[pkgsrc/pkgsrc-2005Q2]: pkgsrc/www/apache2 Pullup ticket 668 - requested by M...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2005Q2]: pkgsrc/www/apache2 Pullup ticket 668 - requested by M...
From: snj <snj%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 01:59:09 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/73c657cfcdb2
branches:  pkgsrc-2005Q2
changeset: 495967:73c657cfcdb2
user:      snj <snj%pkgsrc.org@localhost>
date:      Mon Aug 08 18:47:04 2005 +0000

description:
Pullup ticket 668 - requested by Matthias Scheler
security fix for apache2

Revisions pulled up:
- pkgsrc/www/apache2/Makefile           1.77
- pkgsrc/www/apache2/distinfo           1.39
- pkgsrc/www/apache2/patches/patch-ae   1.4
- pkgsrc/www/apache2/patches/patch-af   1.4

    Module Name:    pkgsrc
    Committed By:   tron
    Date:           Mon Aug  8 18:30:26 UTC 2005

    Modified Files:
            pkgsrc/www/apache2: Makefile distinfo
    Added Files:
            pkgsrc/www/apache2/patches: patch-ae patch-af

    Log Message:
    Add fixes for CAN-2005-1268 (not really a security problem) and
    CAN-2005-2088 from the Apache SVN repository.

diffstat:

 www/apache2/Makefile         |   4 ++--
 www/apache2/distinfo         |   4 +++-
 www/apache2/patches/patch-ae |  13 +++++++++++++
 www/apache2/patches/patch-af |  20 ++++++++++++++++++++
 4 files changed, 38 insertions(+), 3 deletions(-)

diffs (75 lines):

diff -r 34c1e3d9e70e -r 73c657cfcdb2 www/apache2/Makefile
--- a/www/apache2/Makefile      Sun Aug 07 12:25:26 2005 +0000
+++ b/www/apache2/Makefile      Mon Aug 08 18:47:04 2005 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.75 2005/05/21 04:10:18 jlam Exp $
+# $NetBSD: Makefile,v 1.75.2.1 2005/08/08 18:47:04 snj Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
 CATEGORIES=    www
-PKGREVISION=   1
+PKGREVISION=   2
 
 HOMEPAGE=      http://httpd.apache.org/
 COMMENT=       Apache HTTP (Web) server, version 2
diff -r 34c1e3d9e70e -r 73c657cfcdb2 www/apache2/distinfo
--- a/www/apache2/distinfo      Sun Aug 07 12:25:26 2005 +0000
+++ b/www/apache2/distinfo      Mon Aug 08 18:47:04 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2005/04/25 09:13:14 adam Exp $
+$NetBSD: distinfo,v 1.38.2.1 2005/08/08 18:47:04 snj Exp $
 
 SHA1 (httpd-2.0.54.tar.bz2) = 15b4fc3024cceea6562fb03383fd624e84e5e35a
 RMD160 (httpd-2.0.54.tar.bz2) = c511cb2fa396ba04caf77bfc6ca03413df48ea08
@@ -7,6 +7,8 @@
 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
 SHA1 (patch-ac) = 02e0ff6a6b3308ca86c96857b8159ebd6a405537
 SHA1 (patch-ad) = 8c6f62346ffb5069de89a50516a3da2c6104e09b
+SHA1 (patch-ae) = 0c7b733fe2e46a91dcd3bc29aa18c4b02455ff0d
+SHA1 (patch-af) = 9e9a8bae118140cc8a49bd30c4753cab5741bdf3
 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
 SHA1 (patch-ai) = 4dc88c15b0525a5aabc80d5c2a0720cd260629de
 SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
diff -r 34c1e3d9e70e -r 73c657cfcdb2 www/apache2/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-ae      Mon Aug 08 18:47:04 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.3.14.1 2005/08/08 18:47:04 snj Exp $
+
+--- modules/ssl/ssl_engine_kernel.c.orig       2005-03-29 09:44:31.000000000 +0100
++++ modules/ssl/ssl_engine_kernel.c    2005-08-08 19:19:05.000000000 +0100
+@@ -1398,7 +1398,7 @@
+             BIO_printf(bio, ", nextUpdate: ");
+             ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
+ 
+-            n = BIO_read(bio, buff, sizeof(buff));
++            n = BIO_read(bio, buff, sizeof(buff) - 1);
+             buff[n] = '\0';
+ 
+             BIO_free(bio);
diff -r 34c1e3d9e70e -r 73c657cfcdb2 www/apache2/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/patches/patch-af      Mon Aug 08 18:47:04 2005 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-af,v 1.3.14.1 2005/08/08 18:47:04 snj Exp $
+
+--- server/protocol.c.orig     2005/07/14 16:49:17     219060
++++ server/protocol.c  2005/07/14 16:51:55     219061
+@@ -885,6 +885,15 @@
+             apr_brigade_destroy(tmp_bb);
+             return r;
+         }
++
++        if (apr_table_get(r->headers_in, "Transfer-Encoding")
++            && apr_table_get(r->headers_in, "Content-Length")) {
++            /* 2616 section 4.4, point 3: "if both Transfer-Encoding
++             * and Content-Length are received, the latter MUST be
++             * ignored"; so unset it here to prevent any confusion
++             * later. */
++            apr_table_unset(r->headers_in, "Content-Length");
++        }
+     }
+     else {
+         if (r->header_only) {

Prev by Date: [pkgsrc/pkgsrc-2005Q2]: pkgsrc/doc 665
Next by Date: [pkgsrc/pkgsrc-2005Q2]: pkgsrc/doc #675, #674
Previous by Thread: [pkgsrc/pkgsrc-2005Q2]: pkgsrc/doc 665
Next by Thread: [pkgsrc/pkgsrc-2005Q2]: pkgsrc/doc #675, #674
Indexes:

Home | Main Index | Thread Index | Old Index