pkgsrc/www/apache/patches/patch-al

$NetBSD: patch-al,v 1.9 2008/02/23 05:16:34 obache Exp $

--- src/Configure.orig	2008-02-23 04:22:55.000000000 +0000
+++ src/Configure
@@ -466,6 +466,14 @@ case "$PLAT" in
 	DBM_LIB=""
 	DB_LIB=""
 	;;
+    *-dragonfly*)
+	OS="DragonFly"
+	DEF_WANTHSREGEX=no
+	CFLAGS="$CFLAGS -funsigned-char"
+	LIBS="$LIBS -lcrypt"
+	DBM_LIB=""
+	DB_LIB=""
+	;;
     *-openbsd*)
 	OS='OpenBSD'
 	DBM_LIB=""
@@ -1111,6 +1119,14 @@ if [ "x$using_shlib" = "x1" ] ; then
 	    esac
 	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
 	    ;;
+	*-dragonfly*)
+	    LD_SHLIB="gcc"
+	    CFLAGS_SHLIB="-fPIC -DPIC"
+	    LDFLAGS_SHLIB="-shared"
+	    LDFLAGS_SHLIB_EXPORT="-Wl,-E"
+	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
+	    SHLIB_SUFFIX_DEPTH=2
+	    ;;
 	*-netbsd*)
 	    CFLAGS_SHLIB="-fPIC -DPIC"
 	    if echo __ELF__ | ${CC} -E - | grep -q __ELF__; then
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			$NetBSD: patch-al,v 1.9 2008/02/23 05:16:34 obache Exp $
Add DragonFly support. (An httpd service was only briefly tested.) 2005-08-22 18:19:00 +02:00
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`--- src/Configure.orig 2008-02-23 04:22:55.000000000 +0000`
			`+++ src/Configure`
			`@@ -466,6 +466,14 @@ case "$PLAT" in`
Add DragonFly support. (An httpd service was only briefly tested.) 2005-08-22 18:19:00 +02:00			`DBM_LIB=""`
			`DB_LIB=""`
			`;;`
In patch-al, DragonFly has to be spelled in lower case. 2006-01-09 14:40:34 +01:00			`+ -dragonfly)`
Add DragonFly support. (An httpd service was only briefly tested.) 2005-08-22 18:19:00 +02:00			`+ OS="DragonFly"`
			`+ DEF_WANTHSREGEX=no`
			`+ CFLAGS="$CFLAGS -funsigned-char"`
			`+ LIBS="$LIBS -lcrypt"`
			`+ DBM_LIB=""`
			`+ DB_LIB=""`
			`+ ;;`
			`-openbsd)`
			`OS='OpenBSD'`
			`DBM_LIB=""`
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`@@ -1111,6 +1119,14 @@ if [ "x$using_shlib" = "x1" ] ; then`
Fix httpd linkage on DragonFly: -Wl,-E is needed, otherwise ap-php can't use ap_block_alarms. Bump revision. Problem noticed by Justin Sherrill on DragonFly's bugs list. 2006-01-09 01:51:03 +01:00			`esac`
			`LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB`
			`;;`
			`+ -dragonfly)`
			`+ LD_SHLIB="gcc"`
			`+ CFLAGS_SHLIB="-fPIC -DPIC"`
			`+ LDFLAGS_SHLIB="-shared"`
			`+ LDFLAGS_SHLIB_EXPORT="-Wl,-E"`
			`+ LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB`
			`+ SHLIB_SUFFIX_DEPTH=2`
			`+ ;;`
			`-netbsd)`
			`CFLAGS_SHLIB="-fPIC -DPIC"`
			`if echo __ELF__ \| ${CC} -E - \| grep -q __ELF__; then`