[pkgsrc/trunk]: pkgsrc/www/apache6 Update apache6 to 1.3.29 + ipv6 patch.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/apache6 Update apache6 to 1.3.29 + ipv6 patch.
From: cube <cube%pkgsrc.org@localhost>
Date: Wed, 13 Oct 2021 23:07:49 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/73564b1f3db4
branches:  trunk
changeset: 463224:73564b1f3db4
user:      cube <cube%pkgsrc.org@localhost>
date:      Sun Nov 02 09:35:12 2003 +0000

description:
Update apache6 to 1.3.29 + ipv6 patch.

Major changes since 1.3.28:

  Security vulnerabilities

     * CAN-2003-0542 (cve.mitre.org)
       Fix buffer overflows in mod_alias and mod_rewrite which occurred if
       one configured a regular expression with more than 9 captures.

  Bugs fixed

   The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
   and have been fixed in Apache 1.3.29:

     * Within ap_bclose(), ap_pclosesocket() is now called
     * consistently
       for sockets and ap_pclosef() for files.  Also, closesocket()
       is used consistenly to close socket fd's.  The previous
       confusion between socket and file fd's would cause problems
       with some applications now that we proactively close fd's to
       prevent leakage.

     * Fixed mod_usertrack to not get false positive matches on the
       user-tracking cookie's name.

     * Prevent creation of subprocess Zombies when using CGI wrappers
       such as suEXEC and cgiwrap.

diffstat:

 www/apache6/Makefile         |   8 +++---
 www/apache6/distinfo         |  14 ++++-------
 www/apache6/patches/patch-an |  26 ----------------------
 www/apache6/patches/patch-ao |  50 --------------------------------------------
 www/apache6/patches/patch-ap |  22 -------------------
 www/apache6/patches/patch-aq |  14 ------------
 6 files changed, 9 insertions(+), 125 deletions(-)

diffs (184 lines):

diff -r d54fee032d67 -r 73564b1f3db4 www/apache6/Makefile
--- a/www/apache6/Makefile      Sun Nov 02 07:02:32 2003 +0000
+++ b/www/apache6/Makefile      Sun Nov 02 09:35:12 2003 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.85 2003/10/29 10:45:26 cube Exp $
+# $NetBSD: Makefile,v 1.86 2003/11/02 09:35:12 cube Exp $
 #
 # This package does not compile in mod_ssl support hooks, as it conflicts
 # with IPv6-enable patch.
@@ -8,15 +8,15 @@
 
 DISTNAME=              apache_${APACHE_VERSION}
 PKGNAME=               apache6-${APACHE_VERSION}
-APACHE_VERSION=                1.3.28
-PKGREVISION=           2
+APACHE_VERSION=                1.3.29
+PKGREVISION=           #
 CATEGORIES=            www
 MASTER_SITES=          ${MASTER_SITE_APACHE:=httpd/} \
                        ${MASTER_SITE_APACHE:=httpd/old/}
 DISTFILES=             ${DISTNAME}${EXTRACT_SUFX} ${NETBSD_LOGO}
 
 PATCH_SITES+=          http://www.tendra.org/~asmodai/ipv6/
-PATCHFILES+=           apache-1.3.28-v6-20030912.diff.gz
+PATCHFILES+=           apache-1.3.29-v6-20031028.diff.gz
 
 NETBSD_LOGO=           sitedrivenby.gif
 SITES_${NETBSD_LOGO}=  # defined
diff -r d54fee032d67 -r 73564b1f3db4 www/apache6/distinfo
--- a/www/apache6/distinfo      Sun Nov 02 07:02:32 2003 +0000
+++ b/www/apache6/distinfo      Sun Nov 02 09:35:12 2003 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.17 2003/10/29 10:45:26 cube Exp $
+$NetBSD: distinfo,v 1.18 2003/11/02 09:35:12 cube Exp $
 
