Apache 2.0.63_8 compiles, but does not run
Stefan Bethke
stb at lassitu.de
Wed May 12 17:20:35 UTC 2010
Am 12.05.2010 um 17:23 schrieb Benno Overeinder:
> Newsgroups: mailing.freebsd.ports
> From: Benno <benno at nlnetlabs.remove-this.nl>
> Subject: Re: Apache 2.0.63_8 compiles, but does not run
> Date: 12 May 2010 15:18:46 GMT
>
> On 2010-05-08, Stefan Bethke <stb at lassitu.de> wrote:
>> One of the commits to www/apache20 in the past 24 hours breaks the
>> port. See PR#146393
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=146393
>>
>> Downgrading to a revision from 2010-05-07 00:00 UTC or earlier works
>> around this.
>>
>
> Same problem here. After some searchig after mySrvFromConn, and
> checking with the original Apache 2.0.63 sources, I figured out it must
> be in the patches of the port. Indeed, in
> www/apache20/files/patch-CVE-2009-3555 there is the code injecting the
> line "s = mySrvFromConn(c);".
>
> According to the header, it is:
> "Modified patch from
> http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch".
>
> In the original apache2.0.63 code there is no reference to
> mySrvFromConn, and in the other port patches I cannot find any line
> defining mySrvFromConn. Is this a partial backport of CVE-2009-3555?
>
> Can you forward this to the maintainer?
Sure. But you might want to add this analysis to the PR.
Stefan
--
Stefan Bethke <stb at lassitu.de> Fon +49 151 14070811
More information about the freebsd-apache
mailing list