head 1.11; access; symbols pkgsrc-2014Q1:1.10.0.28 pkgsrc-2014Q1-base:1.10 pkgsrc-2013Q4:1.10.0.26 pkgsrc-2013Q4-base:1.10 pkgsrc-2013Q3:1.10.0.24 pkgsrc-2013Q3-base:1.10 pkgsrc-2013Q2:1.10.0.22 pkgsrc-2013Q2-base:1.10 pkgsrc-2013Q1:1.10.0.20 pkgsrc-2013Q1-base:1.10 pkgsrc-2012Q4:1.10.0.18 pkgsrc-2012Q4-base:1.10 pkgsrc-2012Q3:1.10.0.16 pkgsrc-2012Q3-base:1.10 pkgsrc-2012Q2:1.10.0.14 pkgsrc-2012Q2-base:1.10 pkgsrc-2012Q1:1.10.0.12 pkgsrc-2012Q1-base:1.10 pkgsrc-2011Q4:1.10.0.10 pkgsrc-2011Q4-base:1.10 pkgsrc-2011Q3:1.10.0.8 pkgsrc-2011Q3-base:1.10 pkgsrc-2011Q2:1.10.0.6 pkgsrc-2011Q2-base:1.10 pkgsrc-2011Q1:1.10.0.4 pkgsrc-2011Q1-base:1.10 pkgsrc-2010Q4:1.10.0.2 pkgsrc-2010Q4-base:1.10 pkgsrc-2010Q3:1.9.0.10 pkgsrc-2010Q3-base:1.9 pkgsrc-2010Q2:1.9.0.8 pkgsrc-2010Q2-base:1.9 pkgsrc-2010Q1:1.9.0.6 pkgsrc-2010Q1-base:1.9 pkgsrc-2009Q4:1.9.0.4 pkgsrc-2009Q4-base:1.9 pkgsrc-2009Q3:1.9.0.2 pkgsrc-2009Q3-base:1.9 pkgsrc-2008Q4:1.8.0.24 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.22 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.20 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.18 pkgsrc-2008Q2-base:1.8 pkgsrc-2008Q1:1.8.0.16 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.14 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.12 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.10 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.8 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.8.0.6 pkgsrc-2006Q4-base:1.8 pkgsrc-2006Q3:1.8.0.4 pkgsrc-2006Q3-base:1.8 pkgsrc-2006Q2:1.8.0.2 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.7.0.4 pkgsrc-2006Q1-base:1.7 pkgsrc-2005Q4:1.7.0.2 pkgsrc-2005Q4-base:1.7 pkgsrc-2005Q3:1.5.0.2 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.3.0.14 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.12 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.10 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.8 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.6 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.4 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.2 pkgsrc-2003Q4-base:1.3 buildlink2-base:1.3 netbsd-1-5-PATCH003:1.2 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.11 date 2014.06.10.15.22.18; author joerg; state dead; branches; next 1.10; commitid djgMkPoOrhNxnZDx; 1.10 date 2010.11.01.18.03.04; author adam; state Exp; branches; next 1.9; 1.9 date 2009.09.04.18.55.34; author wiz; state Exp; branches; next 1.8; 1.8 date 2006.05.07.12.35.28; author tron; state dead; branches; next 1.7; 1.7 date 2005.12.15.11.29.00; author tron; state Exp; branches; next 1.6; 1.6 date 2005.10.17.10.37.11; author tron; state dead; branches; next 1.5; 1.5 date 2005.09.02.11.40.56; author tron; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2005.08.08.18.30.26; author tron; state Exp; branches; next 1.3; 1.3 date 2002.04.13.21.35.53; author jlam; state dead; branches 1.3.14.1; next 1.2; 1.2 date 2002.03.05.23.56.24; author jlam; state Exp; branches; next 1.1; 1.1 date 2002.03.05.23.24.07; author jlam; state Exp; branches 1.1.1.1; next ; 1.5.2.1 date 2005.10.18.21.21.27; author seb; state dead; branches; next 1.5.2.2; 1.5.2.2 date 2005.12.15.11.56.03; author salo; state Exp; branches; next ; 1.3.14.1 date 2005.08.08.18.47.04; author snj; state Exp; branches; next 1.3.14.2; 1.3.14.2 date 2005.09.02.12.19.02; author salo; state Exp; branches; next ; 1.1.1.1 date 2002.03.05.23.24.07; author jlam; state Exp; branches; next ; desc @@ 1.11 log @Retire Apache 1.3 and 2.0. @ text @$NetBSD: patch-ae,v 1.10 2010/11/01 18:03:04 adam Exp $ --- modules/ssl/ssl_engine_init.c.orig 2010-09-28 15:59:13.000000000 +0000 +++ modules/ssl/ssl_engine_init.c @@@@ -535,7 +535,7 @@@@ static void ssl_init_ctx_verify(server_r