pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache22 Add patch for security vulnerabilities re...
details: https://anonhg.NetBSD.org/pkgsrc/rev/eb7bea266a12
branches: trunk
changeset: 598742:eb7bea266a12
user: tron <tron%pkgsrc.org@localhost>
date: Sun Jan 29 12:29:07 2012 +0000
description:
Add patch for security vulnerabilities reported in CVE-2012-0021
and CVE-2012-0053 taken from Apache SVN repository.
diffstat:
www/apache22/Makefile | 4 +-
www/apache22/distinfo | 5 +-
www/apache22/patches/patch-CVE-2012-0021 | 42 ++++++++++++
www/apache22/patches/patch-server_protocol.c | 91 +++++++++++++++++++++++++++-
4 files changed, 136 insertions(+), 6 deletions(-)
diffs (193 lines):
diff -r 769ded2afe87 -r eb7bea266a12 www/apache22/Makefile
--- a/www/apache22/Makefile Sun Jan 29 11:57:57 2012 +0000
+++ b/www/apache22/Makefile Sun Jan 29 12:29:07 2012 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.77 2012/01/17 20:48:28 spz Exp $
+# $NetBSD: Makefile,v 1.78 2012/01/29 12:29:07 tron Exp $
DISTNAME= httpd-2.2.21
PKGNAME= ${DISTNAME:S/httpd/apache/}
-PKGREVISION= 6
+PKGREVISION= 7
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
http://archive.apache.org/dist/httpd/ \
diff -r 769ded2afe87 -r eb7bea266a12 www/apache22/distinfo
--- a/www/apache22/distinfo Sun Jan 29 11:57:57 2012 +0000
+++ b/www/apache22/distinfo Sun Jan 29 12:29:07 2012 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.48 2012/01/17 20:48:28 spz Exp $
+$NetBSD: distinfo,v 1.49 2012/01/29 12:29:07 tron Exp $
SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4
RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1
Size (httpd-2.2.21.tar.bz2) = 5324905 bytes
+SHA1 (patch-CVE-2012-0021) = 8c44c591ffa3a4ca32de47c71d1aa8470de81f1e
SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -18,6 +19,6 @@
SHA1 (patch-modules_mappers_mod_rewrite.c) = de7bbdf02dda38e2542e4967ee6f22745ec0f118
SHA1 (patch-modules_proxy_mod_proxy.c) = bab58b70eee22d7c08be9a4a9ada3fad886fa796
SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
-SHA1 (patch-server_protocol.c) = 2be3e4fc08da717fa55b058eb32e398f6546d457
+SHA1 (patch-server_protocol.c) = dc99717704f53837dfd7b9c1018487a787dcbfd9
SHA1 (patch-server_scoreboard.c) = 8d1e007f8d1d6a6db827a41d82369749e603a2b3
SHA1 (patch-server_util.c) = 37e9c357618a9645222cd981f0ccb04c7987fe15
diff -r 769ded2afe87 -r eb7bea266a12 www/apache22/patches/patch-CVE-2012-0021
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-CVE-2012-0021 Sun Jan 29 12:29:07 2012 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-CVE-2012-0021,v 1.1 2012/01/29 12:29:08 tron Exp $
+
+Fix security vulnerability reported in CVE-2012-0021. Patch taken from
+Apache SVN repository:
+
+http://svn.apache.org/viewvc?view=revision&revision=1227292
+
+--- modules/loggers/mod_log_config.c.orig 2010-08-24 07:41:38.000000000 +0100
++++ modules/loggers/mod_log_config.c 2012-01-29 12:08:13.000000000 +0000
+@@ -524,19 +524,21 @@
+
+ while ((cookie = apr_strtok(cookies, ";", &last1))) {
+ char *name = apr_strtok(cookie, "=", &last2);
+- char *value;
+- apr_collapse_spaces(name, name);
++ if (name) {
++ char *value;
++ apr_collapse_spaces(name, name);
++
++ if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
++ char *last;
++ value += strspn(value, " \t"); /* Move past leading WS */
++ last = value + strlen(value) - 1;
++ while (last >= value && apr_isspace(*last)) {
++ *last = '\0';
++ --last;
++ }
+
+- if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+- char *last;
+- value += strspn(value, " \t"); /* Move past leading WS */
+- last = value + strlen(value) - 1;
+- while (last >= value && apr_isspace(*last)) {
+- *last = '\0';
+- --last;
++ return ap_escape_logitem(r->pool, value);
+ }
+-
+- return ap_escape_logitem(r->pool, value);
+ }
+ cookies = NULL;
+ }
diff -r 769ded2afe87 -r eb7bea266a12 www/apache22/patches/patch-server_protocol.c
--- a/www/apache22/patches/patch-server_protocol.c Sun Jan 29 11:57:57 2012 +0000
+++ b/www/apache22/patches/patch-server_protocol.c Sun Jan 29 12:29:07 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-server_protocol.c,v 1.3 2011/12/12 18:43:14 tron Exp $
+$NetBSD: patch-server_protocol.c,v 1.4 2012/01/29 12:29:08 tron Exp $
revision 1179239 from http://svn.apache.org/:
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion
@@ -12,8 +12,13 @@
request-URI does not match the grammar from RFC 2616. This ensures
the input string for RewriteRule et al really is an absolute path.
