summaryrefslogtreecommitdiff
path: root/www/apache22
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2009-07-14 12:23:39 +0000
committertron <tron@pkgsrc.org>2009-07-14 12:23:39 +0000
commitb11c35c239bbd1deb7c4423df69eae0b64c22b0e (patch)
treeba88ec203707e429e3f534de7b6a2d6b3c06bdab /www/apache22
parentbb40a4b16b6e5da9cefc3ea24d6b141e4da8b717 (diff)
downloadpkgsrc-b11c35c239bbd1deb7c4423df69eae0b64c22b0e.tar.gz
Add patches from the Apache SVN repository to fix the security
vulnerabilities reported in CVE-2009-1890 and CVE-2009-1891.
Diffstat (limited to 'www/apache22')
-rw-r--r--www/apache22/Makefile4
-rw-r--r--www/apache22/distinfo4
-rw-r--r--www/apache22/patches/patch-af35
-rw-r--r--www/apache22/patches/patch-ah44
4 files changed, 84 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index a90d4b29c00..5d761935f31 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2009/06/11 20:30:58 tron Exp $
+# $NetBSD: Makefile,v 1.47 2009/07/14 12:23:39 tron Exp $
DISTNAME= httpd-2.2.11
-PKGREVISION= 5
+PKGREVISION= 6
PKGNAME= ${DISTNAME:S/httpd/apache/}
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index f31c4b7427b..29c87d4790d 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2009/06/11 20:30:58 tron Exp $
+$NetBSD: distinfo,v 1.21 2009/07/14 12:23:39 tron Exp $
SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a
RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d
@@ -8,7 +8,9 @@ SHA1 (patch-ab) = d5391ca1af9d817d35cb472b0feb05b86a95e560
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
+SHA1 (patch-af) = cf7cc7d09e0379830d1ce0be4be74c8f2bbb1719
SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
+SHA1 (patch-ah) = 5fc2a3fad42fa67669c219123b8c27e138927452
SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
diff --git a/www/apache22/patches/patch-af b/www/apache22/patches/patch-af
new file mode 100644
index 00000000000..faff767dc3a
--- /dev/null
+++ b/www/apache22/patches/patch-af
@@ -0,0 +1,35 @@
+$NetBSD: patch-af,v 1.1 2009/07/14 12:23:40 tron Exp $
+
+Fix for CVE-2009-1891 taken from here:
+
+http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core_filters.c?r1=421103&r2=791454&pathrev=791454
+
+--- server/core_filters.c.orig 2006-07-12 04:38:44.000000000 +0100
++++ server/core_filters.c 2009-07-14 13:01:09.000000000 +0100
+@@ -542,6 +542,12 @@
+ apr_read_type_e eblock = APR_NONBLOCK_READ;
+ apr_pool_t *input_pool = b->p;
+
++ /* Fail quickly if the connection has already been aborted. */
++ if (c->aborted) {
++ apr_brigade_cleanup(b);
++ return APR_ECONNABORTED;
++ }
++
+ if (ctx == NULL) {
+ ctx = apr_pcalloc(c->pool, sizeof(*ctx));
+ net->out_ctx = ctx;
+@@ -909,12 +915,9 @@
+ /* No need to check for SUCCESS, we did that above. */
+ if (!APR_STATUS_IS_EAGAIN(rv)) {
+ c->aborted = 1;
++ return APR_ECONNABORTED;
+ }
+
+- /* The client has aborted, but the request was successful. We
+- * will report success, and leave it to the access and error
+- * logs to note that the connection was aborted.
+- */
+ return APR_SUCCESS;
+ }
+
diff --git a/www/apache22/patches/patch-ah b/www/apache22/patches/patch-ah
new file mode 100644
index 00000000000..f42450e7da1
--- /dev/null
+++ b/www/apache22/patches/patch-ah
@@ -0,0 +1,44 @@
+$NetBSD: patch-ah,v 1.1 2009/07/14 12:23:40 tron Exp $
+
+Fix for CVE-2009-1890 taken from here:
+
+http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587
+
+--- modules/proxy/mod_proxy_http.c.orig 2008-11-11 20:04:34.000000000 +0000
++++ modules/proxy/mod_proxy_http.c 2009-07-14 13:03:49.000000000 +0100
+@@ -422,10 +422,16 @@
+ apr_off_t bytes_streamed = 0;
+
+ if (old_cl_val) {
++ char *endstr;
++
+ add_cl(p, bucket_alloc, header_brigade, old_cl_val);
+- if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL,
+- 0))) {
+- return HTTP_INTERNAL_SERVER_ERROR;
++ status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10);
++
++ if (status || *endstr || endstr == old_cl_val || cl_val < 0) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
++ "proxy: could not parse request Content-Length (%s)",
++ old_cl_val);
++ return HTTP_BAD_REQUEST;
+ }
+ }
+ terminate_headers(bucket_alloc, header_brigade);
+@@ -453,8 +459,13 @@
+ *
+ * Prevents HTTP Response Splitting.
+ */
+- if (bytes_streamed > cl_val)
+- continue;
++ if (bytes_streamed > cl_val) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++ "proxy: read more bytes of request body than expected "
++ "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")",
++ bytes_streamed, cl_val);
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
+
+ if (header_brigade) {
+ /* we never sent the header brigade, so go ahead and