Add patch from the Apache SVN repository to fix the information leak in the "mod_proxy_ajp" module reported in CVE-2009-1191.diff -r1.42 -r1.43 pkgsrc/www/apache22/Makefile
(tron)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.42 2009/04/24 11:21:16 seb Exp $ | 1 | # $NetBSD: Makefile,v 1.43 2009/05/22 09:46:06 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= httpd-2.2.11 | 3 | DISTNAME= httpd-2.2.11 | |
4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
5 | PKGNAME= ${DISTNAME:S/httpd/apache/} | 5 | PKGNAME= ${DISTNAME:S/httpd/apache/} | |
6 | CATEGORIES= www | 6 | CATEGORIES= www | |
7 | MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ | 7 | MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ | |
8 | ${MASTER_SITE_APACHE:=httpd/old/} | 8 | ${MASTER_SITE_APACHE:=httpd/old/} | |
9 | EXTRACT_SUFX= .tar.bz2 | 9 | EXTRACT_SUFX= .tar.bz2 | |
10 | 10 | |||
11 | MAINTAINER= tron@NetBSD.org | 11 | MAINTAINER= tron@NetBSD.org | |
12 | HOMEPAGE= http://httpd.apache.org/ | 12 | HOMEPAGE= http://httpd.apache.org/ | |
13 | COMMENT= Apache HTTP (Web) server, version 2 | 13 | COMMENT= Apache HTTP (Web) server, version 2 | |
14 | 14 | |||
15 | PKG_DESTDIR_SUPPORT= user-destdir | 15 | PKG_DESTDIR_SUPPORT= user-destdir | |
16 | 16 | |||
17 | CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]* | 17 | CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]* |
@@ -1,18 +1,19 @@ | @@ -1,18 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.17 2009/02/15 23:14:40 rillig Exp $ | 1 | $NetBSD: distinfo,v 1.18 2009/05/22 09:46:06 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a | 3 | SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a | |
4 | RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d | 4 | RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d | |
5 | Size (httpd-2.2.11.tar.bz2) = 5230130 bytes | 5 | Size (httpd-2.2.11.tar.bz2) = 5230130 bytes | |
6 | SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf | 6 | SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf | |
7 | SHA1 (patch-ab) = d5391ca1af9d817d35cb472b0feb05b86a95e560 | |||
7 | SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad | 8 | SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad | |
8 | SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 | 9 | SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 | |
9 | SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 | 10 | SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 | |
10 | SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 | 11 | SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 | |
11 | SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 | 12 | SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 | |
12 | SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 | 13 | SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 | |
13 | SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 | 14 | SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 | |
14 | SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 | 15 | SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 | |
15 | SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c | 16 | SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c | |
16 | SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 | 17 | SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 | |
17 | SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf | 18 | SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf | |
18 | SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 | 19 | SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 |
$NetBSD: patch-ab,v 1.10 2009/05/22 09:46:06 tron Exp $
Patch for CVE-2009-1191 taken from the Apache SVN repository:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?view=markup&pathrev=768506
--- modules/proxy/mod_proxy_ajp.c 2008/11/15 14:25:54 714273
+++ modules/proxy/mod_proxy_ajp.c 2009/04/25 09:58:52 768506
@@ -307,21 +307,17 @@
"proxy: read zero bytes, expecting"
" %" APR_OFF_T_FMT " bytes",
content_length);
- status = ajp_send_data_msg(conn->sock, msg, 0);
- if (status != APR_SUCCESS) {
- /* We had a failure: Close connection to backend */
- conn->close++;
- ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
- "proxy: send failed to %pI (%s)",
- conn->worker->cp->addr,
- conn->worker->hostname);
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- else {
- /* Client send zero bytes with C-L > 0
- */
- return HTTP_BAD_REQUEST;
- }
+ /*
+ * We can only get here if the client closed the connection
+ * to us without sending the body.
+ * Now the connection is in the wrong state on the backend.
+ * Sending an empty data msg doesn't help either as it does
+ * not move this connection to the correct state on the backend
+ * for later resusage by the next request again.
+ * Close it to clean things up.
+ */
+ conn->close++;
+ return HTTP_BAD_REQUEST;
}
}