From 51b6be0c1188d9d3f48fbb6a9fde910305145046 Mon Sep 17 00:00:00 2001 From: salo Date: Thu, 15 Dec 2005 11:56:03 +0000 Subject: Pullup ticket 959 - requested by Matthias Scheler security fix for apache2 Revisions pulled up: - pkgsrc/www/apache2/Makefile 1.89 - pkgsrc/www/apache2/distinfo 1.45 - pkgsrc/www/apache2/patches/patch-ae 1.7 Module Name: pkgsrc Committed By: tron Date: Thu Dec 15 11:29:00 UTC 2005 Modified Files: pkgsrc/www/apache2: Makefile distinfo Added Files: pkgsrc/www/apache2/patches: patch-ae Log Message: Add fix for security vulnerability reported in CVE-2005-3352 taken from Apache SVN repository. Bump package revision because of that. --- www/apache2/Makefile | 4 ++-- www/apache2/distinfo | 3 ++- www/apache2/patches/patch-ae | 13 +++++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 www/apache2/patches/patch-ae diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 7390f35c4fd..16e5e87ca0c 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.82.2.3 2005/10/24 00:25:22 seb Exp $ +# $NetBSD: Makefile,v 1.82.2.4 2005/12/15 11:56:03 salo Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache2/distinfo b/www/apache2/distinfo index 589af52d3c9..321b9b1645b 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42.2.1 2005/10/18 21:21:27 seb Exp $ +$NetBSD: distinfo,v 1.42.2.2 2005/12/15 11:56:03 salo Exp $ SHA1 (httpd-2.0.55.tar.bz2) = ab016aace57f34cb3eae5c9d48f2bcc5759d6c84 RMD160 (httpd-2.0.55.tar.bz2) = 04749dcf9ea369152eddf9422e49bc0a77a443eb @@ -7,6 +7,7 @@ SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b +SHA1 (patch-ae) = 4d906691447dd718547b18ebfbb80322443afcda SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215 diff --git a/www/apache2/patches/patch-ae b/www/apache2/patches/patch-ae new file mode 100644 index 00000000000..72086607d9d --- /dev/null +++ b/www/apache2/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.5.2.2 2005/12/15 11:56:03 salo Exp $ + +--- modules/mappers/mod_imap.c.orig 2005-02-04 20:21:18.000000000 +0000 ++++ modules/mappers/mod_imap.c 2005-12-15 11:23:25.000000000 +0000 +@@ -342,7 +342,7 @@ + if (!strcasecmp(value, "referer")) { + referer = apr_table_get(r->headers_in, "Referer"); + if (referer && *referer) { +- return apr_pstrdup(r->pool, referer); ++ return ap_escape_html(r->pool, referer); + } + else { + /* XXX: This used to do *value = '\0'; ... which is totally bogus -- cgit v1.2.3