pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Bump apache22 to 2.2.4nb4 due to:
details: https://anonhg.NetBSD.org/pkgsrc/rev/68ee8f76b03c
branches: trunk
changeset: 529443:68ee8f76b03c
user: lkundrak <lkundrak%pkgsrc.org@localhost>
date: Tue Jun 05 01:43:44 2007 +0000
description:
Bump apache22 to 2.2.4nb4 due to:
Security fix for CVE-2007-1862 sensitive information disclosure
http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
http://issues.apache.org/bugzilla/attachment.cgi?id=20065
diffstat:
doc/CHANGES-2007 | 3 +-
www/apache22/Makefile | 4 +-
www/apache22/distinfo | 3 +-
www/apache22/patches/patch-an | 55 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 61 insertions(+), 4 deletions(-)
diffs (102 lines):
diff -r e563e4b4c552 -r 68ee8f76b03c doc/CHANGES-2007
--- a/doc/CHANGES-2007 Mon Jun 04 23:41:24 2007 +0000
+++ b/doc/CHANGES-2007 Tue Jun 05 01:43:44 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2007,v 1.1216 2007/06/04 23:41:24 dmcmahill Exp $
+$NetBSD: CHANGES-2007,v 1.1217 2007/06/05 01:43:45 lkundrak Exp $
Changes to the packages collection and infrastructure in 2007:
@@ -2350,3 +2350,4 @@
Updated finance/gnucash-current to 2.1.3 [wiz 2007-06-04]
Updated mail/spamdyke to 2.6.1 [schmonz 2007-06-04]
Added lang/guile16 version 1.6.8 [dmcmahill 2007-06-04]
+ Updated www/apache22 to 2.2.4nb4 [lkundrak 2007-06-05]
diff -r e563e4b4c552 -r 68ee8f76b03c www/apache22/Makefile
--- a/www/apache22/Makefile Mon Jun 04 23:41:24 2007 +0000
+++ b/www/apache22/Makefile Tue Jun 05 01:43:44 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2007/05/30 18:06:38 rillig Exp $
+# $NetBSD: Makefile,v 1.12 2007/06/05 01:43:44 lkundrak Exp $
.include "Makefile.common"
PKGNAME= apache-${APACHE_VERSION}
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= www
HOMEPAGE= http://httpd.apache.org/
diff -r e563e4b4c552 -r 68ee8f76b03c www/apache22/distinfo
--- a/www/apache22/distinfo Mon Jun 04 23:41:24 2007 +0000
+++ b/www/apache22/distinfo Tue Jun 05 01:43:44 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2007/02/25 00:02:35 sborrill Exp $
+$NetBSD: distinfo,v 1.5 2007/06/05 01:43:44 lkundrak Exp $
SHA1 (httpd-2.2.4.tar.bz2) = 64ceae373434a986dc99b8ed953afa0d4fad85ce
RMD160 (httpd-2.2.4.tar.bz2) = bb6e8a7447fa8e8f629010f30b548068de518523
@@ -12,3 +12,4 @@
SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
+SHA1 (patch-an) = 1d02b10e92ad1f613b17b6ebc812d8931b54d3da
diff -r e563e4b4c552 -r 68ee8f76b03c www/apache22/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache22/patches/patch-an Tue Jun 05 01:43:44 2007 +0000
@@ -0,0 +1,55 @@
+$NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $
+
+Security fix for CVE-2007-1862 sensitive information disclosure
+http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
+http://issues.apache.org/bugzilla/attachment.cgi?id=20065
+
+--- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200
++++ modules/cache/mod_mem_cache.c
+@@ -539,12 +539,26 @@ static int remove_url(cache_handle_t *h,
+ return OK;
+ }
+
++static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table)
++{
++ const apr_array_header_t *array = apr_table_elts(table);
++ apr_table_entry_t *elts = (apr_table_entry_t *) array->elts;
++ apr_table_t *copy = apr_table_make(p, array->nelts);
++ int i;
++
++ for (i = 0; i < array->nelts; i++) {
++ apr_table_add(copy, elts[i].key, elts[i].val);
++ }
++
++ return copy;
++}
++
+ static apr_status_t recall_headers(cache_handle_t *h, request_rec *r)
+ {
+ mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj;
+
+- h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs);
+- h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out);
++ h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs);
++ h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out);
+
+ return OK;
+ }
+@@ -585,7 +599,7 @@ static apr_status_t store_headers(cache_
+ * - The original response headers (for returning with a cached response)
+ * - The body of the message
+ */
+- mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in);
++ mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in);
+
+ /* Precompute how much storage we need to hold the headers */
+ headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out,
+@@ -599,7 +613,7 @@ static apr_status_t store_headers(cache_
+ }
+
+ headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out);
+- mobj->header_out = apr_table_copy(mobj->pool, headers_out);
++ mobj->header_out = deep_table_copy(mobj->pool, headers_out);
+
+ /* Init the info struct */
+ obj->info.status = info->status;
Home |
Main Index |
Thread Index |
Old Index