[pkgsrc/pkgsrc-2004Q3]: pkgsrc Pullup ticket 114, requested by Matthias Scheler.

[agc <agc%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c800fd06fa28
branches:  pkgsrc-2004Q3
changeset: 480710:c800fd06fa28
user:      agc <agc%pkgsrc.org@localhost>
date:      Thu Sep 30 13:58:22 2004 +0000

description:
Pullup ticket 114, requested by Matthias Scheler.

Security fix for apache

        Modified Files:
                pkgsrc/www/apache: Makefile distinfo
        Added Files:
                pkgsrc/www/apache/patches: patch-ap

        Log Message:
        Apply fix for security vulnerability in proxy module reported in
        CAN-2004-0492. Bump package revision package of this.

diffstat:

 doc/CHANGES-pkgsrc-2004Q3   |   5 ++++-
 www/apache/Makefile         |   4 ++--
 www/apache/distinfo         |   3 ++-
 www/apache/patches/patch-ap |  18 ++++++++++++++++++
 4 files changed, 26 insertions(+), 4 deletions(-)

diffs (67 lines):

diff -r 3bb2735fe54e -r c800fd06fa28 doc/CHANGES-pkgsrc-2004Q3
--- a/doc/CHANGES-pkgsrc-2004Q3 Thu Sep 30 13:54:11 2004 +0000
+++ b/doc/CHANGES-pkgsrc-2004Q3 Thu Sep 30 13:58:22 2004 +0000
@@ -1,6 +1,9 @@
-$NetBSD: CHANGES-pkgsrc-2004Q3,v 1.1.2.1 2004/09/30 13:54:11 agc Exp $
+$NetBSD: CHANGES-pkgsrc-2004Q3,v 1.1.2.2 2004/09/30 13:58:22 agc Exp $
 
 Changes to the packages collection and infrastructure on the
 pkgsrc-2004Q3 branch:
 
 Created pkgsrc-2004Q3 branch [agc 2004-09-20 20:15 UTC]
+
+Pullup ticket 114 - requested by Matthias Scheler
+security fix for apache
diff -r 3bb2735fe54e -r c800fd06fa28 www/apache/Makefile
--- a/www/apache/Makefile       Thu Sep 30 13:54:11 2004 +0000
+++ b/www/apache/Makefile       Thu Sep 30 13:58:22 2004 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.150 2004/08/22 19:32:52 jlam Exp $
+# $NetBSD: Makefile,v 1.150.2.1 2004/09/30 13:58:22 agc Exp $
 #
 # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
 # code hooks that allow mod_ssl to be compiled separately later, if desired).
 
 DISTNAME=              apache_1.3.31
 PKGNAME=               ${DISTNAME:S/_/-/}
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            www
 MASTER_SITES=          ${MASTER_SITE_APACHE:=httpd/} \
                        ${MASTER_SITE_APACHE:=httpd/old/}
diff -r 3bb2735fe54e -r c800fd06fa28 www/apache/distinfo
--- a/www/apache/distinfo       Thu Sep 30 13:54:11 2004 +0000
+++ b/www/apache/distinfo       Thu Sep 30 13:58:22 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36 2004/07/17 12:44:28 tron Exp $
+$NetBSD: distinfo,v 1.36.2.1 2004/09/30 13:58:22 agc Exp $
 
 SHA1 (apache_1.3.31.tar.gz) = a5d4298e8f99cae220ba65b5ef128d5742c7298d
 Size (apache_1.3.31.tar.gz) = 2467371 bytes
@@ -20,3 +20,4 @@
 SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2
 SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02
 SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4
+SHA1 (patch-ap) = da8016c534bbed4036837d8e494ea3d5bb4342ea
diff -r 3bb2735fe54e -r c800fd06fa28 www/apache/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ap       Thu Sep 30 13:58:22 2004 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ap,v 1.4.4.1 2004/09/30 13:58:22 agc Exp $
+
+--- src/modules/proxy/proxy_http.c.orig        29 Mar 2004 17:47:15 -0000      1.106
++++ src/modules/proxy/proxy_http.c     11 Jun 2004 07:54:38 -0000      1.107
+@@ -485,6 +485,13 @@
+         content_length = ap_table_get(resp_hdrs, "Content-Length");
+         if (content_length != NULL) {
+             c->len = ap_strtol(content_length, NULL, 10);
++
++          if (c->len < 0) {
++              ap_kill_timeout(r);
++              return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
++                                   "Invalid Content-Length from remote server",
++                                      NULL));
++          }
+         }
+ 
+     }