diff options
| author | tron <tron@pkgsrc.org> | 2009-09-13 13:32:50 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2009-09-13 13:32:50 +0000 |
| commit | 2f970c081a1d5f7139ec08da02f7ff2bdd169ee9 (patch) | |
| tree | ce1cec85ad2425952b0a4b61c76e677cfc38e48f /www | |
| parent | 518ff201f64bb535de5b898aff27a1613b32e0f9 (diff) | |
| download | pkgsrc-2f970c081a1d5f7139ec08da02f7ff2bdd169ee9.tar.gz | |
Add a fix for the remote Denial of Service vulnerability reported
in CVE-2009-3094.
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache22/Makefile | 3 | ||||
| -rw-r--r-- | www/apache22/distinfo | 3 | ||||
| -rw-r--r-- | www/apache22/patches/patch-ab | 19 |
3 files changed, 23 insertions, 2 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index f54633f6d33..bd6f3e57087 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.49 2009/08/10 11:45:08 tron Exp $ +# $NetBSD: Makefile,v 1.50 2009/09/13 13:32:50 tron Exp $ DISTNAME= httpd-2.2.13 PKGNAME= ${DISTNAME:S/httpd/apache/} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} diff --git a/www/apache22/distinfo b/www/apache22/distinfo index a628ebc2a03..f59e7d8f31a 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.24 2009/08/10 11:45:08 tron Exp $ +$NetBSD: distinfo,v 1.25 2009/09/13 13:32:50 tron Exp $ SHA1 (httpd-2.2.13.tar.bz2) = 44d85da1b8e6c579d4514cfefbea00b284717b69 RMD160 (httpd-2.2.13.tar.bz2) = 4a6a2247cc118175a9a36f1e14344ee71da24627 Size (httpd-2.2.13.tar.bz2) = 5300199 bytes SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf +SHA1 (patch-ab) = 76e50e1603c37e982a6ae9179009457aa9589e87 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 diff --git a/www/apache22/patches/patch-ab b/www/apache22/patches/patch-ab new file mode 100644 index 00000000000..358e46cd363 --- /dev/null +++ b/www/apache22/patches/patch-ab @@ -0,0 +1,19 @@ +$NetBSD: patch-ab,v 1.12 2009/09/13 13:32:50 tron Exp $ + +Fix for CVE-2009-3094 based on the description of the problem: + +http://www.intevydis.com/blog/?p=59 + +--- modules/proxy/mod_proxy_ftp.c.orig 2008-11-11 20:04:34.000000000 +0000 ++++ modules/proxy/mod_proxy_ftp.c 2009-09-13 14:23:13.000000000 +0100 +@@ -1274,7 +1274,9 @@ + } + else { + /* and try the regular way */ +- apr_socket_close(data_sock); ++ if (data_sock != NULL) { ++ apr_socket_close(data_sock); ++ } + } + } + } |