Add fix for security vulnerability reported in CVE-2005-3352 taken from

Apache SVN repository. Bump package revision because of that.
author: tron <tron@pkgsrc.org> 2005-12-15 11:29:00 +0000
committer: tron <tron@pkgsrc.org> 2005-12-15 11:29:00 +0000
commit: c2e56c98e285a446a6df62da17453be4fa9f09cf (patch)
tree: db47b1ca8bd00d186d36e87dcb1ba0177d5077af /www/apache2
parent: 8d8f370650ad9d4646f36e978f3e78140d78349c (diff)
download: pkgsrc-c2e56c98e285a446a6df62da17453be4fa9f09cf.tar.gz
3 files changed, 17 insertions, 3 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index e21b6823d26..392f523b6ed 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.88 2005/12/05 23:55:22 rillig Exp $
+# $NetBSD: Makefile,v 1.89 2005/12/15 11:29:00 tron Exp $
 
 .include "Makefile.common"
 
 PKGNAME=	apache-${APACHE_VERSION}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	www
 
 HOMEPAGE=	http://httpd.apache.org/
diff --git a/www/apache2/distinfo b/www/apache2/distinfo
index 7a4e6473bc4..5d570f0d4d7 100644
--- a/www/apache2/distinfo
+++ b/www/apache2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.44 2005/10/17 10:37:11 tron Exp $
+$NetBSD: distinfo,v 1.45 2005/12/15 11:29:00 tron Exp $
 
 SHA1 (httpd-2.0.55.tar.bz2) = ab016aace57f34cb3eae5c9d48f2bcc5759d6c84
 RMD160 (httpd-2.0.55.tar.bz2) = 04749dcf9ea369152eddf9422e49bc0a77a443eb
@@ -7,6 +7,7 @@ SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23
 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b
+SHA1 (patch-ae) = 4d906691447dd718547b18ebfbb80322443afcda
 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
 SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de
 SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
diff --git a/www/apache2/patches/patch-ae b/www/apache2/patches/patch-ae
new file mode 100644
index 00000000000..ea60df07095
--- /dev/null
+++ b/www/apache2/patches/patch-ae
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.7 2005/12/15 11:29:00 tron Exp $
+
+--- modules/mappers/mod_imap.c.orig	2005-02-04 20:21:18.000000000 +0000
++++ modules/mappers/mod_imap.c	2005-12-15 11:23:25.000000000 +0000
+@@ -342,7 +342,7 @@
+     if (!strcasecmp(value, "referer")) {
+         referer = apr_table_get(r->headers_in, "Referer");
+         if (referer && *referer) {
+-	    return apr_pstrdup(r->pool, referer);
++	    return ap_escape_html(r->pool, referer);
+         }
+         else {
+ 	    /* XXX:  This used to do *value = '\0'; ... which is totally bogus
author	tron <tron@pkgsrc.org>	2005-12-15 11:29:00 +0000
committer	tron <tron@pkgsrc.org>	2005-12-15 11:29:00 +0000
commit	c2e56c98e285a446a6df62da17453be4fa9f09cf (patch)
tree	db47b1ca8bd00d186d36e87dcb1ba0177d5077af /www/apache2
parent	8d8f370650ad9d4646f36e978f3e78140d78349c (diff)
download	pkgsrc-c2e56c98e285a446a6df62da17453be4fa9f09cf.tar.gz