[pkgsrc/pkgsrc-2007Q2]: pkgsrc/www/apache22 Pullup ticket 2185 - requested by...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2007Q2]: pkgsrc/www/apache22 Pullup ticket 2185 - requested by...
From: ghen <ghen%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:02:23 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/b39da0bd2c42
branches:  pkgsrc-2007Q2
changeset: 530510:b39da0bd2c42
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Mon Sep 10 20:57:49 2007 +0000

description:
Pullup ticket 2185 - requested by tron
security update for apache22

- pkgsrc/www/apache22/Makefile                          1.18, 1.20
- pkgsrc/www/apache22/Makefile.common                   1.6
- pkgsrc/www/apache22/PLIST                             1.2, 1.3
- pkgsrc/www/apache22/distinfo                          1.7
- pkgsrc/www/apache22/patches/patch-aa                  1.2
- pkgsrc/www/apache22/patches/patch-ab                  removed
- pkgsrc/www/apache22/patches/patch-an                  removed
- pkgsrc/www/apache22/patches/patch-ao                  removed
- pkgsrc/www/apache22/patches/patch-ap                  removed
- pkgsrc/www/apache22/patches/patch-ar                  removed
- pkgsrc/www/apache22/patches/patch-at                  removed

   Module Name: pkgsrc
   Committed By:        tron
   Date:                Sat Sep  8 11:02:11 UTC 2007

   Modified Files:
           pkgsrc/www/apache22: Makefile Makefile.common PLIST distinfo
           pkgsrc/www/apache22/patches: patch-aa
   Removed Files:
           pkgsrc/www/apache22/patches: patch-ab patch-an patch-ao patch-ap
               patch-ar patch-at

   Log Message:
   Update "apache22" package to version 2.2.6.

   This update is a bug and security fix release. The following security
   problem hasn't been fixed in "pkgsrc" before:
   - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when
     parsing date-related headers.
---
   Module Name:    pkgsrc
   Committed By:   rillig
   Date:           Sun Sep  9 08:12:58 UTC 2007

   Modified Files:
           pkgsrc/www/apache22: Makefile

   Log Message:
   Only fix the suexec permissions if the file exists.
---
   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Mon Sep 10 20:36:41 UTC 2007

   Modified Files:
           pkgsrc/www/apache22: PLIST

   Log Message:
   Remove duplicate entry for "share/httpd/icons/README.html".
   Pointed out by Geert Hendrickx in private e-mail.

diffstat:

 www/apache22/Makefile         |   5 +-
 www/apache22/Makefile.common  |   6 +-
 www/apache22/PLIST            |  25 +++---------
 www/apache22/distinfo         |  16 ++------
 www/apache22/patches/patch-aa |  10 ++--
 www/apache22/patches/patch-ab |  43 -----------------------
 www/apache22/patches/patch-an |  55 ------------------------------
 www/apache22/patches/patch-ao |  44 ------------------------
 www/apache22/patches/patch-ap |  78 -------------------------------------------
 www/apache22/patches/patch-ar |  33 ------------------
 www/apache22/patches/patch-at |  15 --------
 11 files changed, 23 insertions(+), 307 deletions(-)

diffs (truncated from 480 to 300 lines):

diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/Makefile
--- a/www/apache22/Makefile     Mon Sep 10 20:13:55 2007 +0000
+++ b/www/apache22/Makefile     Mon Sep 10 20:57:49 2007 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.14 2007/06/28 01:20:52 lkundrak Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2007/09/10 20:57:49 ghen Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
-PKGREVISION=   6
 CATEGORIES=    www
 
 HOMEPAGE=      http://httpd.apache.org/
@@ -264,4 +263,6 @@
                ${CHOWN} ${MANOWN}:${MANGRP} ${PREFIX}/${PKGMANDIR}/$$file; \
        done
 
+       [ ! -f ${PREFIX}/sbin/suexec ] || ${CHMOD} -w ${PREFIX}/sbin/suexec
+
 .include "../../mk/bsd.pkg.mk"
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/Makefile.common
--- a/www/apache22/Makefile.common      Mon Sep 10 20:13:55 2007 +0000
+++ b/www/apache22/Makefile.common      Mon Sep 10 20:57:49 2007 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile.common,v 1.5 2007/05/22 10:53:20 xtraeme Exp $
+# $NetBSD: Makefile.common,v 1.5.2.1 2007/09/10 20:57:50 ghen Exp $
 