ssl_die(); } - SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list); + SSL_CTX_set_client_CA_list(ctx, (STACK_OF(X509_NAME) *)ca_list); } /* @ 1.10 log @Changes 2.0.64: * SECURITY: CVE-2010-1452 (cve.mitre.org) mod_dav: Fix Handling of requests without a path segment. * SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. * SECURITY: CVE-2009-3095 (cve.mitre.org) mod_proxy_ftp: sanity check authn credentials. * SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. * SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the 'SSLInsecureRenegotiation' directive to reopen this vulnerability and offer unsafe legacy renegotiation with clients which do not yet support the new secure renegotiation protocol, RFC 5746. * SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: A partial fix for the TLS renegotiation prefix injection attack for OpenSSL versions prior to 0.9.8l; reject any client-initiated renegotiations. Forcibly disable keepalive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using openssl 0.9.8l or later. * SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. * SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. * SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. * SECURITY: CVE-2008-2939 (cve.mitre.org) mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7. * Fix recursive ErrorDocument handling. * mod_ssl: Do not do overlapping memcpy. * Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass through on a 304 response. * apxs: Fix -A and -a options to ignore whitespace in httpd.conf @ text @d1 1 a1 1 $NetBSD$ @ 1.9 log @Build fixes for openssl-1.0. @ text @d3 1 a3 1 --- modules/ssl/ssl_engine_init.c.orig 2007-12-28 15:07:53.000000000 +0000 d5 1 a5 1 @@@@ -531,7 +531,7 @@@@ static void ssl_init_ctx_verify(server_r @ 1.8 log @Update "apr" package to version 0.9.12.2.0.58 and "apache" package to version 2.0.58. Change since Apache relase 2.0.55: - Legal: Restored original years in copyright notices. - mod_cgid: run the get_suexec_identity hook within the request-handler instead of within cgid. Apache#36410. - core: Prevent read of unitialized memory in ap_rgetline_core. Apache#39282. - mod_proxy: Report the proxy server name correctly in the "Via:" header, when UseCanonicalName is Off. Apache#11971. - mod_isapi: Various trivial code-fixes to permit mod_isapi to load and run on Unix. - HTML-escape the Expect error message. Not classed as security as an attacker has no way to influence the Expect header a victim will send to a target site. Reported by Thiago Zaninotti . - SECURITY: CVE-2005-3357 (cve.mitre.org) mod_ssl: Fix a possible crash during access control checks if a non-SSL request is processed for an SSL vhost (such as the "HTTP request received on SSL port" error message when an 400 ErrorDocument is configured, or if using "SSLEngine optional"). Apache#37791. - SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. - Add APR/APR-Util Compiled and Runtime Version numbers to the output of 'httpd -V'. - Ensure that the proper status line is written to the client, fixing incorrect status lines caused by filters which modify r->status without resetting r->status_line, such as the built-in byterange filter. - Default handler: Don't return output filter apr_status_t values. Apache#31759. - mod_speling: Stop crashing with certain non-file requests. - keep the Content-Length header for a HEAD with no response body. Apache#18757 - Modify apr[util] .h detection to avoid breakage on VPATH builds using Solaris make (amoung others) and avoid breakage in ./buildconf when srclib/apr[-util] are symlinks rather than directories proper. - Avoid server-driven negotiation when a CGI script has emitted an explicit "Status:" header. Apache#38070. - mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o format is used. Apache#27787. - mod_cache: Correctly handle responses with a 301 status. Apache#37347. - mod_proxy_http: Prevent data corruption of POST request bodies when client accesses proxied resources with SSL. Apache#37145. - Elimiated the NET_TIME filter, restructuring the timeout logic. This provides a working mod_echo on all platforms, and ensures any custom protocol module is at least given an initial timeout value based on the context's Timeout directive. - mod_ssl: Correct issue where mod_ssl does not pick up the ssl-unclean-shutdown setting when configured. Apache#34452. - Document the ReceiveBufferSize change done in r157583. - mod_deflate: Merge the Vary header, instead of Setting it. Fixes applications that send the Vary Header themselves. Apache#37559. - mod_dav: Fix a null pointer dereference in an error code path during the handling of MKCOL. - mod_mime_magic: Handle CRLF-format magic files so that it works with the default installation on Windows. - Write message to error log if AuthGroupFile cannot be opened. Apache#37566. - Add ReceiveBufferSize directive to control the TCP receive buffer. - mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125. - Remove the base href tag from proxy_ftp, as it breaks relative links for clients not using an Authorization header. - http_request.c: Add missing va_end call. - Add httxt2dbm to support/ for creating RewriteMap DBM Files. - support/check_forensic: Fix temp file usage - Chunk filter: Fix chunk filter to create correct chunks in the case that a flush bucket is surrounded by data buckets. - mod_cgi(d): Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default. Apache#15242 - Added new module mod_version, which provides version dependent configuration containers. - Add core version query function (ap_get_server_revision) and accompanying ap_version_t structure (minor MMN bump). @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.7 2005/12/15 11:29:00 tron Exp $ d3 4 a6 8 --- modules/mappers/mod_imap.c.orig 2005-02-04 20:21:18.000000000 +0000 +++ modules/mappers/mod_imap.c 2005-12-15 11:23:25.000000000 +0000 @@@@ -342,7 +342,7 @@@@ if (!strcasecmp(value, "referer")) { referer = apr_table_get(r->headers_in, "Referer"); if (referer && *referer) { - return apr_pstrdup(r->pool, referer); + return ap_escape_html(r->pool, referer); d8 6 a13 2 else { /* XXX: This used to do *value = '\0'; ... which is totally bogus @ 1.7 log @Add fix for security vulnerability reported in CVE-2005-3352 taken from Apache SVN repository. Bump package revision because of that. @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @Update "apache2" package to version 2.0.55. Patches supplied by Ben Collver. Addresses PR pkg/31817 by Zafer Aydogan. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.5 2005/09/02 11:40:56 tron Exp $ d3 11 a13 22 --- modules/ssl/ssl_engine_kernel.c.orig 2005-03-29 09:44:31.000000000 +0100 +++ modules/ssl/ssl_engine_kernel.c 2005-09-02 12:28:45.000000000 +0100 @@@@ -406,8 +406,8 @@@@ (!(verify_old & SSL_VERIFY_PEER) && (verify & SSL_VERIFY_PEER)) || - (!(verify_old & SSL_VERIFY_PEER_STRICT) && - (verify & SSL_VERIFY_PEER_STRICT))) + (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) && + (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { renegotiate = TRUE; /* optimization */ @@@@ -1398,7 +1398,7 @@@@ BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); - n = BIO_read(bio, buff, sizeof(buff)); + n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio); @ 1.5 log @Add patch from Apache SVN repository to fix weak client certificate validation reported in CAN-2005-2700. Bump package revision. @ text @d1 1 a1 1 $NetBSD$ @ 1.5.2.1 log @Pullup ticket 838 - requested by Matthias Scheler sync devel/apr and www/apache2 with HEAD as precautionary/preventive step Revisions