Sun Apr 22 19:08:03 2012 UTC ()
patch for CVE-2012-0883 taken from the Apache SVN
bump pkgrev


(spz)
diff -r1.79 -r1.80 pkgsrc/www/apache22/Makefile
diff -r1.50 -r1.51 pkgsrc/www/apache22/distinfo
diff -r0 -r1.1 pkgsrc/www/apache22/patches/patch-support_envvars-std.in
cvs diff -r1.79 -r1.80 pkgsrc/www/apache22/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/www/apache22/Attic/Makefile 2012/02/01 19:53:21 1.79
+++ pkgsrc/www/apache22/Attic/Makefile 2012/04/22 19:08:03 1.80
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1# $NetBSD: Makefile,v 1.79 2012/02/01 19:53:21 tron Exp $ 1# $NetBSD: Makefile,v 1.80 2012/04/22 19:08:03 spz Exp $
2 2
3DISTNAME= httpd-2.2.22 3DISTNAME= httpd-2.2.22
 4PKGREVISION= 1
4 5
5PKGNAME= ${DISTNAME:S/httpd/apache/} 6PKGNAME= ${DISTNAME:S/httpd/apache/}
6CATEGORIES= www 7CATEGORIES= www
7MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ 8MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
8 http://archive.apache.org/dist/httpd/ \ 9 http://archive.apache.org/dist/httpd/ \
9 http://archive.eu.apache.org/dist/httpd/ 10 http://archive.eu.apache.org/dist/httpd/
10EXTRACT_SUFX= .tar.bz2 11EXTRACT_SUFX= .tar.bz2
11 12
12MAINTAINER= tron@NetBSD.org 13MAINTAINER= tron@NetBSD.org
13HOMEPAGE= http://httpd.apache.org/ 14HOMEPAGE= http://httpd.apache.org/
14COMMENT= Apache HTTP (Web) server, version 2.2 15COMMENT= Apache HTTP (Web) server, version 2.2
15LICENSE= apache-2.0 16LICENSE= apache-2.0
16 17
cvs diff -r1.50 -r1.51 pkgsrc/www/apache22/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/www/apache22/Attic/distinfo 2012/02/01 19:53:21 1.50
+++ pkgsrc/www/apache22/Attic/distinfo 2012/04/22 19:08:03 1.51
@@ -1,18 +1,19 @@ @@ -1,18 +1,19 @@
1$NetBSD: distinfo,v 1.50 2012/02/01 19:53:21 tron Exp $ 1$NetBSD: distinfo,v 1.51 2012/04/22 19:08:03 spz Exp $
2 2
3SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696 3SHA1 (httpd-2.2.22.tar.bz2) = 766cd0843050a8dfb781e48b976f3ba6ebcf8696
4RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9 4RMD160 (httpd-2.2.22.tar.bz2) = 237a26a7759e7e1af175900d598e25fb082a4eb9
5Size (httpd-2.2.22.tar.bz2) = 5378934 bytes 5Size (httpd-2.2.22.tar.bz2) = 5378934 bytes
6SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7 6SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
7SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150 7SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
8SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad 8SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
9SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13 9SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
10SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913 10SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
11SHA1 (patch-af) = 580950dbf0154ba1c93f5c58eae766c7d6c0c00c 11SHA1 (patch-af) = 580950dbf0154ba1c93f5c58eae766c7d6c0c00c
12SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01 12SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
13SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312 13SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
14SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1 14SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
15SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08 15SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
16SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4 16SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
17SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1 17SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
18SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1 18SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
 19SHA1 (patch-support_envvars-std.in) = 03e4989e104f4a1902a9135649d603f3e8d53d4c
File Added: pkgsrc/www/apache22/patches/Attic/patch-support_envvars-std.in
$NetBSD: patch-support_envvars-std.in,v 1.1 2012/04/22 19:08:03 spz Exp $

http://svn.apache.org/viewvc?view=revision&revision=1296428 :

Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs

CVE-2012-0883

--- support/envvars-std.in.orig	2006-07-12 03:38:44.000000000 +0000
+++ support/envvars-std.in
@@ -18,7 +18,11 @@
 #
 # This file is generated from envvars-std.in
 #
-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+if test "x$@SHLIBPATH_VAR@" != "x" ; then
+  @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+else
+  @SHLIBPATH_VAR@="@exp_libdir@"
+fi
 export @SHLIBPATH_VAR@
 #
 @OS_SPECIFIC_VARS@