From 244a8ee4bd86fddf27e54c98e4863d881ef1ce00 Mon Sep 17 00:00:00 2001 From: tron Date: Wed, 1 Feb 2012 19:53:21 +0000 Subject: Update "apache" package to version 2.2.22. Changes since 2.2.21: - SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] - SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] - SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] - SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. Bug#52256. [Rainer Canavan ] - SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton] - SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener] - mod_proxy_ajp: Try to prevent a single long request from marking a worker in error. [Jean-Frederic Clere] - config: Update the default mod_ssl configuration: Disable SSLv2, only allow >= 128bit ciphers, add commented example for speed optimized cipher list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand] - core: Fix segfault in ap_send_interim_response(). Bug#52315. [Stefan Fritsch] - mod_log_config: Prevent segfault. Bug#50861. [Torsten Foertsch ] - mod_win32: Invert logic for env var UTF-8 fixing. Now we exclude a list of vars which we know for sure they dont hold UTF-8 chars; all other vars will be fixed. This has the benefit that now also all vars from 3rd-party modules will be fixed. Bug#13029 / 34985. [Guenter Knauf] - core: Fix hook sorting for Perl modules, a regression introduced in 2.2.21. Bug#45076. [Torsten Foertsch ] - Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200. Bug#51878. [Jim Jagielski] - Example configuration: Fix entry for MaxRanges (use "unlimited" instead of "0"). [Rainer Jung] - mod_substitute: Fix buffer overrun. [Ruediger Pluem, Rainer Jung] Please note that all the security fixes had been integrated into "pkgsrc" as patches previously. --- www/apache22/Makefile | 9 +- www/apache22/PLIST | 16 ++- www/apache22/distinfo | 16 +-- www/apache22/patches/patch-CVE-2012-0021 | 42 ------- www/apache22/patches/patch-af | 8 +- .../patches/patch-modules_mappers_mod_rewrite.c | 35 ------ .../patches/patch-modules_proxy_mod_proxy.c | 35 ------ www/apache22/patches/patch-server_protocol.c | 129 --------------------- www/apache22/patches/patch-server_scoreboard.c | 33 ------ www/apache22/patches/patch-server_util.c | 26 ----- 10 files changed, 25 insertions(+), 324 deletions(-) delete mode 100644 www/apache22/patches/patch-CVE-2012-0021 delete mode 100644 www/apache22/patches/patch-modules_mappers_mod_rewrite.c delete mode 100644 www/apache22/patches/patch-modules_proxy_mod_proxy.c delete mode 100644 www/apache22/patches/patch-server_protocol.c delete mode 100644 www/apache22/patches/patch-server_scoreboard.c delete mode 100644 www/apache22/patches/patch-server_util.c (limited to 'www') diff --git a/www/apache22/Makefile b/www/apache22/Makefile index c0cb8d2bbb9..acf7cfb17e6 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.78 2012/01/29 12:29:07 tron Exp $ +# $NetBSD: Makefile,v 1.79 2012/02/01 19:53:21 tron Exp $ -DISTNAME= httpd-2.2.21 +DISTNAME= httpd-2.2.22 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 7 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ @@ -122,8 +121,8 @@ OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755 FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1 FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8 -FIX_MAN_PERMS+= man8/rotatelogs.8 man8/logresolve.8 man8/apxs.8 -FIX_MAN_PERMS+= man8/apachectl.8 man8/ab.8 +FIX_MAN_PERMS+= man8/rotatelogs.8 man1/logresolve.1 man1/apxs.1 +FIX_MAN_PERMS+= man8/apachectl.8 man1/ab.1 man1/httxt2dbm.1 # Fix paths in the apache manpages. SUBST_CLASSES+= man diff --git a/www/apache22/PLIST b/www/apache22/PLIST index aebfb147a12..75d4f406a2a 100644 --- a/www/apache22/PLIST +++ b/www/apache22/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.19 2011/05/12 06:50:44 tron Exp $ +@comment $NetBSD: PLIST,v 1.20 2012/02/01 19:53:21 tron Exp $ ${PLIST.suexec}sbin/suexec