pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q4]: pkgsrc/www/apache22 Pullup ticket #3068 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b45426066063
branches: pkgsrc-2009Q4
changeset: 569303:b45426066063
user: tron <tron%pkgsrc.org@localhost>
date: Sun Mar 28 13:02:33 2010 +0000
description:
Pullup ticket #3068 - requested by taca
apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.56
- www/apache22/PLIST 1.16
- www/apache22/distinfo 1.30-1.31
- www/apache22/patches/patch-aq delete
- www/apache22/patches/patch-as delete
- www/apache22/patches/patch-au delete
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Mar 5 00:22:59 UTC 2010
Modified Files:
pkgsrc/www/apache22: distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-aq patch-as patch-au
Log Message:
Remove CVE-2007-3304 related patches. CVE-2007-3304 was fixed
in Apache 2.2.6 and these patches are noop.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 9 02:30:15 UTC 2010
Modified Files:
pkgsrc/www/apache22: Makefile PLIST distinfo
Log Message:
Update apache22 package to 2.2.15.
For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.
Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).
Changes with Apache 2.2.15
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
diffstat:
www/apache22/Makefile | 5 ++---
www/apache22/PLIST | 4 +++-
www/apache22/distinfo | 11 ++++-------
www/apache22/patches/patch-aq | 24 ------------------------
www/apache22/patches/patch-as | 14 --------------
www/apache22/patches/patch-au | 14 --------------
6 files changed, 9 insertions(+), 63 deletions(-)
diffs (120 lines):
diff -r c1c012ed3671 -r b45426066063 www/apache22/Makefile
--- a/www/apache22/Makefile Sat Mar 27 17:53:15 2010 +0000
+++ b/www/apache22/Makefile Sun Mar 28 13:02:33 2010 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2009/11/11 22:28:51 tron Exp $
+# $NetBSD: Makefile,v 1.54.2.1 2010/03/28 13:02:33 tron Exp $
-DISTNAME= httpd-2.2.14
+DISTNAME= httpd-2.2.15
PKGNAME= ${DISTNAME:S/httpd/apache/}
-#PKGREVISION= 3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
http://archive.apache.org/dist/httpd/ \
diff -r c1c012ed3671 -r b45426066063 www/apache22/PLIST
--- a/www/apache22/PLIST Sat Mar 27 17:53:15 2010 +0000
+++ b/www/apache22/PLIST Sun Mar 28 13:02:33 2010 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.15 2009/10/30 21:10:57 christos Exp $
+@comment $NetBSD: PLIST,v 1.15.2.1 2010/03/28 13:02:33 tron Exp $
${PLIST.suexec}sbin/suexec
include/httpd/ap_compat.h
include/httpd/ap_config.h
@@ -869,6 +869,8 @@
share/httpd/manual/mod/mod_proxy_http.html.en
share/httpd/manual/mod/mod_proxy_scgi.html
share/httpd/manual/mod/mod_proxy_scgi.html.en
+share/httpd/manual/mod/mod_reqtimeout.html
+share/httpd/manual/mod/mod_reqtimeout.html.en
share/httpd/manual/mod/mod_rewrite.html
share/httpd/manual/mod/mod_rewrite.html.en
share/httpd/manual/mod/mod_setenvif.html
diff -r c1c012ed3671 -r b45426066063 www/apache22/distinfo
--- a/www/apache22/distinfo Sat Mar 27 17:53:15 2010 +0000
+++ b/www/apache22/distinfo Sun Mar 28 13:02:33 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.29 2009/12/26 04:51:01 obache Exp $
+$NetBSD: distinfo,v 1.29.2.1 2010/03/28 13:02:33 tron Exp $
-SHA1 (httpd-2.2.14.tar.bz2) = eacd04c87b489231ae708c84a77dc8e9ee176fd2
-RMD160 (httpd-2.2.14.tar.bz2) = ff5077e444ba995475202bb3b9be733384c809d1
-Size (httpd-2.2.14.tar.bz2) = 5147171 bytes
+SHA1 (httpd-2.2.15.tar.bz2) = 5f0e973839ed2e38a4d03adba109ef5ce3381bc2
+RMD160 (httpd-2.2.15.tar.bz2) = e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf
+Size (httpd-2.2.15.tar.bz2) = 4959582 bytes
SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf
SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -12,7 +12,4 @@
SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
-SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1
-SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c
-SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1
SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
diff -r c1c012ed3671 -r b45426066063 www/apache22/patches/patch-aq
--- a/www/apache22/patches/patch-aq Sat Mar 27 17:53:15 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2007/06/28 01:20:53 lkundrak Exp $
-
-Part of fix for CVE-2007-3304 Denial of Service.
-
---- include/mpm_common.h.orig 2007-06-28 02:53:26.000000000 +0200
-+++ include/mpm_common.h
-@@ -145,6 +145,17 @@ int ap_unregister_extra_mpm_process(pid_
- #endif
-
- /**
-+ * Safely signal an MPM child process, if the process is in the
-+ * current process group. Otherwise fail.
-+ * @param pid the process id of a child process to signal
-+ * @param sig the signal number to send
-+ * @return APR_SUCCESS if signal is sent, otherwise an error as per kill(3)
-+ */
-+#ifdef AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
-+apr_status_t ap_mpm_safe_kill(pid_t pid, int sig);
-+#endif
-+
-+/**
- * Determine if any child process has died. If no child process died, then
- * this process sleeps for the amount of time specified by the MPM defined
- * macro SCOREBOARD_MAINTENANCE_INTERVAL.
diff -r c1c012ed3671 -r b45426066063 www/apache22/patches/patch-as
--- a/www/apache22/patches/patch-as Sat Mar 27 17:53:15 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-$NetBSD: patch-as,v 1.1 2007/06/28 01:20:53 lkundrak Exp $
-
-Part of fix for CVE-2007-3304 Denial of Service.
-
---- server/mpm/prefork/mpm.h.orig 2007-06-28 02:53:26.000000000 +0200
-+++ server/mpm/prefork/mpm.h
-@@ -53,6 +53,7 @@
- #define AP_MPM_USES_POD 1
- #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
- #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
-+#define MPM_VALID_PID(p) (getpgid(p) == getpgrp())
- #define MPM_ACCEPT_FUNC unixd_accept
-
- extern int ap_threads_per_child;
diff -r c1c012ed3671 -r b45426066063 www/apache22/patches/patch-au
--- a/www/apache22/patches/patch-au Sat Mar 27 17:53:15 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-$NetBSD: patch-au,v 1.1 2007/06/28 01:20:54 lkundrak Exp $
-
-Part of fix for CVE-2007-3304 Denial of Service.
-
---- server/mpm/worker/mpm.h.orig 2007-06-28 02:53:26.000000000 +0200
-+++ server/mpm/worker/mpm.h
-@@ -52,6 +52,7 @@
- #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
- #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
- #define MPM_ACCEPT_FUNC unixd_accept
-+#define MPM_VALID_PID(p) (getpgid(p) == getpgrp())
-
- extern int ap_threads_per_child;
- extern int ap_max_daemons_limit;
Home |
Main Index |
Thread Index |
Old Index