[pkgsrc/trunk]: pkgsrc/devel/apr0 Fix security problem of CVE-2009-2412 addin...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/109fea76f274
branches:  trunk
changeset: 397430:109fea76f274
user:      taca <taca%pkgsrc.org@localhost>
date:      Wed Aug 12 03:37:28 2009 +0000

description:
Fix security problem of CVE-2009-2412 adding patches described in it.

Bump PKGREVISION.

diffstat:

 devel/apr0/Makefile         |   5 +-
 devel/apr0/distinfo         |   4 +-
 devel/apr0/patches/patch-ab |  92 +++++++++++++++++++++++++++++++++++++++++++++
 devel/apr0/patches/patch-ac |  58 ++++++++++++++++++++++++++++
 4 files changed, 156 insertions(+), 3 deletions(-)

diffs (194 lines):

diff -r 5223f22cdcc3 -r 109fea76f274 devel/apr0/Makefile
--- a/devel/apr0/Makefile       Wed Aug 12 03:27:48 2009 +0000
+++ b/devel/apr0/Makefile       Wed Aug 12 03:37:28 2009 +0000
@@ -1,13 +1,14 @@
-# $NetBSD: Makefile,v 1.5 2008/06/22 23:01:19 he Exp $
+# $NetBSD: Makefile,v 1.6 2009/08/12 03:37:28 taca Exp $
 
 .include "../../www/apache2/Makefile.common"
 
 PKGNAME=       apr-${APR_VERSION}.${APACHE_VERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    devel
 
 HOMEPAGE=      http://apr.apache.org/
 COMMENT=       Apache Portable Runtime
+LICENSE=       apache-2.0
 
 PKG_DESTDIR_SUPPORT=   user-destdir
 
diff -r 5223f22cdcc3 -r 109fea76f274 devel/apr0/distinfo
--- a/devel/apr0/distinfo       Wed Aug 12 03:27:48 2009 +0000
+++ b/devel/apr0/distinfo       Wed Aug 12 03:37:28 2009 +0000
@@ -1,9 +1,11 @@
-$NetBSD: distinfo,v 1.3 2008/01/21 14:33:46 taca Exp $
+$NetBSD: distinfo,v 1.4 2009/08/12 03:37:28 taca Exp $
 
 SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755
 RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870
 Size (httpd-2.0.63.tar.bz2) = 4587670 bytes
 SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9
+SHA1 (patch-ab) = f4de25804fa90ed686d8e8736ccee7967836c0ea
+SHA1 (patch-ac) = a3d69920cf20cc03c89e5eaac6fe6a597c9c3a29
 SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596
 SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e
 SHA1 (patch-ap) = 357776c7208407936e09891ae87d23b112a12756
diff -r 5223f22cdcc3 -r 109fea76f274 devel/apr0/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/apr0/patches/patch-ab       Wed Aug 12 03:37:28 2009 +0000
@@ -0,0 +1,92 @@
+$NetBSD: patch-ab,v 1.1 2009/08/12 03:37:28 taca Exp $
+
+Fix for http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2412.
+
+--- apr-util/misc/apr_rmm.c.orig       2005-08-05 20:02:06.000000000 +0900
++++ apr-util/misc/apr_rmm.c
+@@ -47,6 +47,7 @@ struct apr_rmm_t {
+ static apr_rmm_off_t find_block_by_offset(apr_rmm_t *rmm, apr_rmm_off_t next, 
+                                           apr_rmm_off_t find, int includes)
+ {
++    apr_size_t size;
+     apr_rmm_off_t prev = 0;
+ 
+     while (next) {
+@@ -277,13 +278,17 @@ APU_DECLARE(apr_status_t) apr_rmm_detach
+ 
+ APU_DECLARE(apr_rmm_off_t) apr_rmm_malloc(apr_rmm_t *rmm, apr_size_t reqsize)
+ {
++    apr_size_t size;
+     apr_rmm_off_t this;
+     
+-    reqsize = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
++    size = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
++    if (size < reqsize) {
++        return 0;
++    }
+ 
+     APR_ANYLOCK_LOCK(&rmm->lock);
+ 
+-    this = find_block_of_size(rmm, reqsize);
++    this = find_block_of_size(rmm, size);
+ 
+     if (this) {
+         move_block(rmm, this, 0);
+@@ -296,18 +301,22 @@ APU_DECLARE(apr_rmm_off_t) apr_rmm_mallo
+ 
+ APU_DECLARE(apr_rmm_off_t) apr_rmm_calloc(apr_rmm_t *rmm, apr_size_t reqsize)
+ {
++    apr_size_t size;
+     apr_rmm_off_t this;
+         
+-    reqsize = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
++    size = APR_ALIGN_DEFAULT(reqsize) + RMM_BLOCK_SIZE;
++    if (size < reqsize) {
++        return 0;
++    }
+ 
+     APR_ANYLOCK_LOCK(&rmm->lock);
+ 
+-    this = find_block_of_size(rmm, reqsize);
++    this = find_block_of_size(rmm, size);
+ 
+     if (this) {
+         move_block(rmm, this, 0);
+         this += RMM_BLOCK_SIZE;
+-        memset((char*)rmm->base + this, 0, reqsize - RMM_BLOCK_SIZE);
++        memset((char*)rmm->base + this, 0, size - RMM_BLOCK_SIZE);
+     }
+ 
+     APR_ANYLOCK_UNLOCK(&rmm->lock);
+@@ -320,16 +329,19 @@ APU_DECLARE(apr_rmm_off_t) apr_rmm_reall
+     apr_rmm_off_t this;
+     apr_rmm_off_t old;
+     struct rmm_block_t *blk;
+-    apr_size_t oldsize;
++    apr_size_t size, oldsize;
+ 
+     if (!entity) {
+         return apr_rmm_malloc(rmm, reqsize);
+     }
+ 
+-    reqsize = APR_ALIGN_DEFAULT(reqsize);
++    size = APR_ALIGN_DEFAULT(reqsize);
++    if (size < reqsize) {
++        return 0;
++    }
+     old = apr_rmm_offset_get(rmm, entity);
+ 
+-    if ((this = apr_rmm_malloc(rmm, reqsize)) == 0) {
++    if ((this = apr_rmm_malloc(rmm, size)) == 0) {
+         return 0;
+     }
+ 
+@@ -337,7 +349,7 @@ APU_DECLARE(apr_rmm_off_t) apr_rmm_reall
+     oldsize = blk->size;
+ 
+     memcpy(apr_rmm_addr_get(rmm, this),
+-           apr_rmm_addr_get(rmm, old), oldsize < reqsize ? oldsize : reqsize);
++           apr_rmm_addr_get(rmm, old), oldsize < size ? oldsize : size);
+     apr_rmm_free(rmm, old);
+ 
+     return this;
diff -r 5223f22cdcc3 -r 109fea76f274 devel/apr0/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/apr0/patches/patch-ac       Wed Aug 12 03:37:28 2009 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-ac,v 1.1 2009/08/12 03:37:28 taca Exp $
+
+Fix for http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2412.
+
+--- apr/memory/unix/apr_pools.c.orig   2007-10-17 13:09:40.000000000 +0900
++++ apr/memory/unix/apr_pools.c
+@@ -189,15 +189,19 @@ APR_DECLARE(void) apr_allocator_max_free
+ }
+ 
+ static APR_INLINE
+-apr_memnode_t *allocator_alloc(apr_allocator_t *allocator, apr_size_t size)
++apr_memnode_t *allocator_alloc(apr_allocator_t *allocator, apr_size_t in_size)
+ {
+     apr_memnode_t *node, **ref;
+     apr_uint32_t i, index, max_index;
++    apr_size_t size;
+ 
+     /* Round up the block size to the next boundary, but always
+      * allocate at least a certain size (MIN_ALLOC).
+      */
+-    size = APR_ALIGN(size + APR_MEMNODE_T_SIZE, BOUNDARY_SIZE);
++    size = APR_ALIGN(in_size + APR_MEMNODE_T_SIZE, BOUNDARY_SIZE);
++    if (size < in_size) {
++        return NULL;
++    }
+     if (size < MIN_ALLOC)
+         size = MIN_ALLOC;
+ 
+@@ -625,13 +629,19 @@ void netware_pool_proc_cleanup ()
+  * Memory allocation
+  */
+ 
+-APR_DECLARE(void *) apr_palloc(apr_pool_t *pool, apr_size_t size)
++APR_DECLARE(void *) apr_palloc(apr_pool_t *pool, apr_size_t in_size)
+ {
+     apr_memnode_t *active, *node;
+     void *mem;
+     apr_uint32_t free_index;
++    apr_size_t size;
+ 
+-    size = APR_ALIGN_DEFAULT(size);
++    size = APR_ALIGN_DEFAULT(in_size);
++    if (size < in_size) {
++        if (pool->abort_fn)
++            pool->abort_fn(APR_ENOMEM);
++
++    }
+     active = pool->active;
+ 
+     /* If the active node has enough bytes left, use it. */
+@@ -696,7 +706,6 @@ APR_DECLARE(void *) apr_pcalloc(apr_pool
+ {
+     void *mem;
+ 
+-    size = APR_ALIGN_DEFAULT(size);
+     if ((mem = apr_palloc(pool, size)) != NULL) {
+         memset(mem, 0, size);
+     }