pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache2 - Bump to nb5 to specifically address a ne...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b9a14a66a6d2
branches: trunk
changeset: 485646:b9a14a66a6d2
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sat Dec 18 08:42:12 2004 +0000
description:
- Bump to nb5 to specifically address a new apache vuln:
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
- Changes backported from apache CVS HEAD:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129
diffstat:
www/apache2/Makefile | 4 ++--
www/apache2/buildlink3.mk | 4 ++--
www/apache2/distinfo | 4 +++-
www/apache2/patches/patch-as | 26 ++++++++++++++++++++++++++
www/apache2/patches/patch-at | 19 +++++++++++++++++++
5 files changed, 52 insertions(+), 5 deletions(-)
diffs (101 lines):
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/Makefile
--- a/www/apache2/Makefile Sat Dec 18 05:30:33 2004 +0000
+++ b/www/apache2/Makefile Sat Dec 18 08:42:12 2004 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.60 2004/12/07 22:25:50 seb Exp $
+# $NetBSD: Makefile,v 1.61 2004/12/18 08:42:12 adrianp Exp $
.include "Makefile.common"
PKGNAME= apache-${APACHE_VERSION}
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= www
HOMEPAGE= http://httpd.apache.org/
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/buildlink3.mk
--- a/www/apache2/buildlink3.mk Sat Dec 18 05:30:33 2004 +0000
+++ b/www/apache2/buildlink3.mk Sat Dec 18 08:42:12 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.10 2004/11/30 23:21:44 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.11 2004/12/18 08:42:12 adrianp Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
APACHE_BUILDLINK3_MK:= ${APACHE_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(APACHE_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.apache+= apache>=2.0.51
-BUILDLINK_RECOMMENDED.apache+= apache>=2.0.52nb2
+BUILDLINK_RECOMMENDED.apache+= apache>=2.0.52nb5
BUILDLINK_PKGSRCDIR.apache?= ../../www/apache2
BUILDLINK_DEPMETHOD.apache?= build
. if defined(APACHE_MODULE)
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/distinfo
--- a/www/apache2/distinfo Sat Dec 18 05:30:33 2004 +0000
+++ b/www/apache2/distinfo Sat Dec 18 08:42:12 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2004/11/30 23:21:44 jlam Exp $
+$NetBSD: distinfo,v 1.33 2004/12/18 08:42:12 adrianp Exp $
SHA1 (httpd-2.0.52.tar.gz) = 2a22fde052adc7d7258f999cd7dd8a7592ff36e7
Size (httpd-2.0.52.tar.gz) = 6918995 bytes
@@ -10,3 +10,5 @@
SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
SHA1 (patch-ar) = c6769617cd9111f6d233d68883c71988a36fbbce
+SHA1 (patch-as) = c6fb574d5d96024e641816569f059bca4368fcec
+SHA1 (patch-at) = dd9a3eb14b3e20876eca6eff968e82326a53b7d9
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-as Sat Dec 18 08:42:12 2004 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-as,v 1.5 2004/12/18 08:42:12 adrianp Exp $
+
+--- modules/ssl/ssl_engine_kernel.c.orig 2004-12-18 07:10:37.000000000 +0000
++++ modules/ssl/ssl_engine_kernel.c 2004-12-18 07:13:50.000000000 +0000
+@@ -719,6 +719,21 @@
+ X509_free(peercert);
+ }
+ }
++
++ /*
++ * Also check that SSLCipherSuite has been enforced as expected.
++ */
++ if (cipher_list) {
++ cipher = SSL_get_current_cipher(ssl);
++ if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++ "SSL cipher suite not renegotiated: "
++ "access to %s denied using cipher %s",
++ r->filename,
++ SSL_CIPHER_get_name(cipher));
++ return HTTP_FORBIDDEN;
++ }
++ }
+ }
+
+ /*
diff -r 394744f97d1d -r b9a14a66a6d2 www/apache2/patches/patch-at
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-at Sat Dec 18 08:42:12 2004 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-at,v 1.1 2004/12/18 08:42:12 adrianp Exp $
+
+--- modules/ssl/ssl_engine_init.c.orig 2004-12-18 07:15:01.000000000 +0000
++++ modules/ssl/ssl_engine_init.c 2004-12-18 07:15:59.000000000 +0000
+@@ -439,6 +439,14 @@
+ * Configure additional context ingredients
+ */
+ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
++
++#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
++ /*
++ * Disallow a session from being resumed during a renegotiation,
++ * so that an acceptable cipher suite can be negotiated.
++ */
++ SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
++#endif
+ }
+
+ static void ssl_init_ctx_session_cache(server_rec *s,
Home |
Main Index |
Thread Index |
Old Index