Sunday, July 30, 2006

004_httpd binpatch 3.9

OpenBSDThe OpenBSD team has released a patch for OpenBSD 3.9 which fixes "a potentially exploitable off-by-one buffer overflow" in httpd's mod_rewrite (CVE-2006-3747).

I've created a binpatch for i386 again using Gerardo SantanaĆ¢€™s Binpatch System.

To make it happen, I modified the binpatch Makefile adding "004_httpd" to the PATCH_COMMON line. Then, I added a section for building httpd:
004_httpd:
cd ${WRKSRC}/usr.sbin/httpd && \
(${_obj_wrp}; ${_cleandir_wrp}; ${_depend_wrp}; \
${_build_wrp}; ${_install_wrp})


For OpenBSD 3.9, I have so far created:


I no longer maintain binpatches for 3.8 (or earlier) systems as I no longer have any 3.8 systems. Sorry.

4 comments:

  1. Getting a 404 on you binpatch downloads:

    # wget http://erdelynet.com/downloads/binpatch-3.9-i386-004.tgz
    --22:33:00-- http://erdelynet.com/downloads/binpatch-3.9-i386-004.tgz
    => `binpatch-3.9-i386-004.tgz'
    Resolving erdelynet.com... 71.241.230.202
    Connecting to erdelynet.com|71.241.230.202|:80... connected.
    HTTP request sent, awaiting response... 404 Not Found
    22:33:00 ERROR 404: Not Found.

    Cheers z0mbix

    ReplyDelete
  2. Dang! Forgot the "3.9/" in the path. It's been fixed.

    ReplyDelete