pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www Import security fix from 1.3.29 distribution for a...
details: https://anonhg.NetBSD.org/pkgsrc/rev/dacf0f3795f6
branches: trunk
changeset: 463116:dacf0f3795f6
user: cube <cube%pkgsrc.org@localhost>
date: Wed Oct 29 10:43:23 2003 +0000
description:
Import security fix from 1.3.29 distribution for a buffer overflow in
mod_rewrite and mod_alias, referenced CAN-2003-0542. Bump PKGREVISION.
diffstat:
www/apache/Makefile | 4 +-
www/apache/distinfo | 6 ++++-
www/apache/patches/patch-ap | 26 ++++++++++++++++++++++
www/apache/patches/patch-aq | 50 ++++++++++++++++++++++++++++++++++++++++++++
www/apache/patches/patch-ar | 22 +++++++++++++++++++
www/apache/patches/patch-as | 14 ++++++++++++
www/apache6/Makefile | 4 +-
www/apache6/distinfo | 6 ++++-
www/apache6/patches/patch-an | 26 ++++++++++++++++++++++
www/apache6/patches/patch-ao | 50 ++++++++++++++++++++++++++++++++++++++++++++
www/apache6/patches/patch-ap | 22 +++++++++++++++++++
www/apache6/patches/patch-aq | 14 ++++++++++++
12 files changed, 238 insertions(+), 6 deletions(-)
diffs (truncated from 326 to 300 lines):
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache/Makefile
--- a/www/apache/Makefile Wed Oct 29 10:40:53 2003 +0000
+++ b/www/apache/Makefile Wed Oct 29 10:43:23 2003 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.134 2003/10/11 13:40:19 grant Exp $
+# $NetBSD: Makefile,v 1.135 2003/10/29 10:43:23 cube Exp $
#
# This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
# code hooks that allow mod_ssl to be compiled separately later, if desired).
@@ -6,7 +6,7 @@
DISTNAME= apache_${APACHE_VERSION}
PKGNAME= apache-${APACHE_VERSION}
APACHE_VERSION= 1.3.28
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache/distinfo
--- a/www/apache/distinfo Wed Oct 29 10:40:53 2003 +0000
+++ b/www/apache/distinfo Wed Oct 29 10:43:23 2003 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2003/07/19 12:31:06 tron Exp $
+$NetBSD: distinfo,v 1.28 2003/10/29 10:43:23 cube Exp $
SHA1 (apache_1.3.28.tar.gz) = a4d0a9c57a53cb641928c882a9d3b6fd645e4e3e
Size (apache_1.3.28.tar.gz) = 2388111 bytes
@@ -20,3 +20,7 @@
SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2
SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02
SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4
+SHA1 (patch-ap) = 5babca7afb771ab8e7766a999912f1e5d39ff187
+SHA1 (patch-aq) = f3ef867c9c638b0f62ef4bf0e9a78aaba0098da2
+SHA1 (patch-ar) = cd62c463b46e5ab223ca080087d066c7deefaec0
+SHA1 (patch-as) = 20fd8fec178b2969044676ab5621bc337ba9c14b
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ap Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ap,v 1.1 2003/10/29 10:44:28 cube Exp $
+
+--- src/modules/standard/mod_alias.c.orig 2003-04-24 18:08:21.000000000 +0200
++++ src/modules/standard/mod_alias.c
+@@ -299,7 +299,7 @@ static int alias_matches(const char *uri
+ static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
+ {
+ alias_entry *entries = (alias_entry *) aliases->elts;
+- regmatch_t regm[10];
++ regmatch_t regm[AP_MAX_REG_MATCH];
+ char *found = NULL;
+ int i;
+
+@@ -308,10 +308,10 @@ static char *try_alias_list(request_rec
+ int l;
+
+ if (p->regexp) {
+- if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) {
++ if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
+ if (p->real) {
+ found = ap_pregsub(r->pool, p->real, r->uri,
+- p->regexp->re_nsub + 1, regm);
++ AP_MAX_REG_MATCH, regm);
+ if (found && doesc) {
