[Pound/el6] Update to 2.7d
Adam Tkac
atkac at fedoraproject.org
Mon Dec 8 09:46:33 UTC 2014
commit ad07808c36f0147b33387522df7a2543d0f64a39
Author: Adam Tkac <vonsch at gmail.com>
Date: Sun Dec 7 16:10:31 2014 +0100
Update to 2.7d
- dropped merged patches
- 0004-CVE-2005-2090-chunked-encoding-response-splitting.patch has been ported
Signed-off-by: Adam Tkac <vonsch at gmail.com>
.gitignore | 1 +
...89-BEAST-Add-options-preventing-users-fro.patch | 381 --------------------
...E-2012-4929-CRIME-Disable-SSL-compression.patch | 88 -----
0003-Fix-a-XSS-with-a-crafted-URL.patch | 80 ----
...-2090-chunked-encoding-response-splitting.patch | 71 +---
...3566-POODLE-Backport-Disable-proto-option.patch | 86 -----
Pound.spec | 26 +-
sources | 2 +-
8 files changed, 34 insertions(+), 701 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 095cf85..0b77040 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
Pound-2.5.tgz
/Pound-2.6.tgz
+/Pound-2.7d.tgz
diff --git a/0004-CVE-2005-2090-chunked-encoding-response-splitting.patch b/0004-CVE-2005-2090-chunked-encoding-response-splitting.patch
index 07ab10f..a8acc74 100644
--- a/0004-CVE-2005-2090-chunked-encoding-response-splitting.patch
+++ b/0004-CVE-2005-2090-chunked-encoding-response-splitting.patch
@@ -5,77 +5,44 @@ Subject: [PATCH 4/5] CVE-2005-2090 chunked encoding response-splitting
Apply David Martineau's CVE-2005-2090 patch
+Modified for 2.7d by Adam Tkac <adam.tkac at gooddata.com>
+
[Picked from https://github.com/goochjj/pound/commit/4b324d753d80aaa3ccda74a6d9094b456fc2d4e4]
----
- http.c | 29 +++++++++++++++++++++++++----
- 1 file changed, 25 insertions(+), 4 deletions(-)
-diff --git a/http.c b/http.c
-index 10294cf..57869cd 100755
---- a/http.c
-+++ b/http.c
-@@ -533,7 +533,7 @@ log_bytes(char *res, const LONG cnt)
+diff -up Pound-2.7d/http.c.CVE-2005-2090 Pound-2.7d/http.c
+--- Pound-2.7d/http.c.CVE-2005-2090 2014-12-07 15:58:55.481650745 +0100
++++ Pound-2.7d/http.c 2014-12-07 16:03:19.937083060 +0100
+@@ -519,7 +519,7 @@ log_bytes(char *res, const LONG cnt)
void
do_http(thr_arg *arg)
{
- int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc;
-+ int cl_count,cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc;
++ int cl_count, cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc;
LISTENER *lstn;
SERVICE *svc;
BACKEND *backend, *cur_backend, *old_backend;
-@@ -708,7 +708,7 @@ do_http(thr_arg *arg)
+@@ -693,7 +693,7 @@ do_http(thr_arg *arg)
}
/* check other headers */
- for(chunked = 0, cont = L_1, n = 1; n < MAXHEADERS && headers[n]; n++) {
-+ for(cl_count=0,chunked = 0, cont = L_1, n = 1; n < MAXHEADERS && headers[n]; n++) {
++ for(cl_count=0, chunked = 0, cont = L_1, n = 1; n < MAXHEADERS && headers[n]; n++) {
/* no overflow - see check_header for details */
switch(check_header(headers[n], buf)) {
case HEADER_HOST:
-@@ -734,11 +734,28 @@ do_http(thr_arg *arg)
+@@ -719,6 +719,15 @@ do_http(thr_arg *arg)
chunked = 1;
break;
case HEADER_CONTENT_LENGTH:
-+ cl_count++;
-+ if (cl_count>1)
-+ {
-+ logmsg(LOG_WARNING, "(%lx) e501 bad multi-content-length request \"%s\" from %s", pthread_self(), request, caddr);
-+ err_reply(cl, h501, lstn->err501);
-+ free_headers(headers);
-+ clean_all();
-+ return;
-+ }
++ cl_count++;
++ if (cl_count>1) {
++ logmsg(LOG_WARNING, "(%lx) e501 bad multi-content-length request \"%s\" from %s", pthread_self(), request, caddr);
++ err_reply(cl, h501, lstn->err501);
++ free_headers(headers);
++ clean_all();
++ return;
++ }
+
if(chunked || cont >= 0L)
-+ {
headers_ok[n] = 0;
