pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2007Q2]: pkgsrc Pullup ticket 2184 - requested by tron



details:   https://anonhg.NetBSD.org/pkgsrc/rev/3a145f840755
branches:  pkgsrc-2007Q2
changeset: 530506:3a145f840755
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Sat Sep 08 09:54:45 2007 +0000

description:
Pullup ticket 2184 - requested by tron
security update for apache2

- pkgsrc/devel/apr0/Makefile                            1.3
- pkgsrc/devel/apr0/distinfo                            1.2
- pkgsrc/www/apache2/Makefile                           1.118
- pkgsrc/www/apache2/Makefile.commom                    1.22
- pkgsrc/www/apache2/PLIST                              1.35
- pkgsrc/www/apache2/distinfo                           1.51
- pkgsrc/www/apache2/patches/patch-ap                   removed
- pkgsrc/www/apache2/patches/patch-aq                   removed

   Module Name: pkgsrc
   Committed By:        tron
   Date:                Fri Sep  7 23:11:41 UTC 2007

   Modified Files:
           pkgsrc/devel/apr0: Makefile distinfo
           pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo

   Log Message:
   Update "apr" package to version 0.9.16.2.0.61 and "apache2" package
   to version 2.0.61.

   This update is a bug and security fix release. The following security
   problem hasn't been fixed in "pkgsrc" before:
   - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when
     parsing date-related headers.
---
   Module Name: pkgsrc
   Committed By:        tron
   Date:                Fri Sep  7 23:28:23 UTC 2007

   Removed Files:
           pkgsrc/www/apache2/patches: patch-ap patch-aq

   Log Message:
   Remove obsolete patch files.

diffstat:

 devel/apr0/Makefile          |   3 +-
 devel/apr0/distinfo          |   8 ++--
 www/apache2/Makefile         |   3 +-
 www/apache2/Makefile.common  |   8 ++--
 www/apache2/PLIST            |   5 +-
 www/apache2/distinfo         |  10 ++---
 www/apache2/patches/patch-ap |  44 ----------------------
 www/apache2/patches/patch-aq |  87 --------------------------------------------
 8 files changed, 17 insertions(+), 151 deletions(-)

diffs (258 lines):

diff -r a02b394b236e -r 3a145f840755 devel/apr0/Makefile
--- a/devel/apr0/Makefile       Tue Sep 04 12:48:26 2007 +0000
+++ b/devel/apr0/Makefile       Sat Sep 08 09:54:45 2007 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2007/02/11 16:05:51 tv Exp $
+# $NetBSD: Makefile,v 1.2.4.1 2007/09/08 09:54:45 ghen Exp $
 
 .include "../../www/apache2/Makefile.common"
 
 PKGNAME=       apr-${APR_VERSION}.${APACHE_VERSION}
-PKGREVISION=   3
 CATEGORIES=    devel
 
 HOMEPAGE=      http://apr.apache.org/
diff -r a02b394b236e -r 3a145f840755 devel/apr0/distinfo
--- a/devel/apr0/distinfo       Tue Sep 04 12:48:26 2007 +0000
+++ b/devel/apr0/distinfo       Sat Sep 08 09:54:45 2007 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1.1.1 2007/01/24 19:31:24 epg Exp $
+$NetBSD: distinfo,v 1.1.1.1.4.1 2007/09/08 09:54:45 ghen Exp $
 
-SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
-RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
-Size (httpd-2.0.59.tar.bz2) = 4743549 bytes
+SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
+RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
+Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
 SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9
 SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596
 SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e
diff -r a02b394b236e -r 3a145f840755 www/apache2/Makefile
--- a/www/apache2/Makefile      Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/Makefile      Sat Sep 08 09:54:45 2007 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.114 2007/06/28 01:49:04 lkundrak Exp $
+# $NetBSD: Makefile,v 1.114.2.1 2007/09/08 09:54:45 ghen Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
-PKGREVISION=   6
 CATEGORIES=    www
 
