pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache22 patch for CVE-2012-0883 taken from the Ap...
details: https://anonhg.NetBSD.org/pkgsrc/rev/cb0749ced4ff
branches: trunk
changeset: 602922:cb0749ced4ff
user: spz <spz%pkgsrc.org@localhost>
date: Sun Apr 22 19:08:03 2012 +0000
description:
patch for CVE-2012-0883 taken from the Apache SVN
bump pkgrev
diffstat:
www/apache22/Makefile | 3 +-
www/apache22/distinfo | 3 +-
www/apache22/patches/patch-support_envvars-std.in | 24 +++++++++++++++++++++++
3 files changed, 28 insertions(+), 2 deletions(-)
diffs (54 lines):
diff -r d996db69a36f -r cb0749ced4ff www/apache22/Makefile
--- a/www/apache22/Makefile Sun Apr 22 17:49:19 2012 +0000
+++ b/www/apache22/Makefile Sun Apr 22 19:08:03 2012 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.79 2012/02/01 19:53:21 tron Exp $
+# $NetBSD: Makefile,v 1.80 2012/04/22 19:08:03 spz Exp $
DISTNAME= httpd-2.2.22
+PKGREVISION= 1
PKGNAME= ${DISTNAME:S/httpd/apache/}
CATEGORIES= www
diff -r d996db69a36f -r cb0749ced4ff www/apache22/distinfo
--- a/www/apache22/distinfo Sun Apr 22 17:49:19 2012 +0000
+++ b/www/apache22/distinfo Sun Apr 22 19:08:03 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2012/02/01 19:53:21 tron Exp $
+$NetBSD: distinfo,v 1.51 2012/04/22 19:08:03 spz Exp $
SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696
RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9
@@ -16,3 +16,4 @@
SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
+SHA1 (patch-support_envvars-std.in) = 03e4989e104f4a1902a9135649d603f3e8d53d4c
diff -r d996db69a36f -r cb0749ced4ff www/apache22/patches/patch-support_envvars-std.in
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-support_envvars-std.in Sun Apr 22 19:08:03 2012 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-support_envvars-std.in,v 1.1 2012/04/22 19:08:03 spz Exp $
+
+http://svn.apache.org/viewvc?view=revision&revision=1296428 :
+
+Fix insecure handling of LD_LIBRARY_PATH that could lead to the
+current working directory to be searched for DSOs
+
+CVE-2012-0883
+
+--- support/envvars-std.in.orig 2006-07-12 03:38:44.000000000 +0000
++++ support/envvars-std.in
+@@ -18,7 +18,11 @@
+ #
+ # This file is generated from envvars-std.in
+ #
+-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
++if test "x$@SHLIBPATH_VAR@" != "x" ; then
++ @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
++else
++ @SHLIBPATH_VAR@="@exp_libdir@"
++fi
+ export @SHLIBPATH_VAR@
+ #
+ @OS_SPECIFIC_VARS@
Home |
Main Index |
Thread Index |
Old Index