diff options
| author | tron <tron@pkgsrc.org> | 2010-03-28 13:02:33 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2010-03-28 13:02:33 +0000 |
| commit | 132396e41ad6181bb0dda2b7bbb4204309fd3e5c (patch) | |
| tree | 98b846537e2cc1569eeda4533883b72571b77bc3 | |
| parent | 49cb8c5900e074bbd4247818b7cd73607c8cf131 (diff) | |
| download | pkgsrc-132396e41ad6181bb0dda2b7bbb4204309fd3e5c.tar.gz | |
Pullup ticket #3068 - requested by taca
apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.56
- www/apache22/PLIST 1.16
- www/apache22/distinfo 1.30-1.31
- www/apache22/patches/patch-aq delete
- www/apache22/patches/patch-as delete
- www/apache22/patches/patch-au delete
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Mar 5 00:22:59 UTC 2010
Modified Files:
pkgsrc/www/apache22: distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-aq patch-as patch-au
Log Message:
Remove CVE-2007-3304 related patches. CVE-2007-3304 was fixed
in Apache 2.2.6 and these patches are noop.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 9 02:30:15 UTC 2010
Modified Files:
pkgsrc/www/apache22: Makefile PLIST distinfo
Log Message:
Update apache22 package to 2.2.15.
For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.
Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).
Changes with Apache 2.2.15
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
| -rw-r--r-- | www/apache22/Makefile | 5 | ||||
| -rw-r--r-- | www/apache22/PLIST | 4 | ||||
| -rw-r--r-- | www/apache22/distinfo | 11 | ||||
| -rw-r--r-- | www/apache22/patches/patch-aq | 24 | ||||
| -rw-r--r-- | www/apache22/patches/patch-as | 14 | ||||
| -rw-r--r-- | www/apache22/patches/patch-au | 14 |
6 files changed, 9 insertions, 63 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 1ec31b46e79..52bb17744d6 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.54 2009/11/11 22:28:51 tron Exp $ +# $NetBSD: Makefile,v 1.54.2.1 2010/03/28 13:02:33 tron Exp $ -DISTNAME= httpd-2.2.14 +DISTNAME= httpd-2.2.15 PKGNAME= ${DISTNAME:S/httpd/apache/} -#PKGREVISION= 3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache22/PLIST b/www/apache22/PLIST index 084967a6f80..2bf46450293 100644 --- a/www/apache22/PLIST +++ b/www/apache22/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.15 2009/10/30 21:10:57 christos Exp $ +@comment $NetBSD: PLIST,v 1.15.2.1 2010/03/28 13:02:33 tron Exp $ ${PLIST.suexec}sbin/suexec include/httpd/ap_compat.h include/httpd/ap_config.h @@ -869,6 +869,8 @@ share/httpd/manual/mod/mod_proxy_http.html share/httpd/manual/mod/mod_proxy_http.html.en share/httpd/manual/mod/mod_proxy_scgi.html share/httpd/manual/mod/mod_proxy_scgi.html.en +share/httpd/manual/mod/mod_reqtimeout.html +share/httpd/manual/mod/mod_reqtimeout.html.en share/httpd/manual/mod/mod_rewrite.html share/httpd/manual/mod/mod_rewrite.html.en share/httpd/manual/mod/mod_setenvif.html diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 0dd94c23a49..f91a398ea48 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.29 2009/12/26 04:51:01 obache Exp $ +$NetBSD: distinfo,v 1.29.2.1 2010/03/28 13:02:33 tron Exp $ -SHA1 (httpd-2.2.14.tar.bz2) = eacd04c87b489231ae708c84a77dc8e9ee176fd2 -RMD160 (httpd-2.2.14.tar.bz2) = ff5077e444ba995475202bb3b9be733384c809d1 -Size (httpd-2.2.14.tar.bz2) = 5147171 bytes +SHA1 (httpd-2.2.15.tar.bz2) = 5f0e973839ed2e38a4d03adba109ef5ce3381bc2 +RMD160 (httpd-2.2.15.tar.bz2) = e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf +Size (httpd-2.2.15.tar.bz2) = 4959582 bytes SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad @@ -12,7 +12,4 @@ SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 -SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 -SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c -SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 diff --git a/www/apache22/patches/patch-aq b/www/apache22/patches/patch-aq deleted file mode 100644 index 45eccc2d043..00000000000 --- a/www/apache22/patches/patch-aq +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2007/06/28 01:20:53 lkundrak Exp $ - -Part of fix for CVE-2007-3304 Denial of Service. - ---- include/mpm_common.h.orig 2007-06-28 02:53:26.000000000 +0200 -+++ include/mpm_common.h -@@ -145,6 +145,17 @@ int ap_unregister_extra_mpm_process(pid_ - #endif - - /** -+ * Safely signal an MPM child process, if the process is in the -+ * current process group. Otherwise fail. -+ * @param pid the process id of a child process to signal -+ * @param sig the signal number to send -+ * @return APR_SUCCESS if signal is sent, otherwise an error as per kill(3) -+ */ -+#ifdef AP_MPM_WANT_RECLAIM_CHILD_PROCESSES -+apr_status_t ap_mpm_safe_kill(pid_t pid, int sig); -+#endif -+ -+/** - * Determine if any child process has died. If no child process died, then - * this process sleeps for the amount of time specified by the MPM defined - * macro SCOREBOARD_MAINTENANCE_INTERVAL. diff --git a/www/apache22/patches/patch-as b/www/apache22/patches/patch-as deleted file mode 100644 index a849cb0a6d3..00000000000 --- a/www/apache22/patches/patch-as +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-as,v 1.1 2007/06/28 01:20:53 lkundrak Exp $ - -Part of fix for CVE-2007-3304 Denial of Service. - ---- server/mpm/prefork/mpm.h.orig 2007-06-28 02:53:26.000000000 +0200 -+++ server/mpm/prefork/mpm.h -@@ -53,6 +53,7 @@ - #define AP_MPM_USES_POD 1 - #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) - #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) -+#define MPM_VALID_PID(p) (getpgid(p) == getpgrp()) - #define MPM_ACCEPT_FUNC unixd_accept - - extern int ap_threads_per_child; diff --git a/www/apache22/patches/patch-au b/www/apache22/patches/patch-au deleted file mode 100644 index 3a86830be07..00000000000 --- a/www/apache22/patches/patch-au +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-au,v 1.1 2007/06/28 01:20:54 lkundrak Exp $ - -Part of fix for CVE-2007-3304 Denial of Service. - ---- server/mpm/worker/mpm.h.orig 2007-06-28 02:53:26.000000000 +0200 -+++ server/mpm/worker/mpm.h -@@ -52,6 +52,7 @@ - #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) - #define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0) - #define MPM_ACCEPT_FUNC unixd_accept -+#define MPM_VALID_PID(p) (getpgid(p) == getpgrp()) - - extern int ap_threads_per_child; - extern int ap_max_daemons_limit; |