diff options
author | spz <spz@pkgsrc.org> | 2013-07-15 20:19:16 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2013-07-15 20:19:16 +0000 |
commit | bff61cbfe11e7483a05cc159364901488c34cb31 (patch) | |
tree | 204f6db898193c41c18de02b9797a86a8dd75757 | |
parent | f6c25d0f1955a01dbd51889ebc4aa561561dba7e (diff) | |
download | pkgsrc-2013Q1.tar.gz |
Pullup ticket #4184 - requested by tronpkgsrc-2013Q1
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.92
- www/apache22/distinfo 1.57
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Mon Jul 15 18:15:49 UTC 2013
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
Log Message:
Update "apache22" package to version 2.2.25. Changes since 2.2.24:
- SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. [Eric Covener, Jeff Trawick, Joe Orton]
- core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
strings. The default limit for ap_pregsub() can be adjusted at compile
time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick]
- core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
on Linux kernel versions 3.x and above. Bug#55121. [Bradley Heilbrun
<apache heilbrun.org>]
- mod_setenvif: Log error on substitution overflow.
[Stefan Fritsch]
- mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
- mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. Bug#53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
- mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
- mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698.
[Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
- mod_proxy_balancer: Added balancer parameter failontimeout to allow server
admin to configure an IO timeout as an error in the balancer.
[Daniel Ruggeri]
- mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
password. [Daniel Ruggeri]
- htdigest: Fix buffer overflow when reading digest password file
with very long lines. Bug#54893. [Rainer Jung]
- mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
- mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611
[Timothy Wood <tjw omnigroup.com>]
- mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>]
- mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
result in a 412 Precondition Failed for a COPY operation. PR54610
[Timothy Wood <tjw omnigroup.com>]
- mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no dead property in the same
namespace httpd segfaults. Bug#52559 [Diego Santa Cruz
<diego.santaCruz spinetix.com>]
- mod_dav: Do not fail PROPPATCH when prop namespace is not known.
Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
- mod_dav: Do not segfault on PROPFIND with a zero length DBM.
Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
-rw-r--r-- | www/apache22/patches/patch-modules_mappers_mod_rewrite.c | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c deleted file mode 100644 index a576458c89f..00000000000 --- a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.3.2.2 2013/06/02 11:07:36 spz Exp $ - -Fix for security vulnerability reported in CVE-2013-1862. Patch taken -from here: - -http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch - ---- modules/mappers/mod_rewrite.c.orig 2013-02-18 21:31:42.000000000 +0000 -+++ modules/mappers/mod_rewrite.c 2013-05-30 23:50:27.000000000 +0100 -@@ -500,11 +500,11 @@ - - logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] " - "(%d) %s%s%s%s" APR_EOL_STR, -- rhost ? rhost : "UNKNOWN-HOST", -- rname ? rname : "-", -- r->user ? (*r->user ? r->user : "\"\"") : "-", -+ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST", -+ rname ? ap_escape_logitem(r->pool, rname) : "-", -+ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-", - current_logtime(r), -- ap_get_server_name(r), -+ ap_escape_logitem(r->pool, ap_get_server_name(r)), - (void *)(r->server), - (void *)r, - r->main ? "subreq" : "initial", -@@ -514,7 +514,7 @@ - perdir ? "[perdir " : "", - perdir ? perdir : "", - perdir ? "] ": "", -- text); -+ ap_escape_logitem(r->pool, text)); - - nbytes = strlen(logline); - apr_file_write(conf->rewritelogfp, logline, &nbytes); |