include/httpd/ap_compat.h include/httpd/ap_config.h @@ -127,16 +127,17 @@ ${PLIST.all-shared}lib/httpd/mod_version.so ${PLIST.all-shared}lib/httpd/mod_vhost_alias.so libexec/cgi-bin/printenv libexec/cgi-bin/test-cgi +man/man1/ab.1 +man/man1/apxs.1 man/man1/dbmmanage.1 man/man1/htdbm.1 man/man1/htdigest.1 man/man1/htpasswd.1 -man/man8/ab.8 +man/man1/httxt2dbm.1 +man/man1/logresolve.1 man/man8/apachectl.8 -man/man8/apxs.8 man/man8/htcacheclean.8 man/man8/httpd.8 -man/man8/logresolve.8 man/man8/rotatelogs.8 man/man8/suexec.8 sbin/ab @@ -618,6 +619,7 @@ share/httpd/manual/license.html share/httpd/manual/license.html.en share/httpd/manual/logs.html share/httpd/manual/logs.html.en +share/httpd/manual/logs.html.fr share/httpd/manual/logs.html.ja.utf8 share/httpd/manual/logs.html.ko.euc-kr share/httpd/manual/logs.html.tr.utf8 @@ -892,11 +894,14 @@ share/httpd/manual/mod/mod_proxy_connect.html.en share/httpd/manual/mod/mod_proxy_connect.html.ja.utf8 share/httpd/manual/mod/mod_proxy_ftp.html share/httpd/manual/mod/mod_proxy_ftp.html.en +share/httpd/manual/mod/mod_proxy_ftp.html.ja.utf8 share/httpd/manual/mod/mod_proxy_http.html share/httpd/manual/mod/mod_proxy_http.html.en share/httpd/manual/mod/mod_proxy_http.html.fr +share/httpd/manual/mod/mod_proxy_http.html.ja.utf8 share/httpd/manual/mod/mod_proxy_scgi.html share/httpd/manual/mod/mod_proxy_scgi.html.en +share/httpd/manual/mod/mod_proxy_scgi.html.ja.utf8 share/httpd/manual/mod/mod_reqtimeout.html share/httpd/manual/mod/mod_reqtimeout.html.en share/httpd/manual/mod/mod_rewrite.html @@ -1007,6 +1012,7 @@ share/httpd/manual/new_features_2_0.html.tr.utf8 share/httpd/manual/new_features_2_2.html share/httpd/manual/new_features_2_2.html.en share/httpd/manual/new_features_2_2.html.fr +share/httpd/manual/new_features_2_2.html.ja.utf8 share/httpd/manual/new_features_2_2.html.ko.euc-kr share/httpd/manual/new_features_2_2.html.pt-br share/httpd/manual/new_features_2_2.html.tr.utf8 @@ -1074,6 +1080,7 @@ share/httpd/manual/programs/httxt2dbm.html.tr.utf8 share/httpd/manual/programs/index.html share/httpd/manual/programs/index.html.en share/httpd/manual/programs/index.html.es +share/httpd/manual/programs/index.html.ja.utf8 share/httpd/manual/programs/index.html.ko.euc-kr share/httpd/manual/programs/index.html.ru.koi8-r share/httpd/manual/programs/index.html.tr.utf8 @@ -1190,6 +1197,7 @@ share/httpd/manual/upgrading.html share/httpd/manual/upgrading.html.de share/httpd/manual/upgrading.html.en share/httpd/manual/upgrading.html.fr +share/httpd/manual/upgrading.html.ja.utf8 share/httpd/manual/urlmapping.html share/httpd/manual/urlmapping.html.en share/httpd/manual/urlmapping.html.ja.utf8 diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 0eb940dfe5e..840f7b85625 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,24 +1,18 @@ -$NetBSD: distinfo,v 1.49 2012/01/29 12:29:07 tron Exp $ +$NetBSD: distinfo,v 1.50 2012/02/01 19:53:21 tron Exp $ -SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4 -RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1 -Size (httpd-2.2.21.tar.bz2) = 5324905 bytes -SHA1 (patch-CVE-2012-0021) = 8c44c591ffa3a4ca32de47c71d1aa8470de81f1e +SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696 +RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9 +Size (httpd-2.2.22.tar.bz2) = 5378934 bytes SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 -SHA1 (patch-af) = 312d3bce5e1bf6e747b5f0f313d89bf5b4636392 +SHA1 (patch-af) = 580950dbf0154ba1c93f5c58eae766c7d6c0c00c SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 -SHA1 (patch-modules_mappers_mod_rewrite.c) = de7bbdf02dda38e2542e4967ee6f22745ec0f118 -SHA1 (patch-modules_proxy_mod_proxy.c) = bab58b70eee22d7c08be9a4a9ada3fad886fa796 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 -SHA1 (patch-server_protocol.c) = dc99717704f53837dfd7b9c1018487a787dcbfd9 -SHA1 (patch-server_scoreboard.c) = 8d1e007f8d1d6a6db827a41d82369749e603a2b3 -SHA1 (patch-server_util.c) = 37e9c357618a9645222cd981f0ccb04c7987fe15 diff --git a/www/apache22/patches/patch-CVE-2012-0021 b/www/apache22/patches/patch-CVE-2012-0021 deleted file mode 100644 index 80d11463546..00000000000 --- a/www/apache22/patches/patch-CVE-2012-0021 +++ /dev/null @@ -1,42 +0,0 @@ -$NetBSD: patch-CVE-2012-0021,v 1.1 2012/01/29 12:29:08 tron Exp $ - -Fix security vulnerability reported in CVE-2012-0021. Patch taken from -Apache SVN repository: - -http://svn.apache.org/viewvc?view=revision&revision=1227292 - ---- modules/loggers/mod_log_config.c.orig 2010-08-24 07:41:38.000000000 +0100 -+++ modules/loggers/mod_log_config.c 2012-01-29 12:08:13.000000000 +0000 -@@ -524,19 +524,21 @@ - - while ((cookie = apr_strtok(cookies, ";", &last1))) { - char *name = apr_strtok(cookie, "=", &last2); -- char *value; -- apr_collapse_spaces(name, name); -+ if (name) { -+ char *value; -+ apr_collapse_spaces(name, name); -+ -+ if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { -+ char *last; -+ value += strspn(value, " \t"); /* Move past leading WS */ -+ last = value + strlen(value) - 1; -+ while (last >= value && apr_isspace(*last)) { -+ *last = '\0'; -+ --last; -+ } - -- if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) { -- char *last; -- value += strspn(value, " \t"); /* Move past leading WS */ -- last = value + strlen(value) - 1; -- while (last >= value && apr_isspace(*last)) { -- *last = '\0'; -- --last; -+ return ap_escape_logitem(r->pool, value); - } -- -- return ap_escape_logitem(r->pool, value); - } - cookies = NULL; - } diff --git a/www/apache22/patches/patch-af b/www/apache22/patches/patch-af index 809b76d5702..278ba6db864 100644 --- a/www/apache22/patches/patch-af +++ b/www/apache22/patches/patch-af @@ -1,10 +1,10 @@ -$NetBSD: patch-af,v 1.5 2011/03/20 03:18:21 dholland Exp $ +$NetBSD: patch-af,v 1.6 2012/02/01 19:53:21 tron Exp $ Fix markup glitch. ---- docs/man/apxs.8~ 2011-03-20 02:48:50.000000000 +0000 -+++ docs/man/apxs.8 -@@ -96,7 +96,11 @@ This explicitly sets the module name for +--- docs/man/apxs.1.orig 2012-01-10 23:32:02.000000000 +0000 ++++ docs/man/apxs.1 2012-02-01 19:18:34.000000000 +0000 +@@ -96,7 +96,11 @@ .TP -q diff --git a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c deleted file mode 100644 index 47396c88531..00000000000 --- a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.1 2011/12/13 15:37:56 spz Exp $ - -revision 1209432 from http://svn.apache.org/: - Fix for additional cases of URL rewriting with ProxyPassMatch or - RewriteRule, where particular request-URIs could result in undesired - backend network exposure in some configurations. (CVE-2011-4317) - - Thanks to Prutha Parikh from Qualys for reporting this issue. - - * modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*" - request-URI. Fail for cases where r->uri does not begin with a "/". - - * modules/mappers/mod_rewrite.c (hook_uri2file): Likewise. - ---- modules/mappers/mod_rewrite.c.orig 2011-09-03 22:54:25.000000000 +0000 -+++ modules/mappers/mod_rewrite.c -@@ -4266,6 +4266,18 @@ static int hook_uri2file(request_rec *r) - return DECLINED; - } - -+ if (strcmp(r->unparsed_uri, "*") == 0) { -+ /* Don't apply rewrite rules to "*". */ -+ return DECLINED; -+ } -+ -+ /* Check that the URI is valid. */ -+ if (!r->uri || r->uri[0] != '/') { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Invalid URI in request %s", r->the_request); -+ return HTTP_BAD_REQUEST; -+ } -+ - /* - * add the SCRIPT_URL variable to the env. this is a bit complicated - * due to the fact that apache uses subrequests and internal redirects diff --git a/www/apache22/patches/patch-modules_proxy_mod_proxy.c b/www/apache22/patches/patch-modules_proxy_mod_proxy.c deleted file mode 100644 index e75f25b9e29..00000000000 --- a/www/apache22/patches/patch-modules_proxy_mod_proxy.c +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-modules_proxy_mod_proxy.c,v 