diff options
| author | tron <tron> | 2008-08-09 22:16:44 +0000 |
|---|---|---|
| committer | tron <tron> | 2008-08-09 22:16:44 +0000 |
| commit | 7881945454c05486b1567e877ef45bb3c615bb7c (patch) | |
| tree | 1340499f2625e7ee3b0d8e5a4ca85194a98f3642 /www/apache22 | |
| parent | 5d21f9bfb042529838452ae16ac83cc1210539ac (diff) | |
| download | pkgsrc-7881945454c05486b1567e877ef45bb3c615bb7c.tar.gz | |
Add patch from Apache SVN repository to avoid cross-site scripting attacks
in the FTP proxy module. This fixes the security vulnerability reported
in CVE-2008-2939.
Diffstat (limited to 'www/apache22')
| -rw-r--r-- | www/apache22/Makefile | 3 | ||||
| -rw-r--r-- | www/apache22/distinfo | 3 | ||||
| -rw-r--r-- | www/apache22/patches/patch-ab | 15 |
3 files changed, 19 insertions, 2 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 47712b87012..aab56c85889 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.27 2008/06/18 21:38:00 tron Exp $ +# $NetBSD: Makefile,v 1.28 2008/08/09 22:16:44 tron Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} +PKGREVISION= 1 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index af174f2d0b3..7981c087f9e 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.11 2008/06/18 21:38:01 tron Exp $ +$NetBSD: distinfo,v 1.12 2008/08/09 22:16:44 tron Exp $ SHA1 (httpd-2.2.9.tar.bz2) = 71715d81e7a5ace4499803df7369c78b85251083 RMD160 (httpd-2.2.9.tar.bz2) = 8fd62ae78271aa0ded6ba2f5bfeea8c63b79060a Size (httpd-2.2.9.tar.bz2) = 4943462 bytes SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf +SHA1 (patch-ab) = f88048318569424b9f215debc71fec0f32295358 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 diff --git a/www/apache22/patches/patch-ab b/www/apache22/patches/patch-ab new file mode 100644 index 00000000000..e016a3b62ac --- /dev/null +++ b/www/apache22/patches/patch-ab @@ -0,0 +1,15 @@ +$NetBSD: patch-ab,v 1.8 2008/08/09 22:16:44 tron Exp $ + +Patch for CVE-2008-2939, taken from the Apache SVN repository: +http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=681190&r2=682868&pathrev=682868 + +--- modules/proxy/mod_proxy_ftp.c.orig 2008-05-17 20:42:03.000000000 +0100 ++++ modules/proxy/mod_proxy_ftp.c 2008-08-09 23:07:09.000000000 +0100 +@@ -383,6 +383,7 @@ + c->bucket_alloc)); + } + if (wildcard != NULL) { ++ wildcard = ap_escape_html(p, wildcard); + APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard, + strlen(wildcard), p, + c->bucket_alloc)); |