kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add Apache developer fix for security vulnerability reported

Browse source 
in CVE-2013-1862.
This commit is contained in:
tron 2013-05-30 22:58:14 +00:00
parent 5fc86be5c7
commit 202b982558
3 changed files with 38 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
www/apache22/Makefile
View file

@ -1,8 +1,8 @@
# $NetBSD: Makefile,v 1.87 2013/03/03 20:05:03 tron Exp $ # $NetBSD: Makefile,v 1.88 2013/05/30 22:58:14 tron Exp $
DISTNAME= httpd-2.2.24 DISTNAME= httpd-2.2.24
PKGNAME= ${DISTNAME:S/httpd/apache/} PKGNAME= ${DISTNAME:S/httpd/apache/}
PKGREVISION= 1
CATEGORIES= www CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
http://archive.apache.org/dist/httpd/ \ http://archive.apache.org/dist/httpd/ \

3
www/apache22/distinfo
View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.54 2013/03/03 20:05:03 tron Exp $ $NetBSD: distinfo,v 1.55 2013/05/30 22:58:14 tron Exp $
SHA1 (httpd-2.2.24.tar.bz2) = f73bce14832ec40c1aae68f4f8c367cab2266241 SHA1 (httpd-2.2.24.tar.bz2) = f73bce14832ec40c1aae68f4f8c367cab2266241
RMD160 (httpd-2.2.24.tar.bz2) = 4c31b23615236c407779a23cbfcc8e05ba011224 RMD160 (httpd-2.2.24.tar.bz2) = 4c31b23615236c407779a23cbfcc8e05ba011224
@ -15,5 +15,6 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa
SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
SHA1 (patch-modules_mappers_mod_rewrite.c) = a1cee8c7c97936e15a1596a54ddc1839a5b1038d
SHA1 (patch-modules_ssl_ssl__engine__kernel.c) = fd6f425d18231f0daca9fc2553638891a7241a4a SHA1 (patch-modules_ssl_ssl__engine__kernel.c) = fd6f425d18231f0daca9fc2553638891a7241a4a
SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1

34
www/apache22/patches/patch-modules_mappers_mod_rewrite.c Normal file
View file

@ -0,0 +1,34 @@
$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.3 2013/05/30 22:58:15 tron Exp $
Fix for security vulnerability reported in CVE-2013-1862. Patch taken
from here:
http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
--- modules/mappers/mod_rewrite.c.orig 2013-02-18 21:31:42.000000000 +0000
+++ modules/mappers/mod_rewrite.c 2013-05-30 23:50:27.000000000 +0100
@@ -500,11 +500,11 @@
logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
"(%d) %s%s%s%s" APR_EOL_STR,
- rhost ? rhost : "UNKNOWN-HOST",
- rname ? rname : "-",
- r->user ? (*r->user ? r->user : "\"\"") : "-",
+ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
+ rname ? ap_escape_logitem(r->pool, rname) : "-",
+ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
current_logtime(r),
- ap_get_server_name(r),
+ ap_escape_logitem(r->pool, ap_get_server_name(r)),
(void *)(r->server),
(void *)r,
r->main ? "subreq" : "initial",
@@ -514,7 +514,7 @@
perdir ? "[perdir " : "",
perdir ? perdir : "",
perdir ? "] ": "",
- text);
+ ap_escape_logitem(r->pool, text));
nbytes = strlen(logline);
apr_file_write(conf->rewritelogfp, logline, &nbytes);