ports/113988: [patch] Fix CVE-2007-1349 in www/mod_perl2

[Henrik Brix Andersen]

>Number:         113988
>Category:       ports
>Synopsis:       [patch] Fix CVE-2007-1349 in www/mod_perl2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 24 13:30:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Henrik Brix Andersen
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
pil.dk
>Environment:
System: FreeBSD lothlorien.brixandersen.dk 7.0-CURRENT FreeBSD 7.0-CURRENT #45: Tue Jun 19 00:10:18 CEST 2007 root at lothlorien.brixandersen.dk:/usr/obj/usr/src/sys/LOTHLORIEN i386


	
>Description:
RegistryCooker.pm in mod_perl 2.x does not properly escape PATH_INFO
before use in a regular expression as noted in CVE-2007-1349:

http://www.freebsd.org/ports/portaudit/ef2ffb03-f2b0-11db-ad25-0010b5a0a860.html

	
>How-To-Repeat:
	
>Fix:
The patch below fixes this in www/mod_perl2 by disabling pattern
metacharacters in the regex.

The patch was obtained from Gentoo Linux Bugzilla bug #172676:

http://bugs.gentoo.org/172676

Note that vuxml also needs to be updated to reflect the fix of this
problem in www/mod_perl2.

	

--- mod_perl2.diff begins here ---
diff -urpN /usr/ports/www/mod_perl2/Makefile www/mod_perl2/Makefile
--- /usr/ports/www/mod_perl2/Makefile	2006-12-04 01:07:10.000000000 +0100
+++ www/mod_perl2/Makefile	2007-06-24 15:03:20.000000000 +0200
@@ -7,7 +7,7 @@
 
 PORTNAME=	mod_perl
 PORTVERSION=	2.0.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	3
 CATEGORIES=	www perl5
 MASTER_SITES=	http://perl.apache.org/dist/ \
diff -urpN /usr/ports/www/mod_perl2/files/patch-RegistryCooker.pm www/mod_perl2/files/patch-RegistryCooker.pm
--- /usr/ports/www/mod_perl2/files/patch-RegistryCooker.pm	1970-01-01 01:00:00.000000000 +0100
+++ www/mod_perl2/files/patch-RegistryCooker.pm	2007-06-24 15:03:37.000000000 +0200
@@ -0,0 +1,12 @@
+diff -Naurp ModPerl-Registry/lib/ModPerl/RegistryCooker.pm.orig ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
+--- ModPerl-Registry/lib/ModPerl/RegistryCooker.pm.orig	2006-11-19 18:31:41.000000000 -0500
++++ ModPerl-Registry/lib/ModPerl/RegistryCooker.pm	2007-03-30 19:08:05.000000000 -0400
+@@ -337,7 +337,7 @@ sub namespace_from_uri {
+     my $self = shift;
+ 
+     my $path_info = $self->{REQ}->path_info;
+-    my $script_name = $path_info && $self->{URI} =~ /$path_info$/
++    my $script_name = $path_info && $self->{URI} =~ /\Q$path_info\E$/
+         ? substr($self->{URI}, 0, length($self->{URI}) - length($path_info))
+         : $self->{URI};
+ 
--- mod_perl2.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: