add revision 1209432 from http://svn.apache.org/ as patches: fix for CVE-2011-4317diff -r1.75 -r1.76 pkgsrc/www/apache22/Makefile
(spz)
@@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.75 2011/12/07 22:58:12 tron Exp $ | 1 | # $NetBSD: Makefile,v 1.76 2011/12/13 15:37:56 spz Exp $ | |
2 | 2 | |||
3 | DISTNAME= httpd-2.2.21 | 3 | DISTNAME= httpd-2.2.21 | |
4 | 4 | |||
5 | PKGNAME= ${DISTNAME:S/httpd/apache/} | 5 | PKGNAME= ${DISTNAME:S/httpd/apache/} | |
6 | PKGREVISION= 4 | 6 | PKGREVISION= 5 | |
7 | CATEGORIES= www | 7 | CATEGORIES= www | |
8 | MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ | 8 | MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ | |
9 | http://archive.apache.org/dist/httpd/ \ | 9 | http://archive.apache.org/dist/httpd/ \ | |
10 | http://archive.eu.apache.org/dist/httpd/ | 10 | http://archive.eu.apache.org/dist/httpd/ | |
11 | EXTRACT_SUFX= .tar.bz2 | 11 | EXTRACT_SUFX= .tar.bz2 | |
12 | 12 | |||
13 | MAINTAINER= tron@NetBSD.org | 13 | MAINTAINER= tron@NetBSD.org | |
14 | HOMEPAGE= http://httpd.apache.org/ | 14 | HOMEPAGE= http://httpd.apache.org/ | |
15 | COMMENT= Apache HTTP (Web) server, version 2.2 | 15 | COMMENT= Apache HTTP (Web) server, version 2.2 | |
16 | LICENSE= apache-2.0 | 16 | LICENSE= apache-2.0 | |
17 | 17 | |||
18 | PKG_DESTDIR_SUPPORT= user-destdir | 18 | PKG_DESTDIR_SUPPORT= user-destdir | |
19 | 19 |
@@ -1,20 +1,22 @@ | @@ -1,20 +1,22 @@ | |||
1 | $NetBSD: distinfo,v 1.46 2011/12/12 18:43:14 tron Exp $ | 1 | $NetBSD: distinfo,v 1.47 2011/12/13 15:37:56 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4 | 3 | SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4 | |
4 | RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1 | 4 | RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1 | |
5 | Size (httpd-2.2.21.tar.bz2) = 5324905 bytes | 5 | Size (httpd-2.2.21.tar.bz2) = 5324905 bytes | |
6 | SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 | 6 | SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 | |
7 | SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 | 7 | SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 | |
8 | SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad | 8 | SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad | |
9 | SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 | 9 | SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 | |
10 | SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 | 10 | SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 | |
11 | SHA1 (patch-af) = 312d3bce5e1bf6e747b5f0f313d89bf5b4636392 | 11 | SHA1 (patch-af) = 312d3bce5e1bf6e747b5f0f313d89bf5b4636392 | |
12 | SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 | 12 | SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 | |
13 | SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 | 13 | SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 | |
14 | SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 | 14 | SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 | |
15 | SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 | 15 | SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 | |
16 | SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 | 16 | SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 | |
17 | SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 | 17 | SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 | |
18 | SHA1 (patch-modules_mappers_mod_rewrite.c) = de7bbdf02dda38e2542e4967ee6f22745ec0f118 | |||
19 | SHA1 (patch-modules_proxy_mod_proxy.c) = bab58b70eee22d7c08be9a4a9ada3fad886fa796 | |||
18 | SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 | 20 | SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 | |
19 | SHA1 (patch-server_protocol.c) = 2be3e4fc08da717fa55b058eb32e398f6546d457 | 21 | SHA1 (patch-server_protocol.c) = 2be3e4fc08da717fa55b058eb32e398f6546d457 | |
20 | SHA1 (patch-server_util.c) = b63f73e2a482facd188eecb0864fc612d1b7b3a5 | 22 | SHA1 (patch-server_util.c) = b63f73e2a482facd188eecb0864fc612d1b7b3a5 |
$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.1 2011/12/13 15:37:56 spz Exp $
revision 1209432 from http://svn.apache.org/:
Fix for additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)
Thanks to Prutha Parikh from Qualys for reporting this issue.
* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
request-URI. Fail for cases where r->uri does not begin with a "/".
* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.
--- modules/mappers/mod_rewrite.c.orig 2011-09-03 22:54:25.000000000 +0000
+++ modules/mappers/mod_rewrite.c
@@ -4266,6 +4266,18 @@ static int hook_uri2file(request_rec *r)
return DECLINED;
}
+ if (strcmp(r->unparsed_uri, "*") == 0) {
+ /* Don't apply rewrite rules to "*". */
+ return DECLINED;
+ }
+
+ /* Check that the URI is valid. */
+ if (!r->uri || r->uri[0] != '/') {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Invalid URI in request %s", r->the_request);
+ return HTTP_BAD_REQUEST;
+ }
+
/*
* add the SCRIPT_URL variable to the env. this is a bit complicated
* due to the fact that apache uses subrequests and internal redirects
$NetBSD: patch-modules_proxy_mod_proxy.c,v 1.1 2011/12/13 15:37:57 spz Exp $
revision 1209432 from http://svn.apache.org/:
Fix for additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)
Thanks to Prutha Parikh from Qualys for reporting this issue.
* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
request-URI. Fail for cases where r->uri does not begin with a "/".
* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.
--- modules/proxy/mod_proxy.c.orig 2010-10-07 18:51:18.000000000 +0000
+++ modules/proxy/mod_proxy.c
@@ -566,6 +566,18 @@ static int proxy_trans(request_rec *r)
return OK;
}
+ if (strcmp(r->unparsed_uri, "*") == 0) {
+ /* "*" cannot be proxied. */
+ return DECLINED;
+ }
+
+ /* Check that the URI is valid. */
+ if (!r->uri || r->uri[0] != '/') {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Invalid URI in request %s", r->the_request);
+ return HTTP_BAD_REQUEST;
+ }
+
/* XXX: since r->uri has been manipulated already we're not really
* compliant with RFC1945 at this point. But this probably isn't
* an issue because this is a hybrid proxy/origin server.