- fix CVE-2011-3368

Feature safe: yes
svn path=/head/; revision=286069
2025-07-18 01:39:16 -04:00 · 2011-11-19 15:04:30 +00:00 · 2011-11-19 15:04:30 +00:00 · 54002ba358 · 2021-03-31 03:12:20 +00:00
commit 54002ba358
parent 667480cf6d
4 changed files with 139 additions and 16 deletions
--- a/www/apache13-modssl/Makefile
+++ b/www/apache13-modssl/Makefile
@ -7,7 +7,7 @@
 PORTNAME=	apache+mod_ssl
 PORTVERSION=	${VERSION_APACHE}+${VERSION_MODSSL}
-PORTREVISION?=	3
+PORTREVISION?=	4
 CATEGORIES?=	www security
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		${MASTER_SITES_MODSSL:S/$/:mod_ssl/} \
@ -33,7 +33,6 @@ COMMENT?=	The Apache 1.3 webserver with SSL/TLS functionality
 LIB_DEPENDS=	mm.14:${PORTSDIR}/devel/mm
 PATCH_DEPENDS=	${BUILD_DEPENDS}
 FORBIDDEN=	CVE-2011-3368, no patches against this issue
 DEPRECATED=	apache13 is deprecated, migrate to 2.2.x+ now
 EXPIRATION_DATE=	2012-01-01
@ -146,6 +145,7 @@ CONFIGURE_ARGS+=--prefix=${PREFIX} \
 		--enable-shared=max \
 		--enable-module=ssl \
 		--enable-module=define \
 		--disable-module=proxy \
 		${SUEXEC_CONF}
 .if defined(APACHE_RELATIVE_RUNTIMEDIR)
--- a/www/apache13-modssl/files/patch-42
+++ b/www/apache13-modssl/files/patch-42
@ -0,0 +1,137 @@
 diff -ur apache_1.3.41/src/CHANGES src/CHANGES
 --- apache_1.3.41/src/CHANGES	2008-01-09 15:33:07.000000000 +0100
 +++ src/CHANGES	2010-01-07 11:28:00.000000000 +0100
@@ -1,3 +1,33 @@
 +Changes with Apache 1.3.42
 +
 +  *) SECURITY: CVE-2010-0010 (cve.mitre.org)
 +     mod_proxy: Prevent chunk-size integer overflow on platforms 
 +     where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. 
 +     [Colm MacCárthaigh]
 + 
 +  *) IMPORTANT: This is the final release of Apache httpd 1.3.
 +     Apache httpd 1.3 has reached end of life, as of January 2010.
 +     No further releases of this software will be made, although critical
 +     security updates may be made available as patches from the following
 +     website:
 +
 +     http://www.apache.org/dist/httpd/patches/
 +
 +     Apache 1.3.x users who wish to avail of security releases,
 +     bug-fixes and community support are advised to use Apache 2.2 
 +     or higher. 
 +
 +     Information on upgrading is available from the following website:
 +
 +     http://httpd.apache.org/docs/2.2/upgrading.html
 +
 +     Thank you to everyone who helped make Apache 1.3.x the most 
 +     successful, and most used, webserver software on the planet! 
 +     [Apache httpd group]
 +
 +  *) Protect logresolve from mismanaged DNS records that return 
 +     blank/null hostnames. [Jim Jagielski]
 +
 Changes with Apache 1.3.41
   *) SECURITY: CVE-2007-6388 (cve.mitre.org)
@@ -233,7 +263,7 @@
   *) Some syntax errors in mod_mime_magic's magic file can result
      in a 500 error, which previously was unlogged.  Now we log the
 -     error.  [Jeff Trawick]
 +     error.  PR 8329.  [Jeff Trawick]
   *) Linux 2.4+: If Apache is started as root and you code
      CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
 diff -ur apache_1.3.41/src/Configure src/Configure
 --- apache_1.3.41/src/Configure	2008-01-04 15:40:05.000000000 +0100
 +++ src/Configure	2008-01-10 17:22:19.000000000 +0100
@@ -1936,7 +1936,7 @@
 	#    select the special subtarget for shared core generation
 	SUBTARGET=target_shared
 	#    determine additional suffixes for libhttpd.so
 -	V=1 R=3 P=41
 +	V=1 R=3 P=42
 	if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
 	    SHLIB_SUFFIX_LIST=""
 	fi
 diff -ur apache_1.3.41/src/ap/ap_snprintf.c src/ap/ap_snprintf.c
 --- apache_1.3.41/src/ap/ap_snprintf.c	2006-07-12 10:16:05.000000000 +0200
 +++ src/ap/ap_snprintf.c	2008-05-02 19:31:15.000000000 +0200
@@ -77,8 +77,8 @@
 #define NUM_BUF_SIZE		512
 /*
 - * cvt.c - IEEE floating point formatting routines for FreeBSD
 - * from GNU libc-4.6.27.  Modified to be thread safe.
