From owner-svn-ports-all@FreeBSD.ORG Sat Jul 6 08:46:41 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3AADC931; Sat, 6 Jul 2013 08:46:41 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 1B8751E11; Sat, 6 Jul 2013 08:46:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r668kePE088892; Sat, 6 Jul 2013 08:46:41 GMT (envelope-from ohauer@svn.freebsd.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r668keFN088888; Sat, 6 Jul 2013 08:46:40 GMT (envelope-from ohauer@svn.freebsd.org) Message-Id: <201307060846.r668keFN088888@svn.freebsd.org> From: Olli Hauer Date: Sat, 6 Jul 2013 08:46:40 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r322368 - in head: security/vuxml www/apache22 www/apache22/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jul 2013 08:46:41 -0000 Author: ohauer Date: Sat Jul 6 08:46:39 2013 New Revision: 322368 URL: http://svnweb.freebsd.org/changeset/ports/322368 Log: - add fix for CVE-2013-1862 - adjust vuxml Added: head/www/apache22/files/patch-modules__mappers__mod_rewrite.c (contents, props changed) Modified: head/security/vuxml/vuln.xml head/www/apache22/Makefile head/www/apache22/files/patch-support__apachectl.in Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Jul 6 08:43:48 2013 (r322367) +++ head/security/vuxml/vuln.xml Sat Jul 6 08:46:39 2013 (r322368) @@ -56,23 +56,23 @@ Note: Please add new entries to the beg apache22 - 2.2.02.2.25 + 2.2.02.2.24_1 apache22-event-mpm - 2.2.02.2.25 + 2.2.02.2.24_1 apache22-itk-mpm - 2.2.02.2.25 + 2.2.02.2.24_1 apache22-peruser-mpm - 2.2.02.2.25 + 2.2.02.2.24_1 apache22-worker-mpm - 2.2.02.2.25 + 2.2.02.2.24_1 @@ -93,6 +93,7 @@ Note: Please add new entries to the beg 2013-06-21 2013-07-05 + 2013-07-06 Modified: head/www/apache22/Makefile ============================================================================== --- head/www/apache22/Makefile Sat Jul 6 08:43:48 2013 (r322367) +++ head/www/apache22/Makefile Sat Jul 6 08:46:39 2013 (r322368) @@ -2,7 +2,7 @@ PORTNAME= apache22 PORTVERSION= 2.2.24 -#PORTREVISION?= 1 +PORTREVISION?= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} @@ -45,24 +45,6 @@ WITH_MPM?= prefork # or worker, event, WITH_HTTP_PORT?= 80 .include "${APACHEDIR}/Makefile.options" - -# stop users from using old WITH/WITHOUT parameters -.for opt in ${OPTIONS_DEFINE} -. if defined(WITH_${opt}) || defined(WITHOUT_${opt}) -BROKEN= WITH/WITHOUT parameters are obsolete. \ - The port use the new options NG framework. Please read\ - http://wiki.freebsd.org/Ports/Options/OptionsNG -. endif -.endfor - -.for category in ${ALL_MODULES_CATEGORIES} -. if defined(WITH_${category}_MODULES) -BROKEN= WITH/WITHOUT_..._MODULES parameters are obsolete. \ - The port use the new options NG framework. Please read\ - http://wiki.freebsd.org/Ports/Options/OptionsNG -. endif -.endfor - .include .include "${APACHEDIR}/Makefile.doc" @@ -75,7 +57,7 @@ APU_DBD_PGSQL?= ${LOCALBASE}/lib/apr-ut APU_DBD_SQLITE3?= ${LOCALBASE}/lib/apr-util-1/apr_dbd_sqlite3.so # APU module used by AUTHNZ_LDAP LDAP APU_LDAP?= ${LOCALBASE}/lib/apr-util-1/apr_ldap.so -# APU crypto +# APU module used by SESSION_CRYPTO APU_CRYPTO_SSL?= ${LOCALBASE}/lib/apr-util-1/apr_crypto_openssl.so APU_CRYPTO_NSS?