From 54002ba3582c49a304a3290a51a8695d6ee6d86c Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Sat, 19 Nov 2011 15:04:30 +0000 Subject: [PATCH] - fix CVE-2011-3368 Feature safe: yes --- www/apache13-modssl/Makefile | 4 +- www/apache13-modssl/files/patch-42 | 137 +++++++++++++++++++ www/apache13-modssl/files/patch-proxy_util.c | 13 -- www/apache13-modssl/pkg-plist | 1 - 4 files changed, 139 insertions(+), 16 deletions(-) create mode 100644 www/apache13-modssl/files/patch-42 delete mode 100644 www/apache13-modssl/files/patch-proxy_util.c diff --git a/www/apache13-modssl/Makefile b/www/apache13-modssl/Makefile index c82a0e55059a..31f3e231a63b 100644 --- a/www/apache13-modssl/Makefile +++ b/www/apache13-modssl/Makefile @@ -7,7 +7,7 @@ PORTNAME= apache+mod_ssl PORTVERSION= ${VERSION_APACHE}+${VERSION_MODSSL} -PORTREVISION?= 3 +PORTREVISION?= 4 CATEGORIES?= www security MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ ${MASTER_SITES_MODSSL:S/$/:mod_ssl/} \ @@ -33,7 +33,6 @@ COMMENT?= The Apache 1.3 webserver with SSL/TLS functionality LIB_DEPENDS= mm.14:${PORTSDIR}/devel/mm PATCH_DEPENDS= ${BUILD_DEPENDS} -FORBIDDEN= CVE-2011-3368, no patches against this issue DEPRECATED= apache13 is deprecated, migrate to 2.2.x+ now EXPIRATION_DATE= 2012-01-01 @@ -146,6 +145,7 @@ CONFIGURE_ARGS+=--prefix=${PREFIX} \ --enable-shared=max \ --enable-module=ssl \ --enable-module=define \ + --disable-module=proxy \ ${SUEXEC_CONF} .if defined(APACHE_RELATIVE_RUNTIMEDIR) diff --git a/www/apache13-modssl/files/patch-42 b/www/apache13-modssl/files/patch-42 new file mode 100644 index 000000000000..534bb0cc4e69 --- /dev/null +++ b/www/apache13-modssl/files/patch-42 @@ -0,0 +1,137 @@ +diff -ur apache_1.3.41/src/CHANGES src/CHANGES +--- apache_1.3.41/src/CHANGES 2008-01-09 15:33:07.000000000 +0100 ++++ src/CHANGES 2010-01-07 11:28:00.000000000 +0100 +@@ -1,3 +1,33 @@ ++Changes with Apache 1.3.42 ++ ++ *) SECURITY: CVE-2010-0010 (cve.mitre.org) ++ mod_proxy: Prevent chunk-size integer overflow on platforms ++ where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. ++ [Colm MacCárthaigh] ++ ++ *) IMPORTANT: This is the final release of Apache httpd 1.3. ++ Apache httpd 1.3 has reached end of life, as of January 2010. ++ No further releases of this software will be made, although critical ++ security updates may be made available as patches from the following ++ website: ++ ++ http://www.apache.org/dist/httpd/patches/ ++ ++ Apache 1.3.x users who wish to avail of security releases, ++ bug-fixes and community support are advised to use Apache 2.2 ++ or higher. ++ ++ Information on upgrading is available from the following website: ++ ++ http://httpd.apache.org/docs/2.2/upgrading.html ++ ++ Thank you to everyone who helped make Apache 1.3.x the most ++ successful, and most used, webserver software on the planet! ++ [Apache httpd group] ++ ++ *) Protect logresolve from mismanaged DNS records that return ++ blank/null hostnames. [Jim Jagielski] ++ + Changes with Apache 1.3.41 + + *) SECURITY: CVE-2007-6388 (cve.mitre.org) +@@ -233,7 +263,7 @@ + + *) Some syntax errors in mod_mime_magic's magic file can result + in a 500 error, which previously was unlogged. Now we log the +- error. [Jeff Trawick] ++ error. PR 8329. [Jeff Trawick] + + *) Linux 2.4+: If Apache is started as root and you code + CoreDumpDirectory, coredumps are enabled via the prctl() syscall. +diff -ur apache_1.3.41/src/Configure src/Configure +--- apache_1.3.41/src/Configure 2008-01-04 15:40:05.000000000 +0100 ++++ src/Configure 2008-01-10 17:22:19.000000000 +0100 +@@ -1936,7 +1936,7 @@ + # select the special subtarget for shared core generation + SUBTARGET=target_shared + # determine additional suffixes for libhttpd.so +- V=1 