+ found = ap_escape_uri(r->pool, found);
+ }
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-aq Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,50 @@
+$NetBSD: patch-aq,v 1.1 2003/10/29 10:44:28 cube Exp $
+
+--- src/modules/standard/mod_rewrite.c.orig 2003-10-29 09:25:17.000000000 +0100
++++ src/modules/standard/mod_rewrite.c
+@@ -1834,7 +1834,7 @@ static int apply_rewrite_rule(request_re
+ const char *vary;
+ char newuri[MAX_STRING_LEN];
+ regex_t *regexp;
+- regmatch_t regmatch[MAX_NMATCH];
++ regmatch_t regmatch[AP_MAX_REG_MATCH];
+ backrefinfo *briRR = NULL;
+ backrefinfo *briRC = NULL;
+ int prefixstrip;
+@@ -1891,7 +1891,7 @@ static int apply_rewrite_rule(request_re
+ rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
+ perdir, p->pattern, uri);
+ }
+- rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0);
++ rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
+ if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
+ (!rc && (p->flags & RULEFLAG_NOTMATCH)) ) ) {
+ return 0;
+@@ -2179,7 +2179,7 @@ static int apply_rewrite_cond(request_re
+ char input[MAX_STRING_LEN];
+ struct stat sb;
+ request_rec *rsub;
+- regmatch_t regmatch[MAX_NMATCH];
++ regmatch_t regmatch[AP_MAX_REG_MATCH];
+ int rc;
+
+ /*
+@@ -2283,8 +2283,7 @@ static int apply_rewrite_cond(request_re
+ }
+ else {
+ /* it is really a regexp pattern, so apply it */
+- rc = (ap_regexec(p->regexp, input,
+- p->regexp->re_nsub+1, regmatch,0) == 0);
++ rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
+
+ /* if it isn't a negated pattern and really matched
+ we update the passed-through regex subst info structure */
+@@ -2442,7 +2441,7 @@ static void do_expand(request_rec *r, ch
+ bri = briRC;
+ }
+ /* see ap_pregsub() in src/main/util.c */
+- if (bri && n <= bri->nsub &&
++ if (bri && n < AP_MAX_REG_MATCH &&
+ bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
+ span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
+ if (span > space) {
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ar Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ar,v 1.1 2003/10/29 10:44:28 cube Exp $
+
+--- src/modules/standard/mod_rewrite.h.orig 2003-05-19 04:35:31.000000000 +0200
++++ src/modules/standard/mod_rewrite.h
+@@ -253,8 +253,6 @@
+
+ #define MAX_ENV_FLAGS 15
+
+-#define MAX_NMATCH 10
+-
+ /* default maximum number of internal redirects */
+ #define REWRITE_REDIRECT_LIMIT 10
+
+@@ -368,7 +366,7 @@ typedef struct cache {
+ typedef struct backrefinfo {
+ char *source;
+ int nsub;
+- regmatch_t regmatch[10];
++ regmatch_t regmatch[AP_MAX_REG_MATCH];
+ } backrefinfo;
+
+
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-as Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-as,v 1.1 2003/10/29 10:44:28 cube Exp $
+
+--- src/include/httpd.h.orig 2003-10-29 09:28:40.000000000 +0100
++++ src/include/httpd.h
+@@ -291,6 +291,9 @@ extern "C" {
+ /* The size of the server's internal read-write buffers */
+ #define IOBUFSIZE 8192
+
++/* The max number of regex captures that can be expanded by ap_pregsub */
++#define AP_MAX_REG_MATCH 10
++
+ /* Number of servers to spawn off by default --- also, if fewer than
+ * this free when the caretaker checks, it will spawn more.
+ */
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache6/Makefile
--- a/www/apache6/Makefile Wed Oct 29 10:40:53 2003 +0000
+++ b/www/apache6/Makefile Wed Oct 29 10:43:23 2003 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.84 2003/10/18 13:08:49 cjep Exp $