 DISTNAME=              httpd-${APACHE_VERSION}
 EXTRACT_SUFX=          .tar.bz2
 # When updating this version be sure to update the checksum.
-APACHE_VERSION=                2.2.4
+APACHE_VERSION=                2.2.6
 MASTER_SITES=          ${MASTER_SITE_APACHE:=httpd/} \
                        ${MASTER_SITE_APACHE:=httpd/old/} \
                        http://www.NetBSD.org/images/logos/
-MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
+MAINTAINER=            tron%NetBSD.org@localhost
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/PLIST
--- a/www/apache22/PLIST        Mon Sep 10 20:13:55 2007 +0000
+++ b/www/apache22/PLIST        Mon Sep 10 20:57:49 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2006/12/08 23:31:52 xtraeme Exp $
+@comment $NetBSD: PLIST,v 1.1.1.1.6.1 2007/09/10 20:57:50 ghen Exp $
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
 include/httpd/ap_config_auto.h
@@ -130,6 +130,7 @@
 share/httpd/htdocs/apache_pb22_ani.gif
 share/httpd/htdocs/index.html
 share/httpd/icons/README
+share/httpd/icons/README.html
 share/httpd/icons/a.gif
 share/httpd/icons/a.png
 share/httpd/icons/alert.black.gif
@@ -257,7 +258,6 @@
 share/httpd/icons/screw2.png
 share/httpd/icons/script.gif
 share/httpd/icons/script.png
-share/httpd/icons/small/README.txt
 share/httpd/icons/small/back.gif
 share/httpd/icons/small/back.png
 share/httpd/icons/small/binary.gif
@@ -405,24 +405,8 @@
 share/httpd/manual/env.html.en
 share/httpd/manual/env.html.ja.euc-jp
 share/httpd/manual/env.html.ko.euc-kr
-share/httpd/manual/faq/all_in_one.html
-share/httpd/manual/faq/all_in_one.html.en
-share/httpd/manual/faq/all_in_one.html.ja.euc-jp
-share/httpd/manual/faq/all_in_one.html.ko.euc-kr
-share/httpd/manual/faq/background.html
-share/httpd/manual/faq/background.html.en
-share/httpd/manual/faq/error.html
-share/httpd/manual/faq/error.html.en
-share/httpd/manual/faq/error.html.ja.euc-jp
-share/httpd/manual/faq/error.html.ko.euc-kr
 share/httpd/manual/faq/index.html
 share/httpd/manual/faq/index.html.en
-share/httpd/manual/faq/index.html.ja.euc-jp
-share/httpd/manual/faq/index.html.ko.euc-kr
-share/httpd/manual/faq/support.html
-share/httpd/manual/faq/support.html.en
-share/httpd/manual/faq/support.html.ja.euc-jp
-share/httpd/manual/faq/support.html.ko.euc-kr
 share/httpd/manual/filter.html
 share/httpd/manual/filter.html.en
 share/httpd/manual/filter.html.es
@@ -437,6 +421,7 @@
 share/httpd/manual/handler.html
 share/httpd/manual/handler.html.en
 share/httpd/manual/handler.html.es
+share/httpd/manual/handler.html.fr
 share/httpd/manual/handler.html.ja.euc-jp
 share/httpd/manual/handler.html.ko.euc-kr
 share/httpd/manual/handler.html.ru.koi8-r
@@ -514,6 +499,7 @@
 share/httpd/manual/invoking.html
 share/httpd/manual/invoking.html.de
 share/httpd/manual/invoking.html.en
+share/httpd/manual/invoking.html.fr
 share/httpd/manual/invoking.html.es
 share/httpd/manual/invoking.html.ja.euc-jp
 share/httpd/manual/invoking.html.ko.euc-kr
@@ -842,6 +828,7 @@
 share/httpd/manual/mpm.html
 share/httpd/manual/mpm.html.de
 share/httpd/manual/mpm.html.en
+share/httpd/manual/mpm.html.fr
 share/httpd/manual/mpm.html.es
 share/httpd/manual/mpm.html.ja.euc-jp
 share/httpd/manual/mpm.html.ko.euc-kr
@@ -855,6 +842,7 @@
 share/httpd/manual/new_features_2_0.html.ru.koi8-r
 share/httpd/manual/new_features_2_2.html
 share/httpd/manual/new_features_2_2.html.en
+share/httpd/manual/new_features_2_2.html.fr
 share/httpd/manual/new_features_2_2.html.ko.euc-kr
 share/httpd/manual/new_features_2_2.html.pt-br
 share/httpd/manual/platform/ebcdic.html
@@ -960,6 +948,7 @@
 share/httpd/manual/ssl/ssl_intro.html.en
 share/httpd/manual/ssl/ssl_intro.html.ja.euc-jp
 share/httpd/manual/stopping.html
+share/httpd/manual/stopping.html.fr
 share/httpd/manual/stopping.html.de
 share/httpd/manual/stopping.html.en
 share/httpd/manual/stopping.html.es
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/distinfo
--- a/www/apache22/distinfo     Mon Sep 10 20:13:55 2007 +0000
+++ b/www/apache22/distinfo     Mon Sep 10 20:57:49 2007 +0000
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.6 2007/06/28 01:20:52 lkundrak Exp $
+$NetBSD: distinfo,v 1.6.2.1 2007/09/10 20:57:50 ghen Exp $
 
