Date: Sun, 31 Aug 2008 23:00:27 +0000 (UTC) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache22 Makefile pkg-plist ports/www/apache22/files apache22.sh.in patch-CVE-2008-2939 Message-ID: <200808312300.m7VN0RJV025926@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2008-08-31 23:00:27 UTC
FreeBSD ports repository
Modified files:
www/apache22 Makefile pkg-plist
www/apache22/files apache22.sh.in
Added files:
www/apache22/files patch-CVE-2008-2939
Log:
- Yet Another Plist Fix [1]
- Completely shut up rc.d script when no profiles are enabled
(add add support to disable profiles) [2]
- Fix CVE-2008-2939 for mod_proxy_ftp
(XSS attacks when using wildcards in the path of the FTP URL)
- Add "apache22_fib" to start apache22 prefixed by
"setfib -F ${apache22_fib}", so apache can use an alternate
network view (not carefully tested yet)
- Revert previous patch to "fix" missing rc.d scripts. It
actually breaks profiles.
- Bump PORTREVISION
PR: ports/126670 [1],
ports/116627 [2]
Submitted by: Joseph S. Atkinson [1],
Eygene Ryabinkin [2]
Security: CVE-2008-2939
Special thanks to: pgollucci@
Revision Changes Path
1.222 +5 -3 ports/www/apache22/Makefile
1.6 +43 -2 ports/www/apache22/files/apache22.sh.in
1.1 +11 -0 ports/www/apache22/files/patch-CVE-2008-2939 (new)
1.89 +3 -2 ports/www/apache22/pkg-plist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808312300.m7VN0RJV025926>