Fri May 22 09:46:06 2009 UTC ()
Add patch from the Apache SVN repository to fix the information leak
in the "mod_proxy_ajp" module reported in CVE-2009-1191.


(tron)
diff -r1.42 -r1.43 pkgsrc/www/apache22/Makefile
diff -r1.17 -r1.18 pkgsrc/www/apache22/distinfo
diff -r0 -r1.10 pkgsrc/www/apache22/patches/patch-ab
cvs diff -r1.42 -r1.43 pkgsrc/www/apache22/Attic/Makefile (switch to unified diff)

--- pkgsrc/www/apache22/Attic/Makefile 2009/04/24 11:21:16 1.42
+++ pkgsrc/www/apache22/Attic/Makefile 2009/05/22 09:46:06 1.43
@@ -1,281 +1,281 @@ @@ -1,281 +1,281 @@
1# $NetBSD: Makefile,v 1.42 2009/04/24 11:21:16 seb Exp $ 1# $NetBSD: Makefile,v 1.43 2009/05/22 09:46:06 tron Exp $
2 2
3DISTNAME= httpd-2.2.11 3DISTNAME= httpd-2.2.11
4PKGREVISION= 2 4PKGREVISION= 3
5PKGNAME= ${DISTNAME:S/httpd/apache/} 5PKGNAME= ${DISTNAME:S/httpd/apache/}
6CATEGORIES= www 6CATEGORIES= www
7MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ 7MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
8 ${MASTER_SITE_APACHE:=httpd/old/} 8 ${MASTER_SITE_APACHE:=httpd/old/}
9EXTRACT_SUFX= .tar.bz2 9EXTRACT_SUFX= .tar.bz2
10 10
11MAINTAINER= tron@NetBSD.org 11MAINTAINER= tron@NetBSD.org
12HOMEPAGE= http://httpd.apache.org/ 12HOMEPAGE= http://httpd.apache.org/
13COMMENT= Apache HTTP (Web) server, version 2 13COMMENT= Apache HTTP (Web) server, version 2
14 14
15PKG_DESTDIR_SUPPORT= user-destdir 15PKG_DESTDIR_SUPPORT= user-destdir
16 16
17CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]* 17CONFLICTS= apache-{,*ssl}-[0-9]* apache6-[0-9]*
18 18
19BUILD_DEFS+= IPV6_READY 19BUILD_DEFS+= IPV6_READY
20BUILD_DEFS+= VARBASE 20BUILD_DEFS+= VARBASE
21 21
22USE_TOOLS+= pax perl perl:run pkg-config 22USE_TOOLS+= pax perl perl:run pkg-config
23USE_LIBTOOL= yes 23USE_LIBTOOL= yes
24GNU_CONFIGURE= yes 24GNU_CONFIGURE= yes
25CONFIGURE_ARGS+= --enable-layout=NetBSD 25CONFIGURE_ARGS+= --enable-layout=NetBSD
26CONFIGURE_ARGS+= --with-port=80 26CONFIGURE_ARGS+= --with-port=80
27CONFIGURE_ARGS+= --enable-so 27CONFIGURE_ARGS+= --enable-so
28CONFIGURE_ENV+= perlbin=${PERL5:Q} 28CONFIGURE_ENV+= perlbin=${PERL5:Q}
29CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonexistent 29CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonexistent
30CONFIGURE_ARGS+= CFLAGS=${APACHE_CUSTOM_CFLAGS:Q} 30CONFIGURE_ARGS+= CFLAGS=${APACHE_CUSTOM_CFLAGS:Q}
31 31
32BUILD_DEFS+= APACHE_CUSTOM_CFLAGS 32BUILD_DEFS+= APACHE_CUSTOM_CFLAGS
33 33
34# Apache Portable Runtime library configure options 34# Apache Portable Runtime library configure options
35CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr} 35CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr}
36CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr-util} 36CONFIGURE_ARGS+= --with-apr-util=${BUILDLINK_PREFIX.apr-util}
37 37
38CHECK_INTERPRETER_SKIP+= lib/httpd/httpd.exp 38CHECK_INTERPRETER_SKIP+= lib/httpd/httpd.exp
39CHECK_PORTABILITY_SKIP+= srclib/pcre/* \ 39CHECK_PORTABILITY_SKIP+= srclib/pcre/* \
40 srclib/apr-util/* \ 40 srclib/apr-util/* \
41 srclib/apr/* 41 srclib/apr/*
42 42
43# the following must be set before bsd.prefs.mk in order to make += work 43# the following must be set before bsd.prefs.mk in order to make += work
44# in mk.conf; however, it isn't expanded until referenced, so we can 44# in mk.conf; however, it isn't expanded until referenced, so we can
45# define DFLT_APACHE_MODULES later 45# define DFLT_APACHE_MODULES later
46# 46#
47APACHE_MODULES?= ${DFLT_APACHE_MODULES} 47APACHE_MODULES?= ${DFLT_APACHE_MODULES}
48 48
49.include "../../mk/bsd.prefs.mk" 49.include "../../mk/bsd.prefs.mk"
50.include "../../devel/apr/buildlink3.mk" 50.include "../../devel/apr/buildlink3.mk"
51.include "../../devel/apr-util/buildlink3.mk" 51.include "../../devel/apr-util/buildlink3.mk"
52.include "../../textproc/expat/buildlink3.mk" 52.include "../../textproc/expat/buildlink3.mk"
53.include "../../mk/dlopen.buildlink3.mk" 53.include "../../mk/dlopen.buildlink3.mk"
54 54
55# Set the "Multi-Processing Model" used by Apache to handle requests. 55# Set the "Multi-Processing Model" used by Apache to handle requests.
56# Valid values are: 56# Valid values are:
57# event multi-threaded based in worker, designed 57# event multi-threaded based in worker, designed
58# to allow more requests to be served 58# to allow more requests to be served
59# simultaneously by passing off some processing 59# simultaneously by passing off some processing
60# work to supporting threads. 60# work to supporting threads.
61# BEWARE: does not work with SSL or input filters. 61# BEWARE: does not work with SSL or input filters.
62# prefork non-threaded, pre-forking web server 62# prefork non-threaded, pre-forking web server
63# worker hybrid multi-threaded multi-process web server 63# worker hybrid multi-threaded multi-process web server
64# 64#
65APACHE_MPM?= prefork 65APACHE_MPM?= prefork
66CONFIGURE_ARGS+= --with-mpm=${APACHE_MPM:Q} 66CONFIGURE_ARGS+= --with-mpm=${APACHE_MPM:Q}
67BUILD_DEFS+= APACHE_MPM 67BUILD_DEFS+= APACHE_MPM
68 68
69.if !empty(APACHE_MPM:Mevent) || !empty(APACHE_MPM:Mworker) 69.if !empty(APACHE_MPM:Mevent) || !empty(APACHE_MPM:Mworker)
70PLIST_SRC+= ${PKGDIR}/PLIST.worker 70PLIST_SRC+= ${PKGDIR}/PLIST.worker
71.endif 71.endif
72 72
73CONFIGURE_ARGS+= --disable-include 73CONFIGURE_ARGS+= --disable-include
74CONFIGURE_ARGS+= --disable-log-config 74CONFIGURE_ARGS+= --disable-log-config
75CONFIGURE_ARGS+= --disable-env 75CONFIGURE_ARGS+= --disable-env
76CONFIGURE_ARGS+= --disable-mime 76CONFIGURE_ARGS+= --disable-mime
77CONFIGURE_ARGS+= --disable-setenvif 77CONFIGURE_ARGS+= --disable-setenvif
78CONFIGURE_ARGS+= --disable-status 78CONFIGURE_ARGS+= --disable-status
79CONFIGURE_ARGS+= --disable-autoindex 79CONFIGURE_ARGS+= --disable-autoindex
80CONFIGURE_ARGS+= --disable-asis 80CONFIGURE_ARGS+= --disable-asis
81CONFIGURE_ARGS+= --disable-cgi 81CONFIGURE_ARGS+= --disable-cgi
82CONFIGURE_ARGS+= --disable-negotiation 82CONFIGURE_ARGS+= --disable-negotiation
83CONFIGURE_ARGS+= --disable-dir 83CONFIGURE_ARGS+= --disable-dir
84CONFIGURE_ARGS+= --disable-actions 84CONFIGURE_ARGS+= --disable-actions
85CONFIGURE_ARGS+= --disable-userdir 85CONFIGURE_ARGS+= --disable-userdir
86CONFIGURE_ARGS+= --disable-alias 86CONFIGURE_ARGS+= --disable-alias
87 87
88DFLT_APACHE_MODULES= all 88DFLT_APACHE_MODULES= all
89DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http 89DFLT_APACHE_MODULES+= proxy proxy_connect proxy_ftp proxy_http
90DFLT_APACHE_MODULES+= ssl deflate access auth authn_alias 90DFLT_APACHE_MODULES+= ssl deflate access auth authn_alias
91DFLT_APACHE_MODULES+= include log_config env mime setenvif 91DFLT_APACHE_MODULES+= include log_config env mime setenvif
92DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap 92DFLT_APACHE_MODULES+= status autoindex asis cgi negotiation dir imap
93DFLT_APACHE_MODULES+= actions userdir alias isapi file_cache 93DFLT_APACHE_MODULES+= actions userdir alias isapi file_cache
94DFLT_APACHE_MODULES+= cache disk_cache mem_cache bucketeer echo 94DFLT_APACHE_MODULES+= cache disk_cache mem_cache bucketeer echo
95DFLT_APACHE_MODULES+= example case_filter case_filter_in 95DFLT_APACHE_MODULES+= example case_filter case_filter_in
96DFLT_APACHE_MODULES+= charset_lite 96DFLT_APACHE_MODULES+= charset_lite
97DFLT_APACHE_MODULES+= cgid dav_lock proxy_ajp proxy_balancer 97DFLT_APACHE_MODULES+= cgid dav_lock proxy_ajp proxy_balancer
98 98
99PLIST_SRC+= ${PKGDIR}/PLIST 99PLIST_SRC+= ${PKGDIR}/PLIST
100 100
101.include "options.mk" 101.include "options.mk"
102 102
103# LDAP support 103# LDAP support
104PLIST_VARS+= ldap 104PLIST_VARS+= ldap
105.if !empty(PKG_BUILD_OPTIONS.apr-util:Mldap) 105.if !empty(PKG_BUILD_OPTIONS.apr-util:Mldap)
106DFLT_APACHE_MODULES+= ldap authnz_ldap 106DFLT_APACHE_MODULES+= ldap authnz_ldap
107. if !empty(PKG_OPTIONS:Mapache-shared-modules) 107. if !empty(PKG_OPTIONS:Mapache-shared-modules)
108PLIST.ldap= yes 108PLIST.ldap= yes
109. endif 109. endif
110.endif 110.endif
111 111
112APACHE_USER?= www 112APACHE_USER?= www
113APACHE_GROUP?= www 113APACHE_GROUP?= www
114PKG_GROUPS= ${APACHE_GROUP} 114PKG_GROUPS= ${APACHE_GROUP}
115PKG_USERS= ${APACHE_USER}:${APACHE_GROUP} 115PKG_USERS= ${APACHE_USER}:${APACHE_GROUP}
116PKG_GROUPS_VARS+= APACHE_GROUP 116PKG_GROUPS_VARS+= APACHE_GROUP
117PKG_USERS_VARS+= APACHE_USER 117PKG_USERS_VARS+= APACHE_USER
118 118
119PKG_SYSCONFVAR= apache 119PKG_SYSCONFVAR= apache
120PKG_SYSCONFSUBDIR?= httpd 120PKG_SYSCONFSUBDIR?= httpd
121EGDIR= ${PREFIX}/share/examples/httpd 121EGDIR= ${PREFIX}/share/examples/httpd
122SBINDIR= ${PREFIX}/sbin 122SBINDIR= ${PREFIX}/sbin
123CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf 123CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf
124.for f in autoindex dav default info languages manual mpm \ 124.for f in autoindex dav default info languages manual mpm \
125 multilang-errordoc ssl userdir vhosts 125 multilang-errordoc ssl userdir vhosts
126CONF_FILES+= ${EGDIR}/extra/httpd-${f}.conf \ 126CONF_FILES+= ${EGDIR}/extra/httpd-${f}.conf \
127 ${PKG_SYSCONFDIR}/httpd-${f}.conf 127 ${PKG_SYSCONFDIR}/httpd-${f}.conf
128.endfor 128.endfor
129CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic 129CONF_FILES+= ${EGDIR}/magic ${PKG_SYSCONFDIR}/magic
130CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types 130CONF_FILES+= ${EGDIR}/mime.types ${PKG_SYSCONFDIR}/mime.types
131RCD_SCRIPTS= apache 131RCD_SCRIPTS= apache
132 132
