diff options
| author | tron <tron> | 2015-01-22 20:02:37 +0000 |
|---|---|---|
| committer | tron <tron> | 2015-01-22 20:02:37 +0000 |
| commit | a05abe2224b8c078c4d0b2274a63968063c105c2 (patch) | |
| tree | 1b1d23da8b84bf1bce87625518e54ed10a31021e | |
| parent | 75d3e61cd870c1945834147a0a50ea57b6562f73 (diff) | |
| download | pkgsrc-a05abe2224b8c078c4d0b2274a63968063c105c2.tar.gz | |
Add fix for CVE-2014-8109 taken for Apache SVN repository.
| -rw-r--r-- | www/apache24/Makefile | 4 | ||||
| -rw-r--r-- | www/apache24/distinfo | 3 | ||||
| -rw-r--r-- | www/apache24/patches/patch-modules_lua_mod_lua.c | 87 |
3 files changed, 91 insertions, 3 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index 71982fbbe57..c2e5249e339 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.32 2014/10/19 22:27:48 alnsn Exp $ +# $NetBSD: Makefile,v 1.33 2015/01/22 20:02:37 tron Exp $ DISTNAME= httpd-2.4.10 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache24/distinfo b/www/apache24/distinfo index a9ccbc0b66b..7320c94f800 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2014/10/08 04:27:17 taca Exp $ +$NetBSD: distinfo,v 1.17 2015/01/22 20:02:37 tron Exp $ SHA1 (httpd-2.4.10.tar.bz2) = 00f5c3f8274139bd6160eda2cf514fa9b74549e5 RMD160 (httpd-2.4.10.tar.bz2) = 254f4b9b8cc4e151aa46973311077baa0a3daad3 @@ -15,4 +15,5 @@ SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777 SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96 SHA1 (patch-modules_cache_cache__util.c) = 35a41fee80fc990b0d56767db67f8e403e692e55 +SHA1 (patch-modules_lua_mod_lua.c) = d40f44ba530386d92f8830a45559223ee5518e00 SHA1 (patch-server_core__filters.c) = 331672c9a65691229518f31dcdae64382b392287 diff --git a/www/apache24/patches/patch-modules_lua_mod_lua.c b/www/apache24/patches/patch-modules_lua_mod_lua.c new file mode 100644 index 00000000000..d9a2ce6645a --- /dev/null +++ b/www/apache24/patches/patch-modules_lua_mod_lua.c @@ -0,0 +1,87 @@ +$NetBSD: patch-modules_lua_mod_lua.c,v 1.1 2015/01/22 20:02:37 tron Exp $ + +Fix for CVE-2014-8109 taken from here: + +https://svn.apache.org/viewvc?view=revision&revision=1642861 + +--- modules/lua/mod_lua.c.orig 2014-06-22 19:16:21.000000000 +0100 ++++ modules/lua/mod_lua.c 2015-01-22 19:43:32.000000000 +0000 +@@ -66,9 +66,13 @@ + const char *file_name; + const char *function_name; + ap_lua_vm_spec *spec; +- apr_array_header_t *args; + } lua_authz_provider_spec; + ++typedef struct { ++ lua_authz_provider_spec *spec; ++ apr_array_header_t *args; ++} lua_authz_provider_func; ++ + apr_hash_t *lua_authz_providers; + + typedef struct +@@ -1692,6 +1696,7 @@ + { + const char *provider_name; + lua_authz_provider_spec *spec; ++ lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func)); + + apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE, + cmd->temp_pool); +@@ -1699,16 +1704,17 @@ + + spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING); + ap_assert(spec != NULL); ++ func->spec = spec; + + if (require_line && *require_line) { + const char *arg; +- spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); ++ func->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); + while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) { +- APR_ARRAY_PUSH(spec->args, const char *) = arg; ++ APR_ARRAY_PUSH(func->args, const char *) = arg; + } + } + +- *parsed_require_line = spec; ++ *parsed_require_line = func; + return NULL; + } + +@@ -1722,7 +1728,8 @@ + &lua_module); + const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, + &lua_module); +- const lua_authz_provider_spec *prov_spec = parsed_require_line; ++ const lua_authz_provider_func *prov_func = parsed_require_line; ++ const lua_authz_provider_spec *prov_spec = prov_func->spec; + int result; + int nargs = 0; + +@@ -1744,19 +1751,19 @@ + return AUTHZ_GENERAL_ERROR; + } + ap_lua_run_lua_request(L, r); +- if (prov_spec->args) { ++ if (prov_func->args) { + int i; +- if (!lua_checkstack(L, prov_spec->args->nelts)) { ++ if (!lua_checkstack(L, prov_func->args->nelts)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315) + "Error: authz provider %s: too many arguments", prov_spec->name); + ap_lua_release_state(L, spec, r); + return AUTHZ_GENERAL_ERROR; + } +- for (i = 0; i < prov_spec->args->nelts; i++) { +- const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *); ++ for (i = 0; i < prov_func->args->nelts; i++) { ++ const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *); + lua_pushstring(L, arg); + } +- nargs = prov_spec->args->nelts; ++ nargs = prov_func->args->nelts; + } + if (lua_pcall(L, 1 + nargs, 1, 0)) { + const char *err = lua_tostring(L, -1); |