kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixes for security issues and PKGREVISION bump;

Browse source 
CVE-2006-5752 XSS in mod_status with ExtendedStatus on
CVE-2007-1863 remote crash when mod_cache enabled
This commit is contained in:
lkundrak 2007-06-28 01:49:04 +00:00
parent 48efc9cde7
commit 4212c25f27
4 changed files with 136 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
www/apache2/Makefile
View file

@ -1,9 +1,9 @@
# $NetBSD: Makefile,v 1.113 2007/06/10 06:14:18 joerg Exp $ # $NetBSD: Makefile,v 1.114 2007/06/28 01:49:04 lkundrak Exp $
.include "Makefile.common" .include "Makefile.common"
PKGNAME= apache-${APACHE_VERSION} PKGNAME= apache-${APACHE_VERSION}
PKGREVISION= 5 PKGREVISION= 6
CATEGORIES= www CATEGORIES= www
HOMEPAGE= http://httpd.apache.org/ HOMEPAGE= http://httpd.apache.org/

4
www/apache2/distinfo
View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.49 2006/08/30 06:16:27 rillig Exp $ $NetBSD: distinfo,v 1.50 2007/06/28 01:49:04 lkundrak Exp $
SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376 SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174 RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
@ -13,3 +13,5 @@ SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6 SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6
SHA1 (patch-ap) = 3f9dbd6dbbadb54f5255dfdb15decc6cc7e8eccc
SHA1 (patch-aq) = d1e0243b28c9e224746fa5cac1321f55c5c0927e

44
www/apache2/patches/patch-ap Normal file
View file

@ -0,0 +1,44 @@
$NetBSD: patch-ap,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
--- modules/generators/mod_status.c.orig 2006-07-12 09:40:55.000000000 +0200
+++ modules/generators/mod_status.c
@@ -269,7 +269,7 @@ static int status_handler(request_rec *r
if (r->method_number != M_GET)
return DECLINED;
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
/*
* Simple table-driven form data set parser that lets you alter the header
@@ -298,7 +298,7 @@ static int status_handler(request_rec *r
no_table_report = 1;
break;
case STAT_OPT_AUTO:
- ap_set_content_type(r, "text/plain");
+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
short_report = 1;
break;
}
@@ -664,7 +664,8 @@ static int status_handler(request_rec *r
ap_escape_html(r->pool,
ws_record->client),
ap_escape_html(r->pool,
- ws_record->request),
+ ap_escape_logitem(r->pool,
+ ws_record->request)),
ap_escape_html(r->pool,
ws_record->vhost));
}
@@ -753,7 +754,8 @@ static int status_handler(request_rec *r
ap_escape_html(r->pool,
ws_record->vhost),
ap_escape_html(r->pool,
- ws_record->request));
+ ap_escape_logitem(r->pool,
+ ws_record->request)));
} /* no_table_report */
} /* for (j...) */
} /* for (i...) */

87
www/apache2/patches/patch-aq Normal file
View file

@ -0,0 +1,87 @@
$NetBSD: patch-aq,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
Fix for CVE-2007-1863 remote crash when mod_cache enabled.
--- modules/experimental/cache_util.c.orig 2006-07-12 09:40:55.000000000 +0200
+++ modules/experimental/cache_util.c
@@ -186,10 +186,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
age = ap_cache_current_age(info, age_c, r->request_time);
/* extract s-maxage */
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
+ && val != NULL) {
smaxage = apr_atoi64(val);
}
- else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) {
+ else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)
+ && val != NULL) {
smaxage = apr_atoi64(val);
}
else {
@@ -197,7 +199,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
}
/* extract max-age from request */
- if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
+ if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
+ && val != NULL) {
maxage_req = apr_atoi64(val);
}
else {
@@ -205,10 +208,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
}
/* extract max-age from response */
- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
+ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
+ && val != NULL) {
maxage_cresp = apr_atoi64(val);
}
- else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) {
+ else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)
+ && val != NULL) {
maxage_cresp = apr_atoi64(val);
}
else
@@ -231,14 +236,28 @@ CACHE_DECLARE(int) ap_cache_check_freshn
/* extract max-stale */
if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
- maxstale = apr_atoi64(val);
+ if(val != NULL) {
+ maxstale = apr_atoi64(val);
+ }
+ else {
+ /*
+ * If no value is assigned to max-stale, then the client is willing
+ * to accept a stale response of any age (RFC2616 14.9.3). We will
+ * set it to one year in this case as this situation is somewhat
+ * similar to a "never expires" Expires header (RFC2616 14.21)
+ * which is set to a date one year from the time the response is
+ * sent in this case.
+ */
+ maxstale = APR_INT64_C(86400*365);
+ }
}
else {
maxstale = 0;
}
/* extract min-fresh */
- if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
+ if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
+ && val != NULL) {
minfresh = apr_atoi64(val);
}
else {
@@ -384,6 +403,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_
next - val_start);
}
}
+ else {
+ *val = NULL;
+ }
}
return 1;
}