133REQD_DIRS= ${PREFIX}/share/httpd 133REQD_DIRS= ${PREFIX}/share/httpd
134REQD_DIRS+= ${PREFIX}/share/httpd/htdocs 134REQD_DIRS+= ${PREFIX}/share/httpd/htdocs
135OWN_DIRS= ${VARBASE}/log/httpd 135OWN_DIRS= ${VARBASE}/log/httpd
136OWN_DIRS+= ${VARBASE}/db/httpd 136OWN_DIRS+= ${VARBASE}/db/httpd
137OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755 137OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755
138FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert 138FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert
139FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1 139FIX_MAN_PERMS= man1/htdbm.1 man1/htpasswd.1 man1/htdigest.1
140FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8 140FIX_MAN_PERMS+= man1/dbmmanage.1 man8/httpd.8 man8/suexec.8
141FIX_MAN_PERMS+= man8/rotatelogs.8 man8/logresolve.8 man8/apxs.8 141FIX_MAN_PERMS+= man8/rotatelogs.8 man8/logresolve.8 man8/apxs.8
142FIX_MAN_PERMS+= man8/apachectl.8 man8/ab.8 142FIX_MAN_PERMS+= man8/apachectl.8 man8/ab.8
143 143
144# Fix paths in the apache manpages. 144# Fix paths in the apache manpages.
145SUBST_CLASSES+= man 145SUBST_CLASSES+= man
146SUBST_STAGE.man= post-patch 146SUBST_STAGE.man= post-patch
147SUBST_FILES.man= docs/man/*.1 docs/man/*.8 147SUBST_FILES.man= docs/man/*.1 docs/man/*.8
148SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},' 148SUBST_SED.man= -e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},'
149SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},' 149SUBST_SED.man+= -e 's,/path/to/apache/etc,${PKG_SYSCONFDIR},'
150SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,' 150SUBST_SED.man+= -e 's,/usr/local/apache2,${PREFIX}/share/httpd/htdocs,'
151SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,' 151SUBST_SED.man+= -e 's,/usr/web,${PREFIX}/share/httpd/htdocs,'
152 152
153SUBST_CLASSES+= paths 153SUBST_CLASSES+= paths
154SUBST_STAGE.paths= pre-configure 154SUBST_STAGE.paths= pre-configure
155SUBST_FILES.paths= config.layout Makefile.in support/apxs.in 155SUBST_FILES.paths= config.layout Makefile.in support/apxs.in
156SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g" 156SUBST_SED.paths= -e "s|@PREFIX@|${PREFIX}|g"
157SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g" 157SUBST_SED.paths+= -e "s|@VARBASE@|${VARBASE}|g"
158SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g" 158SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g"
159SUBST_SED.paths+= -e "s|@PAX@|${PAX}|g" 159SUBST_SED.paths+= -e "s|@PAX@|${PAX}|g"
160SUBST_SED.paths+= -e "s|@LOCALBASE@|${LOCALBASE}|g" 160SUBST_SED.paths+= -e "s|@LOCALBASE@|${LOCALBASE}|g"
161SUBST_MESSAGE.paths= Fixing paths. 161SUBST_MESSAGE.paths= Fixing paths.
162 162
163SUBST_CLASSES+= apr-lt 163SUBST_CLASSES+= apr-lt
164SUBST_STAGE.apr-lt= post-configure 164SUBST_STAGE.apr-lt= post-configure
165SUBST_FILES.apr-lt= build/config_vars.mk 165SUBST_FILES.apr-lt= build/config_vars.mk
166SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g' 166SUBST_SED.apr-lt= -e 's|^\(LIBTOOL =\) [^ ]*|\1 $$(SHELL) $$(top_builddir)/build/libtool|g'
167SUBST_MESSAGE.apr-lt= Fixing libtool references. 167SUBST_MESSAGE.apr-lt= Fixing libtool references.
