ebadff7698
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
181 lines
8.6 KiB
Text
181 lines
8.6 KiB
Text
$NetBSD: patch-aa,v 1.26 2008/02/23 05:16:34 obache Exp $
|
|
|
|
--- Makefile.tmpl.orig 2008-02-23 04:22:56.000000000 +0000
|
|
+++ Makefile.tmpl
|
|
@@ -57,6 +57,8 @@ INSTALL_DATA = $(INSTALL) $(IFLAGS_DA
|
|
PERL = @PERL@
|
|
TAR = @TAR@
|
|
TAROPT = @TAROPT@
|
|
+BINOWN = @BINOWN@
|
|
+BINGRP = @BINGRP@
|
|
|
|
# installation name of Apache webserver
|
|
TARGET = @TARGET@
|
|
@@ -281,11 +283,6 @@ install-mktree:
|
|
$(MKDIR) $(root)$(mandir)/man1
|
|
$(MKDIR) $(root)$(mandir)/man8
|
|
$(MKDIR) $(root)$(sysconfdir)
|
|
- $(MKDIR) $(root)$(sysconfdir)/ssl.crt
|
|
- $(MKDIR) $(root)$(sysconfdir)/ssl.crl
|
|
- $(MKDIR) $(root)$(sysconfdir)/ssl.csr
|
|
- $(MKDIR) $(root)$(sysconfdir)/ssl.key
|
|
- $(MKDIR) $(root)$(sysconfdir)/ssl.prm
|
|
$(MKDIR) $(root)$(htdocsdir)
|
|
$(MKDIR) $(root)$(manualdir)
|
|
$(MKDIR) $(root)$(iconsdir)
|
|
@@ -297,9 +294,9 @@ install-mktree:
|
|
$(MKDIR) $(root)$(proxycachedir)
|
|
-@if [ "x`$(AUX)/getuid.sh`" = "x0" ]; then \
|
|
echo "chown $(conf_user) $(root)$(proxycachedir)"; \
|
|
- chown $(conf_user) $(root)$(proxycachedir); \
|
|
+ ${CHOWN} $(conf_user) $(root)$(proxycachedir); \
|
|
echo "chgrp $(conf_group) $(root)$(proxycachedir)"; \
|
|
- chgrp "$(conf_group)" $(root)$(proxycachedir); \
|
|
+ ${CHGRP} "$(conf_group)" $(root)$(proxycachedir); \
|
|
fi
|
|
@echo "<=== [mktree]"
|
|
|
|
@@ -344,34 +341,6 @@ install-programs:
|
|
file=`echo $${mod} | sed -e 's;^.*/\([^/]*\);\1;'`; \
|
|
echo "$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}"; \
|
|
$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}; \
|
|
- name=`$(TOP)/$(AUX)/fmn.sh $(TOP)/$(SRC)/$${mod}`; \
|
|
- if [ ".$$name" = .ssl_module ]; then \
|
|
- echo "<IfDefine SSL>" >>$(SRC)/.apaci.install.conf; \
|
|
- fi; \
|
|
- echo dummy | awk '{ printf("LoadModule %-18s %s\n", modname, modpath); }' \
|
|
- modname="$${name}" modpath="$(libexecdir_relative)$${file}" >>$(SRC)/.apaci.install.conf; \
|
|
- if [ ".$$name" = .ssl_module ]; then \
|
|
- echo "</IfDefine>" >>$(SRC)/.apaci.install.conf; \
|
|
- fi; \
|
|
- done; \
|
|
- echo "" >>$(SRC)/.apaci.install.conf; \
|
|
- echo "# Reconstruction of the complete module list from all available modules" >>$(SRC)/.apaci.install.conf; \
|
|
- echo "# (static and shared ones) to achieve correct module execution order." >>$(SRC)/.apaci.install.conf; \
|
|
- echo "# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]" >>$(SRC)/.apaci.install.conf; \
|
|
- echo "ClearModuleList" >>$(SRC)/.apaci.install.conf; \
|
|
- for mod in `egrep "^[ ]*(Add|Shared)Module" $(SRC)/Configuration.apaci |\
|
|
- sed -e 's:[ ]*SharedModule::' \
|
|
- -e 's:[ ]*AddModule::' \
|
|
- -e 's:modules/[^/]*/::' \
|
|
- -e 's:[ ]lib: mod_:' \
|
|
- -e 's:\.[soam]*$$:.c:'`; do \
|
|
- if [ ".$$mod" = .mod_ssl.c ]; then \
|
|
