2 files changed, 38 insertions, 1 deletions

diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index 3c52d448a12..6a41883a1af 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.18 2015/02/02 14:45:51 adam Exp $
+$NetBSD: distinfo,v 1.19 2015/03/28 06:28:04 ryoon Exp $
 
 SHA1 (httpd-2.4.12.tar.bz2) = bc4681bfd63accec8d82d3cc440fbc8264ce0f17
 RMD160 (httpd-2.4.12.tar.bz2) = 396deb95ca40f429cc3845a36b766a9fb1c2c2aa
 Size (httpd-2.4.12.tar.bz2) = 5054838 bytes
+SHA1 (patch-CVE-2015-0228) = 2a6ec79cc8feb546b3d4ede08877ad72347b55a7
 SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
diff --git a/www/apache24/patches/patch-CVE-2015-0228 b/www/apache24/patches/patch-CVE-2015-0228
new file mode 100644
index 00000000000..9b82fc443eb
--- /dev/null
+++ b/www/apache24/patches/patch-CVE-2015-0228
@@ -0,0 +1,36 @@
+$NetBSD: patch-CVE-2015-0228,v 1.1 2015/03/28 06:28:04 ryoon Exp $
+
+http://svn.apache.org/viewvc?view=revision&revision=1657261
+
+--- modules/lua/lua_request.c.orig	2014-09-05 14:20:27.000000000 +0000
++++ modules/lua/lua_request.c
+@@ -2229,6 +2229,7 @@ static int lua_websocket_read(lua_State 
+ {
+     apr_socket_t *sock;
+     apr_status_t rv;
++    int do_read = 1;
+     int n = 0;
+     apr_size_t len = 1;
+     apr_size_t plen = 0;
+@@ -2246,6 +2247,8 @@ static int lua_websocket_read(lua_State 
+     mask_bytes = apr_pcalloc(r->pool, 4);
+     sock = ap_get_conn_socket(r->connection);
+ 
++    while (do_read) { 
++    do_read = 0;
+     /* Get opcode and FIN bit */
+     if (plaintext) {
+         rv = apr_socket_recv(sock, &byte, &len);
+@@ -2372,10 +2375,11 @@ static int lua_websocket_read(lua_State 
+                 frame[0] = 0x8A;
+                 frame[1] = 0;
+                 apr_socket_send(sock, frame, &plen); /* Pong! */
+-                lua_websocket_read(L); /* read the next frame instead */
++                do_read = 1;
+             }
+         }
+     }
++    }
+     return 0;
+ }
+