Mon Jun 16 09:00:02 2008 UTC ()
Pullup ticket 2425 - requested by tron
security patch for apache22
- pkgsrc/www/apache22/Makefile 1.26
- pkgsrc/www/apache22/distinfo 1.10
- pkgsrc/www/apache22/patches/patch-ab 1.6
Module Name: pkgsrc
Committed By: tron
Date: Thu Jun 12 14:12:19 UTC 2008
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-ab
Log Message:
Add patch for CVE-2008-2364 from the Apache SVN repository.
(ghen)
diff -r1.24 -r1.24.2.1 pkgsrc/www/apache22/Makefile
diff -r1.9 -r1.9.2.1 pkgsrc/www/apache22/distinfo
diff -r0 -r1.5.2.1 pkgsrc/www/apache22/patches/patch-ab
--- pkgsrc/www/apache22/Attic/Makefile 2008/01/21 15:07:10 1.24
+++ pkgsrc/www/apache22/Attic/Makefile 2008/06/16 09:00:02 1.24.2.1
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
| 1 | # $NetBSD: Makefile,v 1.24 2008/01/21 15:07:10 xtraeme Exp $ | | 1 | # $NetBSD: Makefile,v 1.24.2.1 2008/06/16 09:00:02 ghen Exp $ |
| 2 | | | 2 | |
| 3 | .include "Makefile.common" | | 3 | .include "Makefile.common" |
| 4 | | | 4 | |
| 5 | PKGNAME= apache-${APACHE_VERSION} | | 5 | PKGNAME= apache-${APACHE_VERSION} |
| 6 | #PKGREVISION= 1 | | 6 | PKGREVISION= 1 |
| 7 | CATEGORIES= www | | 7 | CATEGORIES= www |
| 8 | | | 8 | |
| 9 | HOMEPAGE= http://httpd.apache.org/ | | 9 | HOMEPAGE= http://httpd.apache.org/ |
| 10 | COMMENT= Apache HTTP (Web) server, version 2 | | 10 | COMMENT= Apache HTTP (Web) server, version 2 |
| 11 | | | 11 | |
| 12 | CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]* | | 12 | CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]* |
| 13 | | | 13 | |
| 14 | BUILD_DEFS+= IPV6_READY | | 14 | BUILD_DEFS+= IPV6_READY |
| 15 | BUILD_DEFS+= VARBASE | | 15 | BUILD_DEFS+= VARBASE |
| 16 | | | 16 | |
| 17 | USE_TOOLS+= perl perl:run pkg-config | | 17 | USE_TOOLS+= perl perl:run pkg-config |
| 18 | USE_LIBTOOL= yes | | 18 | USE_LIBTOOL= yes |
| 19 | GNU_CONFIGURE= yes | | 19 | GNU_CONFIGURE= yes |
--- pkgsrc/www/apache22/Attic/distinfo 2008/01/21 15:07:11 1.9
+++ pkgsrc/www/apache22/Attic/distinfo 2008/06/16 09:00:02 1.9.2.1
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
| 1 | $NetBSD: distinfo,v 1.9 2008/01/21 15:07:11 xtraeme Exp $ | | 1 | $NetBSD: distinfo,v 1.9.2.1 2008/06/16 09:00:02 ghen Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (httpd-2.2.8.tar.bz2) = 5074904435d3d942ce2dc96c44b07294b8eaca77 | | 3 | SHA1 (httpd-2.2.8.tar.bz2) = 5074904435d3d942ce2dc96c44b07294b8eaca77 |
| 4 | RMD160 (httpd-2.2.8.tar.bz2) = 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 | | 4 | RMD160 (httpd-2.2.8.tar.bz2) = 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 |
| 5 | Size (httpd-2.2.8.tar.bz2) = 4799055 bytes | | 5 | Size (httpd-2.2.8.tar.bz2) = 4799055 bytes |
| 6 | SHA1 (patch-aa) = ae5b34058fc6455cfa9e3d52a50829155ce2eb11 | | 6 | SHA1 (patch-aa) = ae5b34058fc6455cfa9e3d52a50829155ce2eb11 |
| | | 7 | SHA1 (patch-ab) = 55f4dac616fbe47fea7be0aecd1b7be679b9b0e7 |
| 7 | SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad | | 8 | SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad |
| 8 | SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 | | 9 | SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 |
| 9 | SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 | | 10 | SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 |
| 10 | SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 | | 11 | SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 |
| 11 | SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 | | 12 | SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 |
| 12 | SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 | | 13 | SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 |
| 13 | SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 | | 14 | SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 |
| 14 | SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 | | 15 | SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 |
| 15 | SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c | | 16 | SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c |
| 16 | SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 | | 17 | SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 |
$NetBSD: patch-ab,v 1.5.2.1 2008/06/16 09:00:02 ghen Exp $
Patch for CVE-2008-2364, taken from here:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154
--- modules/proxy/mod_proxy_http.c.orig 2007-12-08 14:01:47.000000000 +0000
+++ modules/proxy/mod_proxy_http.c 2008-06-12 14:44:10.000000000 +0100
@@ -1309,6 +1309,16 @@
return rv;
}
+/*
+ * Limit the number of interim respones we sent back to the client. Otherwise
+ * we suffer from a memory build up. Besides there is NO sense in sending back
+ * an unlimited number of interim responses to the client. Thus if we cross
+ * this limit send back a 502 (Bad Gateway).
+ */
+#ifndef AP_MAX_INTERIM_RESPONSES
+#define AP_MAX_INTERIM_RESPONSES 10
+#endif
+
static
apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
proxy_conn_rec *backend,
@@ -1323,8 +1333,8 @@
apr_bucket *e;
apr_bucket_brigade *bb, *tmp_bb;
int len, backasswards;
- int interim_response; /* non-zero whilst interim 1xx responses
- * are being read. */
+ int interim_response = 0; /* non-zero whilst interim 1xx responses
+ * are being read. */
int pread_len = 0;
apr_table_t *save_table;
int backend_broke = 0;
@@ -1339,6 +1349,7 @@
*/
rp = ap_proxy_make_fake_req(origin, r);
+ ap_proxy_pre_http_request(origin, rp);
/* In case anyone needs to know, this is a fake request that is really a
* response.
*/
@@ -1469,7 +1480,6 @@
if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
ap_set_content_type(r, apr_pstrdup(p, buf));
}
- ap_proxy_pre_http_request(origin,rp);
/* Clear hop-by-hop headers */
for (i=0; hop_by_hop_hdrs[i]; ++i) {
@@ -1518,7 +1528,12 @@
backend->close += 1;
}
- interim_response = ap_is_HTTP_INFO(r->status);
+ if (ap_is_HTTP_INFO(r->status)) {
+ interim_response++;
+ }
+ else {
+ interim_response = 0;
+ }
if (interim_response) {
/* RFC2616 tells us to forward this.
*
@@ -1711,7 +1726,15 @@
apr_brigade_cleanup(bb);
}
- } while (interim_response);
+ } while (interim_response && (interim_response < AP_MAX_INTERIM_RESPONSES));
+
+ /* See define of AP_MAX_INTERIM_RESPONSES for why */
+ if (interim_response >= AP_MAX_INTERIM_RESPONSES) {
+ return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+ apr_psprintf(p,
+ "Too many (%d) interim responses from origin server",
+ interim_response));
+ }
/* If our connection with the client is to be aborted, return DONE. */
if (c->aborted || backend_broke) {