diff options
author | spz <spz@pkgsrc.org> | 2013-06-02 11:07:36 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2013-06-02 11:07:36 +0000 |
commit | 28ce137dff91e6ee803e62aa9ad283dd5c2d2ab4 (patch) | |
tree | dfd665d54980baa9bd596d453398df0bbc11aaba | |
parent | f1e429fca0c28815652c3d072f44d4ed3b0cca2f (diff) | |
download | pkgsrc-28ce137dff91e6ee803e62aa9ad283dd5c2d2ab4.tar.gz |
Pullup ticket #4148 - requested by tron
www/apache22: security patch
Revisions pulled up:
- www/apache22/Makefile 1.88
- www/apache22/distinfo 1.55
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu May 30 22:58:15 UTC 2013
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
Log Message:
Add Apache developer fix for security vulnerability reported
in CVE-2013-1862.
To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r0 -r1.3 \
pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
-rw-r--r-- | www/apache22/Makefile | 4 | ||||
-rw-r--r-- | www/apache22/distinfo | 3 | ||||
-rw-r--r-- | www/apache22/patches/patch-modules_mappers_mod_rewrite.c | 34 |
3 files changed, 38 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 750194cfb9f..9cbbeba2d2a 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.87 2013/03/03 20:05:03 tron Exp $ +# $NetBSD: Makefile,v 1.87.2.1 2013/06/02 11:07:36 spz Exp $ DISTNAME= httpd-2.2.24 - PKGNAME= ${DISTNAME:S/httpd/apache/} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 5f605d547a5..08f6829987e 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.54 2013/03/03 20:05:03 tron Exp $ +$NetBSD: distinfo,v 1.54.2.1 2013/06/02 11:07:36 spz Exp $ SHA1 (httpd-2.2.24.tar.bz2) = f73bce14832ec40c1aae68f4f8c367cab2266241 RMD160 (httpd-2.2.24.tar.bz2) = 4c31b23615236c407779a23cbfcc8e05ba011224 @@ -15,5 +15,6 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 +SHA1 (patch-modules_mappers_mod_rewrite.c) = a1cee8c7c97936e15a1596a54ddc1839a5b1038d SHA1 (patch-modules_ssl_ssl__engine__kernel.c) = fd6f425d18231f0daca9fc2553638891a7241a4a SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 diff --git a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c new file mode 100644 index 00000000000..a576458c89f --- /dev/null +++ b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c @@ -0,0 +1,34 @@ +$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.3.2.2 2013/06/02 11:07:36 spz Exp $ + +Fix for security vulnerability reported in CVE-2013-1862. Patch taken +from here: + +http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch + +--- modules/mappers/mod_rewrite.c.orig 2013-02-18 21:31:42.000000000 +0000 ++++ modules/mappers/mod_rewrite.c 2013-05-30 23:50:27.000000000 +0100 +@@ -500,11 +500,11 @@ + + logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] " + "(%d) %s%s%s%s" APR_EOL_STR, +- rhost ? rhost : "UNKNOWN-HOST", +- rname ? rname : "-", +- r->user ? (*r->user ? r->user : "\"\"") : "-", ++ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST", ++ rname ? ap_escape_logitem(r->pool, rname) : "-", ++ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-", + current_logtime(r), +- ap_get_server_name(r), ++ ap_escape_logitem(r->pool, ap_get_server_name(r)), + (void *)(r->server), + (void *)r, + r->main ? "subreq" : "initial", +@@ -514,7 +514,7 @@ + perdir ? "[perdir " : "", + perdir ? perdir : "", + perdir ? "] ": "", +- text); ++ ap_escape_logitem(r->pool, text)); + + nbytes = strlen(logline); + apr_file_write(conf->rewritelogfp, logline, &nbytes); |