diff options
| author | spz <spz@pkgsrc.org> | 2012-04-22 19:08:03 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2012-04-22 19:08:03 +0000 |
| commit | 28ac36edec488ccb3468411cce1de0e328ab6dbf (patch) | |
| tree | fc3e89a570cd00e8c4abdf0da30806ff3ff90f44 /www | |
| parent | c9f1afe78a2fb5ac05d24352b4931b85b1bd79de (diff) | |
| download | pkgsrc-28ac36edec488ccb3468411cce1de0e328ab6dbf.tar.gz | |
patch for CVE-2012-0883 taken from the Apache SVN
bump pkgrev
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache22/Makefile | 3 | ||||
| -rw-r--r-- | www/apache22/distinfo | 3 | ||||
| -rw-r--r-- | www/apache22/patches/patch-support_envvars-std.in | 24 |
3 files changed, 28 insertions, 2 deletions
diff --git a/www/apache22/Makefile b/www/apache22/Makefile index acf7cfb17e6..3f5936e50df 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.79 2012/02/01 19:53:21 tron Exp $ +# $NetBSD: Makefile,v 1.80 2012/04/22 19:08:03 spz Exp $ DISTNAME= httpd-2.2.22 +PKGREVISION= 1 PKGNAME= ${DISTNAME:S/httpd/apache/} CATEGORIES= www diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 840f7b85625..17882d1469c 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.50 2012/02/01 19:53:21 tron Exp $ +$NetBSD: distinfo,v 1.51 2012/04/22 19:08:03 spz Exp $ SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696 RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9 @@ -16,3 +16,4 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 +SHA1 (patch-support_envvars-std.in) = 03e4989e104f4a1902a9135649d603f3e8d53d4c diff --git a/www/apache22/patches/patch-support_envvars-std.in b/www/apache22/patches/patch-support_envvars-std.in new file mode 100644 index 00000000000..c667e60aa84 --- /dev/null +++ b/www/apache22/patches/patch-support_envvars-std.in @@ -0,0 +1,24 @@ +$NetBSD: patch-support_envvars-std.in,v 1.1 2012/04/22 19:08:03 spz Exp $ + +http://svn.apache.org/viewvc?view=revision&revision=1296428 : + +Fix insecure handling of LD_LIBRARY_PATH that could lead to the +current working directory to be searched for DSOs + +CVE-2012-0883 + +--- support/envvars-std.in.orig 2006-07-12 03:38:44.000000000 +0000 ++++ support/envvars-std.in +@@ -18,7 +18,11 @@ + # + # This file is generated from envvars-std.in + # +-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" ++if test "x$@SHLIBPATH_VAR@" != "x" ; then ++ @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" ++else ++ @SHLIBPATH_VAR@="@exp_libdir@" ++fi + export @SHLIBPATH_VAR@ + # + @OS_SPECIFIC_VARS@ |