pulled up: - devel/apr/Makefile 1.37 - devel/apr/distinfo 1.16 - devel/apr/patches/patch-ao 1.3 - www/apache2/Makefile 1.84 - www/apache2/Makefile.common 1.19 - www/apache2/PLIST 1.31 - www/apache2/distinfo 1.43,1.44 - www/apache2/patches/patch-ac 1.6 - www/apache2/patches/patch-ae removed - www/apache2/patches/patch-af removed - www/apache2/patches/patch-ah removed - www/apache2/patches/patch-aj removed - www/apache2/patches/patch-ao 1.7 Module Name: pkgsrc Committed By: joerg Date: Tue Oct 11 20:10:35 UTC 2005 Modified Files: pkgsrc/www/apache2: distinfo Added Files: pkgsrc/www/apache2/patches: patch-ao Log Message: Allow mod_ssl to build with OpenSSL 0.9.8. The patch is from Georg v. Zezschwitz on dev@@httpd.apache.org. --- Module Name: pkgsrc Committed By: tron Date: Mon Oct 17 10:28:46 UTC 2005 Modified Files: pkgsrc/devel/apr: Makefile distinfo pkgsrc/devel/apr/patches: patch-ao pkgsrc/www/apache2: Makefile Log Message: Update "apr" package to version 0.9.7. Changes since version 0.9.6: - Fix crash in apr_dir_make_recursive() for relative path when the working directory has been deleted. [Joe Orton] - Win32: fix apr_proc_mutex_trylock() to handle WAIT_TIMEOUT, returning APR_EBUSY. [Ronen Mizrahi ] - Fix apr_file_read() to catch write failures when flushing pending writes for a buffered file. [Joe Orton] - Fix apr_file_write() infinite loop on write failure for buffered files. [Erik Huelsmann ] - Fix error handling where apr_uid_* and apr_gid_* could segfault or return APR_SUCCESS in failure cases. Bug 34053. [Joe Orton, Paul Querna] - Refactor Win32 condition variables code to address bugs 27654, 34336. [Henry Jen , E Holyat ] - Support APR_SO_SNDBUF and APR_SO_RCVBUF on Windows. Bug 32177. [Sim , Jeff Trawick] - Fix detection of rwlocks on Mac OS X. [Aaron Bannert] - Fix issue with poll() followed by net I/O yielding EAGAIN on Mac OS 10.4 (Darwin 8). [Wilfredo Sanchez] Update based on patches supplied by Ben Collver. Addresses first part of PR pkg/31817 by Zafer Aydogan. --- Module Name: pkgsrc Committed By: tron Date: Mon Oct 17 10:37:11 UTC 2005 Modified Files: pkgsrc/www/apache2: Makefile.common PLIST distinfo pkgsrc/www/apache2/patches: patch-ac Removed Files: pkgsrc/www/apache2/patches: patch-ae patch-af patch-ah patch-aj Log Message: Update "apache2" package to version 2.0.55. Changes since version 2.0.54: - worker MPM: Fix a memory leak which can occur after an aborted connection in some limited circumstances. [Greg Ames] - mod_ldap: Fix Bug 36563. Keep track of the number of attributes retrieved from LDAP so that all of the values can be properly cached even if the value is NULL. [Brad Nicholes, Ondrej Sury ] - Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method. This addresses a flaw in proxy conformance to RFC 2616 - previously the proxy server would accept a TRACE request body although the RFC prohibited it. The default remains 'TraceEnable on'. [William Rowe] - Add ap_log_cerror() for logging messages associated with particular client connections. [Jeff Trawick] - Correct mod_cgid's argv[0] so that the full path can be delved by the invoked cgi application, to conform to the behavior of mod_cgi. [Pradeep Kumar S ] - mod_include: Fix possible environment variable corruption when using nested includes. Bug 12655. [Joe Orton] - Support the suppress-error-charset setting, as with Apache 1.3.x. Bug 31274. [Jeff Trawick] - EBCDIC: Handle chunked input from client or, with proxy, origin server. [Jeff Trawick] - Fix bad globbing comparison which could result in getting a directory listing when a file was requested. Bug 34512. [sean ] - Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker() was called even if mod_auth_ldap_check_user_id() was not (or if it didn't succeed) for non-authoritative