rpms/boa/F-12 boa-0.94.14rc21-escape-errorlog.patch, NONE, 1.1 boa.spec, 1.18, 1.19
Matthias Saou
thias at fedoraproject.org
Wed Apr 28 11:54:03 UTC 2010
Author: thias
Update of /cvs/extras/rpms/boa/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv26766/F-12
Modified Files:
boa.spec
Added Files:
boa-0.94.14rc21-escape-errorlog.patch
Log Message:
Include escape-errorlog patch on all branches, update EPEL packages with all relevant changes.
boa-0.94.14rc21-escape-errorlog.patch:
log.c | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
--- NEW FILE boa-0.94.14rc21-escape-errorlog.patch ---
diff -aruN boa-0.94.14rc21.orig/src/log.c boa-0.94.14rc21.fixed/src/log.c
--- boa-0.94.14rc21.orig/src/log.c 2005-02-22 06:11:29.000000000 -0800
+++ boa-0.94.14rc21.fixed/src/log.c 2009-12-31 01:27:01.000000000 -0800
@@ -156,6 +156,29 @@
(req->header_user_agent ? req->header_user_agent : "-"));
}
+static char *escape_pathname(const char *inp)
+{
+ char *escaped, *c;
+
+ if (!inp) {
+ return NULL;
+ }
+ escaped = (char *)malloc(1 + strlen(inp) * 4);
+ if (escaped == NULL) {
+ perror("malloc");
+ return NULL;
+ }
+ for (c = escaped; *inp; inp++) {
+ if (needs_escape((unsigned int)*inp)) {
+ c += sprintf(c, "\\x%02x", (unsigned int)*inp);
+ } else {
+ *(c++) = *inp;
+ }
+ }
+ *(c++) = '\0';
+ return escaped;
+}
+
/*
* Name: log_error_doc
*
@@ -173,26 +196,29 @@
void log_error_doc(request * req)
{
int errno_save = errno;
+ char *escaped_pathname;
if (virtualhost) {
fprintf(stderr, "%s ", req->local_ip_addr);
} else if (vhost_root) {
fprintf(stderr, "%s ", (req->host ? req->host : "(null)"));
}
+ escaped_pathname = escape_pathname(req->pathname);
if (vhost_root) {
fprintf(stderr, "%s - - %srequest [%s] \"%s\" (\"%s\"): ",
req->remote_ip_addr,
get_commonlog_time(),
(req->header_host ? req->header_host : "(null)"),
(req->logline ? req->logline : "(null)"),
- (req->pathname ? req->pathname : "(null)"));
+ (escaped_pathname ? escaped_pathname : "(null)"));
} else {
fprintf(stderr, "%s - - %srequest \"%s\" (\"%s\"): ",
req->remote_ip_addr,
get_commonlog_time(),
(req->logline ? req->logline : "(null)"),
- (req->pathname ? req->pathname : "(null)"));
+ (escaped_pathname ? escaped_pathname : "(null)"));
}
+ free(escaped_pathname);
errno = errno_save;
}
Index: boa.spec
===================================================================
RCS file: /cvs/extras/rpms/boa/F-12/boa.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -p -r1.18 -r1.19
--- boa.spec 24 Nov 2009 21:38:37 -0000 1.18
+++ boa.spec 28 Apr 2010 11:54:03 -0000 1.19
@@ -4,7 +4,7 @@
Summary: Single-tasking HTTP server
Name: boa
Version: 0.94.14
-Release: 0.14%{?rcver:.%{rcver}}%{?dist}
+Release: 0.15%{?rcver:.%{rcver}}%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://www.boa.org/
@@ -15,6 +15,7 @@ Source10: index.html
Source11: boa_logo_pasi2.png
Patch0: boa-0.94.14rc21-config.patch
Patch1: boa-0.94.14rc21-cgi.c.patch
+Patch2: boa-0.94.14rc21-escape-errorlog.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: system-logos >= 7.92.1
Requires(pre): /usr/sbin/useradd
@@ -46,6 +47,7 @@ Available rpmbuild rebuild options :
%setup -q -n %{name}-%{version}%{?rcver}
%patch0 -p1 -b .config
%patch1 -p1 -b .cgi.c
+%patch2 -p1 -b .escape-errorlog
%build
@@ -135,6 +137,9 @@ fi
%changelog
+* Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 0.94.14-0.15.rc21
+- Include escape-errorlog patch from Debian to fix CVE-2009-4496 (#583162).
+
* Tue Nov 24 2009 Matthias Saou <http://freshrpms.net/> 0.94.14-0.14.rc21
- Fix last minute init script breakage from the lat changes (#527582).
More information about the scm-commits
mailing list