 HOMEPAGE=      http://httpd.apache.org/
diff -r a02b394b236e -r 3a145f840755 www/apache2/Makefile.common
--- a/www/apache2/Makefile.common       Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/Makefile.common       Sat Sep 08 09:54:45 2007 +0000
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile.common,v 1.21 2006/07/28 10:38:36 tron Exp $
+# $NetBSD: Makefile.common,v 1.21.8.1 2007/09/08 09:54:45 ghen Exp $
 
 DISTNAME=              httpd-${APACHE_VERSION}
 EXTRACT_SUFX=          .tar.bz2
 # When updating this version be sure to update the checksum and remove
 # any PKGREVISION for devel/apr also.
-APACHE_VERSION=                2.0.59
-APR_VERSION=           0.9.12
+APACHE_VERSION=                2.0.61
+APR_VERSION=           0.9.16
 MASTER_SITES=          ${MASTER_SITE_APACHE:=httpd/} \
                        ${MASTER_SITE_APACHE:=httpd/old/} \
                        http://www.NetBSD.org/images/logos/
-MAINTAINER=            tron%NetBSD.org@localhost
+MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
diff -r a02b394b236e -r 3a145f840755 www/apache2/PLIST
--- a/www/apache2/PLIST Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/PLIST Sat Sep 08 09:54:45 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.34 2006/07/28 13:35:37 tron Exp $
+@comment $NetBSD: PLIST,v 1.34.8.1 2007/09/08 09:54:46 ghen Exp $
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
 include/httpd/ap_config_auto.h
@@ -154,6 +154,7 @@
 share/httpd/htdocs/index.html.zh-cn.gb2312
 share/httpd/htdocs/index.html.zh-tw.big5
 share/httpd/icons/README
+share/httpd/icons/README.html
 share/httpd/icons/a.gif
 share/httpd/icons/a.png
 share/httpd/icons/alert.black.gif
@@ -281,7 +282,6 @@
 share/httpd/icons/screw2.png
 share/httpd/icons/script.gif
 share/httpd/icons/script.png
-share/httpd/icons/small/README.txt
 share/httpd/icons/small/back.gif
 share/httpd/icons/small/back.png
 share/httpd/icons/small/binary.gif
@@ -721,6 +721,7 @@
 share/httpd/manual/mod/mod_logio.html.ko.euc-kr
 share/httpd/manual/mod/mod_mem_cache.html
 share/httpd/manual/mod/mod_mem_cache.html.en
+share/httpd/manual/mod/mod_mem_cache.html.ja.euc-jp
 share/httpd/manual/mod/mod_mem_cache.html.ko.euc-kr
 share/httpd/manual/mod/mod_mime.html
 share/httpd/manual/mod/mod_mime.html.en
diff -r a02b394b236e -r 3a145f840755 www/apache2/distinfo
--- a/www/apache2/distinfo      Tue Sep 04 12:48:26 2007 +0000
+++ b/www/apache2/distinfo      Sat Sep 08 09:54:45 2007 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.50 2007/06/28 01:49:04 lkundrak Exp $
+$NetBSD: distinfo,v 1.50.2.1 2007/09/08 09:54:46 ghen Exp $
 
-SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
-RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
-Size (httpd-2.0.59.tar.bz2) = 4743549 bytes
+SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
+RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
+Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
 SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23
 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -13,5 +13,3 @@
 SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6
-SHA1 (patch-ap) = 3f9dbd6dbbadb54f5255dfdb15decc6cc7e8eccc
-SHA1 (patch-aq) = d1e0243b28c9e224746fa5cac1321f55c5c0927e
diff -r a02b394b236e -r 3a145f840755 www/apache2/patches/patch-ap
--- a/www/apache2/patches/patch-ap      Tue Sep 04 12:48:26 2007 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-$NetBSD: patch-ap,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
-
-Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
-
---- modules/generators/mod_status.c.orig       2006-07-12 09:40:55.000000000 +0200
-+++ modules/generators/mod_status.c
-@@ -269,7 +269,7 @@ static int status_handler(request_rec *r
-     if (r->method_number != M_GET)
-         return DECLINED;
- 
--    ap_set_content_type(r, "text/html");
-+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
- 
-     /*
-      * Simple table-driven form data set parser that lets you alter the header
-@@ -298,7 +298,7 @@ static int status_handler(request_rec *r
-                     no_table_report = 1;
-                     break;
-                 case STAT_OPT_AUTO:
--                    ap_set_content_type(r, "text/plain");
-+                    ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
-                     short_report = 1;
-                     break;
-                 }
-@@ -664,7 +664,8 @@ static int status_handler(request_rec *r
-                                ap_escape_html(r->pool,
-                                               ws_record->client),
-                                ap_escape_html(r->pool,
--                                              ws_record->request),
-+                                              ap_escape_logitem(r->pool,
-+                                                                ws_record->request)),
-                                ap_escape_html(r->pool,
-                                               ws_record->vhost));
-                 }
-@@ -753,7 +754,8 @@ static int status_handler(request_rec *r
-                                    ap_escape_html(r->pool,
-                                                   ws_record->vhost),
-                                    ap_escape_html(r->pool,
--                                                  ws_record->request));
-+                                                  ap_escape_logitem(r->pool, 
-+                                                                    ws_record->request)));
-                 } /* no_table_report */
-             } /* for (j...) */
-         } /* for (i...) */
diff -r a02b394b236e -r 3a145f840755 www/apache2/patches/patch-aq
--- a/www/apache2/patches/patch-aq      Tue Sep 04 12:48:26 2007 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,87 +0,0 @@
-$NetBSD: patch-aq,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
-
-Fix for CVE-2007-1863 remote crash when mod_cache enabled.
-
---- modules/experimental/cache_util.c.orig     2006-07-12 09:40:55.000000000 +0200
-+++ modules/experimental/cache_util.c
-@@ -186,10 +186,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-     age = ap_cache_current_age(info, age_c, r->request_time);
- 
-     /* extract s-maxage */
--    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
-+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
-+        && val != NULL) {
-         smaxage = apr_atoi64(val);
-     }
--    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) {
-+    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)
-+             && val != NULL) {
-         smaxage = apr_atoi64(val);
-     }
-     else {
-@@ -197,7 +199,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-     }
- 
-     /* extract max-age from request */
--    if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
-+    if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
-+        && val != NULL) {
-         maxage_req = apr_atoi64(val);
-     }
-     else {
-@@ -205,10 +208,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-     }
- 
-     /* extract max-age from response */
--    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
-+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
-+        && val != NULL) {
-         maxage_cresp = apr_atoi64(val);
-     }
--    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) {
-+    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)
-+             && val != NULL) {
-         maxage_cresp = apr_atoi64(val);
-     }
-     else
-@@ -231,14 +236,28 @@ CACHE_DECLARE(int) ap_cache_check_freshn
- 
-     /* extract max-stale */
-     if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
--        maxstale = apr_atoi64(val);
-+        if(val != NULL) {
-+            maxstale = apr_atoi64(val);
-+        }
-+        else {
-+            /*
-+             * If no value is assigned to max-stale, then the client is willing
-+             * to accept a stale response of any age (RFC2616 14.9.3). We will
-+             * set it to one year in this case as this situation is somewhat
-+             * similar to a "never expires" Expires header (RFC2616 14.21)
-+             * which is set to a date one year from the time the response is
-+             * sent in this case.
-+             */
-+            maxstale = APR_INT64_C(86400*365);
-+        }
-     }
-     else {
-         maxstale = 0;
-     }
- 
-     /* extract min-fresh */
--    if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
-+    if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
-+        && val != NULL) {
-         minfresh = apr_atoi64(val);
-     }
-     else {
-@@ -384,6 +403,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_
-                                                   next - val_start);
-                         }
-                     }
-+                    else {
-+                        *val = NULL;
-+                    }
-                 }
-                 return 1;
-             }



Home | Main Index | Thread Index | Old Index