cases. [Jim Jagielski] - mod_proxy: Fix over-eager handling of '%' for reverse proxies. Bug 15207. [Jim Jagielski] - mod_ldap: Fix various shared memory cache handling bugs. Bug 34209. [Joe Orton] - Fix a file descriptor leak when starting piped loggers. Bug 33748. [Joe Orton] - mod_ldap: Avoid segfaults when opening connections if using a version of OpenLDAP older than 2.2.21. Bug 34618. [Brad Nicholes] - mod_ssl: Fix build with OpenSSL 0.9.8. Bug 35757. [William Rowe] - proxy HTTP: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length and don't reuse the connection, mitigating some HTTP Response Splitting attacks. [Jeff Trawick] - Prevent hangs of child processes when writing to piped loggers at the time of graceful restart. Bug 26467. [Jeff Trawick] - SECURITY: CAN-2005-1268 (cve.mitre.org) mod_ssl: Fix off-by-one overflow whilst printing CRL information at "LogLevel debug" which could be triggered if configured to use a "malicious" CRL. Bug 35081. [Marc Stern ] - mod_userdir: Fix possible memory corruption issue. Bug 34588. [David Leonard ] - worker mpm: don't take down the whole server for a transient thread creation failure. Bug 34514 [Greg Ames] - mod_rewrite: use buffered I/O to improve performance with large RewriteMap txt: files. [Greg Ames] - proxy HTTP: Rework the handling of request bodies to handle chunked input and input filters which modify content length, and avoid spooling arbitrary-sized request bodies in memory. Bug 15859. [Jeff Trawick] Patches supplied by Ben Collver. Addresses PR pkg/31817 by Zafer Aydogan. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.5 2005/09/02 11:40:56 tron Exp $ @ 1.5.2.2 log @Pullup ticket 959 - requested by Matthias Scheler security fix for apache2 Revisions pulled up: - pkgsrc/www/apache2/Makefile 1.89 - pkgsrc/www/apache2/distinfo 1.45 - pkgsrc/www/apache2/patches/patch-ae 1.7 Module Name: pkgsrc Committed By: tron Date: Thu Dec 15 11:29:00 UTC 2005 Modified Files: pkgsrc/www/apache2: Makefile distinfo Added Files: pkgsrc/www/apache2/patches: patch-ae Log Message: Add fix for security vulnerability reported in CVE-2005-3352 taken from Apache SVN repository. Bump package revision because of that. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.7 2005/12/15 11:29:00 tron Exp $ d3 22 a24 11 --- modules/mappers/mod_imap.c.orig 2005-02-04 20:21:18.000000000 +0000 +++ modules/mappers/mod_imap.c 2005-12-15 11:23:25.000000000 +0000 @@@@ -342,7 +342,7 @@@@ if (!strcasecmp(value, "referer")) { referer = apr_table_get(r->headers_in, "Referer"); if (referer && *referer) { - return apr_pstrdup(r->pool, referer); + return ap_escape_html(r->pool, referer); } else { /* XXX: This used to do *value = '\0'; ... which is totally bogus @ 1.4 log @Add fixes for CAN-2005-1268 (not really a security problem) and CAN-2005-2088 from the Apache SVN repository. @ text @d4 12 a15 1 +++ modules/ssl/ssl_engine_kernel.c 2005-08-08 19:19:05.000000000 +0100 @ 1.3 log @-------------------------------------------------------------------------------- Update www/apache2 to 2.0.35, the first stable release of Apache 2.x. Pkgsrc changes include: *) Compiling the included modules statically. Add-ons will be built dynamically. *) Match improvements to www/apache rc.d script. *) Automatically add "Listen 0.0.0.0:80" to the sample config files as the default install of NetBSD is IPv4/IPv6 and we want the default install of Apache to work out-of-the-box. *) Automatically reset the User and Group directives to match the ones for suEXEC in the config files to ease the use of suEXEC in Apache. Changes from version 2.0.32 beta include: *) Small bug fixes across the board. *) Bug fixes to the various MPMs. *) Performance improvements. *) Fixes for mod_include errors on boundary conditions *) Bug fixes for