= ${LOCALBASE}/lib/apr-util-1/apr_crypto_nss.so @@ -144,7 +126,7 @@ post-patch: post-configure: @FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\ ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$${FTPUSERS}," ${WRKSRC}/docs/conf/extra/httpd-userdir.conf - @${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," ${WRKSRC}/docs/conf/httpd.conf + @${REINPLACE_CMD} -e "s,%%WWWOWN%%,${WWWOWN}," -e "s,%%WWWGRP%%,${WWWGRP}," ${WRKSRC}/docs/conf/httpd.conf @${REINPLACE_CMD} -e "s,%%PREFIX%%,${PREFIX}," ${WRKSRC}/support/envvars-std post-install: Added: head/www/apache22/files/patch-modules__mappers__mod_rewrite.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/apache22/files/patch-modules__mappers__mod_rewrite.c Sat Jul 6 08:46:39 2013 (r322368) @@ -0,0 +1,27 @@ +--- ./modules/mappers/mod_rewrite.c.orig 2013-02-18 22:31:42.000000000 +0100 ++++ ./modules/mappers/mod_rewrite.c 2013-05-14 16:41:30.000000000 +0200 +@@ -500,11 +500,11 @@ + + logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] " + "(%d) %s%s%s%s" APR_EOL_STR, +- rhost ? rhost : "UNKNOWN-HOST", +- rname ? rname : "-", +- r->user ? (*r->user ? r->user : "\"\"") : "-", ++ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST", ++ rname ? ap_escape_logitem(r->pool, rname) : "-", ++ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-", + current_logtime(r), +- ap_get_server_name(r), ++ ap_escape_logitem(r->pool, ap_get_server_name(r)), + (void *)(r->server), + (void *)r, + r->main ? "subreq" : "initial", +@@ -514,7 +514,7 @@ + perdir ? "[perdir " : "", + perdir ? perdir : "", + perdir ? "] ": "", +- text); ++ ap_escape_logitem(r->pool, text)); + + nbytes = strlen(logline); + apr_file_write(conf->rewritelogfp, logline, &nbytes); Modified: head/www/apache22/files/patch-support__apachectl.in ============================================================================== --- head/www/apache22/files/patch-support__apachectl.in Sat Jul 6 08:43:48 2013 (r322367) +++ head/www/apache22/files/patch-support__apachectl.in Sat Jul 6 08:46:39 2013 (r322368) @@ -1,11 +1,68 @@ --- ./support/apachectl.in.orig 2006-07-11 23:38:44.000000000 -0400 +++ ./support/apachectl.in 2010-05-06 19:37:54.265730461 -0400 -@@ -64,7 +64,7 @@ - ULIMIT_MAX_FILES="@APACHECTL_ULIMIT@" +@@ -35,6 +35,7 @@ + # When multiple arguments are given, only the error from the _last_ + # one is reported. Run "apachectl help" for usage info + # ++ACMD="$1" + ARGV="$@" + # + # |||||||||||||||||||| START CONFIGURATION SECTION |||||||||||||||||||| +@@ -42,6 +43,7 @@ + # + # the path to your httpd binary, including options if necessary + HTTPD='@exp_sbindir@/@progname@' ++SERVICE='/usr/sbin/service apache22' + # + # pick up any necessary environment variables + if test -f @exp_sbindir@/envvars; then +@@ -65,19 +67,21 @@ # -------------------- -------------------- # |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| -- + +eval `limits -e -C daemon` >/dev/null 2>&1 # Set the maximum number of file descriptors allowed per child process. if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then $ULIMIT_MAX_FILES + fi + + ERROR=0 +-if [ "x$ARGV" = "x" ] ; then +- ARGV="-h" ++if [ "x$ACMD" = "x" ] ; then ++ ACMD="-h" + fi + +-case $ARGV in +-start|stop|restart|graceful|graceful-stop) +- $HTTPD -k $ARGV ++case $ACMD in ++start|stop|restart|rcvar|reload|graceful|gracefulstop|graceful-stop) ++# $HTTPD -k $ARGV ++ $SERVICE $( echo $ACMD | tr -d '-' ) + ERROR=$? + ;; + startssl|sslstart|start-SSL) +@@ -87,17 +91,19 @@ + ERROR=2 + ;; + configtest) +- $HTTPD -t ++# $HTTPD -t ++ $SERVICE $ACMD + ERROR=$? + ;; + status) +- $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++# $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ++ $SERVICE $ACMD + ;; + fullstatus) + $LYNX $STATUSURL + ;; + *) +- $HTTPD $ARGV ++ $HTTPD "$@" + ERROR=$? + esac +