pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache Update apache to 1.3.41.
details: https://anonhg.NetBSD.org/pkgsrc/rev/7db371dec6d6
branches: trunk
changeset: 539001:7db371dec6d6
user: obache <obache%pkgsrc.org@localhost>
date: Sat Feb 23 05:16:33 2008 +0000
description:
Update apache to 1.3.41.
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
diffstat:
www/apache/Makefile | 9 +++----
www/apache/PLIST | 4 +-
www/apache/distinfo | 36 +++++++++++++++-----------------
www/apache/patches/patch-aa | 22 +++++++++---------
www/apache/patches/patch-ae | 16 +++++++-------
www/apache/patches/patch-af | 6 ++--
www/apache/patches/patch-ag | 6 ++--
www/apache/patches/patch-ah | 8 +++---
www/apache/patches/patch-ai | 6 ++--
www/apache/patches/patch-al | 10 ++++----
www/apache/patches/patch-am | 10 ++++----
www/apache/patches/patch-ao | 8 +++---
www/apache/patches/patch-aq | 6 ++--
www/apache/patches/patch-ar | 42 -------------------------------------
www/apache/patches/patch-as | 50 ---------------------------------------------
15 files changed, 72 insertions(+), 167 deletions(-)
diffs (truncated from 508 to 300 lines):
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/Makefile
--- a/www/apache/Makefile Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/Makefile Sat Feb 23 05:16:33 2008 +0000
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.196 2008/02/17 20:15:07 tnn Exp $
+# $NetBSD: Makefile,v 1.197 2008/02/23 05:16:33 obache Exp $
#
# This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
# code hooks that allow mod_ssl to be compiled separately later, if desired).
-DISTNAME= apache_1.3.37
+DISTNAME= apache_1.3.41
PKGNAME= ${DISTNAME:S/_/-/}
-PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/}
@@ -18,8 +17,8 @@
NETBSD_LOGO= sitedrivenby.gif
SITES.${NETBSD_LOGO}= http://www.NetBSD.org/images/logos/
-MODSSL_VERSION= 2.8.28
-MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.37
+MODSSL_VERSION= 2.8.31
+MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.41
MODSSL_DIST= ${MODSSL_DISTNAME}.tar.gz
MODSSL_SRC= ${WRKDIR}/${MODSSL_DISTNAME}
SITES.${MODSSL_DIST}= http://www.modssl.org/source/ \
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/PLIST
--- a/www/apache/PLIST Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/PLIST Sat Feb 23 05:16:33 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.14 2005/10/19 21:42:59 bouyer Exp $
+@comment $NetBSD: PLIST,v 1.15 2008/02/23 05:16:33 obache Exp $
bin/checkgid
bin/dbmmanage
bin/htdigest
@@ -398,6 +398,7 @@
share/httpd/htdocs/manual/windows.html.ja.jis
share/httpd/htdocs/sitedrivenby.gif
share/httpd/icons/README
+share/httpd/icons/README.html
share/httpd/icons/a.gif
share/httpd/icons/a.png
share/httpd/icons/alert.black.gif
@@ -522,7 +523,6 @@
share/httpd/icons/screw2.png
share/httpd/icons/script.gif
share/httpd/icons/script.png
-share/httpd/icons/small/README.txt
share/httpd/icons/small/back.gif
share/httpd/icons/small/back.png
share/httpd/icons/small/binary.gif
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/distinfo
--- a/www/apache/distinfo Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/distinfo Sat Feb 23 05:16:33 2008 +0000
@@ -1,29 +1,27 @@
-$NetBSD: distinfo,v 1.57 2007/10/07 20:49:57 dmcmahill Exp $
+$NetBSD: distinfo,v 1.58 2008/02/23 05:16:33 obache Exp $
