pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache Updated apache to 1.3.29.
details: https://anonhg.NetBSD.org/pkgsrc/rev/7a7e5c56302c
branches: trunk
changeset: 463220:7a7e5c56302c
user: grant <grant%pkgsrc.org@localhost>
date: Sun Nov 02 05:36:56 2003 +0000
description:
Updated apache to 1.3.29.
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
diffstat:
www/apache/Makefile | 9 +++----
www/apache/PLIST | 8 +++++-
www/apache/distinfo | 14 ++++--------
www/apache/patches/patch-ap | 26 -----------------------
www/apache/patches/patch-aq | 50 ---------------------------------------------
www/apache/patches/patch-ar | 22 -------------------
www/apache/patches/patch-as | 14 ------------
7 files changed, 15 insertions(+), 128 deletions(-)
diffs (214 lines):
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/Makefile
--- a/www/apache/Makefile Sun Nov 02 00:58:18 2003 +0000
+++ b/www/apache/Makefile Sun Nov 02 05:36:56 2003 +0000
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.135 2003/10/29 10:43:23 cube Exp $
+# $NetBSD: Makefile,v 1.136 2003/11/02 05:36:56 grant Exp $
#
# This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
# code hooks that allow mod_ssl to be compiled separately later, if desired).
DISTNAME= apache_${APACHE_VERSION}
PKGNAME= apache-${APACHE_VERSION}
-APACHE_VERSION= 1.3.28
-PKGREVISION= 2
+APACHE_VERSION= 1.3.29
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
@@ -19,8 +18,8 @@
NETBSD_LOGO= sitedrivenby.gif
SITES_${NETBSD_LOGO}= http://www.NetBSD.org/images/logos/
-MODSSL_VERSION= 2.8.15
-MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-${APACHE_VERSION}
+MODSSL_VERSION= 2.8.16
+MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.29
MODSSL_DIST= ${MODSSL_DISTNAME}.tar.gz
MODSSL_SRC= ${WRKDIR}/${MODSSL_DISTNAME}
SITES_${MODSSL_DIST}= http://www.modssl.org/source/ \
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/PLIST
--- a/www/apache/PLIST Sun Nov 02 00:58:18 2003 +0000
+++ b/www/apache/PLIST Sun Nov 02 05:36:56 2003 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2003/07/19 12:31:06 tron Exp $
+@comment $NetBSD: PLIST,v 1.9 2003/11/02 05:36:56 grant Exp $
bin/checkgid
bin/dbmmanage
bin/htdigest
@@ -102,6 +102,8 @@
share/httpd/htdocs/index.html.ru.ucs4
share/httpd/htdocs/index.html.ru.utf8
share/httpd/htdocs/index.html.se
+share/httpd/htdocs/index.html.zh-tw.big5
+share/httpd/htdocs/manual/FAQ.html
share/httpd/htdocs/manual/LICENSE
share/httpd/htdocs/manual/bind.html.en
share/httpd/htdocs/manual/bind.html.fr
@@ -281,7 +283,9 @@
share/httpd/htdocs/manual/mod/mod_negotiation.html.html
share/httpd/htdocs/manual/mod/mod_negotiation.html.ja.jis
share/httpd/htdocs/manual/mod/mod_proxy.html
-share/httpd/htdocs/manual/mod/mod_rewrite.html
+share/httpd/htdocs/manual/mod/mod_rewrite.html.en
+share/httpd/htdocs/manual/mod/mod_rewrite.html.html
+share/httpd/htdocs/manual/mod/mod_rewrite.html.ja.jis
share/httpd/htdocs/manual/mod/mod_setenvif.html.en
share/httpd/htdocs/manual/mod/mod_setenvif.html.html
share/httpd/htdocs/manual/mod/mod_setenvif.html.ja.jis
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/distinfo
--- a/www/apache/distinfo Sun Nov 02 00:58:18 2003 +0000
+++ b/www/apache/distinfo Sun Nov 02 05:36:56 2003 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.28 2003/10/29 10:43:23 cube Exp $
+$NetBSD: distinfo,v 1.29 2003/11/02 05:36:56 grant Exp $
-SHA1 (apache_1.3.28.tar.gz) = a4d0a9c57a53cb641928c882a9d3b6fd645e4e3e
-Size (apache_1.3.28.tar.gz) = 2388111 bytes
+SHA1 (apache_1.3.29.tar.gz) = 0fb055dfd8c86457996edb36f19fb66f09dccd6a
+Size (apache_1.3.29.tar.gz) = 2435809 bytes
SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
Size (sitedrivenby.gif) = 8519 bytes
-SHA1 (mod_ssl-2.8.15-1.3.28.tar.gz) = 019fa874e5557617471f445b2f48513a19b774f0
-Size (mod_ssl-2.8.15-1.3.28.tar.gz) = 754203 bytes
+SHA1 (mod_ssl-2.8.16-1.3.29.tar.gz) = c098dfffd81a6e5959f414c5c3eec291f58d3e44
+Size (mod_ssl-2.8.16-1.3.29.tar.gz) = 754325 bytes
SHA1 (patch-aa) = 6b6d52025ac8625421f209c42da866557719b282
SHA1 (patch-ab) = 71ea1f3a59e0f7bc37175b0eefd462a1f7ca4fb6
SHA1 (patch-ac) = 12347c7a306d3e898b032c2b4b3b01670b62d4fd
@@ -20,7 +20,3 @@
SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2
SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02
SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4
-SHA1 (patch-ap) = 5babca7afb771ab8e7766a999912f1e5d39ff187
-SHA1 (patch-aq) = f3ef867c9c638b0f62ef4bf0e9a78aaba0098da2
-SHA1 (patch-ar) = cd62c463b46e5ab223ca080087d066c7deefaec0
