Mon Jun 16 09:00:02 2008 UTC ()
Pullup ticket 2425 - requested by tron
security patch for apache22

- pkgsrc/www/apache22/Makefile				1.26
- pkgsrc/www/apache22/distinfo				1.10
- pkgsrc/www/apache22/patches/patch-ab			1.6

   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Thu Jun 12 14:12:19 UTC 2008

   Modified Files:
	   pkgsrc/www/apache22: Makefile distinfo
   Added Files:
	   pkgsrc/www/apache22/patches: patch-ab

   Log Message:
   Add patch for CVE-2008-2364 from the Apache SVN repository.


(ghen)
diff -r1.24 -r1.24.2.1 pkgsrc/www/apache22/Makefile
diff -r1.9 -r1.9.2.1 pkgsrc/www/apache22/distinfo
diff -r0 -r1.5.2.1 pkgsrc/www/apache22/patches/patch-ab
cvs diff -r1.24 -r1.24.2.1 pkgsrc/www/apache22/Attic/Makefile (switch to unified diff)

--- pkgsrc/www/apache22/Attic/Makefile 2008/01/21 15:07:10 1.24
+++ pkgsrc/www/apache22/Attic/Makefile 2008/06/16 09:00:02 1.24.2.1
@@ -1,269 +1,269 @@ @@ -1,269 +1,269 @@
1# $NetBSD: Makefile,v 1.24 2008/01/21 15:07:10 xtraeme Exp $ 1# $NetBSD: Makefile,v 1.24.2.1 2008/06/16 09:00:02 ghen Exp $
2 2
3.include "Makefile.common" 3.include "Makefile.common"
4 4
5PKGNAME= apache-${APACHE_VERSION} 5PKGNAME= apache-${APACHE_VERSION}
6#PKGREVISION= 1 6PKGREVISION= 1
7CATEGORIES= www 7CATEGORIES= www
8 8
9HOMEPAGE= http://httpd.apache.org/ 9HOMEPAGE= http://httpd.apache.org/
10COMMENT= Apache HTTP (Web) server, version 2 10COMMENT= Apache HTTP (Web) server, version 2
11 11
12CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]* 12CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]*
13 13
14BUILD_DEFS+= IPV6_READY 14BUILD_DEFS+= IPV6_READY
15BUILD_DEFS+= VARBASE 15BUILD_DEFS+= VARBASE
16 16
17USE_TOOLS+= perl perl:run pkg-config 17USE_TOOLS+= perl perl:run pkg-config
18USE_LIBTOOL= yes 18USE_LIBTOOL= yes
19GNU_CONFIGURE= yes 19GNU_CONFIGURE= yes
20CONFIGURE_ARGS+= --enable-layout=NetBSD 20CONFIGURE_ARGS+= --enable-layout=NetBSD
21CONFIGURE_ARGS+= --with-port=80 21CONFIGURE_ARGS+= --with-port=80
22CONFIGURE_ARGS+= --enable-so 22CONFIGURE_ARGS+= --enable-so
23CONFIGURE_ENV+= perlbin=${PERL5:Q} 23CONFIGURE_ENV+= perlbin=${PERL5:Q}
24CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonexistent 24CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonexistent
25 25
26# Apache Portable Runtime library configure options 26# Apache Portable Runtime library configure options
27CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr} 27CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr}
28CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr-util} 28CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr-util}
29 29
30CHECK_PORTABILITY_SKIP+= srclib/pcre/* \ 30CHECK_PORTABILITY_SKIP+= srclib/pcre/* \
31 srclib/apr-util/* \ 31 srclib/apr-util/* \
32 srclib/apr/* 32 srclib/apr/*
33 33
34# the following must be set before bsd.prefs.mk in order to make += work 34# the following must be set before bsd.prefs.mk in order to make += work
35# in mk.conf; however, it isn't expanded until referenced, so we can 35# in mk.conf; however, it isn't expanded until referenced, so we can
36# define DFLT_APACHE_MODULES later 36# define DFLT_APACHE_MODULES later
37# 37#
38APACHE_MODULES?= ${DFLT_APACHE_MODULES} 38APACHE_MODULES?= ${DFLT_APACHE_MODULES}
39 39
40.include "../../mk/bsd.prefs.mk" 40.include "../../mk/bsd.prefs.mk"
41.include "../../devel/apr/buildlink3.mk" 41.include "../../devel/apr/buildlink3.mk"
42.include "../../devel/apr-util/buildlink3.mk" 42.include "../../devel/apr-util/buildlink3.mk"
43.include "../../textproc/expat/buildlink3.mk" 43.include "../../textproc/expat/buildlink3.mk"
44.include "../../mk/dlopen.buildlink3.mk" 44.include "../../mk/dlopen.buildlink3.mk"
45 45
46# Set the "Multi-Processing Model" used by Apache to handle requests. 46# Set the "Multi-Processing Model" used by Apache to handle requests.
47# Valid values are: 47# Valid values are:
48# event multi-threaded based in worker, designed 48# event multi-threaded based in worker, designed
49# to allow more requests to be served 49# to allow more requests to be served
50# simultaneously by passing off some processing 50# simultaneously by passing off some processing
51# work to supporting threads. 51# work to supporting threads.
52# BEWARE: does not work with SSL or input filters. 52# BEWARE: does not work with SSL or input filters.
53# prefork non-threaded, pre-forking web server 53# prefork non-threaded, pre-forking web server
54# worker hybrid multi-threaded multi-process web server 54# worker hybrid multi-threaded multi-process web server
55# 55#
56APACHE_MPM?= prefork 56APACHE_MPM?= prefork
57CONFIGURE_ARGS+= --with-mpm=${APACHE_MPM:Q} 57CONFIGURE_ARGS+= --with-mpm=${APACHE_MPM:Q}
58BUILD_DEFS+= APACHE_MPM 58BUILD_DEFS+= APACHE_MPM
59 59
60.if !empty(APACHE_MPM:Mevent) || !empty(APACHE_MPM:Mworker) 60.if !empty(APACHE_MPM:Mevent) || !empty(APACHE_MPM:Mworker)
61PLIST_SRC+= ${PKGDIR}/PLIST.worker 61PLIST_SRC+= ${PKGDIR}/PLIST.worker
62.endif 62.endif
63 63
64CONFIGURE_ARGS+= --disable-access 64CONFIGURE_ARGS+= --disable-access
65CONFIGURE_ARGS+= --disable-auth 65CONFIGURE_ARGS+= --disable-auth
