summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorreed <reed@pkgsrc.org>2004-09-23 21:07:25 +0000
committerreed <reed@pkgsrc.org>2004-09-23 21:07:25 +0000
commit414aa11f94b57073df8a9725a7c57bed4c4a8f61 (patch)
treeadd6ec25c9868c82f4c7ad5f72a4dfae09797a9a /www
parent791bdc4dc02390f666d13f955954ec1e41545fcd (diff)
downloadpkgsrc-414aa11f94b57073df8a9725a7c57bed4c4a8f61.tar.gz
Add patch for Apache security issue.
2.0.51 had a regression where the Satisfy directive could take effect for different directories (and could bypass some access control). This patch is direct from Apache. Also bumped the package revision.
Diffstat (limited to 'www')
-rw-r--r--www/apache2/Makefile3
-rw-r--r--www/apache2/patches/patch-ab29
2 files changed, 31 insertions, 1 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 545d0b24c37..9052cc375eb 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.44 2004/09/20 17:19:33 adrianp Exp $
+# $NetBSD: Makefile,v 1.45 2004/09/23 21:07:25 reed Exp $
PKGNAME= apache-${APACHE_VERSION}
+PKGREVISION= 1
CATEGORIES= www
HOMEPAGE= http://httpd.apache.org/
diff --git a/www/apache2/patches/patch-ab b/www/apache2/patches/patch-ab
new file mode 100644
index 00000000000..19aaeada36c
--- /dev/null
+++ b/www/apache2/patches/patch-ab
@@ -0,0 +1,29 @@
+$NetBSD: patch-ab,v 1.3 2004/09/23 21:07:25 reed Exp $
+
+http://www.apache.org/dist/httpd/patches/apply_to_2.0.51/CAN-2004-0811.patch
+
+SECURITY: CAN-2004-0811 (cve.mitre.org)
+
+Fix merging of the Satisfy directive, which was applied to
+the surrounding context and could allow access despite configured
+authentication. (a regression in 2.0.51)
+
+Apache PR: 31315
+Submitted by: Rici Lake <rici ricilake.net>
+
+--- server/core.c 2004/08/31 08:16:56 1.225.2.27
++++ server/core.c 2004/09/21 13:21:16 1.225.2.28
+@@ -351,9 +351,13 @@
+ /* Otherwise we simply use the base->sec_file array
+ */
+
++ /* use a separate ->satisfy[] array either way */
++ conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
+ for (i = 0; i < METHODS; ++i) {
+ if (new->satisfy[i] != SATISFY_NOSPEC) {
+ conf->satisfy[i] = new->satisfy[i];
++ } else {
++ conf->satisfy[i] = base->satisfy[i];
+ }
+ }
+