 + * cvt - IEEE floating point formatting routines.
 + *       Derived from UNIX V7, Copyright(C) Caldera International Inc.
  */
 /*
 diff -ur apache_1.3.41/src/include/httpd.h src/include/httpd.h
 --- apache_1.3.41/src/include/httpd.h	2008-01-10 17:20:45.000000000 +0100
 +++ src/include/httpd.h	2010-01-08 12:42:57.000000000 +0100
@@ -389,7 +389,7 @@
 #define SERVER_BASEVENDOR   "Apache Group"
 #define SERVER_BASEPRODUCT  "Apache"
 -#define SERVER_BASEREVISION "1.3.41"
 +#define SERVER_BASEREVISION "1.3.42"
 #define SERVER_BASEVERSION  SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
 #define SERVER_PRODUCT  SERVER_BASEPRODUCT
@@ -410,7 +410,7 @@
  * Always increases along the same track as the source branch.
  * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
  */
 -#define APACHE_RELEASE 10341100
 +#define APACHE_RELEASE 10342100
 #define SERVER_PROTOCOL "HTTP/1.1"
 #ifndef SERVER_SUPPORT
 diff -ur apache_1.3.41/src/main/buff.c src/main/buff.c
 --- apache_1.3.41/src/main/buff.c	2006-07-12 10:16:05.000000000 +0200
 +++ src/main/buff.c	2010-01-07 11:28:00.000000000 +0100
@@ -737,7 +737,7 @@
 {
     int i, nrd;
 -    if (fb->flags & B_RDERR)
 +    if (fb->flags & B_RDERR || nbyte < 0)
 	return -1;
     if (nbyte == 0)
 	return 0;
@@ -1258,7 +1258,7 @@
     static int csize = 0;
 #endif /*CHARSET_EBCDIC*/
 -    if (fb->flags & (B_WRERR | B_EOUT))
 +    if (fb->flags & (B_WRERR | B_EOUT) || nbyte < 0)
 	return -1;
     if (nbyte == 0)
 	return 0;
 diff -ur apache_1.3.41/src/modules/proxy/proxy_util.c src/modules/proxy/proxy_util.c
 --- apache_1.3.41/src/modules/proxy/proxy_util.c	2007-10-30 20:17:03.000000000 +0100
 +++ src/modules/proxy/proxy_util.c	2010-01-07 11:28:00.000000000 +0100
@@ -507,7 +507,7 @@
             /* read the chunk */
             if (remaining > 0) {
 -                n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining));
 +                n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
                 if (n > -1) {
                     remaining -= n;
                     end_of_chunk = (remaining == 0);
@@ -548,8 +548,8 @@
                 n = ap_bread(f, buf, buf_size);
             }
             else {
 -                n = ap_bread(f, buf, MIN((int)buf_size,
 -                                         (int)(len - total_bytes_rcvd)));
 +                n = ap_bread(f, buf, (int) MIN(buf_size,
 +                                               (len - total_bytes_rcvd)));
             }
         }
--- a/www/apache13-modssl/files/patch-proxy_util.c
+++ b/www/apache13-modssl/files/patch-proxy_util.c
@ -1,13 +0,0 @@
 --- src/modules/proxy/proxy_util.c.orig	Tue Feb 17 22:52:22 2004
 +++ src/modules/proxy/proxy_util.c	Fri Jun 11 10:24:12 2004
@@ -545,8 +545,8 @@
                 n = ap_bread(f, buf, buf_size);
             }
             else {
 -                n = ap_bread(f, buf, MIN((int)buf_size,
 -                                         (int)(len - total_bytes_rcvd)));
 +                n = ap_bread(f, buf, MIN((size_t)buf_size,
 +                                         (size_t)(len - total_bytes_rcvd)));
             }
         }
--- a/www/apache13-modssl/pkg-plist
+++ b/www/apache13-modssl/pkg-plist
@ -87,7 +87,6 @@ include/apache/xml/xmlrole.h
 include/apache/xml/xmltok.h
 include/apache/xml/xmltok_impl.h
 libexec/apache/httpd.exp
 libexec/apache/libproxy.so
 libexec/apache/libssl.so
 libexec/apache/mod_access.so
 libexec/apache/mod_actions.so