summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspz <spz>2013-07-15 20:19:16 +0000
committerspz <spz>2013-07-15 20:19:16 +0000
commitfb6969627853d1edb3c10dca9f0ed2301f18a9c9 (patch)
tree204f6db898193c41c18de02b9797a86a8dd75757
parent4038e9e78ac082040c3e27f04cdbb4a160dc0195 (diff)
downloadpkgsrc_2013Q1.tar.gz
Pullup ticket #4184 - requested by tronpkgsrc_2013Q1
www/apache22: security update Revisions pulled up: - www/apache22/Makefile 1.92 - www/apache22/distinfo 1.57 - www/apache22/patches/patch-modules_mappers_mod_rewrite.c deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Mon Jul 15 18:15:49 UTC 2013 Modified Files: pkgsrc/www/apache22: Makefile distinfo Removed Files: pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c Log Message: Update "apache22" package to version 2.2.25. Changes since 2.2.24: - SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. [Eric Covener, Jeff Trawick, Joe Orton] - core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer strings. The default limit for ap_pregsub() can be adjusted at compile time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick] - core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization on Linux kernel versions 3.x and above. Bug#55121. [Bradley Heilbrun <apache heilbrun.org>] - mod_setenvif: Log error on substitution overflow. [Stefan Fritsch] - mod_ssl/proxy: enable the SNI extension for backend TLS connections [Kaspar Brand] - mod_proxy: Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. Bug#53134. [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem] - mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits in the error log to debug level. [William Rowe] - mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698. [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand] - mod_proxy_balancer: Added balancer parameter failontimeout to allow server admin to configure an IO timeout as an error in the balancer. [Daniel Ruggeri] - mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password. [Daniel Ruggeri] - htdigest: Fix buffer overflow when reading digest password file with very long lines. Bug#54893. [Rainer Jung] - mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [Ben Reser <ben reser.org>] - mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611 [Timothy Wood <tjw omnigroup.com>] - mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>] - mod_dav: Sending an If or If-Match header with an invalid ETag doesn't result in a 412 Precondition Failed for a COPY operation. PR54610 [Timothy Wood <tjw omnigroup.com>] - mod_dav: When a PROPPATCH attempts to remove a non-existent dead property on a resource for which there is no dead property in the same namespace httpd segfaults. Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>] - mod_dav: Do not fail PROPPATCH when prop namespace is not known. Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>] - mod_dav: Do not segfault on PROPFIND with a zero length DBM. Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>] To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 pkgsrc/www/apache22/Makefile cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/apache22/distinfo cvs rdiff -u -r1.3 -r0 \ pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
-rw-r--r--www/apache22/patches/patch-modules_mappers_mod_rewrite.c34
1 files changed, 0 insertions, 34 deletions
diff --git a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
deleted file mode 100644
index a576458c89f..00000000000
--- a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.3.2.2 2013/06/02 11:07:36 spz Exp $
-
-Fix for security vulnerability reported in CVE-2013-1862. Patch taken
-from here:
-
-http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
-
---- modules/mappers/mod_rewrite.c.orig 2013-02-18 21:31:42.000000000 +0000
-+++ modules/mappers/mod_rewrite.c 2013-05-30 23:50:27.000000000 +0100
-@@ -500,11 +500,11 @@
-
- logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
- "(%d) %s%s%s%s" APR_EOL_STR,
-- rhost ? rhost : "UNKNOWN-HOST",
-- rname ? rname : "-",
-- r->user ? (*r->user ? r->user : "\"\"") : "-",
-+ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
-+ rname ? ap_escape_logitem(r->pool, rname) : "-",
-+ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
- current_logtime(r),
-- ap_get_server_name(r),
-+ ap_escape_logitem(r->pool, ap_get_server_name(r)),
- (void *)(r->server),
- (void *)r,
- r->main ? "subreq" : "initial",
-@@ -514,7 +514,7 @@
- perdir ? "[perdir " : "",
- perdir ? perdir : "",
- perdir ? "] ": "",
-- text);
-+ ap_escape_logitem(r->pool, text));
-
- nbytes = strlen(logline);
- apr_file_write(conf->rewritelogfp, logline, &nbytes);