Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=050a1202282827f6fc9af1fe75752b900835f7cd
commit 050a1202282827f6fc9af1fe75752b900835f7cd
Author: VMiklos <[EMAIL PROTECTED]>
Date: Wed Sep 5 16:39:58 2007 +0200
apache-2.2.4-6-i686
added CVE-2007-3847.patch
closes #2381
diff --git a/source/network/apache/CVE-2007-3847.patch
b/source/network/apache/CVE-2007-3847.patch
new file mode 100644
index 0000000..e4a8ea2
--- /dev/null
+++ b/source/network/apache/CVE-2007-3847.patch
@@ -0,0 +1,86 @@
+--- 2.2.x/modules/proxy/proxy_util.c 2007/07/17 17:12:58 556972
++++ 2.2.x/modules/proxy/proxy_util.c 2007/08/06 17:27:09 563198
+@@ -280,70 +280,28 @@
+ return NULL;
+ }
+
+-static const char * const lwday[7] =
+-{"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday",
"Saturday"};
+-
+ /*
+ * If the date is a valid RFC 850 date or asctime() date, then it
+- * is converted to the RFC 1123 format, otherwise it is not modified.
+- * This routine is not very fast at doing conversions, as it uses
+- * sscanf and sprintf. However, if the date is already correctly
+- * formatted, then it exits very quickly.
++ * is converted to the RFC 1123 format.
+ */
+ PROXY_DECLARE(const char *)
+- ap_proxy_date_canon(apr_pool_t *p, const char *x1)
++ ap_proxy_date_canon(apr_pool_t *p, const char *date)
+ {
+- char *x = apr_pstrdup(p, x1);
+- int wk, mday, year, hour, min, sec, mon;
+- char *q, month[4], zone[4], week[4];
++ apr_status_t rv;
++ char* ndate;
+
+- q = strchr(x, ',');
+- /* check for RFC 850 date */
+- if (q != NULL && q - x > 3 && q[1] == ' ') {
+- *q = '\0';
+- for (wk = 0; wk < 7; wk++)
+- if (strcmp(x, lwday[wk]) == 0)
+- break;
+- *q = ',';
+- if (wk == 7)
+- return x; /* not a valid date */
+- if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' ||
+- q[17] != ':' || strcmp(&q[20], " GMT") != 0)
+- return x;
+- if (sscanf(q + 2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
+- &hour, &min, &sec, zone) != 7)
+- return x;
+- if (year < 70)
+- year += 2000;
+- else
+- year += 1900;
+- }
+- else {
+-/* check for acstime() date */
+- if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' ||
+- x[16] != ':' || x[19] != ' ' || x[24] != '\0')
+- return x;
+- if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour,
+- &min, &sec, &year) != 7)
+- return x;
+- for (wk = 0; wk < 7; wk++)
+- if (strcmp(week, apr_day_snames[wk]) == 0)
+- break;
+- if (wk == 7)
+- return x;
++ apr_time_t time = apr_date_parse_http(date);
++ if (!time) {
++ return date;
+ }
+
+-/* check date */
+- for (mon = 0; mon < 12; mon++)
+- if (strcmp(month, apr_month_snames[mon]) == 0)
+- break;
+- if (mon == 12)
+- return x;
++ ndate = apr_palloc(p, APR_RFC822_DATE_LEN);
++ rv = apr_rfc822_date(ndate, time);
++ if (rv != APR_SUCCESS) {
++ return date;
++ }
+
+- q = apr_palloc(p, 30);
+- apr_snprintf(q, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
apr_day_snames[wk],
+- mday, apr_month_snames[mon], year, hour, min, sec);
+- return q;
++ return ndate;
+ }
+
+ PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec
*r)
diff --git a/source/network/apache/FrugalBuild
b/source/network/apache/FrugalBuild
index bd006de..3bc98fa 100644
--- a/source/network/apache/FrugalBuild
+++ b/source/network/apache/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=apache
pkgver=2.2.4
-pkgrel=5
+pkgrel=6
pkgdesc="A high performance Unix-based HTTP server (with SSL)"
url="http://httpd.apache.org/";
backup=(etc/httpd/conf/{httpd.conf,ssl.conf,ssl.crt/server.crt,ssl.csr/server.csr,ssl.key/server.key}
\
@@ -17,8 +17,13 @@
source=(http://www.apache.org/dist/httpd/httpd-$pkgver.tar.gz \
http://ftp.frugalware.org/pub/other/sources/apache/mkcert.tar.gz \
rc.httpd rc.httpd-hu.po httpd.conf ssl.conf \
README.Frugalware index.html http://frugalware.org/images/frugalware.png \
- CVE-2006-5752.patch CVE-2007-1863.patch CVE-2007-3304.patch)
-signatures=($source.asc '' '' '' '' '' '' '' '' '' '' '')
+ CVE-2006-5752.patch CVE-2007-1863.patch CVE-2007-3304.patch \
+ CVE-2007-3847.patch)
+signatures=($source.asc '' '' '' '' '' '' '' '' '' '' '' '')
+
+# svn web interface:
+# http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/
+# use it when you dig for secfixes
build()
{
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
