diff options
| author | taca <taca> | 2004-05-13 11:39:09 +0000 |
|---|---|---|
| committer | taca <taca> | 2004-05-13 11:39:09 +0000 |
| commit | 794efce466c8aaea676057edb6da1d38eb2e2cda (patch) | |
| tree | db7798594ffc861faa4a36f8155fb8a9016c0b23 /www | |
| parent | 5a6f99914689920054dc426df424b42700f0144f (diff) | |
| download | pkgsrc-794efce466c8aaea676057edb6da1d38eb2e2cda.tar.gz | |
Update apache package to 1.3.31.
Apache 1.3.31 Major changes
Security vulnerabilities
* CAN-2003-0987 (cve.mitre.org)
In mod_digest, verify whether the nonce returned in the client
response is one we issued ourselves. This problem does not affect
mod_auth_digest.
* CAN-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog.
* CAN-2004-0174 (cve.mitre.org)
Fix starvation issue on listening sockets where a short-lived
connection on a rarely-accessed listening socket will cause a
child to hold the accept mutex and block out new connections until
another connection arrives on that rarely-accessed listening socket.
* CAN-2003-0993 (cve.mitre.org)
Fix parsing of Allow/Deny rules using IP addresses without a
netmask; issue is only known to affect big-endian 64-bit
platforms
New features
New features that relate to specific platforms:
* Linux 2.4+: If Apache is started as root and you code
CoreDumpDirectory, core dumps are enabled via the prctl() syscall.
New features that relate to all platforms:
* Add mod_whatkilledus and mod_backtrace (experimental) for
reporting diagnostic information after a child process crash.
* Add fatal exception hook for running diagnostic code after a
crash.
* Forensic logging module added (mod_log_forensic)
* '%X' is now accepted as an alias for '%c' in the
LogFormat directive. This allows you to configure logging
to still log the connection status even with mod_ssl
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.29 (or earlier)
and have been fixed in Apache 1.3.31:
* Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
* mod_usertrack no longer inspects the Cookie2 header for
the cookie name. It also no longer overwrites other cookies.
* Fix bug causing core dump when using CookieTracking without
specifying a CookieName directly.
* UseCanonicalName off was ignoring the client provided
port information.
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache/Makefile | 9 | ||||
| -rw-r--r-- | www/apache/PLIST | 17 | ||||
| -rw-r--r-- | www/apache/distinfo | 14 | ||||
| -rw-r--r-- | www/apache/patches/patch-ap | 30 | ||||
| -rw-r--r-- | www/apache/patches/patch-aq | 14 | ||||
| -rw-r--r-- | www/apache/patches/patch-ar | 75 | ||||
| -rw-r--r-- | www/apache/patches/patch-as | 16 |
7 files changed, 20 insertions, 155 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile index 848e573c5ac..cc0687017e5 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,12 +1,11 @@ -# $NetBSD: Makefile,v 1.144 2004/04/26 20:06:58 jlam Exp $ +# $NetBSD: Makefile,v 1.145 2004/05/13 11:39:09 taca Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). DISTNAME= apache_${APACHE_VERSION} PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 2 -APACHE_VERSION= 1.3.29 +APACHE_VERSION= 1.3.31 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} @@ -19,8 +18,8 @@ COMMENT= Apache HTTP (Web) server NETBSD_LOGO= sitedrivenby.gif SITES_${NETBSD_LOGO}= http://www.NetBSD.org/images/logos/ -MODSSL_VERSION= 2.8.16 -MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.29 +MODSSL_VERSION= 2.8.17 +MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.31 MODSSL_DIST= ${MODSSL_DISTNAME}.tar.gz MODSSL_SRC= ${WRKDIR}/${MODSSL_DISTNAME} SITES_${MODSSL_DIST}= http://www.modssl.org/source/ \ diff --git a/www/apache/PLIST b/www/apache/PLIST index c7108f8e3c0..41d5e5b9404 100644 --- a/www/apache/PLIST +++ b/www/apache/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.10 2004/04/23 22:07:59 reed Exp $ +@comment $NetBSD: PLIST,v 1.11 2004/05/13 11:39:09 taca Exp $ bin/checkgid bin/dbmmanage bin/htdigest @@ -83,6 +83,7 @@ share/httpd/htdocs/index.html.en share/httpd/htdocs/index.html.es share/httpd/htdocs/index.html.fr share/httpd/htdocs/index.html.he.iso8859-8 +share/httpd/htdocs/index.html.hu share/httpd/htdocs/index.html.it share/httpd/htdocs/index.html.ja.jis share/httpd/htdocs/index.html.kr.iso-kr @@ -102,7 +103,6 @@ share/httpd/htdocs/index.html.ru.ucs4 share/httpd/htdocs/index.html.ru.utf8 