From 074ea6ae7fc1ec064b3c6012585feae410fd81b9 Mon Sep 17 00:00:00 2001 From: dinoex Date: Wed, 19 Oct 2005 10:06:02 +0000 Subject: - Update to 2.8.25-1.3.34 --- www/apache13-modssl/Makefile | 8 +- www/apache13-modssl/distinfo | 12 +-- .../files/patch-secfix-CAN-2005-2088 | 87 ---------------------- www/apache13-modssl/pkg-plist | 1 + 4 files changed, 11 insertions(+), 97 deletions(-) delete mode 100644 www/apache13-modssl/files/patch-secfix-CAN-2005-2088 (limited to 'www/apache13-modssl') diff --git a/www/apache13-modssl/Makefile b/www/apache13-modssl/Makefile index 399c22d9668f..df9e8b88d39c 100644 --- a/www/apache13-modssl/Makefile +++ b/www/apache13-modssl/Makefile @@ -7,7 +7,7 @@ PORTNAME= apache+mod_ssl PORTVERSION= ${VERSION_APACHE}+${VERSION_MODSSL} -PORTREVISION?= 2 +PORTREVISION?= 0 CATEGORIES?= www security MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ ${MASTER_SITES_MODSSL:S/$/:mod_ssl/} \ @@ -24,7 +24,7 @@ EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} ${MODSSL_FILE} \ .if defined(WITH_APACHE_IPV6) || defined(APACHE_WITH_IPV6) || make(makesum) || defined(FETCH_ALL) PATCH_SITES+= ftp://ftp.42.org/pub/orphan/ ${MASTER_SITE_LOCAL} PATCH_SITE_SUBDIR= dinoex -PATCHFILES+= apache-1.3.32modssl-v6-20041023.diff.gz +PATCHFILES+= apache-1.3.34modssl-v6-20051019.diff.gz .endif MAINTAINER= dinoex@FreeBSD.org @@ -36,8 +36,8 @@ PATCH_DEPENDS= ${BUILD_DEPENDS} CONFLICTS?= apache+ipv6-1.* apache+ssl-1.* apache-1.* apache-2.* \ apache_fp-1.* caudium-devel-1.* caudium10-1.* caudium12-* \ ru-apache+mod_ssl-1.* ru-apache-1.* thttpd-2.* w3c-httpd-3.* -VERSION_APACHE= 1.3.33 -VERSION_MODSSL= 2.8.24 +VERSION_APACHE= 1.3.34 +VERSION_MODSSL= 2.8.25 VERSION_MODSNMP= 1.3.14.13 VERSION_MODACCEL= 1.0.31 VERSION_MODDEFLATE= 1.0.21 diff --git a/www/apache13-modssl/distinfo b/www/apache13-modssl/distinfo index 2e1d8e49ee1f..e2e6fa1ebfb3 100644 --- a/www/apache13-modssl/distinfo +++ b/www/apache13-modssl/distinfo @@ -1,12 +1,12 @@ -MD5 (apache_1.3.33.tar.gz) = 3dfd2c3778f37a2dfc22b97417a61407 -SIZE (apache_1.3.33.tar.gz) = 2468567 -MD5 (mod_ssl-2.8.24-1.3.33.tar.gz) = 4f28dcf0f090a7dc2ab148e6a503e99a -SIZE (mod_ssl-2.8.24-1.3.33.tar.gz) = 820292 +MD5 (apache_1.3.34.tar.gz) = 9978cc552b423f0015c1052d23ab619e +SIZE (apache_1.3.34.tar.gz) = 2468056 +MD5 (mod_ssl-2.8.25-1.3.34.tar.gz) = 1ef2a6cb47573444779b2fd10502514b +SIZE (mod_ssl-2.8.25-1.3.34.tar.gz) = 820352 MD5 (mod_snmp_1.3.14.13.tar.gz) = c6bcbbba1ee2ead2dcdcc6a687c234d1 SIZE (mod_snmp_1.3.14.13.tar.gz) = 91125 MD5 (mod_accel-1.0.31.tar.gz) = edc31714cc6dc8d24396cb4ddf2ae2f6 SIZE (mod_accel-1.0.31.tar.gz) = 85443 MD5 (mod_deflate-1.0.21.tar.gz) = ece1de9b066592c89a6f2b2fec27a00a SIZE (mod_deflate-1.0.21.tar.gz) = 32505 -MD5 (apache-1.3.32modssl-v6-20041023.diff.gz) = 1a6080af395d43097cc4017cbb313b94 -SIZE (apache-1.3.32modssl-v6-20041023.diff.gz) = 29140 +MD5 (apache-1.3.34modssl-v6-20051019.diff.gz) = 92dacf1717ccfa7a674c7151b3dbb39f +SIZE (apache-1.3.34modssl-v6-20051019.diff.gz) = 29140 diff --git a/www/apache13-modssl/files/patch-secfix-CAN-2005-2088 b/www/apache13-modssl/files/patch-secfix-CAN-2005-2088 deleted file mode 100644 index c4315400577e..000000000000 --- a/www/apache13-modssl/files/patch-secfix-CAN-2005-2088 +++ /dev/null @@ -1,87 +0,0 @@ ---- src/modules/proxy/proxy_http.c 2005/07/14 05:09:17 218987 -+++ src/modules/proxy/proxy_http.c 2005/07/14 05:19:15 218988 -@@ -121,7 +121,7 @@ - char portstr[32]; - pool *p = r->pool; - int destport = 0; -- int chunked = 0; -+ const char *chunked = NULL; - char *destportstr = NULL; - const char *urlptr = NULL; - const char *datestr, *urlstr; -@@ -338,7 +338,12 @@ - ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname); - } - -- /* we don't yet support keepalives - but we will soon, I promise! */ -+ /* we don't yet support keepalives - but we will soon, I promise! -+ * XXX: This introduces various HTTP Request vulnerabilies if not -+ * properly implemented. Before changing this .. be certain to -+ * add a hard-close of the connection if the T-E and C-L headers -+ * are both present, or the C-L header is malformed. -+ */ - ap_table_set(req_hdrs, "Connection", "close"); - - reqhdrs_arr = ap_table_elts(req_hdrs); -@@ -475,25 +480,40 @@ - } - - /* is this content chunked? */ -- chunked = ap_find_last_token(r->pool, -- ap_table_get(resp_hdrs, "Transfer-Encoding"), -- "chunked"); -+ chunked = ap_table_get(resp_hdrs, "Transfer-Encoding"); -+ if (chunked && (strcasecmp(chunked, "chunked") != 0)) { -+ ap_kill_timeout(r); -+ return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool, -+ "Unsupported Transfer-Encoding ", chunked, -+ " from remote server", NULL)); -+ } - - /* strip hop-by-hop headers defined by Connection and RFC2616 */ - ap_proxy_clear_connection(p, resp_hdrs); - - content_length = ap_table_get(resp_hdrs, "Content-Length"); - if (content_length != NULL) { -- c->len = ap_strtol(content_length, NULL, 10); -- -- if (c->len < 0) { -- ap_kill_timeout(r); -- return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool, -- "Invalid Content-Length from remote server", -- NULL)); -+ if (chunked) { -+ /* XXX: We would unset keep-alive here, to the proxy -+ * origin server, for safety's sake but we aren't using -+ * keep-alives (we force Connection: close above) -+ */ -+ nocache = 1; /* do not cache this suspect file */ -+ ap_table_unset(resp_hdrs, "Content-Length"); -+ } -+ else { -+ char *len_end; -+ errno = 0; -+ c->len = ap_strtol(content_length, &len_end, 10); -+ -+ if (errno || (c->len < 0) || (len_end && *len_end)) { -+ ap_kill_timeout(r); -+ return ap_proxyerror(r, HTTP_BAD_GATEWAY, -+ "Invalid Content-Length from remote" -+ " server"); -+ } - } - } -- - } - else { - /* an http/0.9 response */ -@@ -612,7 +632,8 @@ - * content length is not known. We need to make 100% sure c->len is always - * set correctly before we get here to correctly do keepalive. - */ -- ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size); -+ ap_proxy_send_fb(f, r, c, c->len, 0, chunked != NULL, -+ conf->io_buffer_size); - } - - /* ap_proxy_send_fb() closes the socket f for us */ diff --git a/www/apache13-modssl/pkg-plist b/www/apache13-modssl/pkg-plist index ad11d2c80255..8eedf17e23ba 100644 --- a/www/apache13-modssl/pkg-plist +++ b/www/apache13-modssl/pkg-plist @@ -210,6 +210,7 @@ www/data-dist/index.html.zh-tw.big5 %%DOCSDIR%%/index.html.en %%DOCSDIR%%/index.html.ja.jis %%DOCSDIR%%/install-tpf.html +%%DOCSDIR%%/install-ztpf.html %%DOCSDIR%%/install.html.es %%DOCSDIR%%/install.html.en %%DOCSDIR%%/install.html.ja.jis -- cgit