diff options
| author | taca <taca@pkgsrc.org> | 2014-10-08 04:27:17 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2014-10-08 04:27:17 +0000 |
| commit | 54459c2bf6e09d5c8e559dfc2a062e8ec45027f7 (patch) | |
| tree | 68102d204fee14dfbff170b3ddf3af5ab95b1b77 /www | |
| parent | b79d140b2b79bead19b097c698f9c527f2deea82 (diff) | |
| download | pkgsrc-54459c2bf6e09d5c8e559dfc2a062e8ec45027f7.tar.gz | |
Add patch for CVE-2014-3581.
Bump PKGREVISION.
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache24/Makefile | 3 | ||||
| -rw-r--r-- | www/apache24/distinfo | 3 | ||||
| -rw-r--r-- | www/apache24/patches/patch-modules_cache_cache__util.c | 19 |
3 files changed, 23 insertions, 2 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index e124efff5f4..93e281c3420 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.30 2014/07/23 10:34:02 tron Exp $ +# $NetBSD: Makefile,v 1.31 2014/10/08 04:27:17 taca Exp $ DISTNAME= httpd-2.4.10 PKGNAME= ${DISTNAME:S/httpd/apache/} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache24/distinfo b/www/apache24/distinfo index fd7e183431b..a9ccbc0b66b 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2014/07/23 10:34:02 tron Exp $ +$NetBSD: distinfo,v 1.16 2014/10/08 04:27:17 taca Exp $ SHA1 (httpd-2.4.10.tar.bz2) = 00f5c3f8274139bd6160eda2cf514fa9b74549e5 RMD160 (httpd-2.4.10.tar.bz2) = 254f4b9b8cc4e151aa46973311077baa0a3daad3 @@ -14,4 +14,5 @@ SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911 SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777 SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96 +SHA1 (patch-modules_cache_cache__util.c) = 35a41fee80fc990b0d56767db67f8e403e692e55 SHA1 (patch-server_core__filters.c) = 331672c9a65691229518f31dcdae64382b392287 diff --git a/www/apache24/patches/patch-modules_cache_cache__util.c b/www/apache24/patches/patch-modules_cache_cache__util.c new file mode 100644 index 00000000000..bcb3c6b387a --- /dev/null +++ b/www/apache24/patches/patch-modules_cache_cache__util.c @@ -0,0 +1,19 @@ +$NetBSD: patch-modules_cache_cache__util.c,v 1.1 2014/10/08 04:27:17 taca Exp $ + +Fix for CVE-2014-3581 - Avoid a crash when Content-Type has an empty value. + +--- modules/cache/cache_util.c.orig 2014-05-30 13:50:37.000000000 +0000 ++++ modules/cache/cache_util.c +@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req + + if (r->content_type + && !apr_table_get(headers_out, "Content-Type")) { +- apr_table_setn(headers_out, "Content-Type", +- ap_make_content_type(r, r->content_type)); ++ const char *ctype = ap_make_content_type(r, r->content_type); ++ if (ctype) { ++ apr_table_setn(headers_out, "Content-Type", ctype); ++ } + } + + if (r->content_encoding |