pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache22 add patch for CVE-2012-0031 taken from Re...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/14da022755d8
branches:  trunk
changeset: 598103:14da022755d8
user:      spz <spz%pkgsrc.org@localhost>
date:      Tue Jan 17 20:48:28 2012 +0000

description:
add patch for CVE-2012-0031 taken from Revision 1231058 of http://svn.apache.org/
update patch for http://secunia.com/advisories/45793/

diffstat:

 www/apache22/Makefile                          |   4 +-
 www/apache22/distinfo                          |   5 ++-
 www/apache22/patches/patch-server_scoreboard.c |  33 ++++++++++++++++++++++++++
 www/apache22/patches/patch-server_util.c       |  15 +++++++++--
 4 files changed, 50 insertions(+), 7 deletions(-)

diffs (95 lines):

diff -r d981a26ba07b -r 14da022755d8 www/apache22/Makefile
--- a/www/apache22/Makefile     Tue Jan 17 20:43:25 2012 +0000
+++ b/www/apache22/Makefile     Tue Jan 17 20:48:28 2012 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.76 2011/12/13 15:37:56 spz Exp $
+# $NetBSD: Makefile,v 1.77 2012/01/17 20:48:28 spz Exp $
 
 DISTNAME=      httpd-2.2.21
 
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/} \
                http://archive.apache.org/dist/httpd/ \
diff -r d981a26ba07b -r 14da022755d8 www/apache22/distinfo
--- a/www/apache22/distinfo     Tue Jan 17 20:43:25 2012 +0000
+++ b/www/apache22/distinfo     Tue Jan 17 20:48:28 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.47 2011/12/13 15:37:56 spz Exp $
+$NetBSD: distinfo,v 1.48 2012/01/17 20:48:28 spz Exp $
 
 SHA1 (httpd-2.2.21.tar.bz2) = c02f9b05da9a7e316ff37d9053dc76a57ba51cb4
 RMD160 (httpd-2.2.21.tar.bz2) = 6464a03d78ab858b1288ea9eef4cd5f73b60a9f1
@@ -19,4 +19,5 @@
 SHA1 (patch-modules_proxy_mod_proxy.c) = bab58b70eee22d7c08be9a4a9ada3fad886fa796
 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
 SHA1 (patch-server_protocol.c) = 2be3e4fc08da717fa55b058eb32e398f6546d457
-SHA1 (patch-server_util.c) = b63f73e2a482facd188eecb0864fc612d1b7b3a5
+SHA1 (patch-server_scoreboard.c) = 8d1e007f8d1d6a6db827a41d82369749e603a2b3
+SHA1 (patch-server_util.c) = 37e9c357618a9645222cd981f0ccb04c7987fe15
diff -r d981a26ba07b -r 14da022755d8 www/apache22/patches/patch-server_scoreboard.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-server_scoreboard.c    Tue Jan 17 20:48:28 2012 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-server_scoreboard.c,v 1.1 2012/01/17 20:48:29 spz Exp $
+
+patch for CVE-2012-0031 taken from Revision 1231058 of http://svn.apache.org/
+
+--- server/scoreboard.c.orig   2010-10-07 16:56:54.000000000 +0000
++++ server/scoreboard.c
+@@ -42,6 +42,8 @@ AP_DECLARE_DATA const char *ap_scoreboar
+ AP_DECLARE_DATA int ap_extended_status = 0;
+ AP_DECLARE_DATA int ap_mod_status_reqtail = 0;
+ 
++static ap_scoreboard_e scoreboard_type;
++
+ #if APR_HAS_SHARED_MEMORY
+ 
+ #include "apr_shm.h"
+@@ -250,7 +252,7 @@ apr_status_t ap_cleanup_scoreboard(void 
+     if (ap_scoreboard_image == NULL) {
+         return APR_SUCCESS;
+     }
+-    if (ap_scoreboard_image->global->sb_type == SB_SHARED) {
++    if (scoreboard_type == SB_SHARED) {
+         ap_cleanup_shared_mem(NULL);
+     }
+     else {
+@@ -312,7 +314,7 @@ int ap_create_scoreboard(apr_pool_t *p, 
+         ap_init_scoreboard(sb_mem);
+     }
+ 
+-    ap_scoreboard_image->global->sb_type = sb_type;
++    ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type;
+     ap_scoreboard_image->global->running_generation = 0;
+     ap_scoreboard_image->global->restart_time = apr_time_now();
+ 
diff -r d981a26ba07b -r 14da022755d8 www/apache22/patches/patch-server_util.c
--- a/www/apache22/patches/patch-server_util.c  Tue Jan 17 20:43:25 2012 +0000
+++ b/www/apache22/patches/patch-server_util.c  Tue Jan 17 20:48:28 2012 +0000
@@ -1,11 +1,20 @@
-$NetBSD: patch-server_util.c,v 1.1 2011/11/11 07:58:03 spz Exp $
+$NetBSD: patch-server_util.c,v 1.2 2012/01/17 20:48:29 spz Exp $
 
 fix for http://secunia.com/advisories/45793/
-snarfed (with adjustment regarding location) from
-http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?r1=1198940&r2=1198939&pathrev=1198940
+http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/util.c?r1=1124515&r2=1227280
+modulo we have apr 1.3 and can use APR_SIZE_MAX and APR_ENOMEM
 
 --- server/util.c.orig 2011-05-19 02:17:37.000000000 +0000
 +++ server/util.c
+@@ -366,7 +366,7 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t
+     char *dest, *dst;
+     char c;
+     size_t no;
+-    int len;
++    apr_size_t len;
+ 
+     if (!source)
+         return NULL;
 @@ -391,6 +391,8 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t
              len++;
          }
Home | Main Index | Thread Index | Old Index