diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-31 13:24:14 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-31 13:41:06 +0000 |
| commit | e2e255c03845c49b0e24925cf4b307972b1731f9 (patch) | |
| tree | 6f452e41b6834e026a0faeefd5034c116a47cf3b /main/apache2 | |
| parent | ae01bbf1922a43ecd3260657195683b69461c464 (diff) | |
| download | aports-e2e255c03845c49b0e24925cf4b307972b1731f9.tar.bz2 aports-e2e255c03845c49b0e24925cf4b307972b1731f9.tar.xz | |
main/apache2: security fix (CVE-2011-3607)
fixes #970
Diffstat (limited to 'main/apache2')
| -rw-r--r-- | main/apache2/APKBUILD | 4 | ||||
| -rw-r--r-- | main/apache2/CVE-2011-3607.patch | 32 |
2 files changed, 35 insertions, 1 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index 46e6c62ac..812fe1425 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apache2 pkgver=2.2.21 -pkgrel=2 +pkgrel=3 pkgdesc="A high performance Unix-based HTTP server" url="http://httpd.apache.org/" arch="all" @@ -33,6 +33,7 @@ source="http://archive.apache.org/dist/httpd/httpd-$pkgver.tar.bz2 ssl.conf ldap.conf alpine.layout + CVE-2011-3607.patch CVE-2011-4317.patch" prepare() { @@ -253,4 +254,5 @@ e322b5211e49511cac6e40c86af1b1da apache2.confd 5d0d024ca43571b863874ab871b2c109 ssl.conf b70fe826486043e3953cfe21f9e6fa16 ldap.conf c66ff5f70260d5266e6803a59b39bd7f alpine.layout +54632bd52a9c0e4c68626b4a442edae7 CVE-2011-3607.patch 4c9b33458e4c8dea1be39f811da39be3 CVE-2011-4317.patch" diff --git a/main/apache2/CVE-2011-3607.patch b/main/apache2/CVE-2011-3607.patch new file mode 100644 index 000000000..3ccbfbc48 --- /dev/null +++ b/main/apache2/CVE-2011-3607.patch @@ -0,0 +1,32 @@ +--- 2.2.x/server/util.c 2012/01/04 19:42:04 1227279 ++++ 2.2.x/server/util.c 2012/01/04 19:45:22 1227280 +@@ -82,6 +82,8 @@ + #define IS_SLASH(s) (s == '/') + #endif + ++/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ ++#define UTIL_SIZE_MAX (~((apr_size_t)0)) + + /* + * Examine a field value (such as a media-/content-type) string and return +@@ -366,7 +368,7 @@ + char *dest, *dst; + char c; + size_t no; +- int len; ++ apr_size_t len; + + if (!source) + return NULL; +@@ -391,6 +393,11 @@ + len++; + } + else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { ++ if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { ++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, ++ "integer overflow or out of memory condition." ); ++ return NULL; ++ } + len += pmatch[no].rm_eo - pmatch[no].rm_so; + } + |