- echo "<IfDefine SSL>" >>$(SRC)/.apaci.install.conf; \
|
|
- fi; \
|
|
- echo "AddModule $$mod" >>$(SRC)/.apaci.install.conf; \
|
|
- if [ ".$$mod" = .mod_ssl.c ]; then \
|
|
- echo "</IfDefine>" >>$(SRC)/.apaci.install.conf; \
|
|
- fi; \
|
|
done; \
|
|
fi
|
|
@echo "<=== [programs]"
|
|
@@ -421,9 +390,9 @@ install-support:
|
|
echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \
|
|
$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \
|
|
echo "chown root $(root)$(sbindir)/suexec"; \
|
|
- chown root $(root)$(sbindir)/suexec; \
|
|
+ ${CHOWN} root $(root)$(sbindir)/suexec; \
|
|
echo "chmod 4711 $(root)$(sbindir)/suexec"; \
|
|
- chmod 4711 $(root)$(sbindir)/suexec; \
|
|
+ ${CHMOD} 4711 $(root)$(sbindir)/suexec; \
|
|
echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \
|
|
$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \
|
|
fi
|
|
@@ -465,9 +434,9 @@ install-binsupport:
|
|
echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \
|
|
$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \
|
|
echo "chown root $(root)$(sbindir)/suexec"; \
|
|
- chown root $(root)$(sbindir)/suexec; \
|
|
+ ${CHOWN} root $(root)$(sbindir)/suexec; \
|
|
echo "chmod 4711 $(root)$(sbindir)/suexec"; \
|
|
- chmod 4711 $(root)$(sbindir)/suexec; \
|
|
+ ${CHMOD} 4711 $(root)$(sbindir)/suexec; \
|
|
echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \
|
|
$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \
|
|
fi
|
|
@@ -490,21 +459,25 @@ install-include:
|
|
# icons and distributed CGI scripts.
|
|
install-data:
|
|
@echo "===> [data: Installing initial data files]"
|
|
- -@if [ -f $(root)$(htdocsdir)/index.html ] || [ -f $(root)$(htdocsdir)/index.html.en ]; then \
|
|
+ -@if false; then \
|
|
echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(htdocsdir)/]"; \
|
|
else \
|
|
echo "Copying tree $(TOP)/htdocs/ -> $(root)$(htdocsdir)/"; \
|
|
(cd $(TOP)/htdocs/ && $(TAR) $(TAROPT) - index* apache_pb.* ) |\
|
|
(cd $(root)$(htdocsdir)/ && $(TAR) -xf -); \
|
|
- find $(root)$(htdocsdir)/ -type d -exec chmod a+rx {} \; ; \
|
|
- find $(root)$(htdocsdir)/ -type f -print | xargs chmod a+r ; \
|
|
+ ${FIND} $(root)$(htdocsdir)/ -type d -exec ${CHMOD} a+rx {} \; ; \
|
|
+ ${FIND} $(root)$(htdocsdir)/ -type f -print | ${XARGS} ${CHMOD} a+r ; \
|
|
+ ${FIND} $(root)$(htdocsdir)/ -print | \
|
|
+ ${XARGS} ${CHOWN} ${BINOWN}:${BINGRP} ; \
|
|
fi
|
|
-@if [ -d $(TOP)/htdocs/manual ]; then \
|
|
echo "Copying tree $(TOP)/htdocs/manual -> $(root)/$(manualdir)/"; \
|
|
(cd $(TOP)/htdocs/manual/ && $(TAR) $(TAROPT) - *) |\
|
|
(cd $(root)$(manualdir)/ && $(TAR) -xf -); \
|
|
- find $(root)$(manualdir)/ -type d -exec chmod a+rx {} \; ; \
|
|
- find $(root)$(manualdir)/ -type f -print | xargs chmod a+r ; \
|
|
+ ${FIND} $(root)$(manualdir)/ -type d -exec ${CHMOD} a+rx {} \; ; \
|
|
+ ${FIND} $(root)$(manualdir)/ -type f -print | ${XARGS} ${CHMOD} a+r ; \
|
|