mod_proxy to prevent hangs and for RFC2616 compliance. *) Improvements to mod_dav for improved API and for RFC 3253 compliance *) Improvemants to mod_ssl to support SSL proxy and RSA SSLC 1.x/2.x *) Greatly improve mod_cache (disk/mem) [this is disabled in pkgsrc] *) New scoreboard file implementation that is readable by 3rd-party apps. *) Allow all Perchild directives to accept either numerical UID/GID or logical user/group names. *) Add support for macro expansion within the variable names in and directives *) Implement SSLSessionCache shmht and shmcb. *) New directive ProxyIOBufferSize. Sets the size of the buffer used when reading from a remote HTTP server in proxy. *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change CacheMaxExpire and CacheDefaultExpire to use seconds rather than hours. *) New Directive SSIUndefinedEcho. to change the '(none)' echoed for a undefined variable. *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl. *) New Directive for mod_proxy: ProxyRemoteMatch. *) Fix IPv6 name-based virtual hosts. *) Introduce AddOutputFilterByType directive. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.2 2002/03/05 23:56:24 jlam Exp $ d3 5 a7 5 --- configure.in.orig Tue Mar 5 14:37:53 2002 +++ configure.in @@@@ -464,7 +464,7 @@@@ ;; esac d9 3 a11 4 -AC_OUTPUT($APACHE_OUTPUT_FILES support/apxs support/apachectl support/dbmmanage support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk,[true],[ +AC_OUTPUT($APACHE_OUTPUT_FILES support/apxs.pl support/apachectl.sh support/dbmmanage.pl support/envvars-std support/log_server_status support/logresolve.pl support/phf_abuse_log.cgi support/split-logfile build/rules.mk,[true],[ APACHE_GEN_MAKEFILES ]) d13 1 @ 1.3.14.1 log @Pullup ticket 668 - requested by Matthias Scheler security fix for apache2 Revisions pulled up: - pkgsrc/www/apache2/Makefile 1.77 - pkgsrc/www/apache2/distinfo 1.39 - pkgsrc/www/apache2/patches/patch-ae 1.4 - pkgsrc/www/apache2/patches/patch-af 1.4 Module Name: pkgsrc Committed By: tron Date: Mon Aug 8 18:30:26 UTC 2005 Modified Files: pkgsrc/www/apache2: Makefile distinfo Added Files: pkgsrc/www/apache2/patches: patch-ae patch-af Log Message: Add fixes for CAN-2005-1268 (not really a security problem) and CAN-2005-2088 from the Apache SVN repository. @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 5 --- modules/ssl/ssl_engine_kernel.c.orig 2005-03-29 09:44:31.000000000 +0100 +++ modules/ssl/ssl_engine_kernel.c 2005-08-08 19:19:05.000000000 +0100 @@@@ -1398,7 +1398,7 @@@@ BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); d9 4 a12 3 - n = BIO_read(bio, buff, sizeof(buff)); + n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; a13 1 BIO_free(bio); @ 1.3.14.2 log @Pullup ticket 732 - requested by Matthias Scheler security fix for apache2 Revisions pulled up: - pkgsrc/www/apache2/Makefile 1.82 - pkgsrc/www/apache2/distinfo 1.41 - pkgsrc/www/apache2/patches/patch-ae 1.5 Module Name: pkgsrc Committed By: tron Date: Fri Sep 2 11:40:56 UTC 2005 Modified Files: pkgsrc/www/apache2: Makefile distinfo pkgsrc/www/apache2/patches: patch-ae Log Message: Add patch from Apache SVN repository to fix weak client certificate validation reported in CAN-2005-2700. Bump package revision. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.5 2005/09/02 11:40:56 tron Exp $ d4 1 a4 12 +++ modules/ssl/ssl_engine_kernel.c 2005-09-02 12:28:45.000000000 +0100 @@@@ -406,8 +406,8 @@@@ (!(verify_old & SSL_VERIFY_PEER) && (verify & SSL_VERIFY_PEER)) || - (!