From c837a0d858a48d5e8557912103cca788f78ec818 Mon Sep 17 00:00:00 2001 From: christos Date: Fri, 30 Oct 2009 21:08:55 +0000 Subject: update to 2.2.14; 2.2.13 is gone. --- www/apache22/Makefile | 6 +-- www/apache22/PLIST | 6 ++- www/apache22/distinfo | 9 ++-- www/apache22/patches/patch-ab | 116 ------------------------------------------ 4 files changed, 12 insertions(+), 125 deletions(-) delete mode 100644 www/apache22/patches/patch-ab (limited to 'www/apache22') diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 11e5fa3be5a..c2b9f0e5155 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.52 2009/10/04 12:21:34 tron Exp $ +# $NetBSD: Makefile,v 1.53 2009/10/30 21:08:55 christos Exp $ -DISTNAME= httpd-2.2.13 +DISTNAME= httpd-2.2.14 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 3 +#PKGREVISION= 3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} diff --git a/www/apache22/PLIST b/www/apache22/PLIST index 98591f33757..f2a1570b048 100644 --- a/www/apache22/PLIST +++ b/www/apache22/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.13 2009/08/06 07:07:23 tron Exp $ +@comment $NetBSD: PLIST,v 1.14 2009/10/30 21:08:55 christos Exp $ ${PLIST.suexec}sbin/suexec include/httpd/ap_compat.h include/httpd/ap_config.h @@ -517,6 +517,7 @@ share/httpd/manual/howto/auth.html share/httpd/manual/howto/auth.html.en share/httpd/manual/howto/auth.html.ja.utf8 share/httpd/manual/howto/auth.html.ko.euc-kr +share/httpd/manual/howto/auth.html.tr.utf8 share/httpd/manual/howto/cgi.html share/httpd/manual/howto/cgi.html.en share/httpd/manual/howto/cgi.html.ja.utf8 @@ -866,6 +867,8 @@ share/httpd/manual/mod/mod_proxy_ftp.html share/httpd/manual/mod/mod_proxy_ftp.html.en share/httpd/manual/mod/mod_proxy_http.html share/httpd/manual/mod/mod_proxy_http.html.en +share/httpd/manual/mod/mod_proxy_scgi.html +share/httpd/manual/mod/mod_proxy_scgi.html.en share/httpd/manual/mod/mod_rewrite.html share/httpd/manual/mod/mod_rewrite.html.en share/httpd/manual/mod/mod_setenvif.html @@ -1181,3 +1184,4 @@ share/httpd/manual/vhosts/name-based.html.tr.utf8 @pkgdir share/httpd/manual/style/xsl/util @pkgdir share/httpd/manual/style/xsl @pkgdir share/httpd/manual/style/lang + diff --git a/www/apache22/distinfo b/www/apache22/distinfo index ab732344cf1..31cb07e3549 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,10 +1,9 @@ -$NetBSD: distinfo,v 1.27 2009/10/04 12:21:34 tron Exp $ +$NetBSD: distinfo,v 1.28 2009/10/30 21:08:55 christos Exp $ -SHA1 (httpd-2.2.13.tar.bz2) = 44d85da1b8e6c579d4514cfefbea00b284717b69 -RMD160 (httpd-2.2.13.tar.bz2) = 4a6a2247cc118175a9a36f1e14344ee71da24627 -Size (httpd-2.2.13.tar.bz2) = 5300199 bytes +SHA1 (httpd-2.2.14.tar.bz2) = eacd04c87b489231ae708c84a77dc8e9ee176fd2 +RMD160 (httpd-2.2.14.tar.bz2) = ff5077e444ba995475202bb3b9be733384c809d1 +Size (httpd-2.2.14.tar.bz2) = 5147171 bytes SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf -SHA1 (patch-ab) = 6aec00f6dc38eee2e8648b4e95df3dbf166ac548 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 diff --git a/www/apache22/patches/patch-ab b/www/apache22/patches/patch-ab deleted file mode 100644 index 910c2b6c7c3..00000000000 --- a/www/apache22/patches/patch-ab +++ /dev/null @@ -1,116 +0,0 @@ -$NetBSD: patch-ab,v 1.14 2009/10/04 12:21:35 tron Exp $ - -Fixes for CVE-2009-3094 and CVE-2009-3095 taken from the Apache SVN repository: - -http://svn.apache.org/viewvc?view=rev&revision=814844 -http://svn.apache.org/viewvc?view=rev&revision=814847 - ---- modules/proxy/mod_proxy_ftp.c.orig 2008-11-11 20:04:34.000000000 +0000 -+++ modules/proxy/mod_proxy_ftp.c 2009-10-04 12:49:43.000000000 +0100 -@@ -604,6 +604,31 @@ - return APR_SUCCESS; - } - -+/* Parse EPSV reply and return port, or zero on error. Modifies -+ * 'reply'. */ -+static apr_port_t parse_epsv_reply(char *reply) -+{ -+ char *p, *ep; -+ long port; -+ -+ /* Reply syntax per RFC 2428: "229 blah blah (|||port|)" where '|' -+ * can be any character in ASCII from 33-126, obscurely. Verify -+ * the syntax. */ -+ p = ap_strchr(reply, '('); -+ if (p == NULL || !p[0] || !p[1] || p[1] != p[2] || p[1] != p[3] -+ || p[4] == p[1]) { -+ return 0; -+ } -+ -+ errno = 0; -+ port = strtol(p + 4, &ep, 10); -+ if (errno || port < 1 || port > 65535 || ep[0] != p[1] || ep[1] != ')') { -+ return 0; -+ } -+ -+ return (apr_port_t)port; -+} -+ - /* - * Generic "send FTP command to server" routine, using the control socket. - * Returns the FTP returncode (3 digit code) -@@ -887,6 +912,11 @@ - if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL - && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0 - && (password = ap_pbase64decode(r->pool, password))[0] != ':') { -+ /* Check the decoded string for special characters. */ -+ if (!ftp_check_string(password)) { -+ return ap_proxyerror(r, HTTP_BAD_REQUEST, -+ "user credentials contained invalid character"); -+ } - /* - * Note that this allocation has to be made from r->connection->pool - * because it has the lifetime of the connection. The other -@@ -1210,26 +1240,11 @@ - return ftp_proxyerror(r, backend, HTTP_BAD_GATEWAY, ftpmessage); - } - else if (rc == 229) { -- char *pstr; -- char *tok_cntx; -+ /* Parse the port out of the EPSV reply. */ -+ data_port = parse_epsv_reply(ftpmessage); - -- pstr = ftpmessage; -- pstr = apr_strtok(pstr, " ", &tok_cntx); /* separate result code */ -- if (pstr != NULL) { -- if (*(pstr + strlen(pstr) + 1) == '=') { -- pstr += strlen(pstr) + 2; -- } -- else { -- pstr = apr_strtok(NULL, "(", &tok_cntx); /* separate address & -- * port params */ -- if (pstr != NULL) -- pstr = apr_strtok(NULL, ")", &tok_cntx); -- } -- } -- -- if (pstr) { -+ if (data_port) { - apr_sockaddr_t *epsv_addr; -- data_port = atoi(pstr + 3); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: FTP: EPSV contacting remote host on port %d", -@@ -1272,10 +1287,6 @@ - connect = 1; - } - } -- else { -- /* and try the regular way */ -- apr_socket_close(data_sock); -- } - } - } - -@@ -1364,10 +1375,6 @@ - connect = 1; - } - } -- else { -- /* and try the regular way */ -- apr_socket_close(data_sock); -- } - } - } - /*bypass:*/ -@@ -1851,7 +1858,9 @@ - * for a slow client to eat these bytes - */ - ap_flush_conn(data); -- apr_socket_close(data_sock); -+ if (data_sock) { -+ apr_socket_close(data_sock); -+ } - data_sock = NULL; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: FTP: data connection closed"); -- cgit v1.2.3