[pkgsrc/trunk]: pkgsrc/www/apache Add three patches to resolve security issue:

[reed <reed%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/71643e6f1d59
branches:  trunk
changeset: 472292:71643e6f1d59
user:      reed <reed%pkgsrc.org@localhost>
date:      Wed Apr 07 19:53:27 2004 +0000

description:
Add three patches to resolve security issue:
SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog

The three patches are from Apache cvs.
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/

Also bump PKGREVISION too.

diffstat:

 www/apache/Makefile         |   3 +-
 www/apache/patches/patch-ap |  30 ++++++++++++++++++
 www/apache/patches/patch-aq |  14 ++++++++
 www/apache/patches/patch-ar |  75 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 121 insertions(+), 1 deletions(-)

diffs (147 lines):

diff -r 0a86c3ca6682 -r 71643e6f1d59 www/apache/Makefile
--- a/www/apache/Makefile       Wed Apr 07 19:10:16 2004 +0000
+++ b/www/apache/Makefile       Wed Apr 07 19:53:27 2004 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.139 2004/02/28 22:18:35 snj Exp $
+# $NetBSD: Makefile,v 1.140 2004/04/07 19:53:27 reed Exp $
 #
 # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
 # code hooks that allow mod_ssl to be compiled separately later, if desired).
 
 DISTNAME=              apache_${APACHE_VERSION}
 PKGNAME=               apache-${APACHE_VERSION}
+PKGREVISION=           1
 APACHE_VERSION=                1.3.29
 CATEGORIES=            www
 MASTER_SITES=          ${MASTER_SITE_APACHE:=httpd/} \
diff -r 0a86c3ca6682 -r 71643e6f1d59 www/apache/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ap       Wed Apr 07 19:53:27 2004 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-ap,v 1.3 2004/04/07 19:53:27 reed Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/main/http_log.c.orig   2003-02-03 09:13:21.000000000 -0800
++++ src/main/http_log.c
+@@ -314,6 +314,9 @@ static void log_error_core(const char *f
+                          const char *fmt, va_list args)
+ {
+     char errstr[MAX_STRING_LEN];
++#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
++    char scratch[MAX_STRING_LEN];
++#endif
+     size_t len;
+     int save_errno = errno;
+     FILE *logf;
+@@ -445,7 +448,14 @@ static void log_error_core(const char *f
+     }
+ #endif
+ 
++#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
++   if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
++       len += ap_escape_errorlog_item(errstr + len, scratch,
++                                      sizeof(errstr) - len);
++   }
++#else
+     len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
++#endif
+ 
+     /* NULL if we are logging to syslog */
+     if (logf) {
diff -r 0a86c3ca6682 -r 71643e6f1d59 www/apache/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-aq       Wed Apr 07 19:53:27 2004 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aq,v 1.3 2004/04/07 19:53:27 reed Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/include/httpd.h.orig   2004-04-07 12:24:10.967724616 -0700
++++ src/include/httpd.h
+@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool *
+ API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname,
+                                   unsigned port, const request_rec *r);
+ API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str);
++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
++                                           size_t buflen);
+ API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s);
+ 
+ API_EXPORT(int) ap_count_dirs(const char *path);
diff -r 0a86c3ca6682 -r 71643e6f1d59 www/apache/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ar       Wed Apr 07 19:53:27 2004 +0000
@@ -0,0 +1,75 @@
+$NetBSD: patch-ar,v 1.3 2004/04/07 19:53:27 reed Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/main/util.c.orig       2003-02-03 09:13:23.000000000 -0800
++++ src/main/util.c
+@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo
+     return ret;
+ }
+ 
++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
++                                           size_t buflen)
++{
++    unsigned char *d, *ep;
++    const unsigned char *s;
++
++    if (!source || !buflen) { /* be safe */
++        return 0;
++    }
++
++    d = (unsigned char *)dest;
++    s = (const unsigned char *)source;
++    ep = d + buflen - 1;
++
++    for (; d < ep && *s; ++s) {
++
++        if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
++            *d++ = '\\';
++            if (d >= ep) {
++                --d;
++                break;
++            }
++
++            switch(*s) {
++            case '\b':
++                *d++ = 'b';
++                break;
++            case '\n':
++                *d++ = 'n';
++                break;
++            case '\r':
++                *d++ = 'r';
++                break;
++            case '\t':
++                *d++ = 't';
++                break;
++            case '\v':
++                *d++ = 'v';
++                break;
++            case '\\':
++                *d++ = *s;
++                break;
++            case '"': /* no need for this in error log */
++                d[-1] = *s;
++                break;
++            default:
++                if (d >= ep - 2) {
++                    ep = --d; /* break the for loop as well */
++                    break;
++                }
++                c2x(*s, d);
++                *d = 'x';
++                d += 3;
++            }
++        }
++        else {
++            *d++ = *s;
++        }
++    }
++    *d = '\0';
++
++    return (d - (unsigned char *)dest);
++}
+ 
+ API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str)
+ {