From 400a302e8bca4ad2bbef3bb38737680ef8fb53cd Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 1 Feb 2012 07:25:24 +0000 Subject: main/apache2: security upgrade to 2.2.22 (CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3368) low: mod_log_config crash CVE-2012-0021 low: scoreboard parent DoS CVE-2012-0031 moderate: error responses can expose cookies CVE-2012-0053 moderate: mod_proxy reverse proxy exposure CVE-2011-3368 This release also include the previosly patched: low: mod_setenvif .htaccess privilege escalation CVE-2011-3607 moderate: mod_proxy reverse proxy exposure CVE-2011-4317 fixes #982 --- main/apache2/APKBUILD | 5 ++--- main/apache2/CVE-2011-3607.patch | 32 -------------------------------- main/apache2/CVE-2011-4317.patch | 36 ------------------------------------ 3 files changed, 2 insertions(+), 71 deletions(-) delete mode 100644 main/apache2/CVE-2011-3607.patch delete mode 100644 main/apache2/CVE-2011-4317.patch (limited to 'main/apache2') diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index 21d97b956b..4241daa1c6 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -33,7 +33,7 @@ source="http://archive.apache.org/dist/httpd/httpd-$pkgver.tar.bz2 ssl.conf ldap.conf alpine.layout - CVE-2011-4317.patch" + " prepare() { cd "$srcdir"/httpd-$pkgver @@ -252,5 +252,4 @@ e322b5211e49511cac6e40c86af1b1da apache2.confd 749faf0b2916d85d1240bc34f700e5d9 httpd.conf 5d0d024ca43571b863874ab871b2c109 ssl.conf b70fe826486043e3953cfe21f9e6fa16 ldap.conf -c66ff5f70260d5266e6803a59b39bd7f alpine.layout -4c9b33458e4c8dea1be39f811da39be3 CVE-2011-4317.patch" +c66ff5f70260d5266e6803a59b39bd7f alpine.layout" diff --git a/main/apache2/CVE-2011-3607.patch b/main/apache2/CVE-2011-3607.patch deleted file mode 100644 index 3ccbfbc481..0000000000 --- a/main/apache2/CVE-2011-3607.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- 2.2.x/server/util.c 2012/01/04 19:42:04 1227279 -+++ 2.2.x/server/util.c 2012/01/04 19:45:22 1227280 -@@ -82,6 +82,8 @@ - #define IS_SLASH(s) (s == '/') - #endif - -+/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ -+#define UTIL_SIZE_MAX (~((apr_size_t)0)) - - /* - * Examine a field value (such as a media-/content-type) string and return -@@ -366,7 +368,7 @@ - char *dest, *dst; - char c; - size_t no; -- int len; -+ apr_size_t len; - - if (!source) - return NULL; -@@ -391,6 +393,11 @@ - len++; - } - else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { -+ if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { -+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, -+ "integer overflow or out of memory condition." ); -+ return NULL; -+ } - len += pmatch[no].rm_eo - pmatch[no].rm_so; - } - diff --git a/main/apache2/CVE-2011-4317.patch b/main/apache2/CVE-2011-4317.patch deleted file mode 100644 index 698b2eb7ab..0000000000 --- a/main/apache2/CVE-2011-4317.patch +++ /dev/null @@ -1,36 +0,0 @@ -Index: modules/proxy/mod_proxy.c -=================================================================== ---- httpd-2.2.21/modules/proxy/mod_proxy.c (revision 1179633) -+++ httpd-2.2.21/modules/proxy/mod_proxy.c (working copy) -@@ -566,6 +566,13 @@ - return OK; - } - -+ /* Check that the URI is valid. */ -+ if (!r->uri || r->uri[0] != '/') { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Invalid URI in request %s", r->the_request); -+ return HTTP_BAD_REQUEST; -+ } -+ - /* XXX: since r->uri has been manipulated already we're not really - * compliant with RFC1945 at this point. But this probably isn't - * an issue because this is a hybrid proxy/origin server. -Index: modules/mappers/mod_rewrite.c -=================================================================== ---- httpd-2.2.21/modules/mappers/mod_rewrite.c (revision 1179633) -+++ httpd-2.2.21/modules/mappers/mod_rewrite.c (working copy) -@@ -4266,6 +4266,13 @@ - return DECLINED; - } - -+ /* Check that the URI is valid. */ -+ if (!r->uri || r->uri[0] != '/') { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Invalid URI in request %s", r->the_request); -+ return HTTP_BAD_REQUEST; -+ } -+ - /* - * add the SCRIPT_URL variable to the env. this is a bit complicated - * due to the fact that apache uses subrequests and internal redirects -- cgit v1.2.3