Sunday, July 30, 2006

004_httpd binpatch 3.9

OpenBSDThe OpenBSD team has released a patch for OpenBSD 3.9 which fixes "a potentially exploitable off-by-one buffer overflow" in httpd's mod_rewrite (CVE-2006-3747).

I've created a binpatch for i386 again using Gerardo SantanaĆ¢€™s Binpatch System.

To make it happen, I modified the binpatch Makefile adding "004_httpd" to the PATCH_COMMON line. Then, I added a section for building httpd:
cd ${WRKSRC}/usr.sbin/httpd && \
(${_obj_wrp}; ${_cleandir_wrp}; ${_depend_wrp}; \
${_build_wrp}; ${_install_wrp})

For OpenBSD 3.9, I have so far created:

I no longer maintain binpatches for 3.8 (or earlier) systems as I no longer have any 3.8 systems. Sorry.


  1. Getting a 404 on you binpatch downloads:

    # wget
    => `binpatch-3.9-i386-004.tgz'
    Connecting to||:80... connected.
    HTTP request sent, awaiting response... 404 Not Found
    22:33:00 ERROR 404: Not Found.

    Cheers z0mbix

  2. Dang! Forgot the "3.9/" in the path. It's been fixed.