From 0b60f4b750df9d130e99f02ba14540e09b0fe797 Mon Sep 17 00:00:00 2001 From: taca Date: Sun, 16 Sep 2012 03:33:10 +0000 Subject: Update apache22 to 2.2.23. Changes with Apache 2.2.23 *) SECURITY: CVE-2012-0883 (cve.mitre.org) envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the current working directory to be searched for DSOs. [Stefan Fritsch] *) SECURITY: CVE-2012-2687 (cve.mitre.org) mod_negotiation: Escape filenames in variant list to prevent a possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled). [Paul Wouters , Joe Orton] *) mod_ldap: Treat the "server unavailable" condition as a transient error with all LDAP SDKs. [Filip Valder ] *) core: Add filesystem paths to access denied / access failed messages. [Eric Covener] *) core: Fix error handling in ap_scan_script_header_err_brigade() if there is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch] *) core: Prevent "httpd -k restart" from killing server in presence of config error. [Joe Orton] *) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive, adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'. [Kaspar Brand, William Rowe] *) mod_log_config: Fix %{abc}C truncating cookie values at first "=". PR 53104. [Greg Ames] *) Unix MPMs: Fix small memory leak in parent process if connect() failed when waking up children. [Joe Orton] *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945. [Peter Pramberger , Jim Jagielski] *) Added SSLProxyMachineCertificateChainFile directive so the proxy client can select the proper client certificate when using a chain and the remote server only lists the root CA as allowed. *) mpm_event, mpm_worker: Remain active amidst prevalent child process resource shortages. [Jeff Trawick] *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton] *) mod_rewrite: Fix the RewriteEngine directive to work within a location. Previously, once RewriteEngine was switched on globally, it was impossible to switch off. [Graham Leggett] *) mod_proxy_balancer: Restore balancing after a failed worker has recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick] *) mod_dumpio: Properly handle errors from subsequent input filters. PR 52914. [Stefan Fritsch] *) mpm_worker: Fix cases where the spawn rate wasn't reduced after child process resource shortages. [Jeff Trawick] *) mpm_prefork: Reduce spawn rate after a child process exits due to unexpected poll or accept failure. [Jeff Trawick] *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid from logging bogus data in case of errors. [Stefan Fritsch] *) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the response is a 206 Partial Content. This stops a reverse proxied partial response from becoming cached, and then being served in subsequent responses. PR 49113. [Graham Leggett] *) configure: Fix usage with external apr and apu in non-default paths and recent gcc versions >= 4.6. [Jean-Frederic Clere] *) core: Fix building against PCRE 8.30 by switching from the obsolete pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung] *) mod_proxy: Add the forcerecovery balancer parameter that determines if recovery for balancer workers is enforced. [Ruediger Pluem] --- www/apache22/Makefile | 5 ++--- www/apache22/PLIST | 13 +++++++----- www/apache22/distinfo | 11 +++++------ www/apache22/patches/patch-af | 19 ------------------ www/apache22/patches/patch-docs_man_apxs.8 | 19 ++++++++++++++++++ www/apache22/patches/patch-support_envvars-std.in | 24 ----------------------- 6 files changed, 34 insertions(+), 57 deletions(-) delete mode 100644 www/apache22/patches/patch-af create mode 100644 