pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache2 Add fix for security vulnerability reporte...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/262496a47a80
branches:  trunk
changeset: 504585:262496a47a80
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Dec 15 11:29:00 2005 +0000

description:
Add fix for security vulnerability reported in CVE-2005-3352 taken from
Apache SVN repository. Bump package revision because of that.

diffstat:

 www/apache2/Makefile         |   4 ++--
 www/apache2/distinfo         |   3 ++-
 www/apache2/patches/patch-ae |  13 +++++++++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diffs (49 lines):

diff -r 012ef74796a4 -r 262496a47a80 www/apache2/Makefile
--- a/www/apache2/Makefile      Thu Dec 15 02:56:58 2005 +0000
+++ b/www/apache2/Makefile      Thu Dec 15 11:29:00 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.88 2005/12/05 23:55:22 rillig Exp $
+# $NetBSD: Makefile,v 1.89 2005/12/15 11:29:00 tron Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    www
 
 HOMEPAGE=      http://httpd.apache.org/
diff -r 012ef74796a4 -r 262496a47a80 www/apache2/distinfo
--- a/www/apache2/distinfo      Thu Dec 15 02:56:58 2005 +0000
+++ b/www/apache2/distinfo      Thu Dec 15 11:29:00 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.44 2005/10/17 10:37:11 tron Exp $
+$NetBSD: distinfo,v 1.45 2005/12/15 11:29:00 tron Exp $
 
 SHA1 (httpd-2.0.55.tar.bz2) = ab016aace57f34cb3eae5c9d48f2bcc5759d6c84
 RMD160 (httpd-2.0.55.tar.bz2) = 04749dcf9ea369152eddf9422e49bc0a77a443eb
@@ -7,6 +7,7 @@
 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b
+SHA1 (patch-ae) = 4d906691447dd718547b18ebfbb80322443afcda
 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
 SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de
 SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
diff -r 012ef74796a4 -r 262496a47a80 www/apache2/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-ae      Thu Dec 15 11:29:00 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.7 2005/12/15 11:29:00 tron Exp $
+
+--- modules/mappers/mod_imap.c.orig    2005-02-04 20:21:18.000000000 +0000
++++ modules/mappers/mod_imap.c 2005-12-15 11:23:25.000000000 +0000
+@@ -342,7 +342,7 @@
+     if (!strcasecmp(value, "referer")) {
+         referer = apr_table_get(r->headers_in, "Referer");
+         if (referer && *referer) {
+-          return apr_pstrdup(r->pool, referer);
++          return ap_escape_html(r->pool, referer);
+         }
+         else {
+           /* XXX:  This used to do *value = '\0'; ... which is totally bogus



Home | Main Index | Thread Index | Old Index