pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon Fix a XSS vulnerability



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e64e4e6de567
branches:  trunk
changeset: 568802:e64e4e6de567
user:      manu <manu%pkgsrc.org@localhost>
date:      Sun Dec 20 11:31:30 2009 +0000

description:
Fix a XSS vulnerability

diffstat:

 www/ap2-auth-mellon/Makefile         |  10 +++++++++-
 www/ap2-auth-mellon/distinfo         |   3 ++-
 www/ap2-auth-mellon/patches/patch-aa |  14 ++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diffs (66 lines):

diff -r e8ae85e00360 -r e64e4e6de567 www/ap2-auth-mellon/Makefile
--- a/www/ap2-auth-mellon/Makefile      Sun Dec 20 11:24:13 2009 +0000
+++ b/www/ap2-auth-mellon/Makefile      Sun Dec 20 11:31:30 2009 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2009/12/11 14:45:38 obache Exp $
+# $NetBSD: Makefile,v 1.10 2009/12/20 11:31:30 manu Exp $
 #
 
 PKGNAME=       ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/}
 DISTNAME=      mod_auth_mellon-0.2.5
+PKGREVISION=   2
 CATEGORIES=    www security
 MASTER_SITES=  http://modmellon.googlecode.com/files/
 
@@ -10,6 +11,8 @@
 HOMEPAGE=      http://code.google.com/p/modmellon/
 COMMENT=       SAML 2.0 authentication for Apache
 
+PKG_DESTDIR_SUPPORT=   destdir
+
 GNU_CONFIGURE= YES
 USE_LIBTOOL=   YES
 USE_TOOLS+=    pkg-config
@@ -20,8 +23,13 @@
 .include "../../mk/apache.mk"
 BUILDLINK_API_DEPENDS.apache+=  apache>=2.0.47
 
+CONFIGURE_ENV+=                PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig
+CONFIGURE_ENV+=                OPENSSL_CFLAGS="${CPPFLAGS}"
+CONFIGURE_ENV+=                OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
 CONFIGURE_ARGS+=        --with-apxs2=${APXS:Q}
 
+# url2pkg-marker (please do not remove this line.)
+
 .include "../../security/lasso/buildlink3.mk"
 .include "../../www/curl/buildlink3.mk"
 
diff -r e8ae85e00360 -r e64e4e6de567 www/ap2-auth-mellon/distinfo
--- a/www/ap2-auth-mellon/distinfo      Sun Dec 20 11:24:13 2009 +0000
+++ b/www/ap2-auth-mellon/distinfo      Sun Dec 20 11:31:30 2009 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2009/11/16 09:48:28 manu Exp $
+$NetBSD: distinfo,v 1.7 2009/12/20 11:31:30 manu Exp $
 
 SHA1 (mod_auth_mellon-0.2.5.tar.gz) = f1d75456df39d183b6d1919f06dc2bc7b9b1afb6
 RMD160 (mod_auth_mellon-0.2.5.tar.gz) = 7db221e431384ff9f73badc208eed55a0a0011a7
 Size (mod_auth_mellon-0.2.5.tar.gz) = 89404 bytes
+SHA1 (patch-aa) = b8a46a2a82f228a95cf28c1d395394373e0f6ccb
diff -r e8ae85e00360 -r e64e4e6de567 www/ap2-auth-mellon/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/patches/patch-aa      Sun Dec 20 11:31:30 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aa,v 1.3 2009/12/20 11:31:30 manu Exp $
+--- auth_mellon_handler.c.orig 2009-12-20 10:19:47.000000000 +0100
++++ auth_mellon_handler.c      2009-12-20 10:20:09.000000000 +0100
+@@ -1899,9 +1899,9 @@
+             return HTTP_BAD_REQUEST;
+         }
+     
+         /* Check that charset is sane */
+-        for (cp = psf_id; *cp; cp++) {
++        for (cp = charset; *cp; cp++) {
+             if (!apr_isalnum(*cp) && (*cp != '-') && (*cp != '_')) {
+                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 
+                               "Bad repost query: invalid charset \"%s\"", charset);
+                 return HTTP_BAD_REQUEST;



Home | Main Index | Thread Index | Old Index