www/apache22/patches/patch-docs_man_apxs.8 delete mode 100644 www/apache22/patches/patch-support_envvars-std.in (limited to 'www/apache22') diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 3f5936e50df..3404dc2745f 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.80 2012/04/22 19:08:03 spz Exp $ +# $NetBSD: Makefile,v 1.81 2012/09/16 03:33:10 taca Exp $ -DISTNAME= httpd-2.2.22 -PKGREVISION= 1 +DISTNAME= httpd-2.2.23 PKGNAME= ${DISTNAME:S/httpd/apache/} CATEGORIES= www diff --git a/www/apache22/PLIST b/www/apache22/PLIST index 75d4f406a2a..3455ebdd64f 100644 --- a/www/apache22/PLIST +++ b/www/apache22/PLIST @@ -1,5 +1,4 @@ -@comment $NetBSD: PLIST,v 1.20 2012/02/01 19:53:21 tron Exp $ -${PLIST.suexec}sbin/suexec +@comment $NetBSD: PLIST,v 1.21 2012/09/16 03:33:10 taca Exp $ include/httpd/ap_compat.h include/httpd/ap_config.h include/httpd/ap_config_auto.h @@ -127,17 +126,17 @@ ${PLIST.all-shared}lib/httpd/mod_version.so ${PLIST.all-shared}lib/httpd/mod_vhost_alias.so libexec/cgi-bin/printenv libexec/cgi-bin/test-cgi -man/man1/ab.1 -man/man1/apxs.1 man/man1/dbmmanage.1 man/man1/htdbm.1 man/man1/htdigest.1 man/man1/htpasswd.1 man/man1/httxt2dbm.1 -man/man1/logresolve.1 +man/man8/ab.8 man/man8/apachectl.8 +man/man8/apxs.8 man/man8/htcacheclean.8 man/man8/httpd.8 +man/man8/logresolve.8 man/man8/rotatelogs.8 man/man8/suexec.8 sbin/ab @@ -156,6 +155,7 @@ sbin/httxt2dbm sbin/logresolve sbin/mkcert sbin/rotatelogs +${PLIST.suexec}sbin/suexec share/examples/httpd/extra/httpd-autoindex.conf share/examples/httpd/extra/httpd-dav.conf share/examples/httpd/extra/httpd-default.conf @@ -576,6 +576,7 @@ share/httpd/manual/images/mod_rewrite_fig1.png share/httpd/manual/images/mod_rewrite_fig2.gif share/httpd/manual/images/mod_rewrite_fig2.png share/httpd/manual/images/pixel.gif +share/httpd/manual/images/rewrite_backreferences.png share/httpd/manual/images/rewrite_rule_flow.png share/httpd/manual/images/right.gif share/httpd/manual/images/ssl_intro_fig1.gif @@ -1180,11 +1181,13 @@ share/httpd/manual/style/css/manual-print.css share/httpd/manual/style/css/manual-zip-100pc.css share/httpd/manual/style/css/manual-zip.css share/httpd/manual/style/css/manual.css +share/httpd/manual/style/css/prettify.css share/httpd/manual/style/faq.dtd share/httpd/manual/style/lang.dtd share/httpd/manual/style/latex/atbeginend.sty share/httpd/manual/style/manualpage.dtd share/httpd/manual/style/modulesynopsis.dtd +share/httpd/manual/style/scripts/prettify.js share/httpd/manual/style/sitemap.dtd share/httpd/manual/style/version.ent share/httpd/manual/suexec.html diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 17882d1469c..8152b5b6fe1 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,19 +1,18 @@ -$NetBSD: distinfo,v 1.51 2012/04/22 19:08:03 spz Exp $ +$NetBSD: distinfo,v 1.52 2012/09/16 03:33:10 taca Exp $ -SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696 -RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9 -Size (httpd-2.2.22.tar.bz2) = 5378934 bytes +SHA1 (httpd-2.2.23.tar.bz2) = 2776145201068045d4ed83157a0e2e1c28c4c453 +RMD160 (httpd-2.2.23.tar.bz2) = 16b15876d8296a2733d4d28a8a78362d0677792d +Size (httpd-2.2.23.tar.bz2) = 5485205 bytes SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 -SHA1 (patch-af) = 580950dbf0154ba1c93f5c58eae766c7d6c0c00c SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 +SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 -SHA1 (patch-support_envvars-std.in) = 03e4989e104f4a1902a9135649d603f3e8d53d4c diff --git a/www/apache22/patches/patch-af b/www/apache22/patches/patch-af deleted file mode 100644 index 278ba6db864..00000000000 --- a/www/apache22/patches/patch-af +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-af,v 1.6 2012/02/01 19:53:21 tron Exp $ - -Fix markup glitch. - ---- docs/man/apxs.1.orig 2012-01-10 23:32:02.000000000 +0000 -+++ docs/man/apxs.1 2012-02-01 19:18:34.000000000 +0000 -@@ -96,7 +96,11 @@ - - .TP - -q --Performs a query for apxs's knowledge about certain settings\&. The \fIquery\fR parameters can be one or more of the following strings: CC, CFLAGS, CFLAGS_SHLIB, INCLUDEDIR, LD_SHLIB, LDFLAGS_SHLIB, LIBEXECDIR, LIBS_SHLIB, SBINDIR, SYSCONFDIR, TARGET\&. .PP Use this for manually determining settings\&. For instance use INC=-I`apxs -q INCLUDEDIR` .PP inside your own Makefiles if you need manual access to Apache's C header files\&. -+Performs a query for apxs's knowledge about certain settings\&. The \fIquery\fR parameters can be one or more of the following strings: CC, CFLAGS, CFLAGS_SHLIB, INCLUDEDIR, LD_SHLIB, LDFLAGS_SHLIB, LIBEXECDIR, LIBS_SHLIB, SBINDIR, SYSCONFDIR, TARGET\&. -+.PP -+Use this for manually determining settings\&. For instance use INC=-I`apxs -q INCLUDEDIR` -+.PP -+inside your own Makefiles if you need manual access to Apache's C header files\&. - - .SS "Configuration Options" - diff --git a/www/apache22/patches/patch-docs_man_apxs.8 b/www/apache22/patches/patch-docs_man_apxs.8 new file mode 100644 index 00000000000..6e764bf7c26 --- /dev/null +++ b/www/apache22/patches/patch-docs_man_apxs.8 @@ -0,0 +1,19 @@ +$NetBSD: patch-docs_man_apxs.8,v 1.1 2012/09/16 03:33:10 taca Exp $ + +Fix document for pkgsrc. + +--- docs/man/apxs.8.orig 2012-03-21 09:33:55.000000000 +0000 ++++ docs/man/apxs.8 +@@ -96,7 +96,11 @@ This explicitly sets the module name for + + .TP + -q +-Performs a query for apxs's knowledge about certain settings\&. The \fIquery\fR parameters can be one or more of the following strings: CC, CFLAGS, CFLAGS_SHLIB, INCLUDEDIR, LD_SHLIB, LDFLAGS_SHLIB, LIBEXECDIR, LIBS_SHLIB, SBINDIR, SYSCONFDIR, TARGET\&. .PP Use this for manually determining settings\&. For instance use INC=-I`apxs -q INCLUDEDIR` .PP inside your own Makefiles if you need manual access to Apache's C header files\&. ++Performs a query for apxs's knowledge about certain settings\&. The \fIquery\fR parameters can be one or more of the following strings: CC, CFLAGS, CFLAGS_SHLIB, INCLUDEDIR, LD_SHLIB, LDFLAGS_SHLIB, LIBEXECDIR, LIBS_SHLIB, SBINDIR, SYSCONFDIR, TARGET\&. ++.PP ++Use this for manually determining settings\&. For instance use INC=-I`apxs -q INCLUDEDIR` ++.PP ++inside your own Makefiles if you need manual access to Apache's C header files\&. + + .SS "Configuration Options" + diff --git a/www/apache22/patches/patch-support_envvars-std.in b/www/apache22/patches/patch-support_envvars-std.in deleted file mode 100644 index c667e60aa84..00000000000 --- a/www/apache22/patches/patch-support_envvars-std.in +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-support_envvars-std.in,v 1.1 2012/04/22 19:08:03 spz Exp $ - -http://svn.apache.org/viewvc?view=revision&revision=1296428 : - -Fix insecure handling of LD_LIBRARY_PATH that could lead to the -current working directory to be searched for DSOs - -CVE-2012-0883 - ---- support/envvars-std.in.orig 2006-07-12 03:38:44.000000000 +0000 -+++ support/envvars-std.in -@@ -18,7 +18,11 @@ - # - # This file is generated from envvars-std.in - # --@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" -+if test "x$@SHLIBPATH_VAR@" != "x" ; then -+ @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" -+else -+ @SHLIBPATH_VAR@="@exp_libdir@" -+fi - export @SHLIBPATH_VAR@ - # - @OS_SPECIFIC_VARS@ -- cgit v1.2.3