diff options
| author | salo <salo> | 2005-12-15 11:56:03 +0000 |
|---|---|---|
| committer | salo <salo> | 2005-12-15 11:56:03 +0000 |
| commit | 51b6be0c1188d9d3f48fbb6a9fde910305145046 (patch) | |
| tree | 2f8df05ad38fe4d411f75d8b9f857e262bb1f73a | |
| parent | ce22cfea5976c46ea8be2cc28ae8674b7b8286e0 (diff) | |
| download | pkgsrc-51b6be0c1188d9d3f48fbb6a9fde910305145046.tar.gz | |
Pullup ticket 959 - requested by Matthias Scheler
security fix for apache2
Revisions pulled up:
- pkgsrc/www/apache2/Makefile 1.89
- pkgsrc/www/apache2/distinfo 1.45
- pkgsrc/www/apache2/patches/patch-ae 1.7
Module Name: pkgsrc
Committed By: tron
Date: Thu Dec 15 11:29:00 UTC 2005
Modified Files:
pkgsrc/www/apache2: Makefile distinfo
Added Files:
pkgsrc/www/apache2/patches: patch-ae
Log Message:
Add fix for security vulnerability reported in CVE-2005-3352 taken from
Apache SVN repository. Bump package revision because of that.
| -rw-r--r-- | www/apache2/Makefile | 4 | ||||
| -rw-r--r-- | www/apache2/distinfo | 3 | ||||
| -rw-r--r-- | www/apache2/patches/patch-ae | 13 |
3 files changed, 17 insertions, 3 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 7390f35c4fd..16e5e87ca0c 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.82.2.3 2005/10/24 00:25:22 seb Exp $ +# $NetBSD: Makefile,v 1.82.2.4 2005/12/15 11:56:03 salo Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache2/distinfo b/www/apache2/distinfo index 589af52d3c9..321b9b1645b 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42.2.1 2005/10/18 21:21:27 seb Exp $ +$NetBSD: distinfo,v 1.42.2.2 2005/12/15 11:56:03 salo Exp $ SHA1 (httpd-2.0.55.tar.bz2) = ab016aace57f34cb3eae5c9d48f2bcc5759d6c84 RMD160 (httpd-2.0.55.tar.bz2) = 04749dcf9ea369152eddf9422e49bc0a77a443eb @@ -7,6 +7,7 @@ SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b +SHA1 (patch-ae) = 4d906691447dd718547b18ebfbb80322443afcda SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215 diff --git a/www/apache2/patches/patch-ae b/www/apache2/patches/patch-ae new file mode 100644 index 00000000000..72086607d9d --- /dev/null +++ b/www/apache2/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.5.2.2 2005/12/15 11:56:03 salo Exp $ + +--- modules/mappers/mod_imap.c.orig 2005-02-04 20:21:18.000000000 +0000 ++++ modules/mappers/mod_imap.c 2005-12-15 11:23:25.000000000 +0000 +@@ -342,7 +342,7 @@ + if (!strcasecmp(value, "referer")) { + referer = apr_table_get(r->headers_in, "Referer"); + if (referer && *referer) { +- return apr_pstrdup(r->pool, referer); ++ return ap_escape_html(r->pool, referer); + } + else { + /* XXX: This used to do *value = '\0'; ... which is totally bogus |