cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 2.4.46

Browse Source 
fixes CVE-2020-11984 and CVE-2020-11993
full changelog at https://downloads.apache.org/httpd/CHANGES_2.4.46
This commit is contained in:
giovanni 2020-08-07 15:15:37 +00:00
parent 7936676f28
commit 68760c17b1
4 changed files with 4 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
www/apache-httpd/Makefile
View File

@ -1,11 +1,10 @@
# $OpenBSD: Makefile,v 1.104 2020/07/17 13:09:08 giovanni Exp $
# $OpenBSD: Makefile,v 1.105 2020/08/07 15:15:37 giovanni Exp $
COMMENT= apache HTTP server
V= 2.4.43
V= 2.4.46
DISTNAME= httpd-${V}
PKGNAME= apache-httpd-${V}
REVISION= 1
CATEGORIES= www net

4
www/apache-httpd/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (httpd-2.4.43.tar.gz) = JiTpLYmyBIPK7/5RSnx7qTqxO2UCla4zDwHDXVtQ2H8=
SIZE (httpd-2.4.43.tar.gz) = 9348230
SHA256 (httpd-2.4.46.tar.gz) = RLdZzpMtwJDA51wCELRIXr9pg0ZvuMobRGyBaOGhrsI=
SIZE (httpd-2.4.46.tar.gz) = 9363314

32
www/apache-httpd/patches/patch-modules_proxy_mod_proxy_uwsgi_c
View File

@ -1,32 +0,0 @@
$OpenBSD: patch-modules_proxy_mod_proxy_uwsgi_c,v 1.1 2020/07/17 13:09:08 giovanni Exp $
Avoid NULL pointer dereferences for empty environment variable values
PR 64598
Index: modules/proxy/mod_proxy_uwsgi.c
--- modules/proxy/mod_proxy_uwsgi.c.orig
+++ modules/proxy/mod_proxy_uwsgi.c
@@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_rec *r, proxy_co
env = (apr_table_entry_t *) env_table->elts;
for (j = 0; j < env_table->nelts; ++j) {
- headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
+ headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0);
}
ptr = buf = apr_palloc(r->pool, headerlen);
@@ -189,10 +189,12 @@ static int uwsgi_send_headers(request_rec *r, proxy_co
memcpy(ptr, env[j].key, keylen);
ptr += keylen;
- vallen = strlen(env[j].val);
+ vallen = env[j].val ? strlen(env[j].val) : 0;
*ptr++ = (apr_byte_t) (vallen & 0xff);
*ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff);
- memcpy(ptr, env[j].val, vallen);
+ if (env[j].val) {
+ memcpy(ptr, env[j].val, vallen);
+ }
ptr += vallen;
}

86
www/apache-httpd/patches/patch-modules_ssl_ssl_util_stapling_c
View File

@ -1,86 +0,0 @@
$OpenBSD: patch-modules_ssl_ssl_util_stapling_c,v 1.1 2020/04/17 16:26:32 giovanni Exp $
Memory leak in mod_ssl
https://svn.apache.org/viewvc?view=revision&revision=1876548
https://bz.apache.org/bugzilla/show_bug.cgi?id=63687
Index: modules/ssl/ssl_util_stapling.c
--- modules/ssl/ssl_util_stapling.c.orig
+++ modules/ssl/ssl_util_stapling.c
@@ -134,6 +134,7 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *
X509 *issuer = NULL;
OCSP_CERTID *cid = NULL;
STACK_OF(OPENSSL_STRING) *aia = NULL;
+ int rv = 1; /* until further notice */
if (x == NULL)
return 0;
@@ -158,16 +159,18 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *
SSL_CTX_set_tlsext_status_cb(mctx->ssl_ctx, stapling_cb);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10177) "OCSP stapling added via hook");
}
- return 1;
+ goto cleanup;
}
if (mctx->stapling_enabled != TRUE) {
/* mod_ssl's own implementation is not enabled */
- return 1;
+ goto cleanup;
}
- if (X509_digest(x, EVP_sha1(), idx, NULL) != 1)
- return 0;
+ if (X509_digest(x, EVP_sha1(), idx, NULL) != 1) {
+ rv = 0;
+ goto cleanup;
+ }
cinf = apr_hash_get(stapling_certinfo, idx, sizeof(idx));
if (cinf) {
@@ -181,18 +184,18 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *
APLOGNO(02814) "ssl_stapling_init_cert: no OCSP URI "
"in certificate and no SSLStaplingForceURL "
"configured for server %s", mctx->sc->vhost_id);
- return 0;
+ rv = 0;
}
- return 1;
+ goto cleanup;
}
cid = OCSP_cert_to_id(NULL, x, issuer);
- X509_free(issuer);
if (!cid) {
ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02815)
"ssl_stapling_init_cert: can't create CertID "
"for OCSP request");
- return 0;
+ rv = 0;
+ goto cleanup;
}
aia = X509_get1_ocsp(x);
@@ -201,7 +204,8 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *
ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x,
APLOGNO(02218) "ssl_stapling_init_cert: no OCSP URI "
"in certificate and no SSLStaplingForceURL set");
- return 0;
+ rv = 0;
+ goto cleanup;
}
/* At this point, we have determined that there's something to store */
@@ -222,8 +226,10 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *
mctx->sc->vhost_id);
apr_hash_set(stapling_certinfo, cinf->idx, sizeof(cinf->idx), cinf);
-
- return 1;
+
+cleanup:
+ X509_free(issuer);
+ return rv;
}
static certinfo *stapling_get_certinfo(server_rec *s, X509 *x, modssl_ctx_t *mctx,