share/httpd/htdocs/index.html.se share/httpd/htdocs/index.html.zh-tw.big5 -share/httpd/htdocs/manual/FAQ.html share/httpd/htdocs/manual/LICENSE share/httpd/htdocs/manual/bind.html.en share/httpd/htdocs/manual/bind.html.fr @@ -173,7 +173,9 @@ share/httpd/htdocs/manual/invoking.html.html share/httpd/htdocs/manual/keepalive.html.en share/httpd/htdocs/manual/keepalive.html.html share/httpd/htdocs/manual/keepalive.html.ja.jis -share/httpd/htdocs/manual/location.html +share/httpd/htdocs/manual/location.html.en +share/httpd/htdocs/manual/location.html.html +share/httpd/htdocs/manual/location.html.ja.jis share/httpd/htdocs/manual/logs.html share/httpd/htdocs/manual/man-template.html share/httpd/htdocs/manual/misc/API.html @@ -242,7 +244,9 @@ share/httpd/htdocs/manual/mod/mod_auth_anon.html share/httpd/htdocs/manual/mod/mod_auth_db.html share/httpd/htdocs/manual/mod/mod_auth_dbm.html share/httpd/htdocs/manual/mod/mod_auth_digest.html -share/httpd/htdocs/manual/mod/mod_autoindex.html +share/httpd/htdocs/manual/mod/mod_autoindex.html.en +share/httpd/htdocs/manual/mod/mod_autoindex.html.html +share/httpd/htdocs/manual/mod/mod_autoindex.html.ja.jis share/httpd/htdocs/manual/mod/mod_browser.html share/httpd/htdocs/manual/mod/mod_cern_meta.html share/httpd/htdocs/manual/mod/mod_cgi.html.en @@ -272,6 +276,8 @@ share/httpd/htdocs/manual/mod/mod_log_common.html share/httpd/htdocs/manual/mod/mod_log_config.html.en share/httpd/htdocs/manual/mod/mod_log_config.html.html share/httpd/htdocs/manual/mod/mod_log_config.html.ja.jis +share/httpd/htdocs/manual/mod/mod_log_forensic.html.en +share/httpd/htdocs/manual/mod/mod_log_forensic.html.html share/httpd/htdocs/manual/mod/mod_log_referer.html share/httpd/htdocs/manual/mod/mod_mime.html.en share/httpd/htdocs/manual/mod/mod_mime.html.html @@ -344,7 +350,6 @@ share/httpd/htdocs/manual/programs/suexec.html.en share/httpd/htdocs/manual/programs/suexec.html.html share/httpd/htdocs/manual/programs/suexec.html.ja.jis share/httpd/htdocs/manual/readme-tpf.html -share/httpd/htdocs/manual/search/manual-index.cgi share/httpd/htdocs/manual/sections.html.en share/httpd/htdocs/manual/sections.html.html share/httpd/htdocs/manual/sections.html.ja.jis @@ -390,6 +395,7 @@ share/httpd/htdocs/manual/win_service.html.en share/httpd/htdocs/manual/win_service.html.html share/httpd/htdocs/manual/win_service.html.ja.jis share/httpd/htdocs/manual/windows.html.en +share/httpd/htdocs/manual/windows.html.html share/httpd/htdocs/manual/windows.html.ja.jis share/httpd/htdocs/sitedrivenby.gif share/httpd/icons/README @@ -613,7 +619,6 @@ share/httpd/icons/world2.png @dirrm share/httpd/icons/small @dirrm share/httpd/icons @dirrm share/httpd/htdocs/manual/vhosts -@dirrm share/httpd/htdocs/manual/search @dirrm share/httpd/htdocs/manual/programs @dirrm share/httpd/htdocs/manual/mod @dirrm share/httpd/htdocs/manual/misc diff --git a/www/apache/distinfo b/www/apache/distinfo index 46aeea0cfb0..f8ba4d9eefc 100644 --- a/www/apache/distinfo +++ b/www/apache/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.32 2004/04/26 20:06:58 jlam Exp $ +$NetBSD: distinfo,v 1.33 2004/05/13 11:39:09 taca Exp $ -SHA1 (apache_1.3.29.tar.gz) = 0fb055dfd8c86457996edb36f19fb66f09dccd6a -Size (apache_1.3.29.tar.gz) = 2435809 bytes +SHA1 (apache_1.3.31.tar.gz) = a5d4298e8f99cae220ba65b5ef128d5742c7298d +Size (apache_1.3.31.tar.gz) = 2467371 bytes SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658 Size (sitedrivenby.gif) = 8519 bytes -SHA1 (mod_ssl-2.8.16-1.3.29.tar.gz) = c098dfffd81a6e5959f414c5c3eec291f58d3e44 -Size (mod_ssl-2.8.16-1.3.29.tar.gz) = 754325 bytes +SHA1 (mod_ssl-2.8.17-1.3.31.tar.gz) = 942ca41a95f1e671ecabf90a8704b85de42d5d42 +Size (mod_ssl-2.8.17-1.3.31.tar.gz) = 754472 bytes SHA1 (patch-aa) = fa3f41ea33fc0088166b067bf68fb807ac53af96 SHA1 (patch-ab) = 71ea1f3a59e0f7bc37175b0eefd462a1f7ca4fb6 SHA1 (patch-ac) = 12347c7a306d3e898b032c2b4b3b01670b62d4fd @@ -20,7 +20,3 @@ SHA1 (patch-ak) = 8f790a692ed9b2dd6943be43fa1cf7629c673955 SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2 SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02 SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4 -SHA1 (patch-ap) = 3dfa2396d481aca2b746d02cb2b161bd956825f8 -SHA1 (patch-aq) = 80032eadbbb546df8eac7fe08800a784c06a06f0 -SHA1 (patch-ar) = b422847735a9a4821cfa8ba8e2e7639ce1605b39 -SHA1 (patch-as) = b81faf1a0addede23a63c1334e47633d3dba38fa diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap deleted file mode 100644 index 3d2ee54266b..00000000000 --- a/www/apache/patches/patch-ap +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-ap,v 1.3 2004/04/07 19:53:27 reed Exp $ -SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog - ---- src/main/http_log.c.orig 2003-02-03 09:13:21.000000000 -0800 -+++ src/main/http_log.c -@@ -314,6 +314,9 @@ static void log_error_core(const char *f - const char *fmt, va_list args) - { - char errstr[MAX_STRING_LEN]; -+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED -+ char scratch[MAX_STRING_LEN]; -+#endif - size_t len; - int save_errno = errno; - FILE *logf; -@@ -445,7 +448,14 @@ static void log_error_core(const char *f - } - #endif - -+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED -+ if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) { -+ len += ap_escape_errorlog_item(errstr + len, scratch, -+ sizeof(errstr) - len); -+ } -+#else - len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args); -+#endif - - /* NULL if we are logging to syslog */ - if (logf) { diff --git a/www/apache/patches/patch-aq b/www/apache/patches/patch-aq deleted file mode 100644 index 128e1b7f7e2..00000000000 --- a/www/apache/patches/patch-aq +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-aq,v 1.3 2004/04/07 19:53:27 reed Exp $ -SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog - ---- src/include/httpd.h.orig 2004-04-07 12:24:10.967724616 -0700 -+++ src/include/httpd.h -@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool * - API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname, - unsigned port, const request_rec *r); - API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str); -+API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, -+ size_t buflen); - API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s); - - API_EXPORT(int) ap_count_dirs(const char *path); diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar deleted file mode 100644 index 5461b844597..00000000000 --- a/www/apache/patches/patch-ar +++ /dev/null @@ -1,75 +0,0 @@ -$NetBSD: patch-ar,v 1.3 2004/04/07 19:53:27 reed Exp $ -SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog - ---- src/main/util.c.orig 2003-02-03 09:13:23.000000000 -0800 -+++ src/main/util.c -@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo - return ret; - } - -+API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, -+ size_t buflen) -+{ -+ unsigned char *d, *ep; -+ const unsigned char *s; -+ -+ if (!source || !buflen) { /* be safe */ -+ return 0; -+ } -+ -+ d = (unsigned char *)dest; -+ s = (const unsigned char *)source; -+ ep = d + buflen - 1; -+ -+ for (; d < ep && *s; ++s) { -+ -+ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) { -+ *d++ = '\\'; -+ if (d >= ep) { -+ --d; -+ break; -+ } -+ -+ switch(*s) { -+ case '\b': -+ *d++ = 'b'; -+ break; -+ case '\n': -+ *d++ = 'n'; -+ break; -+ case '\r': -+ *d++ = 'r'; -+ break; -+ case '\t': -+ *d++ = 't'; -+ break; -+ case '\v': -+ *d++ = 'v'; -+ break; -+ case '\\': -+ *d++ = *s; -+ break; -+ case '"': /* no need for this in error log */ -+ d[-1] = *s; -+ break; -+ default: -+ if (d >= ep - 2) { -+ ep = --d; /* break the for loop as well */ -+ break; -+ } -+ c2x(*s, d); -+ *d = 'x'; -+ d += 3; -+ } -+ } -+ else { -+ *d++ = *s; -+ } -+ } -+ *d = '\0'; -+ -+ return (d - (unsigned char *)dest); -+} - - API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str) - { diff --git a/www/apache/patches/patch-as b/www/apache/patches/patch-as deleted file mode 100644 index 00c39ba9059..00000000000 --- a/www/apache/patches/patch-as +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-as,v 1.3 2004/04/26 20:06:58 jlam Exp $ - ---- src/modules/standard/mod_auth_db.c.orig Mon Feb 3 12:13:27 2003 -+++ src/modules/standard/mod_auth_db.c -@@ -170,7 +170,10 @@ static char *get_db_pw(request_rec *r, c - q.data = user; - q.size = strlen(q.data); - --#if defined(DB3) || defined(DB4) -+#if defined(DB4) -+ if ( db_create(&f, NULL, 0) != 0 -+ || f->open(f, NULL, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) { -+#elif defined(DB3) - if ( db_create(&f, NULL, 0) != 0 - || f->open(f, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) { - #elif defined(DB2) |