66CONFIGURE_ARGS+= --disable-include 66CONFIGURE_ARGS+= --disable-include
67CONFIGURE_ARGS+= --disable-log-config 67CONFIGURE_ARGS+= --disable-log-config
68CONFIGURE_ARGS+= --disable-env 68CONFIGURE_ARGS+= --disable-env
69CONFIGURE_ARGS+= --disable-mime 69CONFIGURE_ARGS+= --disable-mime
70CONFIGURE_ARGS+= --disable-setenvif 70CONFIGURE_ARGS+= --disable-setenvif
71CONFIGURE_ARGS+= --disable-status 71CONFIGURE_ARGS+= --disable-status
72CONFIGURE_ARGS+= --disable-autoindex 72CONFIGURE_ARGS+= --disable-autoindex
73CONFIGURE_ARGS+= --disable-asis 73CONFIGURE_ARGS+= --disable-asis
74CONFIGURE_ARGS+= --disable-cgi 74CONFIGURE_ARGS+= --disable-cgi
75CONFIGURE_ARGS+= --disable-negotiation 75CONFIGURE_ARGS+= --disable-negotiation
76CONFIGURE_ARGS+= --disable-dir 76CONFIGURE_ARGS+= --disable-dir
77CONFIGURE_ARGS+= --disable-imap 77CONFIGURE_ARGS+= --disable-imap
78CONFIGURE_ARGS+= --disable-actions 78CONFIGURE_ARGS+= --disable-actions
79CONFIGURE_ARGS+= --disable-userdir 79CONFIGURE_ARGS+= --disable-userdir
80CONFIGURE_ARGS+= --disable-alias 80CONFIGURE_ARGS+= --disable-alias
81 81
82DFLT_APACHE_MODULES= all 82DFLT_APACHE_MODULES= all
83DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http 83DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http
84DFLT_APACHE_MODULES+= ssl deflate access auth authn_alias 84DFLT_APACHE_MODULES+= ssl deflate access auth authn_alias
85DFLT_APACHE_MODULES+= include log_config env mime setenvif 85DFLT_APACHE_MODULES+= include log_config env mime setenvif
86DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap 86DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap
87DFLT_APACHE_MODULES+= actions userdir alias isapi file_cache 87DFLT_APACHE_MODULES+= actions userdir alias isapi file_cache
88DFLT_APACHE_MODULES+= cache disk_cache mem_cache bucketeer echo 88DFLT_APACHE_MODULES+= cache disk_cache mem_cache bucketeer echo
89DFLT_APACHE_MODULES+= example case_filter case_filter_in 89DFLT_APACHE_MODULES+= example case_filter case_filter_in
90DFLT_APACHE_MODULES+= charset_lite 90DFLT_APACHE_MODULES+= charset_lite
91 91
92PLIST_SRC+= ${PKGDIR}/PLIST 92PLIST_SRC+= ${PKGDIR}/PLIST
93 93
94# LDAP support 94# LDAP support
95.if !empty(PKG_BUILD_OPTIONS.apr-util:Mldap) 95.if !empty(PKG_BUILD_OPTIONS.apr-util:Mldap)
96DFLT_APACHE_MODULES+= ldap authnz_ldap 96DFLT_APACHE_MODULES+= ldap authnz_ldap
97.endif 97.endif
98 98
99# APACHE_MODULES are the modules that are linked statically into the 99# APACHE_MODULES are the modules that are linked statically into the
100# apache httpd executable. 100# apache httpd executable.
101# 101#
102CONFIGURE_ARGS+= --enable-modules=${APACHE_MODULES:Q} 102CONFIGURE_ARGS+= --enable-modules=${APACHE_MODULES:Q}
103BUILD_DEFS+= APACHE_MODULES 103BUILD_DEFS+= APACHE_MODULES
104 104
105APACHE_USER?= www 105APACHE_USER?= www
106APACHE_GROUP?= www 106APACHE_GROUP?= www
107PKG_GROUPS= ${APACHE_GROUP} 107PKG_GROUPS= ${APACHE_GROUP}
108PKG_USERS= ${APACHE_USER}:${APACHE_GROUP} 108PKG_USERS= ${APACHE_USER}:${APACHE_GROUP}
109PKG_GROUPS_VARS+= APACHE_GROUP 109PKG_GROUPS_VARS+= APACHE_GROUP
110PKG_USERS_VARS+= APACHE_USER 110PKG_USERS_VARS+= APACHE_USER
111 111
112PKG_SYSCONFVAR= apache 112PKG_SYSCONFVAR= apache
113PKG_SYSCONFSUBDIR?= httpd 113PKG_SYSCONFSUBDIR?= httpd
114EGDIR= ${PREFIX}/share/examples/httpd 114EGDIR= ${PREFIX}/share/examples/httpd
115SBINDIR= ${PREFIX}/sbin 115SBINDIR= ${PREFIX}/sbin
116CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf 116CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf
117.for f in autoindex dav default info languages manual mpm \ 117.for f in autoindex dav default info languages manual mpm \
118 multilang-errordoc ssl userdir vhosts 118 multilang-errordoc ssl userdir vhosts
119CONF_FILES+= ${EGDIR}/extra/httpd-${f}.conf \ 119CONF_FILES+= ${EGDIR}/extra/httpd-${f}.conf \
120 ${PKG_SYSCONFDIR}/httpd-${f}.conf 120 ${PKG_SYSCONFDIR}/httpd-${f}.conf
121.endfor 121.endfor
122CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic 122CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic
123CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types 123CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types
124RCD_SCRIPTS= apache 124RCD_SCRIPTS= apache
125 125
126REQD_DIRS= ${PREFIX}/share/httpd 126REQD_DIRS= ${PREFIX}/share/httpd
127REQD_DIRS+= ${PREFIX}/share/httpd/htdocs 127REQD_DIRS+= ${PREFIX}/share/httpd/htdocs
128OWN_DIRS= ${VARBASE}/log/httpd 128OWN_DIRS= ${VARBASE}/log/httpd
129OWN_DIRS+= ${VARBASE}/db/httpd 129OWN_DIRS+= ${VARBASE}/db/httpd
130OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755 130OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755
131FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert 131FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert
132FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1 132FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1
133FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8 133FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8
134FIX_MAN_PERMS+= man8/rotatelogs.8 man8/logresolve.8 man8/apxs.8 134FIX_MAN_PERMS+= man8/rotatelogs.8 man8/logresolve.8 man8/apxs.8
