summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2015-06-11 15:38:48 +0000
committertaca <taca@pkgsrc.org>2015-06-11 15:38:48 +0000
commitd3c51875993a322324ff64db727f185e6b4906ef (patch)
tree4f28451b6fc64badf28fbca07cf5d0a1173d1fd9
parent26a3e88319ee98b6cb38f0994147845b70b20409 (diff)
downloadpkgsrc-d3c51875993a322324ff64db727f185e6b4906ef.tar.gz
Add fix for CVE-2015-0253.
Bump PKGREVISION.
-rw-r--r--www/apache24/Makefile3
-rw-r--r--www/apache24/distinfo3
-rw-r--r--www/apache24/patches/patch-server_protocol.c24
3 files changed, 28 insertions, 2 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile
index d7352794ce6..62d7ec74543 100644
--- a/www/apache24/Makefile
+++ b/www/apache24/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2015/02/02 14:45:51 adam Exp $
+# $NetBSD: Makefile,v 1.35 2015/06/11 15:38:48 taca Exp $
DISTNAME= httpd-2.4.12
PKGNAME= ${DISTNAME:S/httpd/apache/}
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
http://archive.apache.org/dist/httpd/ \
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index 6a41883a1af..c5b7c6c8103 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $
+$NetBSD: distinfo,v 1.20 2015/06/11 15:38:48 taca Exp $
SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17
RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa
@@ -16,3 +16,4 @@ SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777
SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df
SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96
SHA1 (patch-server_core__filters.c) = 331672c9a65691229518f31dcdae64382b392287
+SHA1 (patch-server_protocol.c) = 73f9cfad3217784fcdc6e5c7948eefd47b2a5a42
diff --git a/www/apache24/patches/patch-server_protocol.c b/www/apache24/patches/patch-server_protocol.c
new file mode 100644
index 00000000000..0e61958d9e4
--- /dev/null
+++ b/www/apache24/patches/patch-server_protocol.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-server_protocol.c,v 1.1 2015/06/11 15:38:48 taca Exp $
+
+Fix for CVE-2015-0253, introduced in Apache 2.4.11.
+
+--- server/protocol.c.orig 2014-11-29 09:22:43.000000000 +0000
++++ server/protocol.c
+@@ -599,8 +599,6 @@ static int read_request_line(request_rec
+ */
+ if (APR_STATUS_IS_ENOSPC(rv)) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+- r->proto_num = HTTP_VERSION(1,0);
+- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+ else if (APR_STATUS_IS_TIMEUP(rv)) {
+ r->status = HTTP_REQUEST_TIME_OUT;
+@@ -608,6 +606,8 @@ static int read_request_line(request_rec
+ else if (APR_STATUS_IS_EINVAL(rv)) {
+ r->status = HTTP_BAD_REQUEST;
+ }
++ r->proto_num = HTTP_VERSION(1,0);
++ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ return 0;
+ }
+ } while ((len <= 0) && (++num_blank_lines < max_blank_lines));