1.1 2011/12/13 15:37:57 spz Exp $ - -revision 1209432 from http://svn.apache.org/: - Fix for additional cases of URL rewriting with ProxyPassMatch or - RewriteRule, where particular request-URIs could result in undesired - backend network exposure in some configurations. (CVE-2011-4317) - - Thanks to Prutha Parikh from Qualys for reporting this issue. - - * modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*" - request-URI. Fail for cases where r->uri does not begin with a "/". - - * modules/mappers/mod_rewrite.c (hook_uri2file): Likewise. - ---- modules/proxy/mod_proxy.c.orig 2010-10-07 18:51:18.000000000 +0000 -+++ modules/proxy/mod_proxy.c -@@ -566,6 +566,18 @@ static int proxy_trans(request_rec *r) - return OK; - } - -+ if (strcmp(r->unparsed_uri, "*") == 0) { -+ /* "*" cannot be proxied. */ -+ return DECLINED; -+ } -+ -+ /* Check that the URI is valid. */ -+ if (!r->uri || r->uri[0] != '/') { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Invalid URI in request %s", r->the_request); -+ return HTTP_BAD_REQUEST; -+ } -+ - /* XXX: since r->uri has been manipulated already we're not really - * compliant with RFC1945 at this point. But this probably isn't - * an issue because this is a hybrid proxy/origin server. diff --git a/www/apache22/patches/patch-server_protocol.c b/www/apache22/patches/patch-server_protocol.c deleted file mode 100644 index 2aa8c2ad9ae..00000000000 --- a/www/apache22/patches/patch-server_protocol.c +++ /dev/null @@ -1,129 +0,0 @@ -$NetBSD: patch-server_protocol.c,v 1.4 2012/01/29 12:29:08 tron Exp $ - -revision 1179239 from http://svn.apache.org/: - SECURITY (CVE-2011-3368): Prevent unintended pattern expansion - in some reverse proxy configurations by strictly validating - the request-URI. - -revision 1179525 from http://svn.apache.org/: - SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some - reverse proxy configurations by strictly validating the request-URI: - * server/protocol.c (read_request_line): Send a 400 response if the - request-URI does not match the grammar from RFC 2616. This ensures - the input string for RewriteRule et al really is an absolute path. - -revision 1235454 from http://svn.apache.org/: - CVE-2012-0053: Fix an issue in error responses that could expose - "httpOnly" cookies when no custom ErrorDocument is specified for - status code 400. - ---- server/protocol.c.orig 2011-05-07 12:39:29.000000000 +0100 -+++ server/protocol.c 2012-01-29 12:22:25.000000000 +0000 -@@ -640,6 +640,25 @@ - - ap_parse_uri(r, uri); - -+ /* RFC 2616: -+ * Request-URI = "*" | absoluteURI | abs_path | authority -+ * -+ * authority is a special case for CONNECT. If the request is not -+ * using CONNECT, and the parsed URI does not have scheme, and -+ * it does not begin with '/', and it is not '*', then, fail -+ * and give a 400 response. */ -+ if (r->method_number != M_CONNECT -+ && !r->parsed_uri.scheme -+ && uri[0] != '/' -+ && !(uri[0] == '*' && uri[1] == '\0')) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "invalid request-URI %s", uri); -+ r->args = NULL; -+ r->hostname = NULL; -+ r->status = HTTP_BAD_REQUEST; -+ r->uri = apr_pstrdup(r->pool, uri); -+ } -+ - if (ll[0]) { - r->assbackwards = 0; - pro = ll; -@@ -670,6 +689,16 @@ - return 1; - } - -+/* get the length of the field name for logging, but no more than 80 bytes */ -+#define LOG_NAME_MAX_LEN 80 -+static int field_name_len(const char *field) -+{ -+ const char *end = ap_strchr_c(field, ':'); -+ if (end == NULL || end - field > LOG_NAME_MAX_LEN) -+ return LOG_NAME_MAX_LEN; -+ return end - field; -+} -+ - AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) - { - char *last_field = NULL; -@@ -709,12 +738,15 @@ - /* insure ap_escape_html will terminate correctly */ - field[len - 1] = '\0'; - apr_table_setn(r->notes, "error-notes", -- apr_pstrcat(r->pool, -+ apr_psprintf(r->pool, - "Size of a request header field " - "exceeds server limit.