-SHA1 (httpd-2.2.4.tar.bz2) = 64ceae373434a986dc99b8ed953afa0d4fad85ce
-RMD160 (httpd-2.2.4.tar.bz2) = bb6e8a7447fa8e8f629010f30b548068de518523
-Size (httpd-2.2.4.tar.bz2) = 4930375 bytes
-SHA1 (patch-aa) = 233dbabda2bd830c6f0664c42e192e4acd2aff4c
-SHA1 (patch-ab) = b8586dea7600febbadbbad5089300336ea695ffb
+SHA1 (httpd-2.2.6.tar.bz2) = e6ef926ecd1f9a412af8c266239f0a6f58c63854
+RMD160 (httpd-2.2.6.tar.bz2) = 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f
+Size (httpd-2.2.6.tar.bz2) = 4717066 bytes
+SHA1 (patch-aa) = ae5b34058fc6455cfa9e3d52a50829155ce2eb11
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
@@ -12,11 +11,6 @@
 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
-SHA1 (patch-an) = 1d02b10e92ad1f613b17b6ebc812d8931b54d3da
-SHA1 (patch-ao) = 85e38b6415ade9b328800b7bf15b9741758d455c
-SHA1 (patch-ap) = 9a25ce74bd355d9eeb2a885f65e19a3ba473ce77
 SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1
-SHA1 (patch-ar) = 536fb47cf750a316c773b1d3153cba52c3fac37c
 SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c
-SHA1 (patch-at) = 114a55493527a87bada21ee192828b5188a5cddd
 SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/patches/patch-aa
--- a/www/apache22/patches/patch-aa     Mon Sep 10 20:13:55 2007 +0000
+++ b/www/apache22/patches/patch-aa     Mon Sep 10 20:57:49 2007 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.1.1.1 2006/12/08 23:31:52 xtraeme Exp $
+$NetBSD: patch-aa,v 1.1.1.1.6.1 2007/09/10 20:57:51 ghen Exp $
 
---- Makefile.in.orig   2005-11-13 07:33:15.000000000 +0100
-+++ Makefile.in        2006-12-08 20:32:36.000000000 +0100
+--- Makefile.in.orig   2007-04-24 12:08:01.000000000 +0100
++++ Makefile.in        2007-09-08 11:31:13.000000000 +0100
 @@ -4,7 +4,7 @@
  
  PROGRAM_NAME         = $(progname)
@@ -134,12 +134,12 @@
 -        $(RSYNC) --exclude .svn -rlpt --numeric-ids $(top_srcdir)/docs/manual/ $(DESTDIR)$(manualdir)/; \
 -      else \
 -        cd $(top_srcdir)/docs/manual && cp -rp * $(DESTDIR)$(manualdir); \
--        cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null; \
+-        cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null || true; \
 -      fi
 +      $(BSD_INSTALL_MAN) $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
 +      $(BSD_INSTALL_MAN) $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
 +      cd $(top_srcdir)/docs/manual && \
-+              @PAX@ -rwppm . $(DESTDIR)$(manualdir)
++      @PAX@ -rwppm . $(DESTDIR)$(manualdir)
  