-SHA1 (apache_1.3.37.tar.gz) = b422fac1dda10baa483e8f4378dff58faf3f85b4
-RMD160 (apache_1.3.37.tar.gz) = de84adf2fd0a745c32072ca5dc5e1374cfcf04f7
-Size (apache_1.3.37.tar.gz) = 2665370 bytes
-SHA1 (mod_ssl-2.8.28-1.3.37.tar.gz) = 9db2a7240e499da2b99d0df9c1a6fbae0580ba0b
-RMD160 (mod_ssl-2.8.28-1.3.37.tar.gz) = 6b12c0a52fe0fbb7b91221d1cb37f93fbe59bb11
-Size (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417 bytes
+SHA1 (apache_1.3.41.tar.gz) = 3bbd4c4bc648e6ad5b696bb83420533f4d23daf8
+RMD160 (apache_1.3.41.tar.gz) = 74786c65c143af123f1d13e9d93dd5ff07e9a201
+Size (apache_1.3.41.tar.gz) = 2483180 bytes
+SHA1 (mod_ssl-2.8.31-1.3.41.tar.gz) = f2d2210041332fc1d4b7243a856d4d81f961d306
+RMD160 (mod_ssl-2.8.31-1.3.41.tar.gz) = c3083c29710c4537ca8c79ddd8c1992eb95cbfee
+Size (mod_ssl-2.8.31-1.3.41.tar.gz) = 820067 bytes
SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa
Size (sitedrivenby.gif) = 8519 bytes
-SHA1 (patch-aa) = 28302d0f95ff345fb9c4cc3306e910bfaca82cef
+SHA1 (patch-aa) = 54c32338f0dd6f37f28e3ef37b26d2867f90280d
SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802
SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c
SHA1 (patch-ad) = c02cd1af3c4b5e0d49aaa7f0eff20a8d76a633aa
-SHA1 (patch-ae) = 59318dd3376b10b84c0126d90f4b244a18268791
-SHA1 (patch-af) = 55b27779b63cd86d3aef5b700c13600f0d840554
-SHA1 (patch-ag) = 0c075960215e55525ffee15c381b82775614a2d2
-SHA1 (patch-ah) = 1db5811a74ecadb5f8db2d74483f95c537b9c18d
-SHA1 (patch-ai) = e2e48f48bec8cba85345e31541d4e4ddcc30e799
+SHA1 (patch-ae) = 1654cdaa58622b7572ab9190928854e80e8c88c7
+SHA1 (patch-af) = 4eb5041f2ae8f1d434abbcab416d25739a0979e8
+SHA1 (patch-ag) = e29d1d4934a7490e9c51e338375d4d1cc9e93304
+SHA1 (patch-ah) = 7c7ad1c09a1c849129313bb272106a1dcd2abf7b
+SHA1 (patch-ai) = 80e35b111e3cbdebf5dc7a8265f454caab791f50
SHA1 (patch-aj) = ac7337b51d7d4ca25cef4020961736404ec79f01
SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a
-SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1
-SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0
+SHA1 (patch-al) = aa6add3b91ee87846dd9cbbe5fd563b606fdcfb8
+SHA1 (patch-am) = 76bbb4ae3a8cce666bf91fb605f72572350f23a1
SHA1 (patch-an) = 45a5bf946628b1e1b2e60c217214965390f7b3d7
-SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29
-SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178
-SHA1 (patch-ar) = 882ad0cf40e3f6ebfcf8a210e0ac5e6f7e707909
-SHA1 (patch-as) = 404167a7449f2e5b90d5035ced9c838942f08555
+SHA1 (patch-ao) = 96b97e1faf6828a6880c39eb246d07c4a56bfe12
+SHA1 (patch-aq) = 1fda54aae47edb675549095adac2eb0378d1f60c
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/patches/patch-aa
--- a/www/apache/patches/patch-aa Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/patches/patch-aa Sat Feb 23 05:16:33 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.25 2006/02/21 22:44:17 wiz Exp $
+$NetBSD: patch-aa,v 1.26 2008/02/23 05:16:34 obache Exp $
---- Makefile.tmpl.orig 2006-02-21 12:27:34.000000000 +0000
+--- Makefile.tmpl.orig 2008-02-23 04:22:56.000000000 +0000
+++ Makefile.tmpl
-@@ -56,6 +56,8 @@ INSTALL_DATA = $(INSTALL) $(IFLAGS_DA
+@@ -57,6 +57,8 @@ INSTALL_DATA = $(INSTALL) $(IFLAGS_DA
PERL = @PERL@
TAR = @TAR@
TAROPT = @TAROPT@
@@ -11,7 +11,7 @@
# installation name of Apache webserver
TARGET = @TARGET@
