diff options
| author | obache <obache> | 2008-02-23 05:16:33 +0000 |
|---|---|---|
| committer | obache <obache> | 2008-02-23 05:16:33 +0000 |
| commit | 7828a6f31f52da89af1238288b9b0b0c8b1a5f41 (patch) | |
| tree | 27362cf0e0806e1bd7ebeb4e2a0dbcce8ed289dc /www/apache | |
| parent | 8b0a5bb3dd7a856ad0244161b74abe019e9d35f5 (diff) | |
| download | pkgsrc-7828a6f31f52da89af1238288b9b0b0c8b1a5f41.tar.gz | |
Update apache to 1.3.41.
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
Diffstat (limited to 'www/apache')
| -rw-r--r-- | www/apache/Makefile | 9 | ||||
| -rw-r--r-- | www/apache/PLIST | 4 | ||||
| -rw-r--r-- | www/apache/distinfo | 36 | ||||
| -rw-r--r-- | www/apache/patches/patch-aa | 22 | ||||
| -rw-r--r-- | www/apache/patches/patch-ae | 16 | ||||
| -rw-r--r-- | www/apache/patches/patch-af | 6 | ||||
| -rw-r--r-- | www/apache/patches/patch-ag | 6 | ||||
| -rw-r--r-- | www/apache/patches/patch-ah | 8 | ||||
| -rw-r--r-- | www/apache/patches/patch-ai | 6 | ||||
| -rw-r--r-- | www/apache/patches/patch-al | 10 | ||||
| -rw-r--r-- | www/apache/patches/patch-am | 10 | ||||
| -rw-r--r-- | www/apache/patches/patch-ao | 8 | ||||
| -rw-r--r-- | www/apache/patches/patch-aq | 6 | ||||
| -rw-r--r-- | www/apache/patches/patch-ar | 42 | ||||
| -rw-r--r-- | www/apache/patches/patch-as | 50 |
15 files changed, 72 insertions, 167 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile index 9ae7ee37c2b..919a08ac995 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.196 2008/02/17 20:15:07 tnn Exp $ +# $NetBSD: Makefile,v 1.197 2008/02/23 05:16:33 obache Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). -DISTNAME= apache_1.3.37 +DISTNAME= apache_1.3.41 PKGNAME= ${DISTNAME:S/_/-/} -PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} @@ -18,8 +17,8 @@ COMMENT= Apache HTTP (Web) server NETBSD_LOGO= sitedrivenby.gif SITES.${NETBSD_LOGO}= http://www.NetBSD.org/images/logos/ -MODSSL_VERSION= 2.8.28 -MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.37 +MODSSL_VERSION= 2.8.31 +MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.41 MODSSL_DIST= ${MODSSL_DISTNAME}.tar.gz MODSSL_SRC= ${WRKDIR}/${MODSSL_DISTNAME} SITES.${MODSSL_DIST}= http://www.modssl.org/source/ \ diff --git a/www/apache/PLIST b/www/apache/PLIST index 6726a8bd2f8..e8769c806d6 100644 --- a/www/apache/PLIST +++ b/www/apache/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.14 2005/10/19 21:42:59 bouyer Exp $ +@comment $NetBSD: PLIST,v 1.15 2008/02/23 05:16:33 obache Exp $ bin/checkgid bin/dbmmanage bin/htdigest @@ -398,6 +398,7 @@ share/httpd/htdocs/manual/windows.html.html share/httpd/htdocs/manual/windows.html.ja.jis share/httpd/htdocs/sitedrivenby.gif share/httpd/icons/README +share/httpd/icons/README.html share/httpd/icons/a.gif share/httpd/icons/a.png share/httpd/icons/alert.black.gif @@ -522,7 +523,6 @@ share/httpd/icons/screw2.gif share/httpd/icons/screw2.png share/httpd/icons/script.gif share/httpd/icons/script.png -share/httpd/icons/small/README.txt share/httpd/icons/small/back.gif share/httpd/icons/small/back.png share/httpd/icons/small/binary.gif diff --git a/www/apache/distinfo b/www/apache/distinfo index e316298788e..700e1dc4648 100644 --- a/www/apache/distinfo +++ b/www/apache/distinfo @@ -1,29 +1,27 @@ -$NetBSD: distinfo,v 1.57 2007/10/07 20:49:57 dmcmahill Exp $ +$NetBSD: distinfo,v 1.58 2008/02/23 05:16:33 obache Exp $ -SHA1 (apache_1.3.37.tar.gz) = b422fac1dda10baa483e8f4378dff58faf3f85b4 -RMD160 (apache_1.3.37.tar.gz) = de84adf2fd0a745c32072ca5dc5e1374cfcf04f7 -Size (apache_1.3.37.tar.gz) = 2665370 bytes -SHA1 (mod_ssl-2.8.28-1.3.37.tar.gz) = 9db2a7240e499da2b99d0df9c1a6fbae0580ba0b -RMD160 (mod_ssl-2.8.28-1.3.37.tar.gz) = 6b12c0a52fe0fbb7b91221d1cb37f93fbe59bb11 -Size (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417 bytes +SHA1 (apache_1.3.41.tar.gz) = 3bbd4c4bc648e6ad5b696bb83420533f4d23daf8 +RMD160 (apache_1.3.41.tar.gz) = 74786c65c143af123f1d13e9d93dd5ff07e9a201 +Size (apache_1.3.41.tar.gz) = 2483180 bytes +SHA1 (mod_ssl-2.8.31-1.3.41.tar.gz) = f2d2210041332fc1d4b7243a856d4d81f961d306 +RMD160 (mod_ssl-2.8.31-1.3.41.tar.gz) = c3083c29710c4537ca8c79ddd8c1992eb95cbfee +Size (mod_ssl-2.8.31-1.3.41.tar.gz) = 820067 bytes SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658 RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa Size (sitedrivenby.gif) = 8519 bytes -SHA1 (patch-aa) = 28302d0f95ff345fb9c4cc3306e910bfaca82cef +SHA1 (patch-aa) = 54c32338f0dd6f37f28e3ef37b26d2867f90280d SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802 SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c SHA1 (patch-ad) = c02cd1af3c4b5e0d49aaa7f0eff20a8d76a633aa -SHA1 (patch-ae) = 59318dd3376b10b84c0126d90f4b244a18268791 -SHA1 (patch-af) = 55b27779b63cd86d3aef5b700c13600f0d840554 -SHA1 (patch-ag) = 0c075960215e55525ffee15c381b82775614a2d2 -SHA1 (patch-ah) = 1db5811a74ecadb5f8db2d74483f95c537b9c18d -SHA1 (patch-ai) = e2e48f48bec8cba85345e31541d4e4ddcc30e799 +SHA1 (patch-ae) = 1654cdaa58622b7572ab9190928854e80e8c88c7 +SHA1 (patch-af) = 4eb5041f2ae8f1d434abbcab416d25739a0979e8 +SHA1 (patch-ag) = e29d1d4934a7490e9c51e338375d4d1cc9e93304 +SHA1 (patch-ah) = 7c7ad1c09a1c849129313bb272106a1dcd2abf7b +SHA1 (patch-ai) = 80e35b111e3cbdebf5dc7a8265f454caab791f50 SHA1 (patch-aj) = ac7337b51d7d4ca25cef4020961736404ec79f01 SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a -SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1 -SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0 +SHA1 (patch-al) = aa6add3b91ee87846dd9cbbe5fd563b606fdcfb8 +SHA1 (patch-am) = 76bbb4ae3a8cce666bf91fb605f72572350f23a1 SHA1 (patch-an) = 45a5bf946628b1e1b2e60c217214965390f7b3d7 -SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29 -SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178 -SHA1 (patch-ar) = 882ad0cf40e3f6ebfcf8a210e0ac5e6f7e707909 -SHA1 (patch-as) = 404167a7449f2e5b90d5035ced9c838942f08555 +SHA1 (patch-ao) = 96b97e1faf6828a6880c39eb246d07c4a56bfe12 +SHA1 (patch-aq) = 1fda54aae47edb675549095adac2eb0378d1f60c diff --git a/www/apache/patches/patch-aa b/www/apache/patches/patch-aa index ef181d4c380..d380fe0ff29 100644 --- a/www/apache/patches/patch-aa +++ b/www/apache/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ +$NetBSD: patch-aa,v 1.26 2008/02/23 05:16:34 obache Exp $ ---- Makefile.tmpl.orig 2006-02-21 12:27:34.000000000 +0000 +--- Makefile.tmpl.orig 2008-02-23 04:22:56.000000000 +0000 +++ Makefile.tmpl -@@ -56,6 +56,8 @@ INSTALL_DATA = $(INSTALL) $(IFLAGS_DA +@@ -57,6 +57,8 @@ INSTALL_DATA = $(INSTALL) $(IFLAGS_DA PERL = @PERL@ TAR = @TAR@ TAROPT = @TAROPT@ @@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ # installation name of Apache webserver TARGET = @TARGET@ -@@ -280,11 +282,6 @@ install-mktree: +@@ -281,11 +283,6 @@ install-mktree: $(MKDIR) $(root)$(mandir)/man1 $(MKDIR) $(root)$(mandir)/man8 $(MKDIR) $(root)$(sysconfdir) @@ -23,7 +23,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ $(MKDIR) $(root)$(htdocsdir) $(MKDIR) $(root)$(manualdir) $(MKDIR) $(root)$(iconsdir) -@@ -296,9 +293,9 @@ install-mktree: +@@ -297,9 +294,9 @@ install-mktree: $(MKDIR) $(root)$(proxycachedir) -@if [ "x`$(AUX)/getuid.sh`" = "x0" ]; then \ echo "chown $(conf_user) $(root)$(proxycachedir)"; \ @@ -35,7 +35,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ fi @echo "<=== [mktree]" -@@ -343,34 +340,6 @@ install-programs: +@@ -344,34 +341,6 @@ install-programs: file=`echo $${mod} | sed -e 's;^.