[pkgsrc/pkgsrc-2004Q1]: pkgsrc/www/apache/patches Delete files (requested by ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2004Q1]: pkgsrc/www/apache/patches Delete files (requested by ...
From: grant <grant%pkgsrc.org@localhost>
Date: Wed, 13 Oct 2021 23:46:30 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/322864eedf63
branches:  pkgsrc-2004Q1
changeset: 471412:322864eedf63
user:      grant <grant%pkgsrc.org@localhost>
date:      Wed May 26 10:49:34 2004 +0000

description:
Delete files (requested by taca in ticket #31):

Update apache package to 1.3.31.

     * CAN-2003-0987 (cve.mitre.org)
     * CAN-2003-0020 (cve.mitre.org)
     * CAN-2004-0174 (cve.mitre.org)
     * CAN-2003-0993 (cve.mitre.org)

diffstat:

 www/apache/patches/patch-ap |  30 ------------------
 www/apache/patches/patch-aq |  14 --------
 www/apache/patches/patch-ar |  75 ---------------------------------------------
 3 files changed, 0 insertions(+), 119 deletions(-)

diffs (131 lines):

diff -r 303422b0aab1 -r 322864eedf63 www/apache/patches/patch-ap
--- a/www/apache/patches/patch-ap       Wed May 26 10:25:38 2004 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-$NetBSD: patch-ap,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
-SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
-
---- src/main/http_log.c.orig   2003-02-03 09:13:21.000000000 -0800
-+++ src/main/http_log.c
-@@ -314,6 +314,9 @@ static void log_error_core(const char *f
-                          const char *fmt, va_list args)
- {
-     char errstr[MAX_STRING_LEN];
-+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
-+    char scratch[MAX_STRING_LEN];
-+#endif
-     size_t len;
-     int save_errno = errno;
-     FILE *logf;
-@@ -445,7 +448,14 @@ static void log_error_core(const char *f
-     }
- #endif
- 
-+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
-+   if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
-+       len += ap_escape_errorlog_item(errstr + len, scratch,
-+                                      sizeof(errstr) - len);
-+   }
-+#else
-     len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
-+#endif
- 
-     /* NULL if we are logging to syslog */
-     if (logf) {
diff -r 303422b0aab1 -r 322864eedf63 www/apache/patches/patch-aq
--- a/www/apache/patches/patch-aq       Wed May 26 10:25:38 2004 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-$NetBSD: patch-aq,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
-SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
-
---- src/include/httpd.h.orig   2004-04-07 12:24:10.967724616 -0700
-+++ src/include/httpd.h
-@@ -1072,6 +1072,8 @@ API_EXPORT(char *) ap_escape_html(pool *
- API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname,
-                                   unsigned port, const request_rec *r);
- API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str);
-+API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
-+                                           size_t buflen);
- API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s);
- 
- API_EXPORT(int) ap_count_dirs(const char *path);
diff -r 303422b0aab1 -r 322864eedf63 www/apache/patches/patch-ar
--- a/www/apache/patches/patch-ar       Wed May 26 10:25:38 2004 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,75 +0,0 @@
-$NetBSD: patch-ar,v 1.2.4.1 2004/04/27 08:14:40 agc Exp $
-SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
-
---- src/main/util.c.orig       2003-02-03 09:13:23.000000000 -0800
-+++ src/main/util.c
-@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo
-     return ret;
- }
- 
-+API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
-+                                           size_t buflen)
-+{
-+    unsigned char *d, *ep;
-+    const unsigned char *s;
-+
-+    if (!source || !buflen) { /* be safe */
-+        return 0;
-+    }
-+
-+    d = (unsigned char *)dest;
-+    s = (const unsigned char *)source;
-+    ep = d + buflen - 1;
-+
-+    for (; d < ep && *s; ++s) {
-+
-+        if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
-+            *d++ = '\\';
-+            if (d >= ep) {
-+                --d;
-+                break;
-+            }
-+
-+            switch(*s) {
-+            case '\b':
-+                *d++ = 'b';
-+                break;
-+            case '\n':
-+                *d++ = 'n';
-+                break;
-+            case '\r':
-+                *d++ = 'r';
-+                break;
-+            case '\t':
-+                *d++ = 't';
-+                break;
-+            case '\v':
-+                *d++ = 'v';
-+                break;
-+            case '\\':
-+                *d++ = *s;
-+                break;
-+            case '"': /* no need for this in error log */
-+                d[-1] = *s;
-+                break;
-+            default:
-+                if (d >= ep - 2) {
-+                    ep = --d; /* break the for loop as well */
-+                    break;
-+                }
-+                c2x(*s, d);
-+                *d = 'x';
-+                d += 3;
-+            }
-+        }
-+        else {
-+            *d++ = *s;
-+        }
-+    }
-+    *d = '\0';
-+
-+    return (d - (unsigned char *)dest);
-+}
- 
- API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str)
- {

Prev by Date: [pkgsrc/pkgsrc-2004Q1]: pkgsrc/devel/subversion Pull up revision 1.21 (reques...
Next by Date: [pkgsrc/pkgsrc-2004Q1]: pkgsrc/www/apache Apply patch (requested by taca in t...
Previous by Thread: [pkgsrc/pkgsrc-2004Q1]: pkgsrc/devel/subversion Pull up revision 1.21 (reques...
Next by Thread: [pkgsrc/pkgsrc-2004Q1]: pkgsrc/www/apache Apply patch (requested by taca in t...
Indexes:

Home | Main Index | Thread Index | Old Index