-SHA1 (apache_1.3.28.tar.gz) = a4d0a9c57a53cb641928c882a9d3b6fd645e4e3e
-Size (apache_1.3.28.tar.gz) = 2388111 bytes
+SHA1 (apache_1.3.29.tar.gz) = 0fb055dfd8c86457996edb36f19fb66f09dccd6a
+Size (apache_1.3.29.tar.gz) = 2435809 bytes
 SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
 Size (sitedrivenby.gif) = 8519 bytes
-SHA1 (apache-1.3.28-v6-20030912.diff.gz) = ce9f6f8966daf6a6deb666910f1c919f586275f7
-Size (apache-1.3.28-v6-20030912.diff.gz) = 36961 bytes
+SHA1 (apache-1.3.29-v6-20031028.diff.gz) = 13ceac2dfce9d66f3089667f1ec5e1ec30961621
+Size (apache-1.3.29-v6-20031028.diff.gz) = 36988 bytes
 SHA1 (patch-aa) = 6388498d251bb4bde65954803ff0b0bce21b27f8
 SHA1 (patch-ab) = 7619dbf1cf584f9e92998fe25de0860bfbeb277e
 SHA1 (patch-ac) = d4dd4f5521a7c713a038dec2606dad14356d746f
@@ -15,7 +15,3 @@
 SHA1 (patch-ai) = 46d9a97fbc248a2bea97943b9f3b2f9f693f3695
 SHA1 (patch-aj) = 1cdd2f010d381ec9c13f59b31caab7d1f6f63100
 SHA1 (patch-ak) = 8f790a692ed9b2dd6943be43fa1cf7629c673955
-SHA1 (patch-an) = 5babca7afb771ab8e7766a999912f1e5d39ff187
-SHA1 (patch-ao) = f3ef867c9c638b0f62ef4bf0e9a78aaba0098da2
-SHA1 (patch-ap) = cd62c463b46e5ab223ca080087d066c7deefaec0
-SHA1 (patch-aq) = 20fd8fec178b2969044676ab5621bc337ba9c14b
diff -r d54fee032d67 -r 73564b1f3db4 www/apache6/patches/patch-an
--- a/www/apache6/patches/patch-an      Sun Nov 02 07:02:32 2003 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-$NetBSD: patch-an,v 1.1 2003/10/29 10:45:26 cube Exp $
-
---- src/modules/standard/mod_alias.c.orig      2003-04-24 18:08:21.000000000 +0200
-+++ src/modules/standard/mod_alias.c
-@@ -299,7 +299,7 @@ static int alias_matches(const char *uri
- static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
- {
-     alias_entry *entries = (alias_entry *) aliases->elts;
--    regmatch_t regm[10];
-+    regmatch_t regm[AP_MAX_REG_MATCH];
-     char *found = NULL;
-     int i;
- 
-@@ -308,10 +308,10 @@ static char *try_alias_list(request_rec 
-       int l;
- 
-       if (p->regexp) {
--          if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) {
-+          if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
-               if (p->real) {
-                   found = ap_pregsub(r->pool, p->real, r->uri,
--                                  p->regexp->re_nsub + 1, regm);
-+                                       AP_MAX_REG_MATCH, regm);
-                   if (found && doesc) {
-                       found = ap_escape_uri(r->pool, found);
-                   }
diff -r d54fee032d67 -r 73564b1f3db4 www/apache6/patches/patch-ao
--- a/www/apache6/patches/patch-ao      Sun Nov 02 07:02:32 2003 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-$NetBSD: patch-ao,v 1.1 2003/10/29 10:45:26 cube Exp $
-
---- src/modules/standard/mod_rewrite.c.orig    2003-10-29 09:25:17.000000000 +0100
-+++ src/modules/standard/mod_rewrite.c
-@@ -1834,7 +1834,7 @@ static int apply_rewrite_rule(request_re
-     const char *vary;
-     char newuri[MAX_STRING_LEN];
-     regex_t *regexp;
--    regmatch_t regmatch[MAX_NMATCH];
-+    regmatch_t regmatch[AP_MAX_REG_MATCH];
-     backrefinfo *briRR = NULL;
-     backrefinfo *briRC = NULL;
-     int prefixstrip;
-@@ -1891,7 +1891,7 @@ static int apply_rewrite_rule(request_re