*/\([^/]*\);\1;'`; \ echo "$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}"; \ $(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}; \ @@ -70,7 +70,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ done; \ fi @echo "<=== [programs]" -@@ -420,9 +389,9 @@ install-support: +@@ -421,9 +390,9 @@ install-support: echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \ $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \ echo "chown root $(root)$(sbindir)/suexec"; \ @@ -82,7 +82,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \ $(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \ fi -@@ -464,9 +433,9 @@ install-binsupport: +@@ -465,9 +434,9 @@ install-binsupport: echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \ $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \ echo "chown root $(root)$(sbindir)/suexec"; \ @@ -94,7 +94,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \ $(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \ fi -@@ -489,21 +458,25 @@ install-include: +@@ -490,21 +459,25 @@ install-include: # icons and distributed CGI scripts. install-data: @echo "===> [data: Installing initial data files]" @@ -125,7 +125,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ fi -@if [ -f $(root)$(cgidir)/printenv ]; then \ echo "[PRESERVING EXISTING CGI SUBDIR: $(root)$(cgidir)/]"; \ -@@ -511,23 +484,25 @@ install-data: +@@ -512,23 +485,25 @@ install-data: for script in printenv test-cgi; do \ cat $(TOP)/cgi-bin/$${script} |\ sed -e 's;^#!/.*perl;#!$(PERL);' \ @@ -156,7 +156,7 @@ $NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $ if [ .$$conf = .httpd.conf ]; then \ target_conf="$(TARGET).conf"; \ else \ -@@ -583,22 +558,10 @@ install-config: +@@ -584,22 +559,10 @@ install-config: > $(TOP)/$(SRC)/.apaci.install.tmp && \ echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}.default"; \ $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}.default; \ diff --git a/www/apache/patches/patch-ae b/www/apache/patches/patch-ae index 55855bee09f..af44c88489a 100644 --- a/www/apache/patches/patch-ae +++ b/www/apache/patches/patch-ae @@ -1,8 +1,8 @@ -$NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $ +$NetBSD: patch-ae,v 1.8 2008/02/23 05:16:34 obache Exp $ ---- src/modules/standard/mod_include.c.orig 2004-10-25 16:44:04.000000000 +0100 +--- src/modules/standard/mod_include.c.orig 2006-07-12 08:16:05.000000000 +0000 +++ src/modules/standard/mod_include.c -@@ -50,7 +50,10 @@ +@@ -51,7 +51,10 @@ #include "http_log.h" #include "http_main.h" #include "util_script.h" @@ -13,7 +13,7 @@ $NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $ #define STARTING_SEQUENCE "<!