diff options
author | ryoon <ryoon@pkgsrc.org> | 2015-03-28 06:28:04 +0000 |
---|---|---|
committer | ryoon <ryoon@pkgsrc.org> | 2015-03-28 06:28:04 +0000 |
commit | bb7dcd7f66ae7acb49830829205ded444a4e1338 (patch) | |
tree | f86f34d12b2484d5374b997283ccbb94460e1843 /www/apache24 | |
parent | f5854958396fc969ba3c422aa54eb4b4e5c729f8 (diff) | |
download | pkgsrc-bb7dcd7f66ae7acb49830829205ded444a4e1338.tar.gz |
Fix CVE-2015-0228 (lua module) with upstream patch.
lua module is not enabled by default.
Diffstat (limited to 'www/apache24')
-rw-r--r-- | www/apache24/distinfo | 3 | ||||
-rw-r--r-- | www/apache24/patches/patch-CVE-2015-0228 | 36 |
2 files changed, 38 insertions, 1 deletions
diff --git a/www/apache24/distinfo b/www/apache24/distinfo index 3c52d448a12..6a41883a1af 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.18 2015/02/02 14:45:51 adam Exp $ +$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $ SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17 RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa Size (httpd-2.4.12.tar.bz2) = 5054838 bytes +SHA1 (patch-CVE-2015-0228) = 2a6ec79cc8feb546b3d4ede08877ad72347b55a7 SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d diff --git a/www/apache24/patches/patch-CVE-2015-0228 b/www/apache24/patches/patch-CVE-2015-0228 new file mode 100644 index 00000000000..9b82fc443eb --- /dev/null +++ b/www/apache24/patches/patch-CVE-2015-0228 @@ -0,0 +1,36 @@ +$NetBSD: patch-CVE-2015-0228,v 1.1 2015/03/28 06:28:04 ryoon Exp $ + +http://svn.apache.org/viewvc?view=revision&revision=1657261 + +--- modules/lua/lua_request.c.orig 2014-09-05 14:20:27.000000000 +0000 ++++ modules/lua/lua_request.c +@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State + { + apr_socket_t *sock; + apr_status_t rv; ++ int do_read = 1; + int n = 0; + apr_size_t len = 1; + apr_size_t plen = 0; +@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State + mask_bytes = apr_pcalloc(r->pool, 4); + sock = ap_get_conn_socket(r->connection); + ++ while (do_read) { ++ do_read = 0; + /* Get opcode and FIN bit */ + if (plaintext) { + rv = apr_socket_recv(sock, &byte, &len); +@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State + frame[0] = 0x8A; + frame[1] = 0; + apr_socket_send(sock, frame, &plen); /* Pong! */ +- lua_websocket_read(L); /* read the next frame instead */ ++ do_read = 1; + } + } + } ++ } + return 0; + } + |