From 3cb7459fe40cdf9e65a50b8b8b48254f031dcadb Mon Sep 17 00:00:00 2001 From: tron Date: Sat, 21 Jan 2006 13:02:21 +0000 Subject: Add fix for CVE-2005-3357 from Apache bug report 37791. Bump package revision because of this fix. --- www/apache2/Makefile | 4 ++-- www/apache2/distinfo | 3 ++- www/apache2/patches/patch-af | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 www/apache2/patches/patch-af (limited to 'www') diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 23fc45634b4..f58e446a3a8 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.91 2006/01/05 10:01:20 ghen Exp $ +# $NetBSD: Makefile,v 1.92 2006/01/21 13:02:21 tron Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache2/distinfo b/www/apache2/distinfo index 5d570f0d4d7..746e248d8cb 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.45 2005/12/15 11:29:00 tron Exp $ +$NetBSD: distinfo,v 1.46 2006/01/21 13:02:21 tron Exp $ SHA1 (httpd-2.0.55.tar.bz2) = ab016aace57f34cb3eae5c9d48f2bcc5759d6c84 RMD160 (httpd-2.0.55.tar.bz2) = 04749dcf9ea369152eddf9422e49bc0a77a443eb @@ -8,6 +8,7 @@ SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b SHA1 (patch-ae) = 4d906691447dd718547b18ebfbb80322443afcda +SHA1 (patch-af) = c5e5fa2ddbf7f448249c9696886e960438a9511c SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215 diff --git a/www/apache2/patches/patch-af b/www/apache2/patches/patch-af new file mode 100644 index 00000000000..b530d5d39aa --- /dev/null +++ b/www/apache2/patches/patch-af @@ -0,0 +1,21 @@ +$NetBSD: patch-af,v 1.6 2006/01/21 13:02:21 tron Exp $ + +--- modules/ssl/ssl_engine_kernel.c.orig ++++ modules/ssl/ssl_engine_kernel.c +@@ -202,11 +202,14 @@ + } + + /* +- * Check to see if SSL protocol is on ++ * Check to see whether SSL is in use; if it's not, then no ++ * further access control checks are relevant. (the test for ++ * sc->enabled is probably strictly unnecessary) + */ +- if (!(sc->enabled || ssl)) { ++ if (!sc->enabled || !ssl) { + return DECLINED; + } ++ + /* + * Support for per-directory reconfigured SSL connection parameters. + * -- cgit v1.2.3