\n" -- "
\n",
--                                           ap_escape_html(r->pool, field),
--                                           "
\n", NULL)); -+ "
\n%.*s\n
/n", -+ field_name_len(field), -+ ap_escape_html(r->pool, field))); -+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, -+ "Request header exceeds LimitRequestFieldSize: " -+ "%.*s", field_name_len(field), field); - } - return; - } -@@ -735,13 +767,17 @@ - * overflow (last_field) as the field with the problem - */ - apr_table_setn(r->notes, "error-notes", -- apr_pstrcat(r->pool, -+ apr_psprintf(r->pool, - "Size of a request header field " - "after folding " - "exceeds server limit.
\n" -- "
\n",
--                                               ap_escape_html(r->pool, last_field),
--                                               "
\n", NULL)); -+ "
\n%.*s\n
\n", -+ field_name_len(last_field), -+ ap_escape_html(r->pool, last_field))); -+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, -+ "Request header exceeds LimitRequestFieldSize " -+ "after folding: %.*s", -+ field_name_len(last_field), last_field); - return; - } - -@@ -773,13 +809,18 @@ - if (!(value = strchr(last_field, ':'))) { /* Find ':' or */ - r->status = HTTP_BAD_REQUEST; /* abort bad request */ - apr_table_setn(r->notes, "error-notes", -- apr_pstrcat(r->pool, -+ apr_psprintf(r->pool, - "Request header field is " - "missing ':' separator.
\n" -- "
\n",
-+                                               "
\n%.*s
\n",
-+                                               (int)LOG_NAME_MAX_LEN,
-                                                ap_escape_html(r->pool,
--                                                              last_field),
--                                               "
\n", NULL)); -+ last_field))); -+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Request header field is missing ':' " -+ "separator: %.*s", (int)LOG_NAME_MAX_LEN, -+ last_field); -+ - return; - } - diff --git a/www/apache22/patches/patch-server_scoreboard.c b/www/apache22/patches/patch-server_scoreboard.c deleted file mode 100644 index 6426149d756..00000000000 --- a/www/apache22/patches/patch-server_scoreboard.c +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-server_scoreboard.c,v 1.1 2012/01/17 20:48:29 spz Exp $ - -patch for CVE-2012-0031 taken from Revision 1231058 of http://svn.apache.org/ - ---- server/scoreboard.c.orig 2010-10-07 16:56:54.000000000 +0000 -+++ server/scoreboard.c -@@ -42,6 +42,8 @@ AP_DECLARE_DATA const char *ap_scoreboar - AP_DECLARE_DATA int ap_extended_status = 0; - AP_DECLARE_DATA int ap_mod_status_reqtail = 0; - -+static ap_scoreboard_e scoreboard_type; -+ - #if APR_HAS_SHARED_MEMORY - - #include "apr_shm.h" -@@ -250,7 +252,7 @@ apr_status_t ap_cleanup_scoreboard(void - if (ap_scoreboard_image == NULL) { - return APR_SUCCESS; - } -- if (ap_scoreboard_image->global->sb_type == SB_SHARED) { -+ if (scoreboard_type == SB_SHARED) { - ap_cleanup_shared_mem(NULL); - } - else { -@@ -312,7 +314,7 @@ int ap_create_scoreboard(apr_pool_t *p, - ap_init_scoreboard(sb_mem); - } - -- ap_scoreboard_image->global->sb_type = sb_type; -+ ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type; - ap_scoreboard_image->global->running_generation = 0; - ap_scoreboard_image->global->restart_time = apr_time_now(); - diff --git a/www/apache22/patches/patch-server_util.c b/www/apache22/patches/patch-server_util.c deleted file mode 100644 index 65c91175ca3..00000000000 --- a/www/apache22/patches/patch-server_util.c +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-server_util.c,v 1.2 2012/01/17 20:48:29 spz Exp $ - -fix for http://secunia.com/advisories/45793/ -http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/util.c?r1=1124515&r2=1227280 -modulo we have apr 1.3 and can use APR_SIZE_MAX and APR_ENOMEM - ---- server/util.c.orig 2011-05-19 02:17:37.000000000 +0000 -+++ server/util.c -@@ -366,7 +366,7 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t - char *dest, *dst; - char c; - size_t no; -- int len; -+ apr_size_t len; - - if (!source) - return NULL; -@@ -391,6 +391,8 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t - len++; - } - else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { -+ if (APR_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) -+ return APR_ENOMEM; - len += pmatch[no].rm_eo - pmatch[no].rm_so; - } - -- cgit v1.2.3