135FIX_MAN_PERMS+= man8/apachectl.8 man8/ab.8 135FIX_MAN_PERMS+= man8/apachectl.8 man8/ab.8
136 136
137# Fix paths in the apache manpages. 137# Fix paths in the apache manpages.
138SUBST_CLASSES+= man 138SUBST_CLASSES+= man
139SUBST_STAGE.man= post-patch 139SUBST_STAGE.man= post-patch
140SUBST_FILES.man= docs/man/*.1 docs/man/*.8 140SUBST_FILES.man= docs/man/*.1 docs/man/*.8
141SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},' 141SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},'
142SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},' 142SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},'
143SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,' 143SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,'
144SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,' 144SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,'
145 145
146SUBST_CLASSES+= paths 146SUBST_CLASSES+= paths
147SUBST_STAGE.paths= pre-configure 147SUBST_STAGE.paths= pre-configure
148SUBST_FILES.paths= config.layout Makefile.in support/apxs.in 148SUBST_FILES.paths= config.layout Makefile.in support/apxs.in
149SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g" 149SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g"
150SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g" 150SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g"
151SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g" 151SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g"
152SUBST_SED.paths+= -e "s|@PAX@|${PAX}|g" 152SUBST_SED.paths+= -e "s|@PAX@|${PAX}|g"
153SUBST_SED.paths+= -e "s|@LOCALBASE@|${LOCALBASE}|g" 153SUBST_SED.paths+= -e "s|@LOCALBASE@|${LOCALBASE}|g"
154SUBST_MESSAGE.paths= Fixing paths. 154SUBST_MESSAGE.paths= Fixing paths.
155 155
156SUBST_CLASSES+= apr-lt 156SUBST_CLASSES+= apr-lt
157SUBST_STAGE.apr-lt= post-configure 157SUBST_STAGE.apr-lt= post-configure
158SUBST_FILES.apr-lt= build/config_vars.mk 158SUBST_FILES.apr-lt= build/config_vars.mk
159SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g' 159SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g'
160SUBST_MESSAGE.apr-lt= Fixing libtool references. 160SUBST_MESSAGE.apr-lt= Fixing libtool references.
161 161
162SUBST_CLASSES+= confs 162SUBST_CLASSES+= confs
163SUBST_STAGE.confs= post-configure 163SUBST_STAGE.confs= post-configure
164SUBST_MESSAGE.confs= Fixing configuration files. 164SUBST_MESSAGE.confs= Fixing configuration files.
165SUBST_FILES.confs= docs/conf/httpd.conf 165SUBST_FILES.confs= docs/conf/httpd.conf
166SUBST_FILES.confs+= docs/conf/extra/httpd-ssl.conf 166SUBST_FILES.confs+= docs/conf/extra/httpd-ssl.conf
167SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g" 167SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g"
168SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g" 168SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g"
169SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g" 169SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g"
170SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g" 170SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g"
171SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g' 171SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g'
172SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g' 172SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g'
173SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g' 173SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g'
174 174
175# abs_srcdir in config_vars.mk is used during install so needs to reference 175# abs_srcdir in config_vars.mk is used during install so needs to reference
176# the work dir path, and by other packages such as ap2-fastcgi after install, 176# the work dir path, and by other packages such as ap2-fastcgi after install,
177# so we fix after install to reference the installed path 177# so we fix after install to reference the installed path
178SUBST_CLASSES+= abs_srcdir 178SUBST_CLASSES+= abs_srcdir
179SUBST_STAGE.abs_srcdir= post-install 179SUBST_STAGE.abs_srcdir= post-install
180SUBST_FILES.abs_srcdir= ${PREFIX}/share/httpd/build/config_vars.mk 180SUBST_FILES.abs_srcdir= ${PREFIX}/share/httpd/build/config_vars.mk
181SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|' 181SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|'
182SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir 182SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir
183 183
184REPLACE_PERL= docs/cgi-examples/printenv 184REPLACE_PERL= docs/cgi-examples/printenv
185 185
186.include "options.mk" 186.include "options.mk"
187 187
188# Add dependencies for the modules that will be built. For each module 188# Add dependencies for the modules that will be built. For each module
189# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace 189# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace
190# separated list of dependencies or buildlink3.mk files needed to build 190# separated list of dependencies or buildlink3.mk files needed to build
191# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of 191# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of