--#" #define ENDING_SEQUENCE "-->" -@@ -447,7 +450,8 @@ static int get_directive(FILE *in, char +@@ -448,7 +451,8 @@ static int get_directive(FILE *in, char /* * Do variable substitution on strings */ @@ -23,7 +23,7 @@ $NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $ size_t length, int leave_name) { char ch; -@@ -645,7 +649,8 @@ static int handle_include(FILE *in, requ +@@ -646,7 +650,8 @@ static int handle_include(FILE *in, requ parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0); if (tag[0] == 'f') { /* be safe; only files in this directory or below allowed */ @@ -33,7 +33,7 @@ $NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $ error_fmt = "unable to include file \"%s\" " "in parsed file %s"; } -@@ -1057,7 +1062,8 @@ static int find_file(request_rec *r, con +@@ -1058,7 +1063,8 @@ static int find_file(request_rec *r, con "in parsed file %s"; } else { @@ -43,7 +43,7 @@ $NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $ rr = ap_sub_req_lookup_file(tag_val, r); if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) { -@@ -2140,6 +2146,16 @@ static int handle_printenv(FILE *in, req +@@ -2141,6 +2147,16 @@ static int handle_printenv(FILE *in, req } } @@ -60,7 +60,7 @@ $NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $ /* -------------------------- The main function --------------------------- */ -@@ -2275,6 +2291,13 @@ static void send_parsed_content(FILE *f, +@@ -2276,6 +2292,13 @@ static void send_parsed_content(FILE *f, } #endif else { diff --git a/www/apache/patches/patch-af b/www/apache/patches/patch-af index 2f9fc821cae..a055a12b7f2 100644 --- a/www/apache/patches/patch-af +++ b/www/apache/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.10 2004/10/29 13:48:31 abs Exp $ +$NetBSD: patch-af,v 1.11 2008/02/23 05:16:34 obache Exp $ ---- src/modules/standard/mod_so.c.orig 2004-10-29 14:44:35.000000000 +0100 +--- src/modules/standard/mod_so.c.orig 2008-02-23 04:22:56.000000000 +0000 +++ src/modules/standard/mod_so.c -@@ -321,7 +321,15 @@ static const char *load_file(cmd_parms * +@@ -322,7 +322,15 @@ static const char *load_file(cmd_parms * return err; } diff --git a/www/apache/patches/patch-ag b/www/apache/patches/patch-ag index 148c8f8b32b..d4cb64cba89 100644 --- a/www/apache/patches/patch-ag +++ b/www/apache/patches/patch-ag @@ -1,8 +1,8 @@ -$NetBSD: patch-ag,v 1.8 2004/10/29 13:48:31 abs Exp $ +$NetBSD: patch-ag,v 1.9 2008/02/23 05:16:34 obache Exp $ ---- src/os/unix/os.c.orig 2004-02-20 21:01:04.000000000 +0000 +--- src/os/unix/os.c.orig 2006-07-12 08:16:05.000000000 +0000 +++ src/os/unix/os.c -@@ -153,7 +153,12 @@ void ap_os_dso_unload(void *handle) +@@ -154,7 +154,12 @@ void ap_os_dso_unload(void *handle) #elif defined(HAVE_DYLD) NSUnLinkModule(handle,FALSE); diff --git a/www/apache/patches/patch-ah b/www/apache/patches/patch-ah index 7d9a60a20cb..55da695b516 100644 --- a/www/apache/patches/patch-ah +++ b/www/apache/patches/patch-ah @@ -1,8 +1,8 @@ -$NetBSD: patch-ah,v 1.5 2005/02/28 23:30:49 abs Exp $ +$NetBSD: patch-ah,v 1.6 2008/02/23 05:16:34 obache Exp $ ---- src/support/apachectl.orig 2005-02-28 22:42:11.000000000 +0000 +--- src/support/apachectl.orig 2008-02-23 04:22:56.000000000 +0000 +++ src/support/apachectl -@@ -42,6 +42,9 @@ PIDFILE=/usr/local/apache/logs/httpd.pid +@@ -43,6 +43,9 @@ PIDFILE=/usr/local/apache/logs/httpd.pid # the path to your httpd binary, including options if necessary HTTPD='/usr/local/apache/src/httpd' # @@ -12,7 +12,7 @@ $NetBSD: patch-ah,v 1.5 2005/02/28 23:30:49 abs Exp $ # a command that outputs a formatted text version of the HTML at the # url given on the command line. Designed for lynx, however other # programs may work. -@@ -138,6 +141,30 @@ do +@@ -139,6 +142,30 @@ do fi fi ;; diff --git a/www/apache/patches/patch-ai b/www/apache/patches/patch-ai index 64cfb705986..9fdc9aa579f 100644 --- a/www/apache/patches/patch-ai +++ b/www/apache/patches/patch-ai @@ -1,8 +1,8 @@ -$NetBSD: patch-ai,v 1.10 2004/11/15 19:13:41 salo Exp $ +$NetBSD: patch-ai,v 1.11 2008/02/23 05:16:34 obache Exp $ ---- src/support/apxs.pl.orig 2004-10-29 14:44:35.000000000 +0100 +--- src/support/apxs.pl.orig 2008-02-23 04:22:56.000000000 +0000 +++ src/support/apxs.pl -@@ -423,8 +423,7 @@ if ($opt_i or $opt_e) { +@@ -424,8 +424,7 @@ if ($opt_i or $opt_e) { if ($^O ne "MSWin32") { $t =~ s|^.