[pkgsrc/trunk]: pkgsrc/www/apache22 Add a fix for the remote Denial of Servic...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3ae28487ee73
branches:  trunk
changeset: 399117:3ae28487ee73
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun Sep 13 13:32:50 2009 +0000

description:
Add a fix for the remote Denial of Service vulnerability reported
in CVE-2009-3094.

diffstat:

 www/apache22/Makefile         |   3 ++-
 www/apache22/distinfo         |   3 ++-
 www/apache22/patches/patch-ab |  19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diffs (51 lines):

diff -r 057f8b2769a2 -r 3ae28487ee73 www/apache22/Makefile
--- a/www/apache22/Makefile     Sun Sep 13 13:31:41 2009 +0000
+++ b/www/apache22/Makefile     Sun Sep 13 13:32:50 2009 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2009/08/10 11:45:08 tron Exp $
+# $NetBSD: Makefile,v 1.50 2009/09/13 13:32:50 tron Exp $
 
 DISTNAME=      httpd-2.2.13
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/} \
                ${MASTER_SITE_APACHE:=httpd/old/}
diff -r 057f8b2769a2 -r 3ae28487ee73 www/apache22/distinfo
--- a/www/apache22/distinfo     Sun Sep 13 13:31:41 2009 +0000
+++ b/www/apache22/distinfo     Sun Sep 13 13:32:50 2009 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.24 2009/08/10 11:45:08 tron Exp $
+$NetBSD: distinfo,v 1.25 2009/09/13 13:32:50 tron Exp $
 
 SHA1 (httpd-2.2.13.tar.bz2) = 44d85da1b8e6c579d4514cfefbea00b284717b69
 RMD160 (httpd-2.2.13.tar.bz2) = 4a6a2247cc118175a9a36f1e14344ee71da24627
 Size (httpd-2.2.13.tar.bz2) = 5300199 bytes
 SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf
+SHA1 (patch-ab) = 76e50e1603c37e982a6ae9179009457aa9589e87
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
diff -r 057f8b2769a2 -r 3ae28487ee73 www/apache22/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-ab     Sun Sep 13 13:32:50 2009 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ab,v 1.12 2009/09/13 13:32:50 tron Exp $
+
+Fix for CVE-2009-3094 based on the description of the problem:
+
+http://www.intevydis.com/blog/?p=59
+
+--- modules/proxy/mod_proxy_ftp.c.orig 2008-11-11 20:04:34.000000000 +0000
++++ modules/proxy/mod_proxy_ftp.c      2009-09-13 14:23:13.000000000 +0100
+@@ -1274,7 +1274,9 @@
+             }
+             else {
+                 /* and try the regular way */
+-                apr_socket_close(data_sock);
++                if (data_sock != NULL) {
++                    apr_socket_close(data_sock);
++                }
+             }
+         }
+     }