+# $NetBSD: Makefile,v 1.85 2003/10/29 10:45:26 cube Exp $
#
# This package does not compile in mod_ssl support hooks, as it conflicts
# with IPv6-enable patch.
@@ -9,7 +9,7 @@
DISTNAME= apache_${APACHE_VERSION}
PKGNAME= apache6-${APACHE_VERSION}
APACHE_VERSION= 1.3.28
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache6/distinfo
--- a/www/apache6/distinfo Wed Oct 29 10:40:53 2003 +0000
+++ b/www/apache6/distinfo Wed Oct 29 10:43:23 2003 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2003/09/13 23:37:07 itojun Exp $
+$NetBSD: distinfo,v 1.17 2003/10/29 10:45:26 cube Exp $
SHA1 (apache_1.3.28.tar.gz) = a4d0a9c57a53cb641928c882a9d3b6fd645e4e3e
Size (apache_1.3.28.tar.gz) = 2388111 bytes
@@ -15,3 +15,7 @@
SHA1 (patch-ai) = 46d9a97fbc248a2bea97943b9f3b2f9f693f3695
SHA1 (patch-aj) = 1cdd2f010d381ec9c13f59b31caab7d1f6f63100
SHA1 (patch-ak) = 8f790a692ed9b2dd6943be43fa1cf7629c673955
+SHA1 (patch-an) = 5babca7afb771ab8e7766a999912f1e5d39ff187
+SHA1 (patch-ao) = f3ef867c9c638b0f62ef4bf0e9a78aaba0098da2
+SHA1 (patch-ap) = cd62c463b46e5ab223ca080087d066c7deefaec0
+SHA1 (patch-aq) = 20fd8fec178b2969044676ab5621bc337ba9c14b
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache6/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache6/patches/patch-an Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-an,v 1.1 2003/10/29 10:45:26 cube Exp $
+
+--- src/modules/standard/mod_alias.c.orig 2003-04-24 18:08:21.000000000 +0200
++++ src/modules/standard/mod_alias.c
+@@ -299,7 +299,7 @@ static int alias_matches(const char *uri
+ static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
+ {
+ alias_entry *entries = (alias_entry *) aliases->elts;
+- regmatch_t regm[10];
++ regmatch_t regm[AP_MAX_REG_MATCH];
+ char *found = NULL;
+ int i;
+
+@@ -308,10 +308,10 @@ static char *try_alias_list(request_rec
+ int l;
+
+ if (p->regexp) {
+- if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) {
++ if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
+ if (p->real) {
+ found = ap_pregsub(r->pool, p->real, r->uri,
+- p->regexp->re_nsub + 1, regm);
++ AP_MAX_REG_MATCH, regm);
+ if (found && doesc) {
+ found = ap_escape_uri(r->pool, found);
+ }
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache6/patches/patch-ao
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache6/patches/patch-ao Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,50 @@
+$NetBSD: patch-ao,v 1.1 2003/10/29 10:45:26 cube Exp $
+
+--- src/modules/standard/mod_rewrite.c.orig 2003-10-29 09:25:17.000000000 +0100
++++ src/modules/standard/mod_rewrite.c
+@@ -1834,7 +1834,7 @@ static int apply_rewrite_rule(request_re
+ const char *vary;
+ char newuri[MAX_STRING_LEN];
+ regex_t *regexp;
+- regmatch_t regmatch[MAX_NMATCH];
++ regmatch_t regmatch[AP_MAX_REG_MATCH];
+ backrefinfo *briRR = NULL;
+ backrefinfo *briRC = NULL;
+ int prefixstrip;
+@@ -1891,7 +1891,7 @@ static int apply_rewrite_rule(request_re
+ rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
+ perdir, p->pattern, uri);
+ }
+- rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0);
++ rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
+ if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
+ (!rc && (p->flags & RULEFLAG_NOTMATCH)) ) ) {
+ return 0;
+@@ -2179,7 +2179,7 @@ static int apply_rewrite_cond(request_re
+ char input[MAX_STRING_LEN];
+ struct stat sb;
+ request_rec *rsub;
+- regmatch_t regmatch[MAX_NMATCH];
++ regmatch_t regmatch[AP_MAX_REG_MATCH];
+ int rc;
+
+ /*
+@@ -2283,8 +2283,7 @@ static int apply_rewrite_cond(request_re
+ }
+ else {
+ /* it is really a regexp pattern, so apply it */
+- rc = (ap_regexec(p->regexp, input,
+- p->regexp->re_nsub+1, regmatch,0) == 0);
++ rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
+
+ /* if it isn't a negated pattern and really matched
+ we update the passed-through regex subst info structure */
+@@ -2442,7 +2441,7 @@ static void do_expand(request_rec *r, ch
+ bri = briRC;
+ }
+ /* see ap_pregsub() in src/main/util.c */
+- if (bri && n <= bri->nsub &&
++ if (bri && n < AP_MAX_REG_MATCH &&
+ bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
+ span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
+ if (span > space) {
diff -r c16bc0c4d3c1 -r dacf0f3795f6 www/apache6/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache6/patches/patch-ap Wed Oct 29 10:43:23 2003 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ap,v 1.1 2003/10/29 10:45:26 cube Exp $
+
+--- src/modules/standard/mod_rewrite.h.orig 2003-05-19 04:35:31.000000000 +0200
++++ src/modules/standard/mod_rewrite.h
+@@ -253,8 +253,6 @@
+
+ #define MAX_ENV_FLAGS 15
+
+-#define MAX_NMATCH 10
+-
+ /* default maximum number of internal redirects */
+ #define REWRITE_REDIRECT_LIMIT 10
+
+@@ -368,7 +366,7 @@ typedef struct cache {
Home |
Main Index |
Thread Index |
Old Index