From owner-svn-ports-head@FreeBSD.ORG Sun Nov 9 08:15:15 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 45B079A0; Sun, 9 Nov 2014 08:15:15 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 31E8ABF6; Sun, 9 Nov 2014 08:15:15 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sA98FF3P027549; Sun, 9 Nov 2014 08:15:15 GMT (envelope-from marino@FreeBSD.org) Received: (from marino@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sA98FEre027547; Sun, 9 Nov 2014 08:15:14 GMT (envelope-from marino@FreeBSD.org) Message-Id: <201411090815.sA98FEre027547@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: marino set sender to marino@FreeBSD.org using -f From: John Marino Date: Sun, 9 Nov 2014 08:15:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r372343 - in head/www/mod_remoteip: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2014 08:15:15 -0000 Author: marino Date: Sun Nov 9 08:15:14 2014 New Revision: 372343 URL: https://svnweb.freebsd.org/changeset/ports/372343 QAT: https://qat.redports.org/buildarchive/r372343/ Log: www/mod_remoteip: fix segfault with .httaccess and allow/deny As described in Apache issue 49838, mod_remoteip may cause segfaults when used together with .htaccess files and allow/deny statements The existing patch was modified to backport fixes from Apache svn r990745 and r990746. PR: 193507 Submitted by: David Froehlich Approved by: maintainer (Jim Riggs) Modified: head/www/mod_remoteip/Makefile head/www/mod_remoteip/files/patch-modules__metadata__mod_remoteip.c Modified: head/www/mod_remoteip/Makefile ============================================================================== --- head/www/mod_remoteip/Makefile Sun Nov 9 07:58:40 2014 (r372342) +++ head/www/mod_remoteip/Makefile Sun Nov 9 08:15:14 2014 (r372343) @@ -3,6 +3,7 @@ PORTNAME= mod_remoteip PORTVERSION= 2.3.5.a +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-2.3.5-alpha Modified: head/www/mod_remoteip/files/patch-modules__metadata__mod_remoteip.c ============================================================================== --- head/www/mod_remoteip/files/patch-modules__metadata__mod_remoteip.c Sun Nov 9 07:58:40 2014 (r372342) +++ head/www/mod_remoteip/files/patch-modules__metadata__mod_remoteip.c Sun Nov 9 08:15:14 2014 (r372343) @@ -1,6 +1,6 @@ ---- modules/metadata/mod_remoteip.c.orig 2010-05-11 21:33:43.631571954 -0500 -+++ modules/metadata/mod_remoteip.c 2010-05-11 21:34:15.374903181 -0500 -@@ -127,7 +127,7 @@ +--- modules/metadata/mod_remoteip.c.orig 2009-05-05 18:52:59 UTC ++++ modules/metadata/mod_remoteip.c +@@ -127,7 +127,7 @@ static int looks_like_ip(const char *ips return (*ipstr == '\0'); } @@ -9,7 +9,7 @@ const char *arg) { remoteip_config_t *config = ap_get_module_config(cmd->server->module_config, -@@ -142,7 +142,7 @@ +@@ -142,7 +142,7 @@ static const char *proxies_set(cmd_parms if (!config->proxymatch_ip) config->proxymatch_ip = apr_array_make(cmd->pool, 1, sizeof(*match)); match = (remoteip_proxymatch_t *) apr_array_push(config->proxymatch_ip); @@ -18,7 +18,7 @@ if (looks_like_ip(ip)) { /* Note s may be null, that's fine (explicit host) */ -@@ -168,7 +168,7 @@ +@@ -168,7 +168,7 @@ static const char *proxies_set(cmd_parms break; match = (remoteip_proxymatch_t *) apr_array_push(config->proxymatch_ip); @@ -27,7 +27,7 @@ } } -@@ -182,7 +182,7 @@ +@@ -182,7 +182,7 @@ static const char *proxies_set(cmd_parms return NULL; } @@ -36,7 +36,7 @@ const char *filename) { char lbuf[MAX_STRING_LEN]; -@@ -205,7 +205,7 @@ +@@ -205,7 +205,7 @@ static const char *proxylist_read(cmd_pa while (*(arg = ap_getword_conf(cmd->temp_pool, &args)) != '\0') { if (*arg == '#' || *arg == '\0') break; @@ -45,3 +45,30 @@ if (errmsg) { errmsg = apr_psprintf(cmd->pool, "%s at line %d of %s", errmsg, cfp->line_number, filename); +@@ -260,7 +260,7 @@ static int remoteip_modify_connection(re + remote = apr_pstrdup(r->pool, remote); + + #ifdef REMOTEIP_OPTIMIZED +- memcpy(&temp_sa, c->remote_addr, sizeof(temp_sa)); ++ memcpy(temp_sa, c->remote_addr, sizeof(*temp_sa)); + temp_sa->pool = r->pool; + #else + temp_sa = c->remote_addr; +@@ -310,7 +310,7 @@ static int remoteip_modify_connection(re + #ifdef REMOTEIP_OPTIMIZED + /* Decode remote_addr - sucks; apr_sockaddr_vars_set isn't 'public' */ + if (inet_pton(AF_INET, parse_remote, +- &temp_sa_buff->sa.sin.sin_addr) > 0) { ++ &temp_sa->sa.sin.sin_addr) > 0) { + apr_sockaddr_vars_set(temp_sa, APR_INET, temp_sa.port); + } + #if APR_HAVE_IPV6 +@@ -409,7 +409,7 @@ static int remoteip_modify_connection(re + */ + c->remote_ip = apr_pstrdup(c->pool, c->remote_ip); + conn->proxied_ip = c->remote_ip; +- memcpy(&conn->proxied_addr, &temp_sa, sizeof(temp_sa)); ++ memcpy(&conn->proxied_addr, temp_sa, sizeof(*temp_sa)); + conn->proxied_addr.pool = c->pool; + c->remote_addr = &conn->proxied_addr; +