+revision 1235454 from http://svn.apache.org/:
+ CVE-2012-0053: Fix an issue in error responses that could expose
+ "httpOnly" cookies when no custom ErrorDocument is specified for
+ status code 400.
+
--- server/protocol.c.orig 2011-05-07 12:39:29.000000000 +0100
-+++ server/protocol.c 2011-12-12 18:37:04.000000000 +0000
++++ server/protocol.c 2012-01-29 12:22:25.000000000 +0000
@@ -640,6 +640,25 @@
ap_parse_uri(r, uri);
@@ -40,3 +45,85 @@
if (ll[0]) {
r->assbackwards = 0;
pro = ll;
+@@ -670,6 +689,16 @@
+ return 1;
+ }
+
++/* get the length of the field name for logging, but no more than 80 bytes */
++#define LOG_NAME_MAX_LEN 80
++static int field_name_len(const char *field)
++{
++ const char *end = ap_strchr_c(field, ':');
++ if (end == NULL || end - field > LOG_NAME_MAX_LEN)
++ return LOG_NAME_MAX_LEN;
++ return end - field;
++}
++
+ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
+ {
+ char *last_field = NULL;
+@@ -709,12 +738,15 @@
+ /* insure ap_escape_html will terminate correctly */
+ field[len - 1] = '\0';
+ apr_table_setn(r->notes, "error-notes",
+- apr_pstrcat(r->pool,
++ apr_psprintf(r->pool,
+ "Size of a request header field "
+ "exceeds server limit.<br />\n"
+- "<pre>\n",
+- ap_escape_html(r->pool, field),
+- "</pre>\n", NULL));
++ "<pre>\n%.*s\n</pre>/n",
++ field_name_len(field),
++ ap_escape_html(r->pool, field)));
++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
++ "Request header exceeds LimitRequestFieldSize: "
++ "%.*s", field_name_len(field), field);
+ }
+ return;
+ }
+@@ -735,13 +767,17 @@
+ * overflow (last_field) as the field with the problem
+ */
+ apr_table_setn(r->notes, "error-notes",
+- apr_pstrcat(r->pool,
++ apr_psprintf(r->pool,
+ "Size of a request header field "
+ "after folding "
+ "exceeds server limit.<br />\n"
+- "<pre>\n",
+- ap_escape_html(r->pool, last_field),
+- "</pre>\n", NULL));
++ "<pre>\n%.*s\n</pre>\n",
++ field_name_len(last_field),
++ ap_escape_html(r->pool, last_field)));
++ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
++ "Request header exceeds LimitRequestFieldSize "
++ "after folding: %.*s",
++ field_name_len(last_field), last_field);
+ return;
+ }
+
+@@ -773,13 +809,18 @@
+ if (!(value = strchr(last_field, ':'))) { /* Find ':' or */
+ r->status = HTTP_BAD_REQUEST; /* abort bad request */
+ apr_table_setn(r->notes, "error-notes",
+- apr_pstrcat(r->pool,
++ apr_psprintf(r->pool,
+ "Request header field is "
+ "missing ':' separator.<br />\n"
+- "<pre>\n",
++ "<pre>\n%.*s</pre>\n",
++ (int)LOG_NAME_MAX_LEN,
+ ap_escape_html(r->pool,
+- last_field),
+- "</pre>\n", NULL));
++ last_field)));
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
++ "Request header field is missing ':' "
++ "separator: %.*s", (int)LOG_NAME_MAX_LEN,
++ last_field);
++
+ return;
+ }
+
Home |
Main Index |
Thread Index |
Old Index