Date: Wed, 12 May 2010 19:05:17 +0200 From: Stefan Bethke <stb@lassitu.de> To: Benno Overeinder <benno@NLnetLabs.nl> Cc: apache@FreeBSD.org Subject: Re: Apache 2.0.63_8 compiles, but does not run Message-ID: <C7B25BD8-4A0A-4A3E-8EC3-9DDE6A2AB06B@lassitu.de> In-Reply-To: <4BEAC7FE.7000407@NLnetLabs.nl> References: <4BEAC7FE.7000407@NLnetLabs.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 12.05.2010 um 17:23 schrieb Benno Overeinder: > Newsgroups: mailing.freebsd.ports > From: Benno <benno@nlnetlabs.remove-this.nl> > Subject: Re: Apache 2.0.63_8 compiles, but does not run > Date: 12 May 2010 15:18:46 GMT >=20 > On 2010-05-08, Stefan Bethke <stb@lassitu.de> wrote: >> One of the commits to www/apache20 in the past 24 hours breaks the=20 >> port. See PR#146393 >>=20 >> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D146393 >>=20 >> Downgrading to a revision from 2010-05-07 00:00 UTC or earlier works >> around this. >>=20 >=20 > Same problem here. After some searchig after mySrvFromConn, and > checking with the original Apache 2.0.63 sources, I figured out it = must > be in the patches of the port. Indeed, in > www/apache20/files/patch-CVE-2009-3555 there is the code injecting the > line "s =3D mySrvFromConn(c);". >=20 > According to the header, it is: > "Modified patch from > = http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2= .patch". >=20 > In the original apache2.0.63 code there is no reference to > mySrvFromConn, and in the other port patches I cannot find any line > defining mySrvFromConn. Is this a partial backport of CVE-2009-3555? >=20 > Can you forward this to the maintainer? Sure. But you might want to add this analysis to the PR. Stefan --=20 Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C7B25BD8-4A0A-4A3E-8EC3-9DDE6A2AB06B>