patch for CVE-2012-0883 taken from the Apache SVN

bump pkgrev
author: spz <spz@pkgsrc.org> 2012-04-22 19:08:03 +0000
committer: spz <spz@pkgsrc.org> 2012-04-22 19:08:03 +0000
commit: 28ac36edec488ccb3468411cce1de0e328ab6dbf (patch)
tree: fc3e89a570cd00e8c4abdf0da30806ff3ff90f44 /www/apache22
parent: c9f1afe78a2fb5ac05d24352b4931b85b1bd79de (diff)
download: pkgsrc-28ac36edec488ccb3468411cce1de0e328ab6dbf.tar.gz
3 files changed, 28 insertions, 2 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index acf7cfb17e6..3f5936e50df 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.79 2012/02/01 19:53:21 tron Exp $
+# $NetBSD: Makefile,v 1.80 2012/04/22 19:08:03 spz Exp $
 
 DISTNAME=	httpd-2.2.22
+PKGREVISION=	1
 
 PKGNAME=	${DISTNAME:S/httpd/apache/}
 CATEGORIES=	www
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index 840f7b85625..17882d1469c 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2012/02/01 19:53:21 tron Exp $
+$NetBSD: distinfo,v 1.51 2012/04/22 19:08:03 spz Exp $
 
 SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696
 RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9
@@ -16,3 +16,4 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
+SHA1 (patch-support_envvars-std.in) = 03e4989e104f4a1902a9135649d603f3e8d53d4c
diff --git a/www/apache22/patches/patch-support_envvars-std.in b/www/apache22/patches/patch-support_envvars-std.in
new file mode 100644
index 00000000000..c667e60aa84
--- /dev/null
+++ b/www/apache22/patches/patch-support_envvars-std.in
@@ -0,0 +1,24 @@
+$NetBSD: patch-support_envvars-std.in,v 1.1 2012/04/22 19:08:03 spz Exp $
+
+http://svn.apache.org/viewvc?view=revision&revision=1296428 :
+
+Fix insecure handling of LD_LIBRARY_PATH that could lead to the
+current working directory to be searched for DSOs
+
+CVE-2012-0883
+
+--- support/envvars-std.in.orig	2006-07-12 03:38:44.000000000 +0000
++++ support/envvars-std.in
+@@ -18,7 +18,11 @@
+ #
+ # This file is generated from envvars-std.in
+ #
+-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
++if test "x$@SHLIBPATH_VAR@" != "x" ; then
++  @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
++else
++  @SHLIBPATH_VAR@="@exp_libdir@"
++fi
+ export @SHLIBPATH_VAR@
+ #
+ @OS_SPECIFIC_VARS@
author	spz <spz@pkgsrc.org>	2012-04-22 19:08:03 +0000
committer	spz <spz@pkgsrc.org>	2012-04-22 19:08:03 +0000
commit	28ac36edec488ccb3468411cce1de0e328ab6dbf (patch)
tree	fc3e89a570cd00e8c4abdf0da30806ff3ff90f44 /www/apache22
parent	c9f1afe78a2fb5ac05d24352b4931b85b1bd79de (diff)
download	pkgsrc-28ac36edec488ccb3468411cce1de0e328ab6dbf.tar.gz