R=3 P=41 ++ V=1 R=3 P=42 + if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then + SHLIB_SUFFIX_LIST="" + fi +diff -ur apache_1.3.41/src/ap/ap_snprintf.c src/ap/ap_snprintf.c +--- apache_1.3.41/src/ap/ap_snprintf.c 2006-07-12 10:16:05.000000000 +0200 ++++ src/ap/ap_snprintf.c 2008-05-02 19:31:15.000000000 +0200 +@@ -77,8 +77,8 @@ + #define NUM_BUF_SIZE 512 + + /* +- * cvt.c - IEEE floating point formatting routines for FreeBSD +- * from GNU libc-4.6.27. Modified to be thread safe. ++ * cvt - IEEE floating point formatting routines. ++ * Derived from UNIX V7, Copyright(C) Caldera International Inc. + */ + + /* +diff -ur apache_1.3.41/src/include/httpd.h src/include/httpd.h +--- apache_1.3.41/src/include/httpd.h 2008-01-10 17:20:45.000000000 +0100 ++++ src/include/httpd.h 2010-01-08 12:42:57.000000000 +0100 +@@ -389,7 +389,7 @@ + + #define SERVER_BASEVENDOR "Apache Group" + #define SERVER_BASEPRODUCT "Apache" +-#define SERVER_BASEREVISION "1.3.41" ++#define SERVER_BASEREVISION "1.3.42" + #define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION + + #define SERVER_PRODUCT SERVER_BASEPRODUCT +@@ -410,7 +410,7 @@ + * Always increases along the same track as the source branch. + * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'. + */ +-#define APACHE_RELEASE 10341100 ++#define APACHE_RELEASE 10342100 + + #define SERVER_PROTOCOL "HTTP/1.1" + #ifndef SERVER_SUPPORT +diff -ur apache_1.3.41/src/main/buff.c src/main/buff.c +--- apache_1.3.41/src/main/buff.c 2006-07-12 10:16:05.000000000 +0200 ++++ src/main/buff.c 2010-01-07 11:28:00.000000000 +0100 +@@ -737,7 +737,7 @@ + { + int i, nrd; + +- if (fb->flags & B_RDERR) ++ if (fb->flags & B_RDERR || nbyte < 0) + return -1; + if (nbyte == 0) + return 0; +@@ -1258,7 +1258,7 @@ + static int csize = 0; + #endif /*CHARSET_EBCDIC*/ + +- if (fb->flags & (B_WRERR | B_EOUT)) ++ if (fb->flags & (B_WRERR | B_EOUT) || nbyte < 0) + return -1; + if (nbyte == 0) + return 0; +diff -ur apache_1.3.41/src/modules/proxy/proxy_util.c src/modules/proxy/proxy_util.c +--- apache_1.3.41/src/modules/proxy/proxy_util.c 2007-10-30 20:17:03.000000000 +0100 ++++ src/modules/proxy/proxy_util.c 2010-01-07 11:28:00.000000000 +0100 +@@ -507,7 +507,7 @@ + + /* read the chunk */ + if (remaining > 0) { +- n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining)); ++ n = ap_bread(f, buf, (int) MIN(buf_size, remaining)); + if (n > -1) { + remaining -= n; + end_of_chunk = (remaining == 0); +@@ -548,8 +548,8 @@ + n = ap_bread(f, buf, buf_size); + } + else { +- n = ap_bread(f, buf, MIN((int)buf_size, +- (int)(len - total_bytes_rcvd))); ++ n = ap_bread(f, buf, (int) MIN(buf_size, ++ (len - total_bytes_rcvd))); + } + } + diff --git a/www/apache13-modssl/files/patch-proxy_util.c b/www/apache13-modssl/files/patch-proxy_util.c deleted file mode 100644 index 3265807185ca..000000000000 --- a/www/apache13-modssl/files/patch-proxy_util.c +++ /dev/null @@ -1,13 +0,0 @@ ---- src/modules/proxy/proxy_util.c.orig Tue Feb 17 22:52:22 2004 -+++ src/modules/proxy/proxy_util.c Fri Jun 11 10:24:12 2004 -@@ -545,8 +545,8 @@ - n = ap_bread(f, buf, buf_size); - } - else { -- n = ap_bread(f, buf, MIN((int)buf_size, -- (int)(len - total_bytes_rcvd))); -+ n = ap_bread(f, buf, MIN((size_t)buf_size, -+ (size_t)(len - total_bytes_rcvd))); - } - } - diff --git a/www/apache13-modssl/pkg-plist b/www/apache13-modssl/pkg-plist index 421006a0b1a2..33e2bbebbaca 100644 --- a/www/apache13-modssl/pkg-plist +++ b/www/apache13-modssl/pkg-plist @@ -87,7 +87,6 @@ include/apache/xml/xmlrole.h include/apache/xml/xmltok.h include/apache/xml/xmltok_impl.h libexec/apache/httpd.exp -libexec/apache/libproxy.so libexec/apache/libssl.so libexec/apache/mod_access.so libexec/apache/mod_actions.so