
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jun 12 10:40:27 UTC 2010
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-af
Log Message:
Add patch provided by the Apache foundation to close the privacy leak
reported in CVE-2010-2068.
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/www/apache22/patches/patch-af
| -rw-r--r-- | www/apache22/Makefile | 3 | ||||
| -rw-r--r-- | www/apache22/distinfo | 3 | ||||
| -rw-r--r-- | www/apache22/patches/patch-af | 35 |
3 files changed, 39 insertions, 2 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 793043a627c..1877f3e1bba 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.56 2010/03/09 02:30:15 taca Exp $ +# $NetBSD: Makefile,v 1.56.2.1 2010/06/12 20:57:46 spz Exp $ DISTNAME= httpd-2.2.15 +PKGREVISION= 3 PKGNAME= ${DISTNAME:S/httpd/apache/} CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 9656df1c3d2..6da6027a95b 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.31 2010/03/09 02:30:15 taca Exp $ +$NetBSD: distinfo,v 1.31.2.1 2010/06/12 20:57:46 spz Exp $ SHA1 (httpd-2.2.15.tar.bz2) = 5f0e973839ed2e38a4d03adba109ef5ce3381bc2 RMD160 (httpd-2.2.15.tar.bz2) = e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf @@ -8,6 +8,7 @@ SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 +SHA1 (patch-af) = c3051544406326297161f36ff3f499395630dc05 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 diff --git a/www/apache22/patches/patch-af b/www/apache22/patches/patch-af new file mode 100644 index 00000000000..4fc90dd5ffa --- /dev/null +++ b/www/apache22/patches/patch-af @@ -0,0 +1,35 @@ +$NetBSD: patch-af,v 1.3.2.2 2010/06/12 20:57:46 spz Exp $ + +Patch to fix CVE-2010-2068, taken from here: + +http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch + +--- modules/proxy/mod_proxy_http.c.orig 2010-02-27 18:49:36.000000000 +0000 ++++ modules/proxy/mod_proxy_http.c 2010-06-12 11:33:45.000000000 +0100 +@@ -1401,7 +1401,7 @@ + ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r, + "proxy: error reading status line from remote " + "server %s", backend->hostname); +- if (rc == APR_TIMEUP) { ++ if (APR_STATUS_IS_TIMEUP(rc)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "proxy: read timeout"); + } +@@ -1417,7 +1417,7 @@ + * we normally would handle timeouts + */ + if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives && +- rc != APR_TIMEUP) { ++ !APR_STATUS_IS_TIMEUP(rc)) { + apr_bucket *eos; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, +@@ -1449,6 +1449,8 @@ + APR_BUCKET_INSERT_BEFORE(eos, e); + } + ap_pass_brigade(r->output_filters, bb); ++ /* Mark the backend connection for closing */ ++ backend->close = 1; + /* Need to return OK to avoid sending an error message */ + return OK; + } |