diff options
| author | lkundrak <lkundrak@pkgsrc.org> | 2007-06-28 00:38:00 +0000 |
|---|---|---|
| committer | lkundrak <lkundrak@pkgsrc.org> | 2007-06-28 00:38:00 +0000 |
| commit | 5023ecdf925204522581a36b415ff70c7cb76c1b (patch) | |
| tree | 02866c49eee1841f0cc43b8bcdcd5d0c7f54d1ee /www/apache | |
| parent | a3aa1a58275f1f90cc0e37a9032cee7f3283f906 (diff) | |
| download | pkgsrc-5023ecdf925204522581a36b415ff70c7cb76c1b.tar.gz | |
Fixing two possible security vulnerabilities:
CVE-2006-5752 XSS in mod_status with ExtendedStatus on
CVE-2007-3304 Remote DoS if MPM and mod_cache enabled
bumping PKGREVISION
Diffstat (limited to 'www/apache')
| -rw-r--r-- | www/apache/Makefile | 4 | ||||
| -rw-r--r-- | www/apache/distinfo | 4 | ||||
| -rw-r--r-- | www/apache/patches/patch-ar | 40 | ||||
| -rw-r--r-- | www/apache/patches/patch-as | 48 |
4 files changed, 93 insertions, 3 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile index 9c2a8267030..4c736c7c670 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.189 2007/01/23 15:45:43 ghen Exp $ +# $NetBSD: Makefile,v 1.190 2007/06/28 00:38:00 lkundrak Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). DISTNAME= apache_1.3.37 PKGNAME= ${DISTNAME:S/_/-/} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} diff --git a/www/apache/distinfo b/www/apache/distinfo index 631dc102cf2..be30ba6cf45 100644 --- a/www/apache/distinfo +++ b/www/apache/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.53 2006/07/30 11:17:51 jdolecek Exp $ +$NetBSD: distinfo,v 1.54 2007/06/28 00:38:00 lkundrak Exp $ SHA1 (apache_1.3.37.tar.gz) = b422fac1dda10baa483e8f4378dff58faf3f85b4 RMD160 (apache_1.3.37.tar.gz) = de84adf2fd0a745c32072ca5dc5e1374cfcf04f7 @@ -24,3 +24,5 @@ SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1 SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0 SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29 SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178 +SHA1 (patch-ar) = fff679923f13c511d0871d3d27b291e989c21a04 +SHA1 (patch-as) = c7e46d8d5b142e8b64d343ff2a5c97509e52a85f diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar new file mode 100644 index 00000000000..c0016a6cdd4 --- /dev/null +++ b/www/apache/patches/patch-ar @@ -0,0 +1,40 @@ +$NetBSD: patch-ar,v 1.5 2007/06/28 00:38:01 lkundrak Exp $ + +--- src/main/http_main.c.orig 2007-06-28 02:10:30.000000000 +0200 ++++ src/main/http_main.c +@@ -2751,6 +2751,17 @@ static int find_child_by_pid(int pid) + return -1; + } + ++static int safe_child_kill(pid_t pid, int sig) ++{ ++ if (getpgid(pid) == getpgrp()) { ++ return kill(pid, sig); ++ } ++ else { ++ errno = EINVAL; ++ return -1; ++ } ++} ++ + static void reclaim_child_processes(int terminate) + { + #ifndef MULTITHREAD +@@ -5113,7 +5124,7 @@ static void perform_idle_server_maintena + else if (ps->last_rtime + ss->timeout_len < now) { + /* no progress, and the timeout length has been exceeded */ + ss->timeout_len = 0; +- kill(ps->pid, SIG_TIMEOUT_KILL); ++ safe_child_kill(ps->pid, SIG_TIMEOUT_KILL); + } + } + #endif +@@ -5126,7 +5137,7 @@ static void perform_idle_server_maintena + * while we were counting. Use the define SIG_IDLE_KILL to reflect + * which signal should be used on the specific OS. + */ +- kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL); ++ safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL); + idle_spawn_rate = 1; + #ifdef TPF + ap_update_child_status(to_kill, SERVER_DEAD, (request_rec *)NULL); diff --git a/www/apache/patches/patch-as b/www/apache/patches/patch-as new file mode 100644 index 00000000000..ada8a6dd033 --- /dev/null +++ b/www/apache/patches/patch-as @@ -0,0 +1,48 @@ +$NetBSD: patch-as,v 1.5 2007/06/28 00:38:01 lkundrak Exp $ + +--- src/modules/standard/mod_status.c.orig 2007-06-28 02:39:31.000000000 +0200 ++++ src/modules/standard/mod_status.c 2007-06-28 02:44:25.000000000 +0200 +@@ -221,7 +221,7 @@ static int status_handler(request_rec *r + if (r->method_number != M_GET) + return DECLINED; + +- r->content_type = "text/html"; ++ r->content_type = "text/html; charset=ISO-8859-1"; + + /* + * Simple table-driven form data set parser that lets you alter the header +@@ -247,7 +247,7 @@ static int status_handler(request_rec *r + no_table_report = 1; + break; + case STAT_OPT_AUTO: +- r->content_type = "text/plain"; ++ r->content_type = "text/plain; charset=ISO-8859-1"; + short_report = 1; + break; + } +@@ -591,7 +591,7 @@ static int status_handler(request_rec *r + ap_rputs(")\n", r); + ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n", + ap_escape_html(r->pool, score_record.client), +- ap_escape_html(r->pool, score_record.request), ++ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)), + vhost ? ap_escape_html(r->pool, + vhost->server_hostname) : "(unavailable)"); + } +@@ -686,14 +686,14 @@ static int status_handler(request_rec *r + "</tr>\n\n", + score_record.client, + vhost ? vhost->server_hostname : "(unavailable)", +- ap_escape_html(r->pool, score_record.request)); ++ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request))) + #else + ap_rprintf(r, + "<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n", + ap_escape_html(r->pool, score_record.client), + vhost ? ap_escape_html(r->pool, + vhost->server_hostname) : "(unavailable)", +- ap_escape_html(r->pool, score_record.request)); ++ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request))) + #endif + } /* no_table_report */ + } /* !short_report */ |