-SHA1 (patch-as) = 20fd8fec178b2969044676ab5621bc337ba9c14b
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/patches/patch-ap
--- a/www/apache/patches/patch-ap Sun Nov 02 00:58:18 2003 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-$NetBSD: patch-ap,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/modules/standard/mod_alias.c.orig 2003-04-24 18:08:21.000000000 +0200
-+++ src/modules/standard/mod_alias.c
-@@ -299,7 +299,7 @@ static int alias_matches(const char *uri
- static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
- {
- alias_entry *entries = (alias_entry *) aliases->elts;
-- regmatch_t regm[10];
-+ regmatch_t regm[AP_MAX_REG_MATCH];
- char *found = NULL;
- int i;
-
-@@ -308,10 +308,10 @@ static char *try_alias_list(request_rec
- int l;
-
- if (p->regexp) {
-- if (!ap_regexec(p->regexp, r->uri, p->regexp->re_nsub + 1, regm, 0)) {
-+ if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
- if (p->real) {
- found = ap_pregsub(r->pool, p->real, r->uri,
-- p->regexp->re_nsub + 1, regm);
-+ AP_MAX_REG_MATCH, regm);
- if (found && doesc) {
- found = ap_escape_uri(r->pool, found);
- }
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/patches/patch-aq
--- a/www/apache/patches/patch-aq Sun Nov 02 00:58:18 2003 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/modules/standard/mod_rewrite.c.orig 2003-10-29 09:25:17.000000000 +0100
-+++ src/modules/standard/mod_rewrite.c
-@@ -1834,7 +1834,7 @@ static int apply_rewrite_rule(request_re
- const char *vary;
- char newuri[MAX_STRING_LEN];
- regex_t *regexp;
-- regmatch_t regmatch[MAX_NMATCH];
-+ regmatch_t regmatch[AP_MAX_REG_MATCH];
- backrefinfo *briRR = NULL;
- backrefinfo *briRC = NULL;
- int prefixstrip;
-@@ -1891,7 +1891,7 @@ static int apply_rewrite_rule(request_re
- rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
- perdir, p->pattern, uri);
- }
-- rc = (ap_regexec(regexp, uri, regexp->re_nsub+1, regmatch, 0) == 0);
-+ rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
- if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
- (!rc && (p->flags & RULEFLAG_NOTMATCH)) ) ) {
- return 0;
-@@ -2179,7 +2179,7 @@ static int apply_rewrite_cond(request_re
- char input[MAX_STRING_LEN];
- struct stat sb;
- request_rec *rsub;
-- regmatch_t regmatch[MAX_NMATCH];
-+ regmatch_t regmatch[AP_MAX_REG_MATCH];
- int rc;
-
- /*
-@@ -2283,8 +2283,7 @@ static int apply_rewrite_cond(request_re
- }
- else {
- /* it is really a regexp pattern, so apply it */
-- rc = (ap_regexec(p->regexp, input,
-- p->regexp->re_nsub+1, regmatch,0) == 0);
-+ rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
-
- /* if it isn't a negated pattern and really matched
- we update the passed-through regex subst info structure */
-@@ -2442,7 +2441,7 @@ static void do_expand(request_rec *r, ch
- bri = briRC;
- }
- /* see ap_pregsub() in src/main/util.c */
-- if (bri && n <= bri->nsub &&
-+ if (bri && n < AP_MAX_REG_MATCH &&
- bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
- span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
- if (span > space) {
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/patches/patch-ar
--- a/www/apache/patches/patch-ar Sun Nov 02 00:58:18 2003 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-ar,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/modules/standard/mod_rewrite.h.orig 2003-05-19 04:35:31.000000000 +0200
-+++ src/modules/standard/mod_rewrite.h
-@@ -253,8 +253,6 @@
-
- #define MAX_ENV_FLAGS 15
-
--#define MAX_NMATCH 10
--
- /* default maximum number of internal redirects */
- #define REWRITE_REDIRECT_LIMIT 10
-
-@@ -368,7 +366,7 @@ typedef struct cache {
- typedef struct backrefinfo {
- char *source;
- int nsub;
-- regmatch_t regmatch[10];
-+ regmatch_t regmatch[AP_MAX_REG_MATCH];
- } backrefinfo;
-
-
diff -r 43adaef606d2 -r 7a7e5c56302c www/apache/patches/patch-as
--- a/www/apache/patches/patch-as Sun Nov 02 00:58:18 2003 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-$NetBSD: patch-as,v 1.1 2003/10/29 10:44:28 cube Exp $
-
---- src/include/httpd.h.orig 2003-10-29 09:28:40.000000000 +0100
-+++ src/include/httpd.h
-@@ -291,6 +291,9 @@ extern "C" {
- /* The size of the server's internal read-write buffers */
- #define IOBUFSIZE 8192
-
-+/* The max number of regex captures that can be expanded by ap_pregsub */
-+#define AP_MAX_REG_MATCH 10
-+
- /* Number of servers to spawn off by default --- also, if fewer than
- * this free when the caretaker checks, it will spawn more.
- */
Home |
Main Index |
Thread Index |
Old Index