summaryrefslogtreecommitdiff
path: root/www/apache24
diff options
context:
space:
mode:
authorryoon <ryoon@pkgsrc.org>2015-03-28 06:28:04 +0000
committerryoon <ryoon@pkgsrc.org>2015-03-28 06:28:04 +0000
commitbb7dcd7f66ae7acb49830829205ded444a4e1338 (patch)
treef86f34d12b2484d5374b997283ccbb94460e1843 /www/apache24
parentf5854958396fc969ba3c422aa54eb4b4e5c729f8 (diff)
downloadpkgsrc-bb7dcd7f66ae7acb49830829205ded444a4e1338.tar.gz
Fix CVE-2015-0228 (lua module) with upstream patch.
lua module is not enabled by default.
Diffstat (limited to 'www/apache24')
-rw-r--r--www/apache24/distinfo3
-rw-r--r--www/apache24/patches/patch-CVE-2015-022836
2 files changed, 38 insertions, 1 deletions
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index 3c52d448a12..6a41883a1af 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.18 2015/02/02 14:45:51 adam Exp $
+$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $
SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17
RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa
Size (httpd-2.4.12.tar.bz2) = 5054838 bytes
+SHA1 (patch-CVE-2015-0228) = 2a6ec79cc8feb546b3d4ede08877ad72347b55a7
SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
diff --git a/www/apache24/patches/patch-CVE-2015-0228 b/www/apache24/patches/patch-CVE-2015-0228
new file mode 100644
index 00000000000..9b82fc443eb
--- /dev/null
+++ b/www/apache24/patches/patch-CVE-2015-0228
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2015-0228,v 1.1 2015/03/28 06:28:04 ryoon Exp $
+
+http://svn.apache.org/viewvc?view=revision&revision=1657261
+
+--- modules/lua/lua_request.c.orig 2014-09-05 14:20:27.000000000 +0000
++++ modules/lua/lua_request.c
+@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State
+ {
+ apr_socket_t *sock;
+ apr_status_t rv;
++ int do_read = 1;
+ int n = 0;
+ apr_size_t len = 1;
+ apr_size_t plen = 0;
+@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State
+ mask_bytes = apr_pcalloc(r->pool, 4);
+ sock = ap_get_conn_socket(r->connection);
+
++ while (do_read) {
++ do_read = 0;
+ /* Get opcode and FIN bit */
+ if (plaintext) {
+ rv = apr_socket_recv(sock, &byte, &len);
+@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State
+ frame[0] = 0x8A;
+ frame[1] = 0;
+ apr_socket_send(sock, frame, &plen); /* Pong! */
+- lua_websocket_read(L); /* read the next frame instead */
++ do_read = 1;
+ }
+ }
+ }
++ }
+ return 0;
+ }
+