diff options
author | lkundrak <lkundrak@pkgsrc.org> | 2007-06-05 01:43:44 +0000 |
---|---|---|
committer | lkundrak <lkundrak@pkgsrc.org> | 2007-06-05 01:43:44 +0000 |
commit | 840cbcb818045a598649da0fe996bfc738ca8389 (patch) | |
tree | 9f7ef47ca58574d85df1f318ec3a191c12191d61 /www | |
parent | 4622d23e249f6b0cf97e3fe540fe684cfbe0d102 (diff) | |
download | pkgsrc-840cbcb818045a598649da0fe996bfc738ca8389.tar.gz |
Bump apache22 to 2.2.4nb4 due to:
Security fix for CVE-2007-1862 sensitive information disclosure
http://issues.apache.org/bugzilla/show_bug.cgi?id=41551
http://issues.apache.org/bugzilla/attachment.cgi?id=20065
Diffstat (limited to 'www')
-rw-r--r-- | www/apache22/Makefile | 4 | ||||
-rw-r--r-- | www/apache22/distinfo | 3 | ||||
-rw-r--r-- | www/apache22/patches/patch-an | 55 |
3 files changed, 59 insertions, 3 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index cc67e974f02..235d87be5e4 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.11 2007/05/30 18:06:38 rillig Exp $ +# $NetBSD: Makefile,v 1.12 2007/06/05 01:43:44 lkundrak Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 9d7782a7e15..27209698491 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2007/02/25 00:02:35 sborrill Exp $ +$NetBSD: distinfo,v 1.5 2007/06/05 01:43:44 lkundrak Exp $ SHA1 (httpd-2.2.4.tar.bz2) = 64ceae373434a986dc99b8ed953afa0d4fad85ce RMD160 (httpd-2.2.4.tar.bz2) = bb6e8a7447fa8e8f629010f30b548068de518523 @@ -12,3 +12,4 @@ SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 +SHA1 (patch-an) = 1d02b10e92ad1f613b17b6ebc812d8931b54d3da diff --git a/www/apache22/patches/patch-an b/www/apache22/patches/patch-an new file mode 100644 index 00000000000..5e215bd767c --- /dev/null +++ b/www/apache22/patches/patch-an @@ -0,0 +1,55 @@ +$NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $ + +Security fix for CVE-2007-1862 sensitive information disclosure +http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 +http://issues.apache.org/bugzilla/attachment.cgi?id=20065 + +--- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200 ++++ modules/cache/mod_mem_cache.c +@@ -539,12 +539,26 @@ static int remove_url(cache_handle_t *h, + return OK; + } + ++static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table) ++{ ++ const apr_array_header_t *array = apr_table_elts(table); ++ apr_table_entry_t *elts = (apr_table_entry_t *) array->elts; ++ apr_table_t *copy = apr_table_make(p, array->nelts); ++ int i; ++ ++ for (i = 0; i < array->nelts; i++) { ++ apr_table_add(copy, elts[i].key, elts[i].val); ++ } ++ ++ return copy; ++} ++ + static apr_status_t recall_headers(cache_handle_t *h, request_rec *r) + { + mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj; + +- h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs); +- h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out); ++ h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs); ++ h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out); + + return OK; + } +@@ -585,7 +599,7 @@ static apr_status_t store_headers(cache_ + * - The original response headers (for returning with a cached response) + * - The body of the message + */ +- mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in); ++ mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in); + + /* Precompute how much storage we need to hold the headers */ + headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out, +@@ -599,7 +613,7 @@ static apr_status_t store_headers(cache_ + } + + headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out); +- mobj->header_out = apr_table_copy(mobj->pool, headers_out); ++ mobj->header_out = deep_table_copy(mobj->pool, headers_out); + + /* Init the info struct */ + obj->info.status = info->status; |