aboutsummaryrefslogtreecommitdiffstats
path: root/main/apache2
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-01-31 13:24:14 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-01-31 13:41:06 +0000
commite2e255c03845c49b0e24925cf4b307972b1731f9 (patch)
tree6f452e41b6834e026a0faeefd5034c116a47cf3b /main/apache2
parentae01bbf1922a43ecd3260657195683b69461c464 (diff)
downloadaports-e2e255c03845c49b0e24925cf4b307972b1731f9.tar.bz2
aports-e2e255c03845c49b0e24925cf4b307972b1731f9.tar.xz
main/apache2: security fix (CVE-2011-3607)
fixes #970
Diffstat (limited to 'main/apache2')
-rw-r--r--main/apache2/APKBUILD4
-rw-r--r--main/apache2/CVE-2011-3607.patch32
2 files changed, 35 insertions, 1 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 46e6c62ac1..812fe14256 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apache2
pkgver=2.2.21
-pkgrel=2
+pkgrel=3
pkgdesc="A high performance Unix-based HTTP server"
url="http://httpd.apache.org/"
arch="all"
@@ -33,6 +33,7 @@ source="http://archive.apache.org/dist/httpd/httpd-$pkgver.tar.bz2
ssl.conf
ldap.conf
alpine.layout
+ CVE-2011-3607.patch
CVE-2011-4317.patch"
prepare() {
@@ -253,4 +254,5 @@ e322b5211e49511cac6e40c86af1b1da apache2.confd
5d0d024ca43571b863874ab871b2c109 ssl.conf
b70fe826486043e3953cfe21f9e6fa16 ldap.conf
c66ff5f70260d5266e6803a59b39bd7f alpine.layout
+54632bd52a9c0e4c68626b4a442edae7 CVE-2011-3607.patch
4c9b33458e4c8dea1be39f811da39be3 CVE-2011-4317.patch"
diff --git a/main/apache2/CVE-2011-3607.patch b/main/apache2/CVE-2011-3607.patch
new file mode 100644
index 0000000000..3ccbfbc481
--- /dev/null
+++ b/main/apache2/CVE-2011-3607.patch
@@ -0,0 +1,32 @@
+--- 2.2.x/server/util.c 2012/01/04 19:42:04 1227279
++++ 2.2.x/server/util.c 2012/01/04 19:45:22 1227280
+@@ -82,6 +82,8 @@
+ #define IS_SLASH(s) (s == '/')
+ #endif
+
++/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */
++#define UTIL_SIZE_MAX (~((apr_size_t)0))
+
+ /*
+ * Examine a field value (such as a media-/content-type) string and return
+@@ -366,7 +368,7 @@
+ char *dest, *dst;
+ char c;
+ size_t no;
+- int len;
++ apr_size_t len;
+
+ if (!source)
+ return NULL;
+@@ -391,6 +393,11 @@
+ len++;
+ }
+ else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
++ if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
++ "integer overflow or out of memory condition." );
++ return NULL;
++ }
+ len += pmatch[no].rm_eo - pmatch[no].rm_so;
+ }
+