-- else
-+ }
-+ else {
- if((cont = ATOL(buf)) < 0L)
-+ {
- headers_ok[n] = 0;
-+ }
-+ if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L))
-+ is_rpc = -1;
-+ }
- break;
- case HEADER_ILLEGAL:
- if(lstn->log_level > 0) {
-@@ -1397,8 +1414,12 @@ do_http(thr_arg *arg)
- case HEADER_CONTENT_LENGTH:
- cont = ATOL(buf);
- /* treat RPC_OUT_DATA like reply without content-length */
-- if(is_rpc == 0 && cont == 0x40000000L)
-+ if(is_rpc == 0) {
-+ if(cont >= 0x20000L && cont <= 0x80000000L)
- cont = -1L;
-+ else
-+ is_rpc = -1;
-+ }
- break;
- case HEADER_LOCATION:
- if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, v_host, lstn, cur_backend)) {
---
-1.9.3
-
+ else {
diff --git a/Pound.spec b/Pound.spec
index 6635ded..f33b25d 100644
--- a/Pound.spec
+++ b/Pound.spec
@@ -1,10 +1,11 @@
+%define alpha d
%define pound_user pound
%define pound_group pound
%define pound_home %{_localstatedir}/lib/pound
Name: Pound
-Version: 2.6
-Release: 2%{?dist}.1
+Version: 2.7
+Release: 0.1.%{alpha}%{?dist}
Summary: Reverse proxy and load balancer
Group: System Environment/Daemons
@@ -12,7 +13,6 @@ License: GPLv3
URL: http://www.apsis.ch/pound
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
BuildRequires: openssl-devel, pcre-devel
# tcmalloc doesn't exist on ppc64 yet (#238390)
@@ -27,7 +27,7 @@ Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig, /sbin/service
Requires(postun): /sbin/service
-Source0: http://www.apsis.ch/pound/%{name}-%{version}.tgz
+Source0: http://www.apsis.ch/pound/%{name}-%{version}%{alpha}.tgz
Source1: pound.init
Source2: pound.cfg
Patch0: pound-remove-owner.patch
@@ -42,11 +42,7 @@ Patch0: pound-remove-owner.patch
# different configuration mechanisms than upstream does, wrecking the
# upgrade path: https://github.com/goochjj/pound/commits/pcidss/v2.6
# Be careful when picking from there; prefer to backport from alphas.
-Patch1: 0001-CVE-2011-3389-BEAST-Add-options-preventing-users-fro.patch
-Patch2: 0002-CVE-2012-4929-CRIME-Disable-SSL-compression.patch
-Patch3: 0003-Fix-a-XSS-with-a-crafted-URL.patch
Patch4: 0004-CVE-2005-2090-chunked-encoding-response-splitting.patch
-Patch5: 0005-CVE-2014-3566-POODLE-Backport-Disable-proto-option.patch
%description
The Pound program is a reverse proxy, load balancer and
@@ -58,13 +54,9 @@ under the GPL - no warranty, it's free to use, copy and
give away
%prep
-%setup -q
+%setup -q -n %{name}-%{version}%{alpha}
%patch0 -p1 -b .remove-owner
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
%patch4 -p1
-%patch5 -p1
%build
%configure
@@ -137,6 +129,14 @@ fi
%attr(-,%{pound_user},%{pound_group}) %dir %{pound_home}
%changelog
+* Fri Dec 05 2014 Adam Tkac <vonsch at gmail.com> - 2.7-0.1.d
+- update to the latest 2.7d
+- 0001-CVE-2011-3389-BEAST-Add-options-preventing-users-fro.patch merged
+- 0002-CVE-2012-4929-CRIME-Disable-SSL-compression.patch merged
+- 0003-Fix-a-XSS-with-a-crafted-URL.patch merged
+- 0004-CVE-2005-2090-chunked-encoding-response-splitting.patch modified for 2.7d
+- 0005-CVE-2014-3566-POODLE-Backport-Disable-proto-option.patch merged
+
* Fri Oct 24 2014 Lubomir Rintel <lkundrak at v3.sk> - 2.6-2.1
- Backport various security fixes. Note they usually are extra options that need
to be enabled manually so that we won't break functionality:
diff --git a/sources b/sources
index 5397eb1..623cfc2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-8c913b527332694943c4c67c8f152071 Pound-2.6.tgz
+e68a18cd46c6437849402929a26fce1f Pound-2.7d.tgz
More information about the scm-commits
mailing list