[pkgsrc/trunk]: pkgsrc/www/apache2 Fixes for security issues and PKGREVISION ...

[lkundrak <lkundrak%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/81671f619c2c
branches:  trunk
changeset: 530379:81671f619c2c
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Thu Jun 28 01:49:04 2007 +0000

description:
Fixes for security issues and PKGREVISION bump;
CVE-2006-5752 XSS in mod_status with ExtendedStatus on
CVE-2007-1863 remote crash when mod_cache enabled

diffstat:

 www/apache2/Makefile         |   4 +-
 www/apache2/distinfo         |   4 +-
 www/apache2/patches/patch-ap |  44 ++++++++++++++++++++++
 www/apache2/patches/patch-aq |  87 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 136 insertions(+), 3 deletions(-)

diffs (169 lines):

diff -r a11b4abcd9d6 -r 81671f619c2c www/apache2/Makefile
--- a/www/apache2/Makefile      Thu Jun 28 01:31:52 2007 +0000
+++ b/www/apache2/Makefile      Thu Jun 28 01:49:04 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.113 2007/06/10 06:14:18 joerg Exp $
+# $NetBSD: Makefile,v 1.114 2007/06/28 01:49:04 lkundrak Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    www
 
 HOMEPAGE=      http://httpd.apache.org/
diff -r a11b4abcd9d6 -r 81671f619c2c www/apache2/distinfo
--- a/www/apache2/distinfo      Thu Jun 28 01:31:52 2007 +0000
+++ b/www/apache2/distinfo      Thu Jun 28 01:49:04 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.49 2006/08/30 06:16:27 rillig Exp $
+$NetBSD: distinfo,v 1.50 2007/06/28 01:49:04 lkundrak Exp $
 
 SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
 RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
@@ -13,3 +13,5 @@
 SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6
+SHA1 (patch-ap) = 3f9dbd6dbbadb54f5255dfdb15decc6cc7e8eccc
+SHA1 (patch-aq) = d1e0243b28c9e224746fa5cac1321f55c5c0927e
diff -r a11b4abcd9d6 -r 81671f619c2c www/apache2/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-ap      Thu Jun 28 01:49:04 2007 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-ap,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
+
+Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
+
+--- modules/generators/mod_status.c.orig       2006-07-12 09:40:55.000000000 +0200
++++ modules/generators/mod_status.c
+@@ -269,7 +269,7 @@ static int status_handler(request_rec *r
+     if (r->method_number != M_GET)
+         return DECLINED;
+ 
+-    ap_set_content_type(r, "text/html");
++    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ 
+     /*
+      * Simple table-driven form data set parser that lets you alter the header
+@@ -298,7 +298,7 @@ static int status_handler(request_rec *r
+                     no_table_report = 1;
+                     break;
+                 case STAT_OPT_AUTO:
+-                    ap_set_content_type(r, "text/plain");
++                    ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
+                     short_report = 1;
+                     break;
+                 }
+@@ -664,7 +664,8 @@ static int status_handler(request_rec *r
+                                ap_escape_html(r->pool,
+                                               ws_record->client),
+                                ap_escape_html(r->pool,
+-                                              ws_record->request),
++                                              ap_escape_logitem(r->pool,
++                                                                ws_record->request)),
+                                ap_escape_html(r->pool,
+                                               ws_record->vhost));
+                 }
+@@ -753,7 +754,8 @@ static int status_handler(request_rec *r
+                                    ap_escape_html(r->pool,
+                                                   ws_record->vhost),
+                                    ap_escape_html(r->pool,
+-                                                  ws_record->request));
++                                                  ap_escape_logitem(r->pool, 
++                                                                    ws_record->request)));
+                 } /* no_table_report */
+             } /* for (j...) */
+         } /* for (i...) */
diff -r a11b4abcd9d6 -r 81671f619c2c www/apache2/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-aq      Thu Jun 28 01:49:04 2007 +0000
@@ -0,0 +1,87 @@
+$NetBSD: patch-aq,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
+
+Fix for CVE-2007-1863 remote crash when mod_cache enabled.
+
+--- modules/experimental/cache_util.c.orig     2006-07-12 09:40:55.000000000 +0200
++++ modules/experimental/cache_util.c
+@@ -186,10 +186,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
+     age = ap_cache_current_age(info, age_c, r->request_time);
+ 
+     /* extract s-maxage */
+-    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
++    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
++        && val != NULL) {
+         smaxage = apr_atoi64(val);
+     }
+-    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) {
++    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)
++             && val != NULL) {
+         smaxage = apr_atoi64(val);
+     }
+     else {
+@@ -197,7 +199,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
+     }
+ 
+     /* extract max-age from request */
+-    if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
++    if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
++        && val != NULL) {
+         maxage_req = apr_atoi64(val);
+     }
+     else {
+@@ -205,10 +208,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
+     }
+ 
+     /* extract max-age from response */
+-    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
++    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
++        && val != NULL) {
+         maxage_cresp = apr_atoi64(val);
+     }
+-    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) {
++    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)
++             && val != NULL) {
+         maxage_cresp = apr_atoi64(val);
+     }
+     else
+@@ -231,14 +236,28 @@ CACHE_DECLARE(int) ap_cache_check_freshn
+ 
+     /* extract max-stale */
+     if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
+-        maxstale = apr_atoi64(val);
++        if(val != NULL) {
++            maxstale = apr_atoi64(val);
++        }
++        else {
++            /*
++             * If no value is assigned to max-stale, then the client is willing
++             * to accept a stale response of any age (RFC2616 14.9.3). We will
++             * set it to one year in this case as this situation is somewhat
++             * similar to a "never expires" Expires header (RFC2616 14.21)
++             * which is set to a date one year from the time the response is
++             * sent in this case.
++             */
++            maxstale = APR_INT64_C(86400*365);
++        }
+     }
+     else {
+         maxstale = 0;
+     }
+ 
+     /* extract min-fresh */
+-    if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
++    if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
++        && val != NULL) {
+         minfresh = apr_atoi64(val);
+     }
+     else {
+@@ -384,6 +403,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_
+                                                   next - val_start);
+                         }
+                     }
++                    else {
++                        *val = NULL;
++                    }
+                 }
+                 return 1;
+             }