168 168
169SUBST_CLASSES+= confs 169SUBST_CLASSES+= confs
170SUBST_STAGE.confs= post-configure 170SUBST_STAGE.confs= post-configure
171SUBST_MESSAGE.confs= Fixing configuration files. 171SUBST_MESSAGE.confs= Fixing configuration files.
172SUBST_FILES.confs= docs/conf/httpd.conf 172SUBST_FILES.confs= docs/conf/httpd.conf
173SUBST_FILES.confs+= docs/conf/extra/httpd-ssl.conf 173SUBST_FILES.confs+= docs/conf/extra/httpd-ssl.conf
174SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g" 174SUBST_SED.confs= -e "s|${EGDIR}|${PKG_SYSCONFDIR}|g"
175SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g" 175SUBST_SED.confs+= -e "s|${PREFIX}/htdocs|${PREFIX}/share/httpd/htdocs|g"
176SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g" 176SUBST_SED.confs+= -e "s|${PREFIX}/conf|${PKG_SYSCONFDIR}|g"
177SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g" 177SUBST_SED.confs+= -e "s|logs/|${VARBASE}/log/httpd/|g"
178SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g' 178SUBST_SED.confs+= -e 's|/var/log/httpd/foo\.log|logs/foo.log/|g'
179SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g' 179SUBST_SED.confs+= -e 's|^\(User[ ]\).*|\1${APACHE_USER}|g'
180SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g' 180SUBST_SED.confs+= -e 's|^\(Group[ ]\).*|\1${APACHE_GROUP}|g'
181 181
182# abs_srcdir in config_vars.mk is used during install so needs to reference 182# abs_srcdir in config_vars.mk is used during install so needs to reference
183# the work dir path, and by other packages such as ap2-fastcgi after install, 183# the work dir path, and by other packages such as ap2-fastcgi after install,
184# so we fix after install to reference the installed path 184# so we fix after install to reference the installed path
185SUBST_CLASSES+= abs_srcdir 185SUBST_CLASSES+= abs_srcdir
186SUBST_STAGE.abs_srcdir= post-install 186SUBST_STAGE.abs_srcdir= post-install
187SUBST_FILES.abs_srcdir= ${DESTDIR}${PREFIX}/share/httpd/build/config_vars.mk 187SUBST_FILES.abs_srcdir= ${DESTDIR}${PREFIX}/share/httpd/build/config_vars.mk
188SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|' 188SUBST_SED.abs_srcdir= -e 's|^\(abs_srcdir =\) .*|\1 ${PREFIX}/share/httpd|'
189SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir 189SUBST_MESSAGE.abs_srcdir= Fixing abs_srcdir
190 190
191REPLACE_PERL= docs/cgi-examples/printenv 191REPLACE_PERL= docs/cgi-examples/printenv
192 192
193# Add dependencies for the modules that will be built. For each module 193# Add dependencies for the modules that will be built. For each module
194# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace 194# ap_mod listed in ${APACHE_MODULES}, _AP_DEPENDS.ap_mod is a whitespace
195# separated list of dependencies or buildlink3.mk files needed to build 195# separated list of dependencies or buildlink3.mk files needed to build
196# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of 196# ap_mod, and _AP_CFG_ARGS.ap_mod is a whitespace separated list of
197# configure script options for ap_mod. 197# configure script options for ap_mod.