-@@ -280,11 +282,6 @@ install-mktree:
+@@ -281,11 +283,6 @@ install-mktree:
$(MKDIR) $(root)$(mandir)/man1
$(MKDIR) $(root)$(mandir)/man8
$(MKDIR) $(root)$(sysconfdir)
@@ -23,7 +23,7 @@
$(MKDIR) $(root)$(htdocsdir)
$(MKDIR) $(root)$(manualdir)
$(MKDIR) $(root)$(iconsdir)
-@@ -296,9 +293,9 @@ install-mktree:
+@@ -297,9 +294,9 @@ install-mktree:
$(MKDIR) $(root)$(proxycachedir)
-@if [ "x`$(AUX)/getuid.sh`" = "x0" ]; then \
echo "chown $(conf_user) $(root)$(proxycachedir)"; \
@@ -35,7 +35,7 @@
fi
@echo "<=== [mktree]"
-@@ -343,34 +340,6 @@ install-programs:
+@@ -344,34 +341,6 @@ install-programs:
file=`echo $${mod} | sed -e 's;^.*/\([^/]*\);\1;'`; \
echo "$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}"; \
$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}; \
@@ -70,7 +70,7 @@
done; \
fi
@echo "<=== [programs]"
-@@ -420,9 +389,9 @@ install-support:
+@@ -421,9 +390,9 @@ install-support:
echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \
$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \
echo "chown root $(root)$(sbindir)/suexec"; \
@@ -82,7 +82,7 @@
echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \
$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \
fi
-@@ -464,9 +433,9 @@ install-binsupport:
+@@ -465,9 +434,9 @@ install-binsupport:
echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \
$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \
echo "chown root $(root)$(sbindir)/suexec"; \
@@ -94,7 +94,7 @@
echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \
$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \
fi
-@@ -489,21 +458,25 @@ install-include:
+@@ -490,21 +459,25 @@ install-include:
# icons and distributed CGI scripts.
install-data:
@echo "===> [data: Installing initial data files]"
@@ -125,7 +125,7 @@
fi
-@if [ -f $(root)$(cgidir)/printenv ]; then \
echo "[PRESERVING EXISTING CGI SUBDIR: $(root)$(cgidir)/]"; \
-@@ -511,23 +484,25 @@ install-data:
+@@ -512,23 +485,25 @@ install-data:
for script in printenv test-cgi; do \
cat $(TOP)/cgi-bin/$${script} |\
sed -e 's;^#!/.*perl;#!$(PERL);' \
@@ -156,7 +156,7 @@
if [ .$$conf = .httpd.conf ]; then \
target_conf="$(TARGET).conf"; \
else \
-@@ -583,22 +558,10 @@ install-config:
+@@ -584,22 +559,10 @@ install-config:
> $(TOP)/$(SRC)/.apaci.install.tmp && \
echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}.default"; \
$(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}.default; \
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/patches/patch-ae
--- a/www/apache/patches/patch-ae Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/patches/patch-ae Sat Feb 23 05:16:33 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ae,v 1.7 2004/10/29 13:48:31 abs Exp $
+$NetBSD: patch-ae,v 1.8 2008/02/23 05:16:34 obache Exp $
---- src/modules/standard/mod_include.c.orig 2004-10-25 16:44:04.000000000 +0100
+--- src/modules/standard/mod_include.c.orig 2006-07-12 08:16:05.000000000 +0000
+++ src/modules/standard/mod_include.c
-@@ -50,7 +50,10 @@
+@@ -51,7 +51,10 @@
#include "http_log.h"
#include "http_main.h"
#include "util_script.h"
@@ -13,7 +13,7 @@
#define STARTING_SEQUENCE "<!--#"
#define ENDING_SEQUENCE "-->"
-@@ -447,7 +450,8 @@ static int get_directive(FILE *in, char
+@@ -448,7 +451,8 @@ static int get_directive(FILE *in, char