192# configure script options for ap_mod. 192# configure script options for ap_mod.
193# 193#
194AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk 194AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk
195AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk 195AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk
196 196
197AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl} 197AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl}
198AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib} 198AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib}
199 199
200.for ap_mod in ${APACHE_MODULES} 200.for ap_mod in ${APACHE_MODULES}
201. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod}) 201. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod})
202. for ap_depend in ${AP_DEPENDS.${ap_mod}} 202. for ap_depend in ${AP_DEPENDS.${ap_mod}}
203. if exists(${ap_depend}) 203. if exists(${ap_depend})
204. include "${ap_depend}" 204. include "${ap_depend}"
205. else 205. else
206DEPENDS+= ${ap_depend} 206DEPENDS+= ${ap_depend}
207. endif 207. endif
208. endfor 208. endfor
209. endif 209. endif
210. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod}) 210. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod})
211CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}} 211CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}}
212. endif 212. endif
213.endfor 213.endfor
214 214
215post-extract: 215post-extract:
216 ${TOUCH} ${WRKSRC}/build/libtool 216 ${TOUCH} ${WRKSRC}/build/libtool
217 ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in 217 ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in
218 218
219post-build: 219post-build:
220 ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \ 220 ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \
221 < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert 221 < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert
222 222
223pre-install: 223pre-install:
224 cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} \ 224 cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} \
225 ${MAKE_PROGRAM} install-conf sysconfdir="${EGDIR}" 225 ${MAKE_PROGRAM} install-conf sysconfdir="${EGDIR}"
226 226
227post-install: 227post-install:
228 ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${PREFIX}/share/httpd/build 228 ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${PREFIX}/share/httpd/build
229 cd ${EGDIR} && \ 229 cd ${EGDIR} && \
230 for file in \ 230 for file in \
231 httpd.conf \ 231 httpd.conf \
232 extra/httpd-ssl.conf; \ 232 extra/httpd-ssl.conf; \
233 do \ 233 do \
234 ${AWK} ' \ 234 ${AWK} ' \
235 /^Listen[ ]*80/ { \ 235 /^Listen[ ]*80/ { \
236 printf "%s", "Listen 0.0.0.0:80\n"; \ 236 printf "%s", "Listen 0.0.0.0:80\n"; \
237 next; \ 237 next; \
238 } \ 238 } \
239 /^Listen[ ]*443/ { \ 239 /^Listen[ ]*443/ { \
240 printf "%s", "Listen 0.0.0.0:443\n"; \ 240 printf "%s", "Listen 0.0.0.0:443\n"; \
241 next; \ 241 next; \
242 } \ 242 } \
243 { print; } \ 243 { print; } \
244 ' < "$${file}" >> $${file}.new; \ 244 ' < "$${file}" >> $${file}.new; \
245 ${MV} -f $${file}.new $${file}; \ 245 ${MV} -f $${file}.new $${file}; \
246 done 246 done
247 247
248 ${LN} -sf ${SBINDIR}/envvars-std ${SBINDIR}/envvars 248 ${LN} -sf ${SBINDIR}/envvars-std ${SBINDIR}/envvars
249 249
250 ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${PREFIX}/sbin 250 ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${PREFIX}/sbin
251 251
252 for file in ${FIX_PERMS}; do \ 252 for file in ${FIX_PERMS}; do \
253 ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/sbin/$$file && \ 253 ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/sbin/$$file && \
254 ${CHMOD} ${BINMODE} ${PREFIX}/sbin/$$file; \ 254 ${CHMOD} ${BINMODE} ${PREFIX}/sbin/$$file; \
255 done 255 done
256 256
257 ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/share/httpd 257 ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/share/httpd
258 ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/include/httpd 258 ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/include/httpd
259 ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/lib/httpd 259 ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/lib/httpd
260 ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/libexec/cgi-bin/test-cgi 260 ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/libexec/cgi-bin/test-cgi
261 ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/libexec/cgi-bin/printenv 261 ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/libexec/cgi-bin/printenv
262 262
263 for file in ${FIX_MAN_PERMS}; do \ 263 for file in ${FIX_MAN_PERMS}; do \
264 ${CHOWN} ${MANOWN}:${MANGRP} ${PREFIX}/${PKGMANDIR}/$$file; \ 264 ${CHOWN} ${MANOWN}:${MANGRP} ${PREFIX}/${PKGMANDIR}/$$file; \
265 done 265 done
266 266
267 [ ! -f ${PREFIX}/sbin/suexec ] || ${CHMOD} -w ${PREFIX}/sbin/suexec 267 [ ! -f ${PREFIX}/sbin/suexec ] || ${CHMOD} -w ${PREFIX}/sbin/suexec
268 268
269.include "../../mk/bsd.pkg.mk" 269.include "../../mk/bsd.pkg.mk"
cvs diff -r1.9 -r1.9.2.1 pkgsrc/www/apache22/Attic/distinfo (switch to unified diff)

