summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authortron <tron>2005-12-15 12:57:29 +0000
committertron <tron>2005-12-15 12:57:29 +0000
commit5233cb4665366ac4cb7cad65458bfa4aab2dc06e (patch)
tree1ef05f3346a2613e11a5dff50477d74e637116f4 /www
parentc57e63a783d29bafae4cb9ac21fc5b3bd2c4fd04 (diff)
downloadpkgsrc-5233cb4665366ac4cb7cad65458bfa4aab2dc06e.tar.gz
Add fix for security vulnerability reported in CVE-2005-3352 taken from
Apache SVN repository. Bump package revision because of that.
Diffstat (limited to 'www')
-rw-r--r--www/apache/Makefile3
-rw-r--r--www/apache/distinfo3
-rw-r--r--www/apache/patches/patch-ap13
3 files changed, 17 insertions, 2 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile
index 244c5a6757a..79cf116cc78 100644
--- a/www/apache/Makefile
+++ b/www/apache/Makefile
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.175 2005/12/05 23:55:22 rillig Exp $
+# $NetBSD: Makefile,v 1.176 2005/12/15 12:57:29 tron Exp $
#
# This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
# code hooks that allow mod_ssl to be compiled separately later, if desired).
DISTNAME= apache_1.3.34
PKGNAME= ${DISTNAME:S/_/-/}
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
diff --git a/www/apache/distinfo b/www/apache/distinfo
index 4c14c3abd64..10c975d7f5b 100644
--- a/www/apache/distinfo
+++ b/www/apache/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.47 2005/10/19 20:30:21 bouyer Exp $
+$NetBSD: distinfo,v 1.48 2005/12/15 12:57:30 tron Exp $
SHA1 (apache_1.3.34.tar.gz) = df082b73f1220555dc416c0c5afa746e30a9e0de
RMD160 (apache_1.3.34.tar.gz) = e39dfc57b7f9164aa76641de3fa74f0314c9ec9e
@@ -23,3 +23,4 @@ SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a
SHA1 (patch-al) = f9d329ca9465af0254f76d732f80ed4bf57a846a
SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0
SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29
+SHA1 (patch-ap) = 90ac139c91dcc45abb04e9496273f2ef4742d260
diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap
new file mode 100644
index 00000000000..acd2852b7a7
--- /dev/null
+++ b/www/apache/patches/patch-ap
@@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.7 2005/12/15 12:57:30 tron Exp $
+
+--- src/modules/standard/mod_imap.c.orig 2004-11-24 20:10:19.000000000 +0100
++++ src/modules/standard/mod_imap.c 2005-12-15 13:02:18.000000000 +0100
+@@ -328,7 +328,7 @@
+ if (!strcasecmp(value, "referer")) {
+ referer = ap_table_get(r->headers_in, "Referer");
+ if (referer && *referer) {
+- return ap_pstrdup(r->pool, referer);
++ return ap_escape_html(r->pool, referer);
+ }
+ else {
+ /* XXX: This used to do *value = '\0'; ... which is totally bogus