198# 198#
199AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk 199AP_DEPENDS.ssl= ../../security/openssl/buildlink3.mk
200AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk 200AP_DEPENDS.deflate= ../../devel/zlib/buildlink3.mk
201 201
202AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl} 202AP_CFG_ARGS.ssl= --with-ssl=${BUILDLINK_PREFIX.openssl}
203AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib} 203AP_CFG_ARGS.deflate= --with-z=${BUILDLINK_PREFIX.zlib}
204 204
205#.if ${APACHE_MODULES} == "all-shared" 205#.if ${APACHE_MODULES} == "all-shared"
206.if !empty(PKG_OPTIONS:Mapache-shared-modules) 206.if !empty(PKG_OPTIONS:Mapache-shared-modules)
207.include "${AP_DEPENDS.ssl}" 207.include "${AP_DEPENDS.ssl}"
208.include "${AP_DEPENDS.deflate}" 208.include "${AP_DEPENDS.deflate}"
209CONFIGURE_ARGS+= ${AP_CFG_ARGS.ssl} ${AP_CFG_ARGS.deflate} 209CONFIGURE_ARGS+= ${AP_CFG_ARGS.ssl} ${AP_CFG_ARGS.deflate}
210.else 210.else
211.for ap_mod in ${APACHE_MODULES} 211.for ap_mod in ${APACHE_MODULES}
212. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod}) 212. if defined(AP_DEPENDS.${ap_mod}) && !empty(AP_DEPENDS.${ap_mod})
213. for ap_depend in ${AP_DEPENDS.${ap_mod}} 213. for ap_depend in ${AP_DEPENDS.${ap_mod}}
214. if exists(${ap_depend}) 214. if exists(${ap_depend})
215. include "${ap_depend}" 215. include "${ap_depend}"
216. else 216. else
217DEPENDS+= ${ap_depend} 217DEPENDS+= ${ap_depend}
218. endif 218. endif
219. endfor 219. endfor
220. endif 220. endif
221. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod}) 221. if defined(AP_CFG_ARGS.${ap_mod}) && !empty(AP_CFG_ARGS.${ap_mod})
222CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}} 222CONFIGURE_ARGS+= ${AP_CFG_ARGS.${ap_mod}}
223. endif 223. endif
224.endfor 224.endfor
225.endif 225.endif
226 226
227post-extract: 227post-extract:
228 ${TOUCH} ${WRKSRC}/build/libtool 228 ${TOUCH} ${WRKSRC}/build/libtool
229 ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in 229 ${ECHO} "" >> ${WRKSRC}/docs/conf/extra/httpd-languages.conf.in
230 230
231post-build: 231post-build:
232 ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \ 232 ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \
233 < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert 233 < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert
234 234
235INSTALL_TARGET= install-conf install 235INSTALL_TARGET= install-conf install
236INSTALL_MAKE_FLAGS+= sysconfdir="${EGDIR}" 236INSTALL_MAKE_FLAGS+= sysconfdir="${EGDIR}"
237 237
238post-install: 238post-install:
239 ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build 239 ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
240 cd ${DESTDIR}${EGDIR} && \ 240 cd ${DESTDIR}${EGDIR} && \
241 for file in \ 241 for file in \
242 httpd.conf \ 242 httpd.conf \
243 extra/httpd-ssl.conf; \ 243 extra/httpd-ssl.conf; \
244 do \ 244 do \
245 ${AWK} ' \ 245 ${AWK} ' \
246 /^Listen[ ]*80/ { \ 246 /^Listen[ ]*80/ { \
247 printf "%s", "Listen 0.0.0.0:80\n"; \ 247 printf "%s", "Listen 0.0.0.0:80\n"; \
248 next; \ 248 next; \
249 } \ 249 } \
250 /^Listen[ ]*443/ { \ 250 /^Listen[ ]*443/ { \
251 printf "%s", "Listen 0.0.0.0:443\n"; \ 251 printf "%s", "Listen 0.0.0.0:443\n"; \
252 next; \ 252 next; \
253 } \ 253 } \
254 { print; } \ 254 { print; } \
255 ' < "$${file}" >> $${file}.new; \ 255 ' < "$${file}" >> $${file}.new; \
256 ${MV} -f $${file}.new $${file}; \ 256 ${MV} -f $${file}.new $${file}; \
257 done 257 done
258 258
259 ${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars 259 ${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars
260 260
261 ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/sbin 261 ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/sbin
262 262
263 for file in ${FIX_PERMS}; do \ 263 for file in ${FIX_PERMS}; do \
264 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/sbin/$$file && \ 264 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/sbin/$$file && \
265 ${CHMOD} ${BINMODE} ${DESTDIR}${PREFIX}/sbin/$$file; \ 265 ${CHMOD} ${BINMODE} ${DESTDIR}${PREFIX}/sbin/$$file; \
266 done 266 done
267 267
268 ${CHOWN} -R ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/share/httpd 268 ${CHOWN} -R ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/share/httpd
269 ${CHOWN} -R ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/include/httpd 269 ${CHOWN} -R ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/include/httpd
270 ${CHOWN} -R ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/lib/httpd 270 ${CHOWN} -R ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/lib/httpd
271 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/test-cgi 271 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/test-cgi
