- Update apache to 2.0.51

- Remove patch-as and patch-ah as they are now outdated and included in the src

- ok'ed snj@, wiz@
- Thanks to epg@ for final check

This version of Apache is principally a bug fix release. Of particular note
is that 2.0.51 addresses five security vulnerabilities:

An input validation issue in IPv6 literal address parsing which can result
in a negative length parameter being passed to memcpy.
[CAN-2004-0786]

A buffer overflow in configuration file parsing could allow a local user to
gain the privileges of a httpd child if the server can be forced to parse a
carefully crafted .htaccess file.
[CAN-2004-0747]

A segfault in mod_ssl which can be triggered by a malicious remote server,
if proxying to SSL servers has been configured.
[CAN-2004-0751]

A potential infinite loop in mod_ssl which could be triggered given
particular timing of a connection abort.
[CAN-2004-0748]

A segfault in mod_dav_fs which can be remotely triggered by an indirect lock
refresh request.
[CAN-2004-0809]

For further details, see http://www.apache.org/dist/httpd/Announcement2.html
and http://apache.rmplc.co.uk/httpd/CHANGES_2.0.
This commit is contained in:
adrianp 2004-09-20 17:19:33 +00:00
parent 577d336e5d
commit b58cda6746
8 changed files with 1102 additions and 1149 deletions

View file

@ -1,7 +1,6 @@
# $NetBSD: Makefile,v 1.43 2004/09/07 19:43:03 adrianp Exp $ # $NetBSD: Makefile,v 1.44 2004/09/20 17:19:33 adrianp Exp $
PKGNAME= apache-${APACHE_VERSION} PKGNAME= apache-${APACHE_VERSION}
PKGREVISION= 1
CATEGORIES= www CATEGORIES= www
HOMEPAGE= http://httpd.apache.org/ HOMEPAGE= http://httpd.apache.org/

View file

@ -1,5 +1,5 @@
DISTNAME= httpd-${APACHE_VERSION} DISTNAME= httpd-${APACHE_VERSION}
APACHE_VERSION= 2.0.50 APACHE_VERSION= 2.0.51
APR_VERSION= 0.9.5 APR_VERSION= 0.9.5
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
${MASTER_SITE_APACHE:=httpd/old/} \ ${MASTER_SITE_APACHE:=httpd/old/} \

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,4 @@
# $NetBSD: buildlink3.mk,v 1.6 2004/09/07 19:43:03 adrianp Exp $ # $NetBSD: buildlink3.mk,v 1.7 2004/09/20 17:19:33 adrianp Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
APACHE_BUILDLINK3_MK:= ${APACHE_BUILDLINK3_MK}+ APACHE_BUILDLINK3_MK:= ${APACHE_BUILDLINK3_MK}+
@ -11,8 +11,7 @@ BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Napache}
BUILDLINK_PACKAGES+= apache BUILDLINK_PACKAGES+= apache
.if !empty(APACHE_BUILDLINK3_MK:M+) .if !empty(APACHE_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.apache+= apache>=2.0.50 BUILDLINK_DEPENDS.apache+= apache>=2.0.51
BUILDLINK_RECOMMENDED.apache= apache>=2.0.50nb1
BUILDLINK_PKGSRCDIR.apache?= ../../www/apache2 BUILDLINK_PKGSRCDIR.apache?= ../../www/apache2
BUILDLINK_DEPMETHOD.apache?= build BUILDLINK_DEPMETHOD.apache?= build
. if defined(APACHE_MODULE) . if defined(APACHE_MODULE)