-         rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
-                    perdir, p->pattern, uri);
-     }
--    rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0);
-+    rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
-     if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
-            (!rc &&  (p->flags & RULEFLAG_NOTMATCH))   ) ) {
-         return 0;
-@@ -2179,7 +2179,7 @@ static int apply_rewrite_cond(request_re
-     char input[MAX_STRING_LEN];
-     struct stat sb;
-     request_rec *rsub;
--    regmatch_t regmatch[MAX_NMATCH];
-+    regmatch_t regmatch[AP_MAX_REG_MATCH];
-     int rc;
- 
-     /*
-@@ -2283,8 +2283,7 @@ static int apply_rewrite_cond(request_re
-     }
-     else {
-         /* it is really a regexp pattern, so apply it */
--        rc = (ap_regexec(p->regexp, input,
--                         p->regexp->re_nsub+1, regmatch,0) == 0);
-+        rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
- 
-         /* if it isn't a negated pattern and really matched
-            we update the passed-through regex subst info structure */
-@@ -2442,7 +2441,7 @@ static void do_expand(request_rec *r, ch
-               bri = briRC;
-           }
-           /* see ap_pregsub() in src/main/util.c */
--            if (bri && n <= bri->nsub &&
-+            if (bri && n < AP_MAX_REG_MATCH &&
-               bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
-               span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
-               if (span > space) {
diff -r d54fee032d67 -r 73564b1f3db4 www/apache6/patches/patch-ap
--- a/www/apache6/patches/patch-ap      Sun Nov 02 07:02:32 2003 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-ap,v 1.1 2003/10/29 10:45:26 cube Exp $
-
---- src/modules/standard/mod_rewrite.h.orig    2003-05-19 04:35:31.000000000 +0200
-+++ src/modules/standard/mod_rewrite.h
-@@ -253,8 +253,6 @@
- 
- #define MAX_ENV_FLAGS 15
- 
--#define MAX_NMATCH    10
--
- /* default maximum number of internal redirects */
- #define REWRITE_REDIRECT_LIMIT 10
- 
-@@ -368,7 +366,7 @@ typedef struct cache {
- typedef struct backrefinfo {
-     char *source;
-     int nsub;
--    regmatch_t regmatch[10];
-+    regmatch_t regmatch[AP_MAX_REG_MATCH];
- } backrefinfo;
- 
- 
diff -r d54fee032d67 -r 73564b1f3db4 www/apache6/patches/patch-aq
--- a/www/apache6/patches/patch-aq      Sun Nov 02 07:02:32 2003 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2003/10/29 10:45:26 cube Exp $
-
---- src/include/httpd.h.orig   2003-10-29 09:28:40.000000000 +0100
-+++ src/include/httpd.h
-@@ -291,6 +291,9 @@ extern "C" {
- /* The size of the server's internal read-write buffers */
- #define IOBUFSIZE 8192
- 
-+/* The max number of regex captures that can be expanded by ap_pregsub */
-+#define AP_MAX_REG_MATCH 10
-+
- /* Number of servers to spawn off by default --- also, if fewer than
-  * this free when the caretaker checks, it will spawn more.
-  */
Prev by Date: [pkgsrc/trunk]: pkgsrc I'm the new maintainer.
Next by Date: [pkgsrc/trunk]: pkgsrc/www/apache6 Update PLIST for apache6-1.3.29.
Previous by Thread: [pkgsrc/trunk]: pkgsrc I'm the new maintainer.
Next by Thread: [pkgsrc/trunk]: pkgsrc/www/apache6 Update PLIST for apache6-1.3.29.
Indexes:
Home | Main Index | Thread Index | Old Index