[Frugalware-darcs] frugalware-0.6: apache-2.2.4-2terminus2-i686

voroskoi voroskoi at frugalware.org
Thu Sep 6 09:29:23 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070906072020-dd049-96012b6db65011ee186f72b1ff9f3d91c2207f11.gz;

[apache-2.2.4-2terminus2-i686
voroskoi <voroskoi at frugalware.org>**20070906072020
 secfix relbump, closes #2381
] {
addfile ./source/network/apache/CVE-2007-3847.patch
hunk ./source/network/apache/CVE-2007-3847.patch 1
+--- 2.2.x/modules/proxy/proxy_util.c	2007/07/17 17:12:58	556972
++++ 2.2.x/modules/proxy/proxy_util.c	2007/08/06 17:27:09	563198
+@@ -280,70 +280,28 @@
+     return NULL;
+ }
+ 
+-static const char * const lwday[7] =
+-{"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"};
+-
+ /*
+  * If the date is a valid RFC 850 date or asctime() date, then it
+- * is converted to the RFC 1123 format, otherwise it is not modified.
+- * This routine is not very fast at doing conversions, as it uses
+- * sscanf and sprintf. However, if the date is already correctly
+- * formatted, then it exits very quickly.
++ * is converted to the RFC 1123 format.
+  */
+ PROXY_DECLARE(const char *)
+-     ap_proxy_date_canon(apr_pool_t *p, const char *x1)
++     ap_proxy_date_canon(apr_pool_t *p, const char *date)
+ {
+-    char *x = apr_pstrdup(p, x1);
+-    int wk, mday, year, hour, min, sec, mon;
+-    char *q, month[4], zone[4], week[4];
++    apr_status_t rv;
++    char* ndate;
+ 
+-    q = strchr(x, ',');
+-    /* check for RFC 850 date */
+-    if (q != NULL && q - x > 3 && q[1] == ' ') {
+-    *q = '\0';
+-    for (wk = 0; wk < 7; wk++)
+-        if (strcmp(x, lwday[wk]) == 0)
+-        break;
+-    *q = ',';
+-    if (wk == 7)
+-        return x;       /* not a valid date */
+-    if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' ||
+-        q[17] != ':' || strcmp(&q[20], " GMT") != 0)
+-        return x;
+-    if (sscanf(q + 2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
+-           &hour, &min, &sec, zone) != 7)
+-        return x;
+-    if (year < 70)
+-        year += 2000;
+-    else
+-        year += 1900;
+-    }
+-    else {
+-/* check for acstime() date */
+-    if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' ||
+-        x[16] != ':' || x[19] != ' ' || x[24] != '\0')
+-        return x;
+-    if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour,
+-           &min, &sec, &year) != 7)
+-        return x;
+-    for (wk = 0; wk < 7; wk++)
+-        if (strcmp(week, apr_day_snames[wk]) == 0)
+-        break;
+-    if (wk == 7)
+-        return x;
++    apr_time_t time = apr_date_parse_http(date);
++    if (!time) {
++        return date;
+     }
+ 
+-/* check date */
+-    for (mon = 0; mon < 12; mon++)
+-    if (strcmp(month, apr_month_snames[mon]) == 0)
+-        break;
+-    if (mon == 12)
+-    return x;
++    ndate = apr_palloc(p, APR_RFC822_DATE_LEN);
++    rv = apr_rfc822_date(ndate, time);
++    if (rv != APR_SUCCESS) {
++        return date;
++    }
+ 
+-    q = apr_palloc(p, 30);
+-    apr_snprintf(q, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", apr_day_snames[wk],
+-       mday, apr_month_snames[mon], year, hour, min, sec);
+-    return q;
++    return ndate;
+ }
+ 
+ PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r)
hunk ./source/network/apache/FrugalBuild 7
-pkgrel=2terminus1
+pkgrel=2terminus2
hunk ./source/network/apache/FrugalBuild 19
-	CVE-2006-5752.patch CVE-2007-1863.patch CVE-2007-3304.patch)
-signatures=($source.asc '' '' '' '' '' '' '' '' '' '' '')
+	CVE-2006-5752.patch CVE-2007-1863.patch CVE-2007-3304.patch CVE-2007-3847.patch)
+signatures=($source.asc '' '' '' '' '' '' '' '' '' '' '' '')
}


More information about the Frugalware-darcs mailing list