View file

@ -1,13 +1,11 @@
$NetBSD: distinfo,v 1.27 2004/09/07 19:43:03 adrianp Exp $ $NetBSD: distinfo,v 1.28 2004/09/20 17:19:33 adrianp Exp $
SHA1 (httpd-2.0.50.tar.gz) = 7b6f591b2e728473ebe0164bf5297b1fa86f4fe2 SHA1 (httpd-2.0.51.tar.gz) = 68ce1da942226c0a6276c9c313d21fe794a95222
Size (httpd-2.0.50.tar.gz) = 6338536 bytes Size (httpd-2.0.51.tar.gz) = 6735558 bytes
SHA1 (patch-aa) = 341d546fa758ae65023ff13422a3a002a7f1686b SHA1 (patch-aa) = 341d546fa758ae65023ff13422a3a002a7f1686b
SHA1 (patch-ad) = 27fa3655d6ba4840296e79fa6fd96cd9de79a33a SHA1 (patch-ad) = 27fa3655d6ba4840296e79fa6fd96cd9de79a33a
SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
SHA1 (patch-ah) = f655dbabb32884a20e77f4791fa762e6c0e6cf74
SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215 SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426 SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
SHA1 (patch-ar) = de5f57dd0757b7fdc1039c00f6e18de72007f5d8 SHA1 (patch-ar) = c6769617cd9111f6d233d68883c71988a36fbbce
SHA1 (patch-as) = b9941cac20dabfb79d90748bc9fcb047cfa13fbd

View file

@ -1,15 +0,0 @@
$NetBSD: patch-ah,v 1.6 2002/08/25 21:51:57 jlam Exp $
--- support/apachectl.in.orig Mon May 27 20:46:01 2002
+++ support/apachectl.in Wed Jun 19 07:40:07 2002
@@ -31,8 +31,8 @@
HTTPD='@exp_sbindir@/@progname@'
#
# pick up any necessary environment variables
-if test -f @exp_bindir@/envvars; then
- . @exp_bindir@/envvars
+if test -f @exp_sbindir@/envvars; then
+ . @exp_sbindir@/envvars
fi
#
# a command that outputs a formatted text version of the HTML at the

View file

@ -1,9 +1,9 @@
$NetBSD: patch-ar,v 1.2 2003/05/29 01:02:29 itojun Exp $ $NetBSD: patch-ar,v 1.3 2004/09/20 17:19:34 adrianp Exp $
--- srclib/apr/include/apr_atomic.h.orig 2003-05-03 13:11:07.000000000 +0900 --- srclib/apr/include/apr_atomic.h.orig 2004-09-17 11:43:55.000000000 +0100
+++ srclib/apr/include/apr_atomic.h 2003-05-29 09:50:00.000000000 +0900 +++ srclib/apr/include/apr_atomic.h 2004-09-17 11:45:30.000000000 +0100
@@ -211,7 +211,7 @@ @@ -168,7 +168,7 @@
#define apr_atomic_set(mem, val) atomic_set_int(mem, val) #define apr_atomic_set(mem, val) (atomic_set_int(mem, val),mem)
#define apr_atomic_read(mem) (*mem) #define apr_atomic_read(mem) (*mem)
-#elif (defined(__linux__) || defined(__EMX__)) && defined(__i386__) && !APR_FORCE_ATOMIC_GENERIC -#elif (defined(__linux__) || defined(__EMX__)) && defined(__i386__) && !APR_FORCE_ATOMIC_GENERIC

View file

@ -1,30 +0,0 @@
$NetBSD: patch-as,v 1.3 2004/09/07 19:43:03 adrianp Exp $
--- modules/ssl/ssl_engine_io.c.orig 2004-09-06 18:25:31.000000000 +0000
+++ modules/ssl/ssl_engine_io.c 2004-09-06 18:27:21.000000000 +0000
@@ -562,8 +562,12 @@
*len = bytes;
if (inctx->mode == AP_MODE_SPECULATIVE) {
/* We want to rollback this read. */
- inctx->cbuf.value -= bytes;
- inctx->cbuf.length += bytes;
+ if (inctx->cbuf.length > 0) {
+ inctx->cbuf.value -= bytes;
+ inctx->cbuf.length += bytes;
+ } else {
+ char_buffer_write(&inctx->cbuf, buf, (int)bytes);
+ }
return APR_SUCCESS;
}
/* This could probably be *len == wanted, but be safe from stray
@@ -587,6 +591,10 @@
while (1) {
if (!inctx->filter_ctx->pssl) {
+ /* Ensure a non-zero error code is returned */
+ if (inctx->rc == APR_SUCCESS) {
+ inctx->rc = APR_EGENERAL;
+ }
break;
}