aboutsummaryrefslogtreecommitdiffstats
path: root/www/apache22
diff options
context:
space:
mode:
authorclement <clement@FreeBSD.org>2006-07-28 04:26:29 +0800
committerclement <clement@FreeBSD.org>2006-07-28 04:26:29 +0800
commit001de23829a0a974adaceb753b9f035329efd4f0 (patch)
treed3cf826bbeade58d44b8d267b24485ba8d113e5d /www/apache22
parente8e0209ce7d753c62c0148189f6e163d5466c856 (diff)
downloadfreebsd-ports-graphics-001de23829a0a974adaceb753b9f035329efd4f0.tar.gz
freebsd-ports-graphics-001de23829a0a974adaceb753b9f035329efd4f0.tar.zst
freebsd-ports-graphics-001de23829a0a974adaceb753b9f035329efd4f0.zip
- Fix security issue in mod_rewrite.
All people using mod_rewrite are strongly encouraged to update. An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team Updates to latest versions will follow soon. Notified by: so@ (simon) Obtained from: Apache Security Team Security: CVE-2006-3747
Diffstat (limited to 'www/apache22')
-rw-r--r--www/apache22/Makefile1
-rw-r--r--www/apache22/files/patch-secfix-CVE-2006-374713
2 files changed, 14 insertions, 0 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 63a56674599..7560ab33366 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -9,6 +9,7 @@
PORTNAME= apache
PORTVERSION= 2.2.2
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
http://apache.webthing.com/database/:aprmysql
diff --git a/www/apache22/files/patch-secfix-CVE-2006-3747 b/www/apache22/files/patch-secfix-CVE-2006-3747
new file mode 100644
index 00000000000..b40f6d31d09
--- /dev/null
+++ b/www/apache22/files/patch-secfix-CVE-2006-3747
@@ -0,0 +1,13 @@
+Index: modules/mappers/mod_rewrite.c
+===================================================================
+--- modules/mappers/mod_rewrite.c (revision 424536)
++++ modules/mappers/mod_rewrite.c (working copy)
+@@ -667,7 +667,7 @@
+ int c = 0;
+
+ token[0] = cp = apr_pstrdup(p, cp);
+- while (*cp && c < 5) {
++ while (*cp && c < 4) {
+ if (*cp == '?') {
+ token[++c] = cp + 1;
+ *cp = '\0';