diff options
Diffstat (limited to 'www/apache22')
| -rw-r--r-- | www/apache22/Makefile | 4 | ||||
| -rw-r--r-- | www/apache22/distinfo | 3 | ||||
| -rw-r--r-- | www/apache22/patches/patch-ab | 83 |
3 files changed, 87 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 015dca44aeb..3371ed7e082 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.25 2008/05/26 02:13:25 joerg Exp $ +# $NetBSD: Makefile,v 1.26 2008/06/12 14:12:19 tron Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -#PKGREVISION= 1 +PKGREVISION= 1 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index dad597e533c..6f00955fb91 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.9 2008/01/21 15:07:11 xtraeme Exp $ +$NetBSD: distinfo,v 1.10 2008/06/12 14:12:19 tron Exp $ SHA1 (httpd-2.2.8.tar.bz2) = 5074904435d3d942ce2dc96c44b07294b8eaca77 RMD160 (httpd-2.2.8.tar.bz2) = 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 Size (httpd-2.2.8.tar.bz2) = 4799055 bytes SHA1 (patch-aa) = ae5b34058fc6455cfa9e3d52a50829155ce2eb11 +SHA1 (patch-ab) = 55f4dac616fbe47fea7be0aecd1b7be679b9b0e7 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 diff --git a/www/apache22/patches/patch-ab b/www/apache22/patches/patch-ab new file mode 100644 index 00000000000..0904bad2503 --- /dev/null +++ b/www/apache22/patches/patch-ab @@ -0,0 +1,83 @@ +$NetBSD: patch-ab,v 1.6 2008/06/12 14:12:19 tron Exp $ + +Patch for CVE-2008-2364, taken from here: + +http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154 + +--- modules/proxy/mod_proxy_http.c.orig 2007-12-08 14:01:47.000000000 +0000 ++++ modules/proxy/mod_proxy_http.c 2008-06-12 14:44:10.000000000 +0100 +@@ -1309,6 +1309,16 @@ + return rv; + } + ++/* ++ * Limit the number of interim respones we sent back to the client. Otherwise ++ * we suffer from a memory build up. Besides there is NO sense in sending back ++ * an unlimited number of interim responses to the client. Thus if we cross ++ * this limit send back a 502 (Bad Gateway). ++ */ ++#ifndef AP_MAX_INTERIM_RESPONSES ++#define AP_MAX_INTERIM_RESPONSES 10 ++#endif ++ + static + apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, + proxy_conn_rec *backend, +@@ -1323,8 +1333,8 @@ + apr_bucket *e; + apr_bucket_brigade *bb, *tmp_bb; + int len, backasswards; +- int interim_response; /* non-zero whilst interim 1xx responses +- * are being read. */ ++ int interim_response = 0; /* non-zero whilst interim 1xx responses ++ * are being read. */ + int pread_len = 0; + apr_table_t *save_table; + int backend_broke = 0; +@@ -1339,6 +1349,7 @@ + */ + + rp = ap_proxy_make_fake_req(origin, r); ++ ap_proxy_pre_http_request(origin, rp); + /* In case anyone needs to know, this is a fake request that is really a + * response. + */ +@@ -1469,7 +1480,6 @@ + if ((buf = apr_table_get(r->headers_out, "Content-Type"))) { + ap_set_content_type(r, apr_pstrdup(p, buf)); + } +- ap_proxy_pre_http_request(origin,rp); + + /* Clear hop-by-hop headers */ + for (i=0; hop_by_hop_hdrs[i]; ++i) { +@@ -1518,7 +1528,12 @@ + backend->close += 1; + } + +- interim_response = ap_is_HTTP_INFO(r->status); ++ if (ap_is_HTTP_INFO(r->status)) { ++ interim_response++; ++ } ++ else { ++ interim_response = 0; ++ } + if (interim_response) { + /* RFC2616 tells us to forward this. + * +@@ -1711,7 +1726,15 @@ + + apr_brigade_cleanup(bb); + } +- } while (interim_response); ++ } while (interim_response && (interim_response < AP_MAX_INTERIM_RESPONSES)); ++ ++ /* See define of AP_MAX_INTERIM_RESPONSES for why */ ++ if (interim_response >= AP_MAX_INTERIM_RESPONSES) { ++ return ap_proxyerror(r, HTTP_BAD_GATEWAY, ++ apr_psprintf(p, ++ "Too many (%d) interim responses from origin server", ++ interim_response)); ++ } + + /* If our connection with the client is to be aborted, return DONE. */ + if (c->aborted || backend_broke) { |