Wed Aug 12 03:37:28 2009 UTC ()
Fix security problem of CVE-2009-2412 adding patches described in it.
Bump PKGREVISION.
(taca)
diff -r1.5 -r1.6 pkgsrc/devel/apr0/Makefile
diff -r1.3 -r1.4 pkgsrc/devel/apr0/distinfo
diff -r0 -r1.1 pkgsrc/devel/apr0/patches/patch-ab
diff -r0 -r1.1 pkgsrc/devel/apr0/patches/patch-ac
--- pkgsrc/devel/apr0/Attic/Makefile 2008/06/22 23:01:19 1.5
+++ pkgsrc/devel/apr0/Attic/Makefile 2009/08/12 03:37:28 1.6
| @@ -1,23 +1,24 @@ | | | @@ -1,23 +1,24 @@ |
| 1 | # $NetBSD: Makefile,v 1.5 2008/06/22 23:01:19 he Exp $ | | 1 | # $NetBSD: Makefile,v 1.6 2009/08/12 03:37:28 taca Exp $ |
| 2 | | | 2 | |
| 3 | .include "../../www/apache2/Makefile.common" | | 3 | .include "../../www/apache2/Makefile.common" |
| 4 | | | 4 | |
| 5 | PKGNAME= apr-${APR_VERSION}.${APACHE_VERSION} | | 5 | PKGNAME= apr-${APR_VERSION}.${APACHE_VERSION} |
| 6 | PKGREVISION= 1 | | 6 | PKGREVISION= 2 |
| 7 | CATEGORIES= devel | | 7 | CATEGORIES= devel |
| 8 | | | 8 | |
| 9 | HOMEPAGE= http://apr.apache.org/ | | 9 | HOMEPAGE= http://apr.apache.org/ |
| 10 | COMMENT= Apache Portable Runtime | | 10 | COMMENT= Apache Portable Runtime |
| | | 11 | LICENSE= apache-2.0 |
| 11 | | | 12 | |
| 12 | PKG_DESTDIR_SUPPORT= user-destdir | | 13 | PKG_DESTDIR_SUPPORT= user-destdir |
| 13 | | | 14 | |
| 14 | # Don't bump this when apache upgrades; it is only apache2-2.0.45 and | | 15 | # Don't bump this when apache upgrades; it is only apache2-2.0.45 and |
| 15 | # under that includes its own apr. apr was split out in 2.0.45nb1. | | 16 | # under that includes its own apr. apr was split out in 2.0.45nb1. |
| 16 | CONFLICTS= apache2<=2.0.45 | | 17 | CONFLICTS= apache2<=2.0.45 |
| 17 | | | 18 | |
| 18 | PKG_INSTALLATION_TYPES= overwrite pkgviews | | 19 | PKG_INSTALLATION_TYPES= overwrite pkgviews |
| 19 | | | 20 | |
| 20 | WRKSRC= ${WRKDIR}/${DISTNAME}/srclib | | 21 | WRKSRC= ${WRKDIR}/${DISTNAME}/srclib |
| 21 | BUILD_DIRS= apr apr-util | | 22 | BUILD_DIRS= apr apr-util |
| 22 | | | 23 | |
| 23 | USE_LIBTOOL= yes | | 24 | USE_LIBTOOL= yes |
--- pkgsrc/devel/apr0/Attic/distinfo 2008/01/21 14:33:46 1.3
+++ pkgsrc/devel/apr0/Attic/distinfo 2009/08/12 03:37:28 1.4
| @@ -1,14 +1,16 @@ | | | @@ -1,14 +1,16 @@ |
| 1 | $NetBSD: distinfo,v 1.3 2008/01/21 14:33:46 taca Exp $ | | 1 | $NetBSD: distinfo,v 1.4 2009/08/12 03:37:28 taca Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755 | | 3 | SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755 |
| 4 | RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870 | | 4 | RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870 |
| 5 | Size (httpd-2.0.63.tar.bz2) = 4587670 bytes | | 5 | Size (httpd-2.0.63.tar.bz2) = 4587670 bytes |
| 6 | SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9 | | 6 | SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9 |
| | | 7 | SHA1 (patch-ab) = f4de25804fa90ed686d8e8736ccee7967836c0ea |
| | | 8 | SHA1 (patch-ac) = a3d69920cf20cc03c89e5eaac6fe6a597c9c3a29 |
| 7 | SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596 | | 9 | SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596 |
| 8 | SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e | | 10 | SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e |
| 9 | SHA1 (patch-ap) = 357776c7208407936e09891ae87d23b112a12756 | | 11 | SHA1 (patch-ap) = 357776c7208407936e09891ae87d23b112a12756 |
| 10 | SHA1 (patch-aq) = 6cc1fb879fb5d9280f543ebe068a441e2e6560f3 | | 12 | SHA1 (patch-aq) = 6cc1fb879fb5d9280f543ebe068a441e2e6560f3 |
| 11 | SHA1 (patch-ar) = defa2be14ec057e1c41151b8cd1edc0ffb219694 | | 13 | SHA1 (patch-ar) = defa2be14ec057e1c41151b8cd1edc0ffb219694 |
| 12 | SHA1 (patch-as) = 37e70ff8b1a3344e47bcd2fe2b145a6e3e6a4562 | | 14 | SHA1 (patch-as) = 37e70ff8b1a3344e47bcd2fe2b145a6e3e6a4562 |
| 13 | SHA1 (patch-at) = 9935c308ba96a8c92dedd3288429a989f9d643f5 | | 15 | SHA1 (patch-at) = 9935c308ba96a8c92dedd3288429a989f9d643f5 |
| 14 | SHA1 (patch-au) = 270a478bdfead4ffe2d069e8441655854fa54e5a | | 16 | SHA1 (patch-au) = 270a478bdfead4ffe2d069e8441655854fa54e5a |
$NetBSD: patch-ab,v 1.1 2009/08/12 03:37:28 taca Exp $
Fix for http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2412.
