pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc Bump apache22 to 2.2.4nb4 due to:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/68ee8f76b03c
branches:  trunk
changeset: 529443:68ee8f76b03c
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Tue Jun 05 01:43:44 2007 +0000

description:
Bump apache22 to 2.2.4nb4 due to:
Security fix for CVE-2007-1862 sensitive information disclosure
http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
http://issues.apache.org/bugzilla/attachment.cgi?id=20065

diffstat:

 doc/CHANGES-2007              |   3 +-
 www/apache22/Makefile         |   4 +-
 www/apache22/distinfo         |   3 +-
 www/apache22/patches/patch-an |  55 +++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 4 deletions(-)

diffs (102 lines):

diff -r e563e4b4c552 -r 68ee8f76b03c doc/CHANGES-2007
--- a/doc/CHANGES-2007  Mon Jun 04 23:41:24 2007 +0000
+++ b/doc/CHANGES-2007  Tue Jun 05 01:43:44 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2007,v 1.1216 2007/06/04 23:41:24 dmcmahill Exp $
+$NetBSD: CHANGES-2007,v 1.1217 2007/06/05 01:43:45 lkundrak Exp $
 
 Changes to the packages collection and infrastructure in 2007:
 
@@ -2350,3 +2350,4 @@
        Updated finance/gnucash-current to 2.1.3 [wiz 2007-06-04]
        Updated mail/spamdyke to 2.6.1 [schmonz 2007-06-04]
        Added lang/guile16 version 1.6.8 [dmcmahill 2007-06-04]
+       Updated www/apache22 to 2.2.4nb4 [lkundrak 2007-06-05]
diff -r e563e4b4c552 -r 68ee8f76b03c www/apache22/Makefile
--- a/www/apache22/Makefile     Mon Jun 04 23:41:24 2007 +0000
+++ b/www/apache22/Makefile     Tue Jun 05 01:43:44 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2007/05/30 18:06:38 rillig Exp $
+# $NetBSD: Makefile,v 1.12 2007/06/05 01:43:44 lkundrak Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    www
 
 HOMEPAGE=      http://httpd.apache.org/
diff -r e563e4b4c552 -r 68ee8f76b03c www/apache22/distinfo
--- a/www/apache22/distinfo     Mon Jun 04 23:41:24 2007 +0000
+++ b/www/apache22/distinfo     Tue Jun 05 01:43:44 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2007/02/25 00:02:35 sborrill Exp $
+$NetBSD: distinfo,v 1.5 2007/06/05 01:43:44 lkundrak Exp $
 
 SHA1 (httpd-2.2.4.tar.bz2) = 64ceae373434a986dc99b8ed953afa0d4fad85ce
 RMD160 (httpd-2.2.4.tar.bz2) = bb6e8a7447fa8e8f629010f30b548068de518523
@@ -12,3 +12,4 @@
 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
+SHA1 (patch-an) = 1d02b10e92ad1f613b17b6ebc812d8931b54d3da
diff -r e563e4b4c552 -r 68ee8f76b03c www/apache22/patches/patch-an
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-an     Tue Jun 05 01:43:44 2007 +0000
@@ -0,0 +1,55 @@
+$NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $
+
+Security fix for CVE-2007-1862 sensitive information disclosure
+http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
+http://issues.apache.org/bugzilla/attachment.cgi?id=20065
+
+--- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200
++++ modules/cache/mod_mem_cache.c
+@@ -539,12 +539,26 @@ static int remove_url(cache_handle_t *h,
+     return OK;
+ }
+ 
++static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table)
++{
++    const apr_array_header_t *array = apr_table_elts(table);
++    apr_table_entry_t *elts = (apr_table_entry_t *) array->elts;
++    apr_table_t *copy = apr_table_make(p, array->nelts);
++    int i;
++
++    for (i = 0; i < array->nelts; i++) {
++        apr_table_add(copy, elts[i].key, elts[i].val);
++    }
++
++    return copy;
++}
++
+ static apr_status_t recall_headers(cache_handle_t *h, request_rec *r)
+ {
+     mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj;
+ 
+-    h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs);
+-    h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out);
++    h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs);
++    h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out);
+ 
+     return OK;
+ }
+@@ -585,7 +599,7 @@ static apr_status_t store_headers(cache_
+      * - The original response headers (for returning with a cached response)
+      * - The body of the message
+      */
+-    mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in);
++    mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in);
+ 
+     /* Precompute how much storage we need to hold the headers */
+     headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out,
+@@ -599,7 +613,7 @@ static apr_status_t store_headers(cache_
+     }
+ 
+     headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out);
+-    mobj->header_out = apr_table_copy(mobj->pool, headers_out);
++    mobj->header_out = deep_table_copy(mobj->pool, headers_out);
+ 
+     /* Init the info struct */
+     obj->info.status = info->status;



Home | Main Index | Thread Index | Old Index