pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon Fix a XSS vulnerability
details: https://anonhg.NetBSD.org/pkgsrc/rev/e64e4e6de567
branches: trunk
changeset: 568802:e64e4e6de567
user: manu <manu%pkgsrc.org@localhost>
date: Sun Dec 20 11:31:30 2009 +0000
description:
Fix a XSS vulnerability
diffstat:
www/ap2-auth-mellon/Makefile | 10 +++++++++-
www/ap2-auth-mellon/distinfo | 3 ++-
www/ap2-auth-mellon/patches/patch-aa | 14 ++++++++++++++
3 files changed, 25 insertions(+), 2 deletions(-)
diffs (66 lines):
diff -r e8ae85e00360 -r e64e4e6de567 www/ap2-auth-mellon/Makefile
--- a/www/ap2-auth-mellon/Makefile Sun Dec 20 11:24:13 2009 +0000
+++ b/www/ap2-auth-mellon/Makefile Sun Dec 20 11:31:30 2009 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2009/12/11 14:45:38 obache Exp $
+# $NetBSD: Makefile,v 1.10 2009/12/20 11:31:30 manu Exp $
#
PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/}
DISTNAME= mod_auth_mellon-0.2.5
+PKGREVISION= 2
CATEGORIES= www security
MASTER_SITES= http://modmellon.googlecode.com/files/
@@ -10,6 +11,8 @@
HOMEPAGE= http://code.google.com/p/modmellon/
COMMENT= SAML 2.0 authentication for Apache
+PKG_DESTDIR_SUPPORT= destdir
+
GNU_CONFIGURE= YES
USE_LIBTOOL= YES
USE_TOOLS+= pkg-config
@@ -20,8 +23,13 @@
.include "../../mk/apache.mk"
BUILDLINK_API_DEPENDS.apache+= apache>=2.0.47
+CONFIGURE_ENV+= PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig
+CONFIGURE_ENV+= OPENSSL_CFLAGS="${CPPFLAGS}"
+CONFIGURE_ENV+= OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
CONFIGURE_ARGS+= --with-apxs2=${APXS:Q}
+# url2pkg-marker (please do not remove this line.)
+
.include "../../security/lasso/buildlink3.mk"
.include "../../www/curl/buildlink3.mk"
diff -r e8ae85e00360 -r e64e4e6de567 www/ap2-auth-mellon/distinfo
--- a/www/ap2-auth-mellon/distinfo Sun Dec 20 11:24:13 2009 +0000
+++ b/www/ap2-auth-mellon/distinfo Sun Dec 20 11:31:30 2009 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2009/11/16 09:48:28 manu Exp $
+$NetBSD: distinfo,v 1.7 2009/12/20 11:31:30 manu Exp $
SHA1 (mod_auth_mellon-0.2.5.tar.gz) = f1d75456df39d183b6d1919f06dc2bc7b9b1afb6
RMD160 (mod_auth_mellon-0.2.5.tar.gz) = 7db221e431384ff9f73badc208eed55a0a0011a7
Size (mod_auth_mellon-0.2.5.tar.gz) = 89404 bytes
+SHA1 (patch-aa) = b8a46a2a82f228a95cf28c1d395394373e0f6ccb
diff -r e8ae85e00360 -r e64e4e6de567 www/ap2-auth-mellon/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/patches/patch-aa Sun Dec 20 11:31:30 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-aa,v 1.3 2009/12/20 11:31:30 manu Exp $
+--- auth_mellon_handler.c.orig 2009-12-20 10:19:47.000000000 +0100
++++ auth_mellon_handler.c 2009-12-20 10:20:09.000000000 +0100
+@@ -1899,9 +1899,9 @@
+ return HTTP_BAD_REQUEST;
+ }
+
+ /* Check that charset is sane */
+- for (cp = psf_id; *cp; cp++) {
++ for (cp = charset; *cp; cp++) {
+ if (!apr_isalnum(*cp) && (*cp != '-') && (*cp != '_')) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Bad repost query: invalid charset \"%s\"", charset);
+ return HTTP_BAD_REQUEST;
Home |
Main Index |
Thread Index |
Old Index