- fix CVE-2011-3368

Feature safe: yes
svn path=/head/; revision=286069
2024-12-31 05:41:08 +00:00 · 2011-11-19 15:04:30 +00:00 · 2011-11-19 15:04:30 +00:00 · 54002ba358 · 2021-03-31 03:12:20 +00:00
commit 54002ba358
parent 667480cf6d
4 changed files with 139 additions and 16 deletions
--- a/www/apache13-modssl/Makefile
+++ b/www/apache13-modssl/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	apache+mod_ssl
 PORTVERSION=	${VERSION_APACHE}+${VERSION_MODSSL}
-PORTREVISION?=	3
+PORTREVISION?=	4
 CATEGORIES?=	www security
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD} \
 		${MASTER_SITES_MODSSL:S/$/:mod_ssl/} \
@ -33,7 +33,6 @@ COMMENT?=	The Apache 1.3 webserver with SSL/TLS functionality
 LIB_DEPENDS=	mm.14:${PORTSDIR}/devel/mm
 PATCH_DEPENDS=	${BUILD_DEPENDS}

-FORBIDDEN=	CVE-2011-3368, no patches against this issue
 DEPRECATED=	apache13 is deprecated, migrate to 2.2.x+ now
 EXPIRATION_DATE=	2012-01-01

@ -146,6 +145,7 @@ CONFIGURE_ARGS+=--prefix=${PREFIX} \
 		--enable-shared=max \
 		--enable-module=ssl \
 		--enable-module=define \
+		--disable-module=proxy \
 		${SUEXEC_CONF}