/*
* Do variable substitution on strings
*/
@@ -23,7 +23,7 @@
size_t length, int leave_name)
{
char ch;
-@@ -645,7 +649,8 @@ static int handle_include(FILE *in, requ
+@@ -646,7 +650,8 @@ static int handle_include(FILE *in, requ
parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
if (tag[0] == 'f') {
/* be safe; only files in this directory or below allowed */
@@ -33,7 +33,7 @@
error_fmt = "unable to include file \"%s\" "
"in parsed file %s";
}
-@@ -1057,7 +1062,8 @@ static int find_file(request_rec *r, con
+@@ -1058,7 +1063,8 @@ static int find_file(request_rec *r, con
"in parsed file %s";
}
else {
@@ -43,7 +43,7 @@
rr = ap_sub_req_lookup_file(tag_val, r);
if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
-@@ -2140,6 +2146,16 @@ static int handle_printenv(FILE *in, req
+@@ -2141,6 +2147,16 @@ static int handle_printenv(FILE *in, req
}
}
@@ -60,7 +60,7 @@
/* -------------------------- The main function --------------------------- */
-@@ -2275,6 +2291,13 @@ static void send_parsed_content(FILE *f,
+@@ -2276,6 +2292,13 @@ static void send_parsed_content(FILE *f,
}
#endif
else {
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/patches/patch-af
--- a/www/apache/patches/patch-af Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/patches/patch-af Sat Feb 23 05:16:33 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-af,v 1.10 2004/10/29 13:48:31 abs Exp $
+$NetBSD: patch-af,v 1.11 2008/02/23 05:16:34 obache Exp $
---- src/modules/standard/mod_so.c.orig 2004-10-29 14:44:35.000000000 +0100
+--- src/modules/standard/mod_so.c.orig 2008-02-23 04:22:56.000000000 +0000
+++ src/modules/standard/mod_so.c
-@@ -321,7 +321,15 @@ static const char *load_file(cmd_parms *
+@@ -322,7 +322,15 @@ static const char *load_file(cmd_parms *
return err;
}
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/patches/patch-ag
--- a/www/apache/patches/patch-ag Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/patches/patch-ag Sat Feb 23 05:16:33 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.8 2004/10/29 13:48:31 abs Exp $
+$NetBSD: patch-ag,v 1.9 2008/02/23 05:16:34 obache Exp $
---- src/os/unix/os.c.orig 2004-02-20 21:01:04.000000000 +0000
+--- src/os/unix/os.c.orig 2006-07-12 08:16:05.000000000 +0000
+++ src/os/unix/os.c
-@@ -153,7 +153,12 @@ void ap_os_dso_unload(void *handle)
+@@ -154,7 +154,12 @@ void ap_os_dso_unload(void *handle)
#elif defined(HAVE_DYLD)
NSUnLinkModule(handle,FALSE);
diff -r 8c4c0ea2fee5 -r 7db371dec6d6 www/apache/patches/patch-ah
--- a/www/apache/patches/patch-ah Sat Feb 23 03:52:30 2008 +0000
+++ b/www/apache/patches/patch-ah Sat Feb 23 05:16:33 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ah,v 1.5 2005/02/28 23:30:49 abs Exp $
+$NetBSD: patch-ah,v 1.6 2008/02/23 05:16:34 obache Exp $
---- src/support/apachectl.orig 2005-02-28 22:42:11.000000000 +0000
+--- src/support/apachectl.orig 2008-02-23 04:22:56.000000000 +0000
+++ src/support/apachectl
-@@ -42,6 +42,9 @@ PIDFILE=/usr/local/apache/logs/httpd.pid
+@@ -43,6 +43,9 @@ PIDFILE=/usr/local/apache/logs/httpd.pid
# the path to your httpd binary, including options if necessary
HTTPD='/usr/local/apache/src/httpd'
#
@@ -12,7 +12,7 @@
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
-@@ -138,6 +141,30 @@ do
Home |
Main Index |
Thread Index |
Old Index