[pkgsrc/pkgsrc-2005Q3]: pkgsrc/www/apache Pullup ticket 960 - requested by Ma...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c5433e35c93f
branches:  pkgsrc-2005Q3
changeset: 499751:c5433e35c93f
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Dec 15 13:36:32 2005 +0000

description:
Pullup ticket 960 - requested by Matthias Scheler
security fix for apache

Revisions pulled up:
- pkgsrc/www/apache/Makefile            1.176
- pkgsrc/www/apache/distinfo            1.48
- pkgsrc/www/apache/patches/patch-ap    1.7

   Module Name:         pkgsrc
   Committed By:        tron
   Date:                Thu Dec 15 12:57:30 UTC 2005

   Modified Files:
        pkgsrc/www/apache: Makefile distinfo
   Added Files:
        pkgsrc/www/apache/patches: patch-ap

   Log Message:
   Add fix for security vulnerability reported in CVE-2005-3352 taken from
   Apache SVN repository. Bump package revision because of that.

diffstat:

 www/apache/Makefile         |   3 ++-
 www/apache/distinfo         |   3 ++-
 www/apache/patches/patch-ap |  13 +++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diffs (47 lines):

diff -r fc8b61a57046 -r c5433e35c93f www/apache/Makefile
--- a/www/apache/Makefile       Thu Dec 15 11:56:29 2005 +0000
+++ b/www/apache/Makefile       Thu Dec 15 13:36:32 2005 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.171.2.1 2005/10/19 22:04:48 salo Exp $
+# $NetBSD: Makefile,v 1.171.2.2 2005/12/15 13:36:32 salo Exp $
 #
 # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
 # code hooks that allow mod_ssl to be compiled separately later, if desired).
 
 DISTNAME=              apache_1.3.34
 PKGNAME=               ${DISTNAME:S/_/-/}
+PKGREVISION=           1
 CATEGORIES=            www
 MASTER_SITES=          ${MASTER_SITE_APACHE:=httpd/} \
                        ${MASTER_SITE_APACHE:=httpd/old/}
diff -r fc8b61a57046 -r c5433e35c93f www/apache/distinfo
--- a/www/apache/distinfo       Thu Dec 15 11:56:29 2005 +0000
+++ b/www/apache/distinfo       Thu Dec 15 13:36:32 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.46.2.1 2005/10/19 22:04:48 salo Exp $
+$NetBSD: distinfo,v 1.46.2.2 2005/12/15 13:36:32 salo Exp $
 
 SHA1 (apache_1.3.34.tar.gz) = df082b73f1220555dc416c0c5afa746e30a9e0de
 RMD160 (apache_1.3.34.tar.gz) = e39dfc57b7f9164aa76641de3fa74f0314c9ec9e
@@ -23,3 +23,4 @@
 SHA1 (patch-al) = f9d329ca9465af0254f76d732f80ed4bf57a846a
 SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0
 SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29
+SHA1 (patch-ap) = 90ac139c91dcc45abb04e9496273f2ef4742d260
diff -r fc8b61a57046 -r c5433e35c93f www/apache/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache/patches/patch-ap       Thu Dec 15 13:36:32 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.6.8.1 2005/12/15 13:36:32 salo Exp $
+
+--- src/modules/standard/mod_imap.c.orig       2004-11-24 20:10:19.000000000 +0100
++++ src/modules/standard/mod_imap.c    2005-12-15 13:02:18.000000000 +0100
+@@ -328,7 +328,7 @@
+     if (!strcasecmp(value, "referer")) {
+         referer = ap_table_get(r->headers_in, "Referer");
+         if (referer && *referer) {
+-          return ap_pstrdup(r->pool, referer);
++          return ap_escape_html(r->pool, referer);
+         }
+         else {
+           /* XXX:  This used to do *value = '\0'; ... which is totally bogus