Updated apache to 1.3.29.

Major changes since 1.3.28:

  Security vulnerabilities

     * CAN-2003-0542 (cve.mitre.org)
       Fix buffer overflows in mod_alias and mod_rewrite which occurred if
       one configured a regular expression with more than 9 captures.

  Bugs fixed

   The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
   and have been fixed in Apache 1.3.29:

     * Within ap_bclose(), ap_pclosesocket() is now called
     * consistently
       for sockets and ap_pclosef() for files.  Also, closesocket()
       is used consistenly to close socket fd's.  The previous
       confusion between socket and file fd's would cause problems
       with some applications now that we proactively close fd's to
       prevent leakage.

     * Fixed mod_usertrack to not get false positive matches on the
       user-tracking cookie's name.

     * Prevent creation of subprocess Zombies when using CGI wrappers
       such as suEXEC and cgiwrap.

4 files changed, 0 insertions, 112 deletions

diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap
deleted file mode 100644
index be04f7f0721..00000000000
--- a/www/apache/patches/patch-ap
+++ /dev/null
@@ -1,26 +0,0 @@
-$NetBSD: patch-ap,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/modules/standard/mod_alias.c.orig	2003-04-24 18:08:21.000000000 +0200
-+++ src/modules/standard/mod_alias.c
-@@ -299,7 +299,7 @@ static int alias_matches(const char *uri
- static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
- {
-     alias_entry *entries = (alias_entry *) aliases->elts;
--    regmatch_t regm[10];
-+    regmatch_t regm[AP_MAX_REG_MATCH];
-     char *found = NULL;
-     int i;
- 
-@@ -308,10 +308,10 @@ static char *try_alias_list(request_rec 
- 	int l;
- 
- 	if (p->regexp) {
--	    if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) {
-+	    if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
- 		if (p->real) {
- 		    found = ap_pregsub(r->pool, p->real, r->uri,
--				    p->regexp->re_nsub + 1, regm);
-+                                       AP_MAX_REG_MATCH, regm);
- 		    if (found && doesc) {
- 			found = ap_escape_uri(r->pool, found);
- 		    }
diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq
deleted file mode 100644
index 8c5fadf1547..00000000000
--- a/www/apache/patches/patch-aq
+++ /dev/null
@@ -1,50 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/modules/standard/mod_rewrite.c.orig	2003-10-29 09:25:17.000000000 +0100
-+++ src/modules/standard/mod_rewrite.c
-@@ -1834,7 +1834,7 @@ static int apply_rewrite_rule(request_re
-     const char *vary;
-     char newuri[MAX_STRING_LEN];
-     regex_t *regexp;
--    regmatch_t regmatch[MAX_NMATCH];
-+    regmatch_t regmatch[AP_MAX_REG_MATCH];
-     backrefinfo *briRR = NULL;
-     backrefinfo *briRC = NULL;
-     int prefixstrip;
-@@ -1891,7 +1891,7 @@ static int apply_rewrite_rule(request_re
-         rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
-                    perdir, p->pattern, uri);
-     }
--    rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0);
-+    rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
-     if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
-            (!rc &&  (p->flags & RULEFLAG_NOTMATCH))   ) ) {
-         return 0;
-@@ -2179,7 +2179,7 @@ static int apply_rewrite_cond(request_re
-     char input[MAX_STRING_LEN];
-     struct stat sb;
-     request_rec *rsub;
--    regmatch_t regmatch[MAX_NMATCH];
-+    regmatch_t regmatch[AP_MAX_REG_MATCH];
-     int rc;
- 
-     /*
-@@ -2283,8 +2283,7 @@ static int apply_rewrite_cond(request_re
-     }
-     else {
-         /* it is really a regexp pattern, so apply it */
--        rc = (ap_regexec(p->regexp, input,
--                         p->regexp->re_nsub+1, regmatch,0) == 0);
-+        rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
- 
-         /* if it isn't a negated pattern and really matched
-            we update the passed-through regex subst info structure */
-@@ -2442,7 +2441,7 @@ static void do_expand(request_rec *r, ch
- 		bri = briRC;
- 	    }
- 	    /* see ap_pregsub() in src/main/util.c */
--            if (bri && n <= bri->nsub &&
-+            if (bri && n < AP_MAX_REG_MATCH &&
- 		bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
- 		span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
- 		if (span > space) {
diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar
deleted file mode 100644
index 0a045bb6ff1..00000000000
--- a/www/apache/patches/patch-ar
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ar,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/modules/standard/mod_rewrite.h.orig	2003-05-19 04:35:31.000000000 +0200
-+++ src/modules/standard/mod_rewrite.h
-@@ -253,8 +253,6 @@
- 
- #define MAX_ENV_FLAGS 15
- 
--#define MAX_NMATCH    10
--
- /* default maximum number of internal redirects */
- #define REWRITE_REDIRECT_LIMIT 10
- 
-@@ -368,7 +366,7 @@ typedef struct cache {
- typedef struct backrefinfo {
-     char *source;
-     int nsub;
--    regmatch_t regmatch[10];
-+    regmatch_t regmatch[AP_MAX_REG_MATCH];
- } backrefinfo;
- 
- 
diff --git a/www/apache/patches/patch-as b/www/apache/patches/patch-as
deleted file mode 100644
index bd849791034..00000000000
--- a/www/apache/patches/patch-as
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-as,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/include/httpd.h.orig	2003-10-29 09:28:40.000000000 +0100
-+++ src/include/httpd.h
-@@ -291,6 +291,9 @@ extern "C" {
- /* The size of the server's internal read-write buffers */
- #define IOBUFSIZE 8192
- 
-+/* The max number of regex captures that can be expanded by ap_pregsub */
-+#define AP_MAX_REG_MATCH 10
-+
- /* Number of servers to spawn off by default --- also, if fewer than
-  * this free when the caretaker checks, it will spawn more.
-  */