diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2011-11-28 12:00:52 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2011-11-28 13:05:45 +0000 |
commit | fc62f608223fc49a710cde93439b1e9065e21bc2 (patch) | |
tree | 054e00c62e1d2fa004f623c78b7c56474e4b431d | |
parent | 4f91626f29ddb31cf38245fc8ac4c08799e43878 (diff) | |
download | aports-fc62f608223fc49a710cde93439b1e9065e21bc2.tar.bz2 aports-fc62f608223fc49a710cde93439b1e9065e21bc2.tar.xz |
main/apache2: security hotfix #844 (CVE-2011-4317)
(cherry picked from commit 9f987f8ab1533bc6cdb29f36f144101bae980efe)
-rw-r--r-- | main/apache2/APKBUILD | 8 | ||||
-rw-r--r-- | main/apache2/CVE-2011-4317.patch | 36 |
2 files changed, 41 insertions, 3 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index e2096c35ae..da2ef62d78 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apache2 pkgver=2.2.21 -pkgrel=0 +pkgrel=1 pkgdesc="A high performance Unix-based HTTP server" url="http://httpd.apache.org/" license="APACHE" @@ -31,7 +31,8 @@ source="http://archive.apache.org/dist/httpd/httpd-$pkgver.tar.bz2 httpd.conf ssl.conf ldap.conf - alpine.layout" + alpine.layout + CVE-2011-4317.patch" prepare() { cd "$srcdir" @@ -191,4 +192,5 @@ e322b5211e49511cac6e40c86af1b1da apache2.confd 2df3891a45abcdc4083a2699ff7f26fc httpd.conf 5d0d024ca43571b863874ab871b2c109 ssl.conf b70fe826486043e3953cfe21f9e6fa16 ldap.conf -c66ff5f70260d5266e6803a59b39bd7f alpine.layout" +c66ff5f70260d5266e6803a59b39bd7f alpine.layout +4c9b33458e4c8dea1be39f811da39be3 CVE-2011-4317.patch" diff --git a/main/apache2/CVE-2011-4317.patch b/main/apache2/CVE-2011-4317.patch new file mode 100644 index 0000000000..698b2eb7ab --- /dev/null +++ b/main/apache2/CVE-2011-4317.patch @@ -0,0 +1,36 @@ +Index: modules/proxy/mod_proxy.c +=================================================================== +--- httpd-2.2.21/modules/proxy/mod_proxy.c (revision 1179633) ++++ httpd-2.2.21/modules/proxy/mod_proxy.c (working copy) +@@ -566,6 +566,13 @@ + return OK; + } + ++ /* Check that the URI is valid. */ ++ if (!r->uri || r->uri[0] != '/') { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Invalid URI in request %s", r->the_request); ++ return HTTP_BAD_REQUEST; ++ } ++ + /* XXX: since r->uri has been manipulated already we're not really + * compliant with RFC1945 at this point. But this probably isn't + * an issue because this is a hybrid proxy/origin server. +Index: modules/mappers/mod_rewrite.c +=================================================================== +--- httpd-2.2.21/modules/mappers/mod_rewrite.c (revision 1179633) ++++ httpd-2.2.21/modules/mappers/mod_rewrite.c (working copy) +@@ -4266,6 +4266,13 @@ + return DECLINED; + } + ++ /* Check that the URI is valid. */ ++ if (!r->uri || r->uri[0] != '/') { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Invalid URI in request %s", r->the_request); ++ return HTTP_BAD_REQUEST; ++ } ++ + /* + * add the SCRIPT_URL variable to the env. this is a bit complicated + * due to the fact that apache uses subrequests and internal redirects |