--- apr-util/misc/apr_rmm.c.orig 2005-08-05 20:02:06.000000000 +0900
+++ apr-util/misc/apr_rmm.c
@@ -47,6 +47,7 @@ struct apr_rmm_t {
static apr_rmm_off_t find_block_by_offset(apr_rmm_t *rmm, apr_rmm_off_t next,
apr_rmm_off_t find, int includes)
{
+ apr_size_t size;
apr_rmm_off_t prev = 0;
while (next) {
@@ -277,13 +278,17 @@ APU_DECLARE(apr_status_t) apr_rmm_detach
APU_DECLARE(apr_rmm_off_t) apr_rmm_malloc(apr_rmm_t *rmm, apr_size_t reqsize)
{
+ apr_size_t size;
apr_rmm_off_t this;
- reqsize = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
+ size = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
+ if (size < reqsize) {
+ return 0;
+ }
APR_ANYLOCK_LOCK(&rmm->lock);
- this = find_block_of_size(rmm, reqsize);
+ this = find_block_of_size(rmm, size);
if (this) {
move_block(rmm, this, 0);
@@ -296,18 +301,22 @@ APU_DECLARE(apr_rmm_off_t) apr_rmm_mallo
APU_DECLARE(apr_rmm_off_t) apr_rmm_calloc(apr_rmm_t *rmm, apr_size_t reqsize)
{
+ apr_size_t size;
apr_rmm_off_t this;
- reqsize = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
+ size = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
+ if (size < reqsize) {
+ return 0;
+ }
APR_ANYLOCK_LOCK(&rmm->lock);
- this = find_block_of_size(rmm, reqsize);
+ this = find_block_of_size(rmm, size);
if (this) {
move_block(rmm, this, 0);
this += RMM_BLOCK_SIZE;
- memset((char*)rmm->base + this, 0, reqsize - RMM_BLOCK_SIZE);
+ memset((char*)rmm->base + this, 0, size - RMM_BLOCK_SIZE);
}
APR_ANYLOCK_UNLOCK(&rmm->lock);
@@ -320,16 +329,19 @@ APU_DECLARE(apr_rmm_off_t) apr_rmm_reall
apr_rmm_off_t this;
apr_rmm_off_t old;
struct rmm_block_t *blk;
- apr_size_t oldsize;
+ apr_size_t size, oldsize;
if (!entity) {
return apr_rmm_malloc(rmm, reqsize);
}
- reqsize = APR_ALIGN_DEFAULT(reqsize);
+ size = APR_ALIGN_DEFAULT(reqsize);
+ if (size < reqsize) {
+ return 0;
+ }
old = apr_rmm_offset_get(rmm, entity);
- if ((this = apr_rmm_malloc(rmm, reqsize)) == 0) {
+ if ((this = apr_rmm_malloc(rmm, size)) == 0) {
return 0;
}
@@ -337,7 +349,7 @@ APU_DECLARE(apr_rmm_off_t) apr_rmm_reall
oldsize = blk->size;
memcpy(apr_rmm_addr_get(rmm, this),
- apr_rmm_addr_get(rmm, old), oldsize < reqsize ? oldsize : reqsize);
+ apr_rmm_addr_get(rmm, old), oldsize < size ? oldsize : size);
apr_rmm_free(rmm, old);
return this;
$NetBSD: patch-ac,v 1.1 2009/08/12 03:37:28 taca Exp $
Fix for http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2412.
--- apr/memory/unix/apr_pools.c.orig 2007-10-17 13:09:40.000000000 +0900
+++ apr/memory/unix/apr_pools.c
@@ -189,15 +189,19 @@ APR_DECLARE(void) apr_allocator_max_free
}
static APR_INLINE
-apr_memnode_t *allocator_alloc(apr_allocator_t *allocator, apr_size_t size)
+apr_memnode_t *allocator_alloc(apr_allocator_t *allocator, apr_size_t in_size)
{
apr_memnode_t *node, **ref;
apr_uint32_t i, index, max_index;
+ apr_size_t size;
/* Round up the block size to the next boundary, but always
* allocate at least a certain size (MIN_ALLOC).
*/
- size = APR_ALIGN(size + APR_MEMNODE_T_SIZE, BOUNDARY_SIZE);
+ size = APR_ALIGN(in_size + APR_MEMNODE_T_SIZE, BOUNDARY_SIZE);
+ if (size < in_size) {
+ return NULL;
+ }
if (size < MIN_ALLOC)
size = MIN_ALLOC;
@@ -625,13 +629,19 @@ void netware_pool_proc_cleanup ()
* Memory allocation
*/
-APR_DECLARE(void *) apr_palloc(apr_pool_t *pool, apr_size_t size)
+APR_DECLARE(void *) apr_palloc(apr_pool_t *pool, apr_size_t in_size)
{
apr_memnode_t *active, *node;
void *mem;
apr_uint32_t free_index;
+ apr_size_t size;
- size = APR_ALIGN_DEFAULT(size);
+ size = APR_ALIGN_DEFAULT(in_size);
+ if (size < in_size) {
+ if (pool->abort_fn)
+ pool->abort_fn(APR_ENOMEM);
+
+ }
active = pool->active;
/* If the active node has enough bytes left, use it. */
@@ -696,7 +706,6 @@ APR_DECLARE(void *) apr_pcalloc(apr_pool
{
void *mem;
- size = APR_ALIGN_DEFAULT(size);
if ((mem = apr_palloc(pool, size)) != NULL) {
memset(mem, 0, size);
}