diff options
| author | manu <manu@pkgsrc.org> | 2009-12-20 11:31:30 +0000 |
|---|---|---|
| committer | manu <manu@pkgsrc.org> | 2009-12-20 11:31:30 +0000 |
| commit | 94bcadc35d703e3423b2d882da923ee1210f7e19 (patch) | |
| tree | 90c1168ba303048526973c4a8f5c3cc9164e6ca0 /www/ap2-auth-mellon | |
| parent | 7e3e93964927f28ea24c6bc7b971add9801ac10c (diff) | |
| download | pkgsrc-94bcadc35d703e3423b2d882da923ee1210f7e19.tar.gz | |
Fix a XSS vulnerability
Diffstat (limited to 'www/ap2-auth-mellon')
| -rw-r--r-- | www/ap2-auth-mellon/Makefile | 10 | ||||
| -rw-r--r-- | www/ap2-auth-mellon/distinfo | 3 | ||||
| -rw-r--r-- | www/ap2-auth-mellon/patches/patch-aa | 14 |
3 files changed, 25 insertions, 2 deletions
diff --git a/www/ap2-auth-mellon/Makefile b/www/ap2-auth-mellon/Makefile index ee6b06c1f4c..a92524e2f4f 100644 --- a/www/ap2-auth-mellon/Makefile +++ b/www/ap2-auth-mellon/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.9 2009/12/11 14:45:38 obache Exp $ +# $NetBSD: Makefile,v 1.10 2009/12/20 11:31:30 manu Exp $ # PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/} DISTNAME= mod_auth_mellon-0.2.5 +PKGREVISION= 2 CATEGORIES= www security MASTER_SITES= http://modmellon.googlecode.com/files/ @@ -10,6 +11,8 @@ MAINTAINER= manu@NetBSD.org HOMEPAGE= http://code.google.com/p/modmellon/ COMMENT= SAML 2.0 authentication for Apache +PKG_DESTDIR_SUPPORT= destdir + GNU_CONFIGURE= YES USE_LIBTOOL= YES USE_TOOLS+= pkg-config @@ -20,8 +23,13 @@ PKG_APACHE_ACCEPTED= apache2 apache22 .include "../../mk/apache.mk" BUILDLINK_API_DEPENDS.apache+= apache>=2.0.47 +CONFIGURE_ENV+= PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig +CONFIGURE_ENV+= OPENSSL_CFLAGS="${CPPFLAGS}" +CONFIGURE_ENV+= OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto" CONFIGURE_ARGS+= --with-apxs2=${APXS:Q} +# url2pkg-marker (please do not remove this line.) + .include "../../security/lasso/buildlink3.mk" .include "../../www/curl/buildlink3.mk" diff --git a/www/ap2-auth-mellon/distinfo b/www/ap2-auth-mellon/distinfo index fc2d215f89b..9ac6768a10f 100644 --- a/www/ap2-auth-mellon/distinfo +++ b/www/ap2-auth-mellon/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.6 2009/11/16 09:48:28 manu Exp $ +$NetBSD: distinfo,v 1.7 2009/12/20 11:31:30 manu Exp $ SHA1 (mod_auth_mellon-0.2.5.tar.gz) = f1d75456df39d183b6d1919f06dc2bc7b9b1afb6 RMD160 (mod_auth_mellon-0.2.5.tar.gz) = 7db221e431384ff9f73badc208eed55a0a0011a7 Size (mod_auth_mellon-0.2.5.tar.gz) = 89404 bytes +SHA1 (patch-aa) = b8a46a2a82f228a95cf28c1d395394373e0f6ccb diff --git a/www/ap2-auth-mellon/patches/patch-aa b/www/ap2-auth-mellon/patches/patch-aa new file mode 100644 index 00000000000..067eeb969b2 --- /dev/null +++ b/www/ap2-auth-mellon/patches/patch-aa @@ -0,0 +1,14 @@ +$NetBSD: patch-aa,v 1.3 2009/12/20 11:31:30 manu Exp $ +--- auth_mellon_handler.c.orig 2009-12-20 10:19:47.000000000 +0100 ++++ auth_mellon_handler.c 2009-12-20 10:20:09.000000000 +0100 +@@ -1899,9 +1899,9 @@ + return HTTP_BAD_REQUEST; + } + + /* Check that charset is sane */ +- for (cp = psf_id; *cp; cp++) { ++ for (cp = charset; *cp; cp++) { + if (!apr_isalnum(*cp) && (*cp != '-') && (*cp != '_')) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Bad repost query: invalid charset \"%s\"", charset); + return HTTP_BAD_REQUEST; |