Apply the patch for CVE-2008-2364 from apache.

Bump pkg revision.

3 files changed, 74 insertions, 2 deletions

diff --git a/www/apache2/Makefile.common b/www/apache2/Makefile.common
index f58f064a53b..3c81c97d6fd 100644
--- a/www/apache2/Makefile.common
+++ b/www/apache2/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.24 2008/01/21 14:38:29 taca Exp $
+# $NetBSD: Makefile.common,v 1.25 2008/06/20 13:28:08 he Exp $
 
 # used by devel/apr0/Makefile
 
@@ -7,6 +7,7 @@ EXTRACT_SUFX=		.tar.bz2
 # When updating this version be sure to update the checksum and remove
 # any PKGREVISION for devel/apr also.
 APACHE_VERSION=		2.0.63
+PKGREVISION=		1
 APR_VERSION=		0.9.17
 MASTER_SITES=		${MASTER_SITE_APACHE:=httpd/} \
 			${MASTER_SITE_APACHE:=httpd/old/} \
diff --git a/www/apache2/distinfo b/www/apache2/distinfo
index 7a74aab02db..cb63100eb59 100644
--- a/www/apache2/distinfo
+++ b/www/apache2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.52 2008/01/21 14:37:22 taca Exp $
+$NetBSD: distinfo,v 1.53 2008/06/20 13:28:08 he Exp $
 
 SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755
 RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870
@@ -13,3 +13,4 @@ SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
 SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6
+SHA1 (patch-ap) = 260b9c88bbcb238a81319ff5bef523ec6d765a27
diff --git a/www/apache2/patches/patch-ap b/www/apache2/patches/patch-ap
new file mode 100644
index 00000000000..7f24ab37ea6
--- /dev/null
+++ b/www/apache2/patches/patch-ap
@@ -0,0 +1,70 @@
+$NetBSD: patch-ap,v 1.5 2008/06/20 13:28:08 he Exp $
+
+This is directly from
+http://www.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2008-2364-patch-2.0.txt
+and as the name indicates a security-related patch.
+
+Index: modules/proxy/proxy_http.c
+===================================================================
+--- modules/proxy/proxy_http.c	(revision 666240)
++++ modules/proxy/proxy_http.c	(working copy)
+@@ -1290,6 +1290,16 @@
+     return 1;
+ }
+ 
++/*
++ * Limit the number of interim respones we sent back to the client. Otherwise
++ * we suffer from a memory build up. Besides there is NO sense in sending back
++ * an unlimited number of interim responses to the client. Thus if we cross
++ * this limit send back a 502 (Bad Gateway).
++ */
++#ifndef AP_MAX_INTERIM_RESPONSES
++#define AP_MAX_INTERIM_RESPONSES 10
++#endif
++
+ static
+ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
+                                             proxy_http_conn_t *p_conn,
+@@ -1322,7 +1332,7 @@
+      */
+     rp->proxyreq = PROXYREQ_RESPONSE;
+ 
+-    while (received_continue) {
++    while (received_continue && (received_continue <= AP_MAX_INTERIM_RESPONSES)) {
+         apr_brigade_cleanup(bb);
+ 
+         len = ap_getline(buffer, sizeof(buffer), rp, 0);
+@@ -1440,7 +1450,9 @@
+             if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
+                 ap_set_content_type(r, apr_pstrdup(p, buf));
+             }            
+-            ap_proxy_pre_http_request(origin,rp);
++            if (!ap_is_HTTP_INFO(r->status)) {
++                ap_proxy_pre_http_request(origin, rp);
++            }
+ 
+             /* handle Via header in response */
+             if (conf->viaopt != via_off && conf->viaopt != via_block) {
+@@ -1486,6 +1498,7 @@
+         if ( r->status != HTTP_CONTINUE ) {
+             received_continue = 0;
+         } else {
++            received_continue++;
+             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
+                          "proxy: HTTP: received 100 CONTINUE");
+         }
+@@ -1622,6 +1635,14 @@
+         }
+     }
+ 
++    /* See define of AP_MAX_INTERIM_RESPONSES for why */
++    if (received_continue > AP_MAX_INTERIM_RESPONSES) {
++        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
++                             apr_psprintf(p, 
++                             "Too many (%d) interim responses from origin server",
++                             received_continue));
++    }
++
+     if ( conf->error_override ) {
+         /* the code above this checks for 'OK' which is what the hook expects */
+         if ( r->status == HTTP_OK )