272 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/printenv 272 ${CHOWN} ${BINOWN}:${BINGRP} ${DESTDIR}${PREFIX}/libexec/cgi-bin/printenv
273 273
274 for file in ${FIX_MAN_PERMS}; do \ 274 for file in ${FIX_MAN_PERMS}; do \
275 ${CHOWN} ${MANOWN}:${MANGRP} ${DESTDIR}${PREFIX}/${PKGMANDIR}/$$file; \ 275 ${CHOWN} ${MANOWN}:${MANGRP} ${DESTDIR}${PREFIX}/${PKGMANDIR}/$$file; \
276 done 276 done
277 277
278 ${CHMOD} -x ${DESTDIR}${PREFIX}/sbin/envvars-std 278 ${CHMOD} -x ${DESTDIR}${PREFIX}/sbin/envvars-std
279 ${TEST} ! -f ${DESTDIR}${PREFIX}/sbin/suexec || ${CHMOD} -w ${DESTDIR}${PREFIX}/sbin/suexec 279 ${TEST} ! -f ${DESTDIR}${PREFIX}/sbin/suexec || ${CHMOD} -w ${DESTDIR}${PREFIX}/sbin/suexec
280 280
281.include "../../mk/bsd.pkg.mk" 281.include "../../mk/bsd.pkg.mk"
cvs diff -r1.17 -r1.18 pkgsrc/www/apache22/Attic/distinfo (switch to unified diff)

--- pkgsrc/www/apache22/Attic/distinfo 2009/02/15 23:14:40 1.17
+++ pkgsrc/www/apache22/Attic/distinfo 2009/05/22 09:46:06 1.18
@@ -1,18 +1,19 @@ @@ -1,18 +1,19 @@
1$NetBSD: distinfo,v 1.17 2009/02/15 23:14:40 rillig Exp $ 1$NetBSD: distinfo,v 1.18 2009/05/22 09:46:06 tron Exp $
2 2
3SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a 3SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a
4RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d 4RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d
5Size (httpd-2.2.11.tar.bz2) = 5230130 bytes 5Size (httpd-2.2.11.tar.bz2) = 5230130 bytes
6SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf 6SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf
 7SHA1 (patch-ab) = d5391ca1af9d817d35cb472b0feb05b86a95e560
7SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad 8SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
8SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 9SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
9SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 10SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
10SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 11SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
11SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 12SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
12SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 13SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
13SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 14SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
14SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1 15SHA1 (patch-aq) = 27a0093fc75dcafc673abc25e9ebe80167f52ac1
15SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c 16SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c
16SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1 17SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1
17SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf 18SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf
18SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 19SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
File Added: pkgsrc/www/apache22/patches/Attic/patch-ab
$NetBSD: patch-ab,v 1.10 2009/05/22 09:46:06 tron Exp $

Patch for CVE-2009-1191 taken from the Apache SVN repository:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?view=markup&pathrev=768506

--- modules/proxy/mod_proxy_ajp.c	2008/11/15 14:25:54	714273
+++ modules/proxy/mod_proxy_ajp.c	2009/04/25 09:58:52	768506
@@ -307,21 +307,17 @@
                          "proxy: read zero bytes, expecting"
                          " %" APR_OFF_T_FMT " bytes",
                          content_length);
-            status = ajp_send_data_msg(conn->sock, msg, 0);
-            if (status != APR_SUCCESS) {
-                /* We had a failure: Close connection to backend */
-                conn->close++;
-                ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
-                            "proxy: send failed to %pI (%s)",
-                            conn->worker->cp->addr,
-                            conn->worker->hostname);
-                return HTTP_INTERNAL_SERVER_ERROR;
-            }
-            else {
-                /* Client send zero bytes with C-L > 0
-                 */
-                return HTTP_BAD_REQUEST;
-            }
+            /*
+             * We can only get here if the client closed the connection
+             * to us without sending the body.
+             * Now the connection is in the wrong state on the backend.
+             * Sending an empty data msg doesn't help either as it does
+             * not move this connection to the correct state on the backend
+             * for later resusage by the next request again.
+             * Close it to clean things up.
+             */
+            conn->close++;
+            return HTTP_BAD_REQUEST;
         }
     }