From fe44345e67c3c9b7fa6972688d4902b919123208 Mon Sep 17 00:00:00 2001 From: tron Date: Fri, 2 Sep 2005 11:40:56 +0000 Subject: Add patch from Apache SVN repository to fix weak client certificate validation reported in CAN-2005-2700. Bump package revision. --- www/apache2/Makefile | 4 ++-- www/apache2/distinfo | 4 ++-- www/apache2/patches/patch-ae | 15 +++++++++++++-- 3 files changed, 17 insertions(+), 6 deletions(-) (limited to 'www/apache2') diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 497af3f37b0..ccd18e9a59c 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.81 2005/08/28 08:36:55 tron Exp $ +# $NetBSD: Makefile,v 1.82 2005/09/02 11:40:56 tron Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} CATEGORIES= www -PKGREVISION= 4 +PKGREVISION= 5 HOMEPAGE= http://httpd.apache.org/ COMMENT= Apache HTTP (Web) server, version 2 diff --git a/www/apache2/distinfo b/www/apache2/distinfo index ea23d6e9c85..61fbfe15100 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.40 2005/08/28 08:36:55 tron Exp $ +$NetBSD: distinfo,v 1.41 2005/09/02 11:40:56 tron Exp $ SHA1 (httpd-2.0.54.tar.bz2) = 15b4fc3024cceea6562fb03383fd624e84e5e35a RMD160 (httpd-2.0.54.tar.bz2) = c511cb2fa396ba04caf77bfc6ca03413df48ea08 @@ -7,7 +7,7 @@ SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba SHA1 (patch-ac) = 02e0ff6a6b3308ca86c96857b8159ebd6a405537 SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b -SHA1 (patch-ae) = 0c7b733fe2e46a91dcd3bc29aa18c4b02455ff0d +SHA1 (patch-ae) = 15be65257d60e5a8340ace40af903b8aa488c1a4 SHA1 (patch-af) = 9e9a8bae118140cc8a49bd30c4753cab5741bdf3 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ah) = 39109cb9d58f900627ea190e4ce24731735538ea diff --git a/www/apache2/patches/patch-ae b/www/apache2/patches/patch-ae index 83b13945a06..92b9c5bed09 100644 --- a/www/apache2/patches/patch-ae +++ b/www/apache2/patches/patch-ae @@ -1,7 +1,18 @@ -$NetBSD: patch-ae,v 1.4 2005/08/08 18:30:26 tron Exp $ +$NetBSD: patch-ae,v 1.5 2005/09/02 11:40:56 tron Exp $ --- modules/ssl/ssl_engine_kernel.c.orig 2005-03-29 09:44:31.000000000 +0100 -+++ modules/ssl/ssl_engine_kernel.c 2005-08-08 19:19:05.000000000 +0100 ++++ modules/ssl/ssl_engine_kernel.c 2005-09-02 12:28:45.000000000 +0100 +@@ -406,8 +406,8 @@ + (!(verify_old & SSL_VERIFY_PEER) && + (verify & SSL_VERIFY_PEER)) || + +- (!(verify_old & SSL_VERIFY_PEER_STRICT) && +- (verify & SSL_VERIFY_PEER_STRICT))) ++ (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) && ++ (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) + { + renegotiate = TRUE; + /* optimization */ @@ -1398,7 +1398,7 @@ BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); -- cgit v1.2.3