+/([^/]+)$|$1|; if ($opt_i) { diff --git a/www/apache/patches/patch-al b/www/apache/patches/patch-al index 9108e498c7b..0fc8643ec82 100644 --- a/www/apache/patches/patch-al +++ b/www/apache/patches/patch-al @@ -1,8 +1,8 @@ -$NetBSD: patch-al,v 1.8 2006/01/09 13:40:34 joerg Exp $ +$NetBSD: patch-al,v 1.9 2008/02/23 05:16:34 obache Exp $ ---- src/Configure.orig 2005-08-22 08:43:51.000000000 -0700 -+++ src/Configure 2005-08-22 08:46:05.000000000 -0700 -@@ -465,6 +465,14 @@ case "$PLAT" in +--- src/Configure.orig 2008-02-23 04:22:55.000000000 +0000 ++++ src/Configure +@@ -466,6 +466,14 @@ case "$PLAT" in DBM_LIB="" DB_LIB="" ;; @@ -17,7 +17,7 @@ $NetBSD: patch-al,v 1.8 2006/01/09 13:40:34 joerg Exp $ *-openbsd*) OS='OpenBSD' DBM_LIB="" -@@ -1110,6 +1118,14 @@ if [ "x$using_shlib" = "x1" ] ; then +@@ -1111,6 +1119,14 @@ if [ "x$using_shlib" = "x1" ] ; then esac LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB ;; diff --git a/www/apache/patches/patch-am b/www/apache/patches/patch-am index c1dc151651a..c3db87a26ea 100644 --- a/www/apache/patches/patch-am +++ b/www/apache/patches/patch-am @@ -1,8 +1,8 @@ -$NetBSD: patch-am,v 1.8 2005/08/22 16:19:00 reed Exp $ +$NetBSD: patch-am,v 1.9 2008/02/23 05:16:34 obache Exp $ ---- src/include/ap_config.h.orig 2004-09-15 16:45:17.000000000 -0700 -+++ src/include/ap_config.h 2005-08-22 09:09:03.000000000 -0700 -@@ -699,8 +699,8 @@ +--- src/include/ap_config.h.orig 2006-07-12 08:16:05.000000000 +0000 ++++ src/include/ap_config.h +@@ -700,8 +700,8 @@ extern char *crypt(); #undef NO_SETSID #define HAVE_SYSLOG 1 @@ -13,7 +13,7 @@ $NetBSD: patch-am,v 1.8 2005/08/22 16:19:00 reed Exp $ #include <osreldate.h> #endif #define HAVE_GMTOFF 1 -@@ -1304,7 +1304,7 @@ +@@ -1305,7 +1305,7 @@ extern int ap_execve(const char *filenam * so we don't have to. Sigh... */ diff --git a/www/apache/patches/patch-ao b/www/apache/patches/patch-ao index 36e3acc6a7c..dd31483e932 100644 --- a/www/apache/patches/patch-ao +++ b/www/apache/patches/patch-ao @@ -1,8 +1,8 @@ -$NetBSD: patch-ao,v 1.3 2004/10/29 13:48:31 abs Exp $ +$NetBSD: patch-ao,v 1.4 2008/02/23 05:16:34 obache Exp $ ---- configure.orig 2004-10-29 14:44:35.000000000 +0100 +--- configure.orig 2008-02-23 04:22:56.000000000 +0000 +++ configure -@@ -185,6 +185,8 @@ if [ ! -f "$SHELL" ]; then +@@ -186,6 +186,8 @@ if [ ! -f "$SHELL" ]; then fi fi @@ -11,7 +11,7 @@ $NetBSD: patch-ao,v 1.3 2004/10/29 13:48:31 abs Exp $ ## ## determine default parameters ## -@@ -1258,6 +1260,8 @@ sed <Makefile.tmpl >$mkf \ +@@ -1259,6 +1261,8 @@ sed <Makefile.tmpl >$mkf \ -e "s%@PLATFORM@%$PLATFORM%g" \ -e "s%@PERL@%$PERL%g" \ -e "s%@TAR@%$TAR%g" \ diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq index db55f8a77f3..e651d7744bc 100644 --- a/www/apache/patches/patch-aq +++ b/www/apache/patches/patch-aq @@ -1,8 +1,8 @@ -$NetBSD: patch-aq,v 1.5 2006/01/09 00:51:03 joerg Exp $ +$NetBSD: patch-aq,v 1.6 2008/02/23 05:16:34 obache Exp $ ---- src/helpers/GuessOS.orig 2006-01-09 00:27:33.000000000 +0000 +--- src/helpers/GuessOS.orig 2006-07-12 08:16:05.000000000 +0000 +++ src/helpers/GuessOS -@@ -172,6 +172,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ +@@ -173,6 +173,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'` echo "${MACHINE}-whatever-freebsd${FREEBSDVERS}"; exit 0 ;; diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar deleted file mode 100644 index 14c506d7a3f..00000000000 --- a/www/apache/patches/patch-ar +++ /dev/null @@ -1,42 +0,0 @@ -$NetBSD: patch-ar,v 1.7 2007/06/28 01:24:39 lkundrak Exp $ - -Fix for CVE-2007-3304 denial of service. - ---- src/main/http_main.c.orig 2007-06-28 02:10:30.000000000 +0200 -+++ src/main/http_main.c -@@ -2751,6 +2751,17 @@ static int find_child_by_pid(int pid) - return -1; - } - -+static int safe_child_kill(pid_t pid, int sig) -+{ -+ if (getpgid(pid) == getpgrp()) { -+ return kill(pid, sig); -+ } -+ else { -+ errno = EINVAL; -+ return -1; -+ } -+} -+ - static void reclaim_child_processes(int terminate) - { - #ifndef MULTITHREAD -@@ -5113,7 +5124,7 @@ static void perform_idle_server_maintena - else if (ps->last_rtime + ss->timeout_len < now) { - /* no progress, and the timeout length has been exceeded */ - ss->timeout_len = 0; -- kill(ps->pid, SIG_TIMEOUT_KILL); -+ safe_child_kill(ps->pid, SIG_TIMEOUT_KILL); - } - } - #endif -@@ -5126,7 +5137,7 @@ static void perform_idle_server_maintena - * while we were counting. Use the define SIG_IDLE_KILL to reflect - * which signal should be used on the specific OS. - */ -- kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL); -+ safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL); - idle_spawn_rate = 1; - #ifdef TPF - ap_update_child_status(to_kill, SERVER_DEAD, (request_rec *)NULL); diff --git a/www/apache/patches/patch-as b/www/apache/patches/patch-as deleted file mode 100644 index dbdbb54d98c..00000000000 --- a/www/apache/patches/patch-as +++ /dev/null @@ -1,50 +0,0 @@ -$NetBSD: patch-as,v 1.7 2007/06/28 01:24:39 lkundrak Exp $ - -Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on. - ---- src/modules/standard/mod_status.c.orig 2007-06-28 02:39:31.000000000 +0200 -+++ src/modules/standard/mod_status.c 2007-06-28 02:44:25.000000000 +0200 -@@ -221,7 +221,7 @@ static int status_handler(request_rec *r - if (r->method_number != M_GET) - return DECLINED; - -- r->content_type = "text/html"; -+ r->content_type = "text/html; charset=ISO-8859-1"; - - /* - * Simple table-driven form data set parser that lets you alter the header -@@ -247,7 +247,7 @@ static int status_handler(request_rec *r - no_table_report = 1; - break; - case STAT_OPT_AUTO: -- r->content_type = "text/plain"; -+ r->content_type = "text/plain; charset=ISO-8859-1"; - short_report = 1; - break; - } -@@ -591,7 +591,7 @@ static int status_handler(request_rec *r - ap_rputs(")\n", r); - ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n", - ap_escape_html(r->pool, score_record.client), -- ap_escape_html(r->pool, score_record.request), -+ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)), - vhost ? ap_escape_html(r->pool, - vhost->server_hostname) : "(unavailable)"); - } -@@ -686,14 +686,14 @@ static int status_handler(request_rec *r - "</tr>\n\n", - score_record.client, - vhost ? vhost->server_hostname : "(unavailable)", -- ap_escape_html(r->pool, score_record.request)); -+ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request))); - #else - ap_rprintf(r, - "<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n", - ap_escape_html(r->pool, score_record.client), - vhost ? ap_escape_html(r->pool, - vhost->server_hostname) : "(unavailable)", -- ap_escape_html(r->pool, score_record.request)); -+ ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request))); - #endif - } /* no_table_report */ - } /* !short_report */ |