From 36c0915a6c65676c7e2444c2bf1ad37e2111a1a4 Mon Sep 17 00:00:00 2001 From: spz Date: Mon, 15 Jul 2013 20:19:16 +0000 Subject: Pullup ticket #4184 - requested by tron www/apache22: security update Revisions pulled up: - www/apache22/Makefile 1.92 - www/apache22/distinfo 1.57 - www/apache22/patches/patch-modules_mappers_mod_rewrite.c deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Mon Jul 15 18:15:49 UTC 2013 Modified Files: pkgsrc/www/apache22: Makefile distinfo Removed Files: pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c Log Message: Update "apache22" package to version 2.2.25. Changes since 2.2.24: - SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. [Eric Covener, Jeff Trawick, Joe Orton] - core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer strings. The default limit for ap_pregsub() can be adjusted at compile time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick] - core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization on Linux kernel versions 3.x and above. Bug#55121. [Bradley Heilbrun ] - mod_setenvif: Log error on substitution overflow. [Stefan Fritsch] - mod_ssl/proxy: enable the SNI extension for backend TLS connections [Kaspar Brand] - mod_proxy: Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. Bug#53134. [Michael Weiser , Ruediger Pluem] - mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits in the error log to debug level. [William Rowe] - mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698. [Keith Burdis , Joe Orton, Kaspar Brand] - mod_proxy_balancer: Added balancer parameter failontimeout to allow server admin to configure an IO timeout as an error in the balancer. [Daniel Ruggeri] - mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password. [Daniel Ruggeri] - htdigest: Fix buffer overflow when reading digest password file with very long lines. Bug#54893. [Rainer Jung] - mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [Ben Reser ] - mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611 [Timothy Wood ] - mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. Bug#53910 [Timothy Wood ] - mod_dav: Sending an If or If-Match header with an invalid ETag doesn't result in a 412 Precondition Failed for a COPY operation. PR54610 [Timothy Wood ] - mod_dav: When a PROPPATCH attempts to remove a non-existent dead property on a resource for which there is no dead property in the same namespace httpd segfaults. Bug#52559 [Diego Santa Cruz ] - mod_dav: Do not fail PROPPATCH when prop namespace is not known. Bug#52559 [Diego Santa Cruz ] - mod_dav: Do not segfault on PROPFIND with a zero length DBM. Bug#52559 [Diego Santa Cruz ] To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 pkgsrc/www/apache22/Makefile cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/apache22/distinfo cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c --- www/apache22/Makefile | 5 ++--- www/apache22/distinfo | 9 ++++----- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/www/apache22/Makefile b/www/apache22/Makefile index df5aae9e8a1..48e5bcce5bb 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.89 2013/05/31 12:42:31 wiz Exp $ +# $NetBSD: Makefile,v 1.89.2.1 2013/07/15 20:19:16 spz Exp $ -DISTNAME= httpd-2.2.24 +DISTNAME= httpd-2.2.25 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ http://archive.apache.org/dist/httpd/ \ diff --git a/www/apache22/distinfo b/www/apache22/distinfo index c9ae5f8efeb..ca5bba53c44 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.55 2013/05/30 22:58:14 tron Exp $ +$NetBSD: distinfo,v 1.55.2.1 2013/07/15 20:19:16 spz Exp $ -SHA1 (httpd-2.2.24.tar.bz2) = f73bce14832ec40c1aae68f4f8c367cab2266241 -RMD160 (httpd-2.2.24.tar.bz2) = 4c31b23615236c407779a23cbfcc8e05ba011224 -Size (httpd-2.2.24.tar.bz2) = 5490439 bytes +SHA1 (httpd-2.2.25.tar.bz2) = e34222d1a8de38825397a1c70949bcc5836a1236 +RMD160 (httpd-2.2.25.tar.bz2) = 8a7745a5f6acb84adaac5cbd94f0e842c3cd7edc +Size (httpd-2.2.25.tar.bz2) = 5524905 bytes SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad @@ -15,6 +15,5 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 -SHA1 (patch-modules_mappers_mod_rewrite.c) = a1cee8c7c97936e15a1596a54ddc1839a5b1038d SHA1 (patch-modules_ssl_ssl__engine__kernel.c) = fd6f425d18231f0daca9fc2553638891a7241a4a SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 -- cgit v1.2.3