diff options
| author | salo <salo> | 2005-12-15 13:36:32 +0000 |
|---|---|---|
| committer | salo <salo> | 2005-12-15 13:36:32 +0000 |
| commit | 65f3efb3115b5462e3c80c2f96938dbf627d4736 (patch) | |
| tree | 17db9b4b2b42fe63e18c549b705dafdb3a2aef72 | |
| parent | 41ced9561f162b20800fb94b5255690e2203cef9 (diff) | |
| download | pkgsrc-65f3efb3115b5462e3c80c2f96938dbf627d4736.tar.gz | |
Pullup ticket 960 - requested by Matthias Scheler
security fix for apache
Revisions pulled up:
- pkgsrc/www/apache/Makefile 1.176
- pkgsrc/www/apache/distinfo 1.48
- pkgsrc/www/apache/patches/patch-ap 1.7
Module Name: pkgsrc
Committed By: tron
Date: Thu Dec 15 12:57:30 UTC 2005
Modified Files:
pkgsrc/www/apache: Makefile distinfo
Added Files:
pkgsrc/www/apache/patches: patch-ap
Log Message:
Add fix for security vulnerability reported in CVE-2005-3352 taken from
Apache SVN repository. Bump package revision because of that.
| -rw-r--r-- | www/apache/Makefile | 3 | ||||
| -rw-r--r-- | www/apache/distinfo | 3 | ||||
| -rw-r--r-- | www/apache/patches/patch-ap | 13 |
3 files changed, 17 insertions, 2 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile index 097268e23f3..a760d323bb7 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.171.2.1 2005/10/19 22:04:48 salo Exp $ +# $NetBSD: Makefile,v 1.171.2.2 2005/12/15 13:36:32 salo Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). DISTNAME= apache_1.3.34 PKGNAME= ${DISTNAME:S/_/-/} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} diff --git a/www/apache/distinfo b/www/apache/distinfo index 05fe29af2ab..011cc8d3243 100644 --- a/www/apache/distinfo +++ b/www/apache/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.46.2.1 2005/10/19 22:04:48 salo Exp $ +$NetBSD: distinfo,v 1.46.2.2 2005/12/15 13:36:32 salo Exp $ SHA1 (apache_1.3.34.tar.gz) = df082b73f1220555dc416c0c5afa746e30a9e0de RMD160 (apache_1.3.34.tar.gz) = e39dfc57b7f9164aa76641de3fa74f0314c9ec9e @@ -23,3 +23,4 @@ SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a SHA1 (patch-al) = f9d329ca9465af0254f76d732f80ed4bf57a846a SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0 SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29 +SHA1 (patch-ap) = 90ac139c91dcc45abb04e9496273f2ef4742d260 diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap new file mode 100644 index 00000000000..24a2ce3daed --- /dev/null +++ b/www/apache/patches/patch-ap @@ -0,0 +1,13 @@ +$NetBSD: patch-ap,v 1.6.8.1 2005/12/15 13:36:32 salo Exp $ + +--- src/modules/standard/mod_imap.c.orig 2004-11-24 20:10:19.000000000 +0100 ++++ src/modules/standard/mod_imap.c 2005-12-15 13:02:18.000000000 +0100 +@@ -328,7 +328,7 @@ + if (!strcasecmp(value, "referer")) { + referer = ap_table_get(r->headers_in, "Referer"); + if (referer && *referer) { +- return ap_pstrdup(r->pool, referer); ++ return ap_escape_html(r->pool, referer); + } + else { + /* XXX: This used to do *value = '\0'; ... which is totally bogus |