[pkgsrc/trunk]: pkgsrc/www/apache22 Add patch provided by the Apache foundati...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a82d155df875
branches:  trunk
changeset: 576476:a82d155df875
user:      tron <tron%pkgsrc.org@localhost>
date:      Sat Jun 12 10:40:26 2010 +0000

description:
Add patch provided by the Apache foundation to close the privacy leak
reported in CVE-2010-2068.

diffstat:

 www/apache22/Makefile         |   4 ++--
 www/apache22/distinfo         |   3 ++-
 www/apache22/patches/patch-af |  35 +++++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 3 deletions(-)

diffs (69 lines):

diff -r c23e360606df -r a82d155df875 www/apache22/Makefile
--- a/www/apache22/Makefile     Sat Jun 12 09:47:16 2010 +0000
+++ b/www/apache22/Makefile     Sat Jun 12 10:40:26 2010 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2010/05/03 20:10:33 tron Exp $
+# $NetBSD: Makefile,v 1.59 2010/06/12 10:40:26 tron Exp $
 
 DISTNAME=      httpd-2.2.15
-PKGREVISION=   2
+PKGREVISION=   3
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/} \
diff -r c23e360606df -r a82d155df875 www/apache22/distinfo
--- a/www/apache22/distinfo     Sat Jun 12 09:47:16 2010 +0000
+++ b/www/apache22/distinfo     Sat Jun 12 10:40:26 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2010/04/28 07:43:56 obache Exp $
+$NetBSD: distinfo,v 1.33 2010/06/12 10:40:26 tron Exp $
 
 SHA1 (httpd-2.2.15.tar.bz2) = 5f0e973839ed2e38a4d03adba109ef5ce3381bc2
 RMD160 (httpd-2.2.15.tar.bz2) = e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf
@@ -8,6 +8,7 @@
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
+SHA1 (patch-af) = c3051544406326297161f36ff3f499395630dc05
 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
diff -r c23e360606df -r a82d155df875 www/apache22/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-af     Sat Jun 12 10:40:26 2010 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-af,v 1.3 2010/06/12 10:40:26 tron Exp $
+
+Patch to fix CVE-2010-2068, taken from here:
+
+http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch
+
+--- modules/proxy/mod_proxy_http.c.orig        2010-02-27 18:49:36.000000000 +0000
++++ modules/proxy/mod_proxy_http.c     2010-06-12 11:33:45.000000000 +0100
+@@ -1401,7 +1401,7 @@
+             ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
+                           "proxy: error reading status line from remote "
+                           "server %s", backend->hostname);
+-            if (rc == APR_TIMEUP) {
++            if (APR_STATUS_IS_TIMEUP(rc)) {
+                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                               "proxy: read timeout");
+             }
+@@ -1417,7 +1417,7 @@
+              * we normally would handle timeouts
+              */
+             if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives &&
+-                rc != APR_TIMEUP) {
++                !APR_STATUS_IS_TIMEUP(rc)) {
+                 apr_bucket *eos;
+ 
+                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+@@ -1449,6 +1449,8 @@
+                     APR_BUCKET_INSERT_BEFORE(eos, e);
+                 }
+                 ap_pass_brigade(r->output_filters, bb);
++                /* Mark the backend connection for closing */
++                backend->close = 1;
+                 /* Need to return OK to avoid sending an error message */
+                 return OK;
+             }