--- pkgsrc/www/apache22/Attic/distinfo 2008/01/21 15:07:11 1.9
+++ pkgsrc/www/apache22/Attic/distinfo 2008/06/16 09:00:02 1.9.2.1
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1$NetBSD: distinfo,v 1.9 2008/01/21 15:07:11 xtraeme Exp $ 1$NetBSD: distinfo,v 1.9.2.1 2008/06/16 09:00:02 ghen Exp $
2 2
3SHA1 (httpd-2.2.8.tar.bz2) = 5074904435d3d942ce2dc96c44b07294b8eaca77 3SHA1 (httpd-2.2.8.tar.bz2) = 5074904435d3d942ce2dc96c44b07294b8eaca77
4RMD160 (httpd-2.2.8.tar.bz2) = 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 4RMD160 (httpd-2.2.8.tar.bz2) = 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57
5Size (httpd-2.2.8.tar.bz2) = 4799055 bytes 5Size (httpd-2.2.8.tar.bz2) = 4799055 bytes
6SHA1 (patch-aa) = ae5b34058fc6455cfa9e3d52a50829155ce2eb11 6SHA1 (patch-aa) = ae5b34058fc6455cfa9e3d52a50829155ce2eb11
 7SHA1 (patch-ab) = 55f4dac616fbe47fea7be0aecd1b7be679b9b0e7
7SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad 8SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
8SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 9SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
9SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 10SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
10SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 11SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
11SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 12SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
12SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 13SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
13SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 14SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
14SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 15SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1
15SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c 16SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c
16SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 17SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1
File Added: pkgsrc/www/apache22/patches/Attic/patch-ab
$NetBSD: patch-ab,v 1.5.2.1 2008/06/16 09:00:02 ghen Exp $