+ ${FIND} $(root)$(manualdir)/ -print | \
|
|
+ ${XARGS} ${CHOWN} ${BINOWN}:${BINGRP} ; \
|
|
fi
|
|
-@if [ -f $(root)$(cgidir)/printenv ]; then \
|
|
echo "[PRESERVING EXISTING CGI SUBDIR: $(root)$(cgidir)/]"; \
|
|
@@ -512,23 +485,25 @@ install-data:
|
|
for script in printenv test-cgi; do \
|
|
cat $(TOP)/cgi-bin/$${script} |\
|
|
sed -e 's;^#!/.*perl;#!$(PERL);' \
|
|
+ -e 's;LD_LIBRARY_PATH=.*;LD_LIBRARY_PATH=/usr/lib:$(prefix)/lib:/usr/local/lib;' \
|
|
> $(TOP)/$(SRC)/.apaci.install.tmp; \
|
|
- echo "$(INSTALL_DATA) $(TOP)/conf/$${script}[*] $(root)$(cgidir)/$${script}"; \
|
|
- $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(cgidir)/$${script}; \
|
|
+ echo "$(INSTALL_SCRIPT) $(TOP)/conf/$${script}[*] $(root)$(cgidir)/$${script}"; \
|
|
+ $(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(cgidir)/$${script}; \
|
|
done; \
|
|
fi
|
|
@echo "Copying tree $(TOP)/icons/ -> $(root)$(iconsdir)/"; \
|
|
(cd $(TOP)/icons/ && $(TAR) $(TAROPT) - *) |\
|
|
(cd $(root)$(iconsdir)/ && $(TAR) -xf -); \
|
|
- find $(root)$(iconsdir)/ -type d -exec chmod a+rx {} \; ;\
|
|
- find $(root)$(iconsdir)/ -type f -exec chmod a+r {} \;
|
|
+ ${FIND} $(root)$(iconsdir)/ -type d -exec ${CHMOD} a+rx {} \; ;\
|
|
+ ${FIND} $(root)$(iconsdir)/ -type f -exec ${CHMOD} a+r {} \; ;\
|
|
+ ${CHOWN} -R ${BINOWN}:${BINGRP} $(root)$(iconsdir)/.
|
|
@echo "<=== [data]"
|
|
|
|
# create the initial configuration by providing default files
|
|
# and initial config files while preserving existing ones.
|
|
install-config:
|
|
@echo "===> [config: Installing Apache configuration files]"
|
|
- -@for conf in httpd.conf access.conf srm.conf; do \
|
|
+ -@for conf in httpd.conf; do \
|
|
if [ .$$conf = .httpd.conf ]; then \
|
|
target_conf="$(TARGET).conf"; \
|
|
else \
|
|
@@ -584,22 +559,10 @@ install-config:
|
|
> $(TOP)/$(SRC)/.apaci.install.tmp && \
|
|
echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}.default"; \
|
|
$(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}.default; \
|
|
- if [ ! -f "$(root)$(sysconfdir)/$${target_conf}" ]; then \
|
|
- echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}"; \
|
|
- $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}; \
|
|
- else \
|
|
- echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${target_conf}]"; \
|
|
- fi; \
|
|
done
|
|
-@for conf in mime.types magic; do \
|
|
echo "$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}.default"; \
|
|
$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}.default; \
|
|
- if [ ! -f "$(root)$(sysconfdir)/$${conf}" ]; then \
|
|
- echo "$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}"; \
|
|
- $(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}; \
|
|
- else \
|
|
- echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${conf}]"; \
|
|
- fi; \
|
|
done
|
|
-@if [ ".$(ssl)" = .1 ]; then \
|
|
echo "chmod 755 $(root)$(sysconfdir)/ssl.crt"; \
|