 .if defined(APACHE_RELATIVE_RUNTIMEDIR)
--- a/www/apache13-modssl/files/patch-42
+++ b/www/apache13-modssl/files/patch-42
@ -0,0 +1,137 @@
+diff -ur apache_1.3.41/src/CHANGES src/CHANGES
+--- apache_1.3.41/src/CHANGES	2008-01-09 15:33:07.000000000 +0100
+++ src/CHANGES	2010-01-07 11:28:00.000000000 +0100
+@@ -1,3 +1,33 @@
+Changes with Apache 1.3.42
+
+  *) SECURITY: CVE-2010-0010 (cve.mitre.org)
+     mod_proxy: Prevent chunk-size integer overflow on platforms 
+     where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. 
+     [Colm MacCárthaigh]
+ 
+  *) IMPORTANT: This is the final release of Apache httpd 1.3.
+     Apache httpd 1.3 has reached end of life, as of January 2010.
+     No further releases of this software will be made, although critical
+     security updates may be made available as patches from the following
+     website:
+
+     http://www.apache.org/dist/httpd/patches/
+
+     Apache 1.3.x users who wish to avail of security releases,
+     bug-fixes and community support are advised to use Apache 2.2 
+     or higher. 
+
+     Information on upgrading is available from the following website:
+
+     http://httpd.apache.org/docs/2.2/upgrading.html
+
+     Thank you to everyone who helped make Apache 1.3.x the most 
+     successful, and most used, webserver software on the planet! 
+     [Apache httpd group]
+
+  *) Protect logresolve from mismanaged DNS records that return 
+     blank/null hostnames. [Jim Jagielski]
+
+ Changes with Apache 1.3.41
+ 
+   *) SECURITY: CVE-2007-6388 (cve.mitre.org)
+@@ -233,7 +263,7 @@
+ 
+   *) Some syntax errors in mod_mime_magic's magic file can result
+      in a 500 error, which previously was unlogged.  Now we log the
+-     error.  [Jeff Trawick]
+     error.  PR 8329.  [Jeff Trawick]
+ 
+   *) Linux 2.4+: If Apache is started as root and you code
+      CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
+diff -ur apache_1.3.41/src/Configure src/Configure
+--- apache_1.3.41/src/Configure	2008-01-04 15:40:05.000000000 +0100
+++ src/Configure	2008-01-10 17:22:19.000000000 +0100
+@@ -1936,7 +1936,7 @@
+ 	#    select the special subtarget for shared core generation
+ 	SUBTARGET=target_shared
+ 	#    determine additional suffixes for libhttpd.so
+-	V=1 R=3 P=41
+	V=1 R=3 P=42
+ 	if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
+ 	    SHLIB_SUFFIX_LIST=""
+ 	fi
+diff -ur apache_1.3.41/src/ap/ap_snprintf.c src/ap/ap_snprintf.c
+--- apache_1.3.41/src/ap/ap_snprintf.c	2006-07-12 10:16:05.000000000 +0200
+++ src/ap/ap_snprintf.c	2008-05-02 19:31:15.000000000 +0200
+@@ -77,8 +77,8 @@
+ #define NUM_BUF_SIZE		512
+ 
+ /*
+- * cvt.c - IEEE floating point formatting routines for FreeBSD
+- * from GNU libc-4.6.27.  Modified to be thread safe.
+ * cvt - IEEE floating point formatting routines.
+ *       Derived from UNIX V7, Copyright(C) Caldera International Inc.
+  */
+ 
+ /*
+diff -ur apache_1.3.41/src/include/httpd.h src/include/httpd.h
+--- apache_1.3.41/src/include/httpd.h	2008-01-10 17:20:45.000000000 +0100
+++ src/include/httpd.h	2010-01-08 12:42:57.000000000 +0100
+@@ -389,7 +389,7 @@
+ 
+ #define SERVER_BASEVENDOR   "Apache Group"
+ #define SERVER_BASEPRODUCT  "Apache"
+-#define SERVER_BASEREVISION "1.3.41"
+#define SERVER_BASEREVISION "1.3.42"
+ #define SERVER_BASEVERSION  SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
+ 
+ #define SERVER_PRODUCT  SERVER_BASEPRODUCT
+@@ -410,7 +410,7 @@
+  * Always increases along the same track as the source branch.
+  * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
+  */
+-#define APACHE_RELEASE 10341100
+#define APACHE_RELEASE 10342100
+ 
+ #define SERVER_PROTOCOL "HTTP/1.1"
+ #ifndef SERVER_SUPPORT
+diff -ur apache_1.3.41/src/main/buff.c src/main/buff.c
+--- apache_1.3.41/src/main/buff.c	2006-07-12 10:16:05.000000000 +0200
+++ src/main/buff.c	2010-01-07 11:28:00.000000000 +0100
+@@ -737,7 +737,7 @@
+ {
+     int i, nrd;
+ 
+-    if (fb->flags & B_RDERR)
+    if (fb->flags & B_RDERR || nbyte < 0)
+ 	return -1;
+     if (nbyte == 0)
+ 	return 0;
+@@ -1258,7 +1258,7 @@
+     static int csize = 0;
+ #endif /*CHARSET_EBCDIC*/
+ 
+-    if (fb->flags & (B_WRERR | B_EOUT))
+    if (fb->flags & (B_WRERR | B_EOUT) || nbyte < 0)
+ 	return -1;
+     if (nbyte == 0)
+ 	return 0;
+diff -ur apache_1.3.41/src/modules/proxy/proxy_util.c src/modules/proxy/proxy_util.c
+--- apache_1.3.41/src/modules/proxy/proxy_util.c	2007-10-30 20:17:03.000000000 +0100
+++ src/modules/proxy/proxy_util.c	2010-01-07 11:28:00.000000000 +0100
+@@ -507,7 +507,7 @@
+ 
+             /* read the chunk */
+             if (remaining > 0) {
+-                n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining));
+                n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
+                 if (n > -1) {
+                     remaining -= n;
+                     end_of_chunk = (remaining == 0);
+@@ -548,8 +548,8 @@
+                 n = ap_bread(f, buf, buf_size);
+             }
+             else {
+-                n = ap_bread(f, buf, MIN((int)buf_size,
+-                                         (int)(len - total_bytes_rcvd)));
+                n = ap_bread(f, buf, (int) MIN(buf_size,
+                                               (len - total_bytes_rcvd)));
+             }
+         }
+ 
--- a/www/apache13-modssl/files/patch-proxy_util.c
+++ b/www/apache13-modssl/files/patch-proxy_util.c
@ -1,13 +0,0 @@
--- src/modules/proxy/proxy_util.c.orig	Tue Feb 17 22:52:22 2004
-+++ src/modules/proxy/proxy_util.c	Fri Jun 11 10:24:12 2004
-@@ -545,8 +545,8 @@
-                 n = ap_bread(f, buf, buf_size);
-             }
-             else {
-                n = ap_bread(f, buf, MIN((int)buf_size,
-                                         (int)(len - total_bytes_rcvd)));
-+                n = ap_bread(f, buf, MIN((size_t)buf_size,
-+                                         (size_t)(len - total_bytes_rcvd)));
-             }
-         }
- 
--- a/www/apache13-modssl/pkg-plist
+++ b/www/apache13-modssl/pkg-plist
@ -87,7 +87,6 @@ include/apache/xml/xmlrole.h
 include/apache/xml/xmltok.h
 include/apache/xml/xmltok_impl.h
 libexec/apache/httpd.exp
-libexec/apache/libproxy.so
 libexec/apache/libssl.so
 libexec/apache/mod_access.so
 libexec/apache/mod_actions.so