Patch for CVE-2008-2364, taken from here:

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154

--- modules/proxy/mod_proxy_http.c.orig	2007-12-08 14:01:47.000000000 +0000
+++ modules/proxy/mod_proxy_http.c	2008-06-12 14:44:10.000000000 +0100
@@ -1309,6 +1309,16 @@
     return rv;
 }
 
+/*
+ * Limit the number of interim respones we sent back to the client. Otherwise
+ * we suffer from a memory build up. Besides there is NO sense in sending back
+ * an unlimited number of interim responses to the client. Thus if we cross
+ * this limit send back a 502 (Bad Gateway).
+ */
+#ifndef AP_MAX_INTERIM_RESPONSES
+#define AP_MAX_INTERIM_RESPONSES 10
+#endif
+
 static
 apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
                                             proxy_conn_rec *backend,
@@ -1323,8 +1333,8 @@
     apr_bucket *e;
     apr_bucket_brigade *bb, *tmp_bb;
     int len, backasswards;
-    int interim_response; /* non-zero whilst interim 1xx responses
-                           * are being read. */
+    int interim_response = 0; /* non-zero whilst interim 1xx responses
+                               * are being read. */
     int pread_len = 0;
     apr_table_t *save_table;
     int backend_broke = 0;
@@ -1339,6 +1349,7 @@
      */
 
     rp = ap_proxy_make_fake_req(origin, r);
+    ap_proxy_pre_http_request(origin, rp);
     /* In case anyone needs to know, this is a fake request that is really a
      * response.
      */
@@ -1469,7 +1480,6 @@
             if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
                 ap_set_content_type(r, apr_pstrdup(p, buf));
             }
-            ap_proxy_pre_http_request(origin,rp);
 
             /* Clear hop-by-hop headers */
             for (i=0; hop_by_hop_hdrs[i]; ++i) {
@@ -1518,7 +1528,12 @@
             backend->close += 1;
         }
 
-        interim_response = ap_is_HTTP_INFO(r->status);
+        if (ap_is_HTTP_INFO(r->status)) {
+            interim_response++;
+        }
+        else {
+            interim_response = 0;
+        }
         if (interim_response) {
             /* RFC2616 tells us to forward this.
              *
@@ -1711,7 +1726,15 @@
 
             apr_brigade_cleanup(bb);
         }
-    } while (interim_response);
+    } while (interim_response && (interim_response < AP_MAX_INTERIM_RESPONSES));
+
+    /* See define of AP_MAX_INTERIM_RESPONSES for why */
+    if (interim_response >= AP_MAX_INTERIM_RESPONSES) {
+        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+                             apr_psprintf(p, 
+                             "Too many (%d) interim responses from origin server",
+                             interim_response));
+    }
 
     /* If our connection with the client is to be aborted, return DONE. */
     if (c->aborted || backend_broke) {