(verify_old & SSL_VERIFY_PEER_STRICT) && - (verify & SSL_VERIFY_PEER_STRICT))) + (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) && + (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { renegotiate = TRUE; /* optimization */ @ 1.2 log @Update www/apache2 to 2.0.32 beta. Pkgsrc changes from the previous version include: *) Move the binaries back into ${PREFIX}/sbin to match the locations for www/apache. *) Build the Apache modules (including mod_ssl) so that apache2 has the same functionality as apache. *) Support shared modules on platforms that support them. Otherwise, link the modules statically into the server. *) Support suEXEC in the same way as for www/apache. *) Honor PKG_SYSCONFDIR. *) Add a rc.d-style control script based on www/apache/files/apache.sh. *) Strongly buildlinkify again after previous changes broke it. Relevant changes from version 2.0.28 beta include: *) A ton of bug fixes in both the main server code and the module code (it _is_ a beta release following a previous beta release). *) Several performance and memory optimizations. *) The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. *) Add several new mod_proxy directives: ProxyTimeout, ProxyPreserveHost, ProxyPass. *) FTP directory listings are now always retrieved in ASCII mode. The FTP proxy properly escapes URI's and HTML in the generated listing, and escapes the path components when talking to the FTP server. *) Add FileETag directive to allow configurable control of what data are used to form ETag values for file-based URIs. *) Introduced the ForceLanguagePriority directive, to prevent returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, when using Multiviews. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.4 2002/01/04 09:45:10 martti Exp $ d3 10 a12 9 --- docs/conf/httpd-std.conf.orig Thu Nov 8 23:31:28 2001 +++ docs/conf/httpd-std.conf Thu Dec 6 15:02:14 2001 @@@@ -53,7 +53,7 @@@@ # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # -#LockFile logs/accept.lock +#LockFile /var/log/httpd/accept.lock a13 80 # @@@@ -64,7 +64,7 @@@@ # -ScoreBoardFile logs/apache_runtime_status +ScoreBoardFile /var/log/httpd/apache_runtime_status @@@@ -73,7 +73,7 @@@@ # PidFile: The file in which the server should record its process # identification number when it starts. # -PidFile logs/httpd.pid +PidFile /var/log/httpd/httpd.pid # # Timeout: The number of seconds before receives and sends time out. @@@@ -377,7 +377,7 @@@@ # TypesConfig describes where the mime.types file (or equivalent) is # to be found. # -TypesConfig conf/mime.types +TypesConfig PKG_PREFIX/etc/httpd/mime.types # # DefaultType is the default MIME type the server will use for a document @@@@ -396,7 +396,7 @@@@ # directive tells the module where the hint definitions are located. # - MIMEMagicFile conf/magic + MIMEMagicFile PKG_PREFIX/etc/httpd/magic # @@@@ -416,7 +416,7 @@@@ # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. # -ErrorLog logs/error_log +ErrorLog /var/log/httpd/error_log # # LogLevel: Control the number of messages logged to the error_log. @@@@ -441,20 +441,20 @@@@ # define per- access logfiles, transactions will be # logged therein and *not* in this file. # -CustomLog logs/access_log common +CustomLog /var/log/httpd/access_log common # # If you would like to have agent and referer logfiles, uncomment the # following directives. # -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent +#CustomLog /var/log/httpd/referer_log referer +#CustomLog /var/log/httpd/agent_log agent # # If you prefer a single logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # -#CustomLog logs/access_log combined +#CustomLog /var/log/httpd/access_log combined # # Optionally add a line containing the server version and virtual host @@@@ -997,6 +997,6 @@@@ # ServerAdmin webmaster@@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common +# ErrorLog /var/log/httpd/dummy-host.example.com-error_log +# CustomLog /var/log/httpd/dummy-host.example.com-access_log common # @ 1.1.1.1 log @Reimport pkgsrc/www/apache-current as pkgsrc/www/apache2. @ text @@