  install-suexec:
        @if test -f $(builddir)/support/suexec; then \
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/patches/patch-ab
--- a/www/apache22/patches/patch-ab     Mon Sep 10 20:13:55 2007 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-ab,v 1.2 2007/06/28 01:20:52 lkundrak Exp $
-
-Part of fix for CVE-2007-3304 Denial of Service.
-
---- server/mpm_common.c.orig   2007-06-28 02:53:52.000000000 +0200
-+++ server/mpm_common.c
-@@ -126,6 +126,10 @@ static int reclaim_one_pid(pid_t pid, ac
-     apr_proc_t proc;
-     apr_status_t waitret;
- 
-+    if (!MPM_VALID_PID(pid)) {
-+        return 1;
-+    }
-+
-     proc.pid = pid;
-     waitret = apr_proc_wait(&proc, NULL, NULL, APR_NOWAIT);
-     if (waitret != APR_CHILD_NOTDONE) {
-@@ -305,6 +309,16 @@ void ap_relieve_child_processes(void)
-         cur_extra = next;
-     }
- }
-+
-+apr_status_t ap_mpm_safe_kill(pid_t pid, int sig)
-+{
-+    if (MPM_VALID_PID(pid)) {
-+        return kill(pid, sig) ? errno : APR_SUCCESS;
-+    }
-+    else {
-+        return APR_EINVAL;
-+    }
-+}
- #endif /* AP_MPM_WANT_RECLAIM_CHILD_PROCESSES */
- 
- #ifdef AP_MPM_WANT_WAIT_OR_TIMEOUT
-@@ -468,7 +482,7 @@ AP_DECLARE(gid_t) ap_gname2id(const char
- #ifndef HAVE_INITGROUPS
- int initgroups(const char *name, gid_t basegid)
- {
--#if defined(QNX) || defined(MPE) || defined(BEOS) || defined(_OSD_POSIX) || defined(TPF) || defined(__TANDEM) || defined(OS2) || defined(WIN32) || defined(NETWARE)
-+#if defined(QNX) || defined(MPE) || defined(BEOS) || defined(_OSD_POSIX) || defined(TPF) || defined(__TANDEM) || defined(OS2) || defined(WIN32) || defined(NETWARE) || defined(__INTERIX)
- /* QNX, MPE and BeOS do not appear to support supplementary groups. */
-     return 0;
- #else /* ndef QNX */
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/patches/patch-an
--- a/www/apache22/patches/patch-an     Mon Sep 10 20:13:55 2007 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,55 +0,0 @@
-$NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $
-
-Security fix for CVE-2007-1862 sensitive information disclosure
-http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
-http://issues.apache.org/bugzilla/attachment.cgi?id=20065
-
---- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200
-+++ modules/cache/mod_mem_cache.c
-@@ -539,12 +539,26 @@ static int remove_url(cache_handle_t *h,
-     return OK;
- }
- 
-+static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table)
-+{
-+    const apr_array_header_t *array = apr_table_elts(table);
-+    apr_table_entry_t *elts = (apr_table_entry_t *) array->elts;
-+    apr_table_t *copy = apr_table_make(p, array->nelts);
-+    int i;
-+
-+    for (i = 0; i < array->nelts; i++) {
-+        apr_table_add(copy, elts[i].key, elts[i].val);
-+    }
-+
-+    return copy;
-+}
-+
- static apr_status_t recall_headers(cache_handle_t *h, request_rec *r)
- {
-     mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj;
- 
--    h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs);
--    h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out);
-+    h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs);
-+    h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out);
- 
-     return OK;
- }
-@@ -585,7 +599,7 @@ static apr_status_t store_headers(cache_
-      * - The original response headers (for returning with a cached response)
-      * - The body of the message
-      */
--    mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in);
-+    mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in);
- 
-     /* Precompute how much storage we need to hold the headers */
-     headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out,
-@@ -599,7 +613,7 @@ static apr_status_t store_headers(cache_
-     }
- 
-     headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out);
--    mobj->header_out = apr_table_copy(mobj->pool, headers_out);
-+    mobj->header_out = deep_table_copy(mobj->pool, headers_out);
- 
-     /* Init the info struct */
-     obj->info.status = info->status;
diff -r 91b77f3aa639 -r b39da0bd2c42 www/apache22/patches/patch-ao
--- a/www/apache22/patches/patch-ao     Mon Sep 10 20:13:55 2007 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-$NetBSD: patch-ao,v 1.1 2007/06/28 01:20:52 lkundrak Exp $
-
Prev by Date: [pkgsrc/pkgsrc-2007Q2]: pkgsrc/doc #2180
Next by Date: [pkgsrc/pkgsrc-2007Q2]: pkgsrc/graphics/ImageMagick Pullup ticket 2193 - requ...
Previous by Thread: [pkgsrc/pkgsrc-2007Q2]: pkgsrc/doc #2180
Next by Thread: [pkgsrc/pkgsrc-2007Q2]: pkgsrc/graphics/ImageMagick Pullup ticket 2193 - requ...
Indexes:
Home | Main Index | Thread Index | Old Index