Security update for apache2 with the changes backported from the

Apache CVS tree.

CAN-2004-0748
http://issues.apache.org/bugzilla/show_bug.cgi?id=29964
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.124&r2=1.125

CAN-2004-0751
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126

4 files changed, 36 insertions, 3 deletions

diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 619ad23b003..fae1646b981 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.42 2004/07/17 00:18:31 xtraeme Exp $
+# $NetBSD: Makefile,v 1.43 2004/09/07 19:43:03 adrianp Exp $
 
 PKGNAME=		apache-${APACHE_VERSION}
+PKGREVISION=		1
 CATEGORIES=		www
 
 HOMEPAGE=		http://httpd.apache.org/
diff --git a/www/apache2/buildlink3.mk b/www/apache2/buildlink3.mk
index 287b62e0204..b964be42d77 100644
--- a/www/apache2/buildlink3.mk
+++ b/www/apache2/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/07/14 08:28:51 adrianp Exp $
+# $NetBSD: buildlink3.mk,v 1.6 2004/09/07 19:43:03 adrianp Exp $
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
 APACHE_BUILDLINK3_MK:=	${APACHE_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@ BUILDLINK_PACKAGES+=	apache
 
 .if !empty(APACHE_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.apache+=	apache>=2.0.50
+BUILDLINK_RECOMMENDED.apache=	apache>=2.0.50nb1
 BUILDLINK_PKGSRCDIR.apache?=	../../www/apache2
 BUILDLINK_DEPMETHOD.apache?=	build
 .  if defined(APACHE_MODULE)
diff --git a/www/apache2/distinfo b/www/apache2/distinfo
index 7ebc69ac722..3d5b14cb0de 100644
--- a/www/apache2/distinfo
+++ b/www/apache2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26 2004/07/14 08:28:51 adrianp Exp $
+$NetBSD: distinfo,v 1.27 2004/09/07 19:43:03 adrianp Exp $
 
 SHA1 (httpd-2.0.50.tar.gz) = 7b6f591b2e728473ebe0164bf5297b1fa86f4fe2
 Size (httpd-2.0.50.tar.gz) = 6338536 bytes
@@ -10,3 +10,4 @@ SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
 SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
 SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
 SHA1 (patch-ar) = de5f57dd0757b7fdc1039c00f6e18de72007f5d8
+SHA1 (patch-as) = b9941cac20dabfb79d90748bc9fcb047cfa13fbd
diff --git a/www/apache2/patches/patch-as b/www/apache2/patches/patch-as
new file mode 100644
index 00000000000..00bc409de84
--- /dev/null
+++ b/www/apache2/patches/patch-as
@@ -0,0 +1,30 @@
+$NetBSD: patch-as,v 1.3 2004/09/07 19:43:03 adrianp Exp $
+
+--- modules/ssl/ssl_engine_io.c.orig	2004-09-06 18:25:31.000000000 +0000
++++ modules/ssl/ssl_engine_io.c	2004-09-06 18:27:21.000000000 +0000
+@@ -562,8 +562,12 @@
+         *len = bytes;
+         if (inctx->mode == AP_MODE_SPECULATIVE) {
+             /* We want to rollback this read. */
+-            inctx->cbuf.value -= bytes;
+-            inctx->cbuf.length += bytes;
++            if (inctx->cbuf.length > 0) {
++                inctx->cbuf.value -= bytes;
++                inctx->cbuf.length += bytes;
++            } else {
++                char_buffer_write(&inctx->cbuf, buf, (int)bytes);
++            }
+             return APR_SUCCESS;
+         }
+         /* This could probably be *len == wanted, but be safe from stray
+@@ -587,6 +591,10 @@
+     while (1) {
+ 
+         if (!inctx->filter_ctx->pssl) {
++            /* Ensure a non-zero error code is returned */
++            if (inctx->rc == APR_SUCCESS) {
++                inctx->rc = APR_EGENERAL;
++            }
+             break;
+         }
+