pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache2 - Bump to nb5 to specifically address a ne...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b9a14a66a6d2
branches:  trunk
changeset: 485646:b9a14a66a6d2
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Dec 18 08:42:12 2004 +0000

description:
- Bump to nb5 to specifically address a new apache vuln:
  http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
- Changes backported from apache CVS HEAD:
  http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
  http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129

diffstat:

 www/apache2/Makefile         |   4 ++--
 www/apache2/buildlink3.mk    |   4 ++--
 www/apache2/distinfo         |   4 +++-
 www/apache2/patches/patch-as |  26 ++++++++++++++++++++++++++
 www/apache2/patches/patch-at |  19 +++++++++++++++++++
 5 files changed, 52 insertions(+), 5 deletions(-)

diffs (101 lines):

diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/Makefile
--- a/www/apache2/Makefile      Sat Dec 18 05:30:33 2004 +0000
+++ b/www/apache2/Makefile      Sat Dec 18 08:42:12 2004 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.60 2004/12/07 22:25:50 seb Exp $
+# $NetBSD: Makefile,v 1.61 2004/12/18 08:42:12 adrianp Exp $
 
 .include "Makefile.common"
 
 PKGNAME=               apache-${APACHE_VERSION}
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            www
 
 HOMEPAGE=              http://httpd.apache.org/
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/buildlink3.mk
--- a/www/apache2/buildlink3.mk Sat Dec 18 05:30:33 2004 +0000
+++ b/www/apache2/buildlink3.mk Sat Dec 18 08:42:12 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.10 2004/11/30 23:21:44 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.11 2004/12/18 08:42:12 adrianp Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 APACHE_BUILDLINK3_MK:= ${APACHE_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(APACHE_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.apache+=     apache>=2.0.51
-BUILDLINK_RECOMMENDED.apache+= apache>=2.0.52nb2
+BUILDLINK_RECOMMENDED.apache+= apache>=2.0.52nb5
 BUILDLINK_PKGSRCDIR.apache?=   ../../www/apache2
 BUILDLINK_DEPMETHOD.apache?=   build
 .  if defined(APACHE_MODULE)
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/distinfo
--- a/www/apache2/distinfo      Sat Dec 18 05:30:33 2004 +0000
+++ b/www/apache2/distinfo      Sat Dec 18 08:42:12 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2004/11/30 23:21:44 jlam Exp $
+$NetBSD: distinfo,v 1.33 2004/12/18 08:42:12 adrianp Exp $
 
 SHA1 (httpd-2.0.52.tar.gz) = 2a22fde052adc7d7258f999cd7dd8a7592ff36e7
 Size (httpd-2.0.52.tar.gz) = 6918995 bytes
@@ -10,3 +10,5 @@
 SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
 SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
 SHA1 (patch-ar) = c6769617cd9111f6d233d68883c71988a36fbbce
+SHA1 (patch-as) = c6fb574d5d96024e641816569f059bca4368fcec
+SHA1 (patch-at) = dd9a3eb14b3e20876eca6eff968e82326a53b7d9
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-as      Sat Dec 18 08:42:12 2004 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-as,v 1.5 2004/12/18 08:42:12 adrianp Exp $
+
+--- modules/ssl/ssl_engine_kernel.c.orig       2004-12-18 07:10:37.000000000 +0000
++++ modules/ssl/ssl_engine_kernel.c    2004-12-18 07:13:50.000000000 +0000
+@@ -719,6 +719,21 @@
+                 X509_free(peercert);
+             }
+         }
++
++      /*
++       * Also check that SSLCipherSuite has been enforced as expected.
++       */
++      if (cipher_list) {
++          cipher = SSL_get_current_cipher(ssl);
++          if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
++              ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++                            "SSL cipher suite not renegotiated: "
++                            "access to %s denied using cipher %s",
++                            r->filename,
++                            SSL_CIPHER_get_name(cipher));
++              return HTTP_FORBIDDEN;
++          }
++      }
+     }
+ 
+     /*
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-at      Sat Dec 18 08:42:12 2004 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-at,v 1.1 2004/12/18 08:42:12 adrianp Exp $
+
+--- modules/ssl/ssl_engine_init.c.orig 2004-12-18 07:15:01.000000000 +0000
++++ modules/ssl/ssl_engine_init.c      2004-12-18 07:15:59.000000000 +0000
+@@ -439,6 +439,14 @@
+      * Configure additional context ingredients
+      */
+     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
++
++#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
++    /* 
++     * Disallow a session from being resumed during a renegotiation,
++     * so that an acceptable cipher suite can be negotiated.
++     */
++    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
++#endif
+ }
+ 
+ static void ssl_init_ctx_session_cache(server_rec *s,



Home | Main Index | Thread Index | Old Index