head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2012.02.01.19.53.21;	author tron;	state dead;
branches;
next	1.1;

1.1
date	2012.01.29.12.29.08;	author tron;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2012.01.29.12.29.08;	author sbd;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2012.01.30.03.30.53;	author sbd;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update "apache" package to version 2.2.22. Changes since 2.2.21:
- SECURITY: CVE-2011-3368 (cve.mitre.org)
  Reject requests where the request-URI does not match the HTTP
  specification, preventing unexpected expansion of target URLs in
  some reverse proxy configurations.  [Joe Orton]
- SECURITY: CVE-2011-3607 (cve.mitre.org)
  Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
  is enabled, could allow local users to gain privileges via a .htaccess
  file. [Stefan Fritsch, Greg Ames]
- SECURITY: CVE-2011-4317 (cve.mitre.org)
  Resolve additional cases of URL rewriting with ProxyPassMatch or
  RewriteRule, where particular request-URIs could result in undesired
  backend network exposure in some configurations.
  [Joe Orton]
- SECURITY: CVE-2012-0021 (cve.mitre.org)
  mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
  string is in use and a client sends a nameless, valueless cookie, causing
  a denial of service. The issue existed since version 2.2.17. Bug#52256.
  [Rainer Canavan <rainer-apache 7val com>]
- SECURITY: CVE-2012-0031 (cve.mitre.org)
  Fix scoreboard issue which could allow an unprivileged child process
  could cause the parent to crash at shutdown rather than terminate
  cleanly.  [Joe Orton]
- SECURITY: CVE-2012-0053 (cve.mitre.org)
  Fix an issue in error responses that could expose "httpOnly" cookies
  when no custom ErrorDocument is specified for status code 400.
  [Eric Covener]
- mod_proxy_ajp: Try to prevent a single long request from marking a worker
  in error. [Jean-Frederic Clere]
- config: Update the default mod_ssl configuration: Disable SSLv2, only
  allow >= 128bit ciphers, add commented example for speed optimized cipher
  list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]
- core: Fix segfault in ap_send_interim_response(). Bug#52315.
  [Stefan Fritsch]
- mod_log_config: Prevent segfault. Bug#50861. [Torsten Foertsch
  <torsten.foertsch gmx.net>]
- mod_win32: Invert logic for env var UTF-8 fixing.
  Now we exclude a list of vars which we know for sure they dont hold UTF-8
  chars; all other vars will be fixed. This has the benefit that now also
  all vars from 3rd-party modules will be fixed. Bug#13029 / 34985.
  [Guenter Knauf]
- core: Fix hook sorting for Perl modules, a regression introduced in
  2.2.21. Bug#45076. [Torsten Foertsch <torsten foertsch gmx net>]
- Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
  A range of '0-' will now return 206 instead of 200. Bug#51878.
  [Jim Jagielski]
- Example configuration: Fix entry for MaxRanges (use "unlimited" instead
  of "0").  [Rainer Jung]
- mod_substitute: Fix buffer overrun.  [Ruediger Pluem, Rainer Jung]

Please note that all the security fixes had been integrated into
"pkgsrc" as patches previously.
@
text
@$NetBSD: patch-CVE-2012-0021,v 1.1 2012/01/29 12:29:08 tron Exp $

Fix security vulnerability reported in CVE-2012-0021. Patch taken from
Apache SVN repository:

http://svn.apache.org/viewvc?view=revision&revision=1227292

--- modules/loggers/mod_log_config.c.orig	2010-08-24 07:41:38.000000000 +0100
+++ modules/loggers/mod_log_config.c	2012-01-29 12:08:13.000000000 +0000
@@@@ -524,19 +524,21 @@@@
 
         while ((cookie = apr_strtok(cookies, ";", &last1))) {
             char *name = apr_strtok(cookie, "=", &last2);
-            char *value;
-            apr_collapse_spaces(name, name);
+            if (name) {
+                char *value;
+                apr_collapse_spaces(name, name);
+
+                if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+                    char *last;
+                    value += strspn(value, " \t");  /* Move past leading WS */
+                    last = value + strlen(value) - 1;
+                    while (last >= value && apr_isspace(*last)) {
+                       *last = '\0';
+                       --last;
+                    }
 
-            if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
-                char *last;
-                value += strspn(value, " \t");  /* Move past leading WS */
-                last = value + strlen(value) - 1;
-                while (last >= value && apr_isspace(*last)) {
-                   *last = '\0';
-                   --last;
+                    return ap_escape_logitem(r->pool, value);
                 }
-
-                return ap_escape_logitem(r->pool, value);
             }
             cookies = NULL;
         }
@


1.1
log
@Add patch for security vulnerabilities reported in CVE-2012-0021
and CVE-2012-0053 taken from Apache SVN repository.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-CVE-2012-0021 was added on branch pkgsrc-2011Q4 on 2012-01-30 03:30:53 +0000
@
text
@d1 42
@


1.1.2.2
log
@Pullup ticket #3664 - requested by tron
www/apache22 security update

Revisions pulled up:
- www/apache22/Makefile                                         1.78
- www/apache22/distinfo                                         1.49
- www/apache22/patches/patch-CVE-2012-0021                      1.1
- www/apache22/patches/patch-server_protocol.c                  1.4

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sun Jan 29 12:29:08 UTC 2012

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   	pkgsrc/www/apache22/patches: patch-server_protocol.c
   Added Files:
   	pkgsrc/www/apache22/patches: patch-CVE-2012-0021

   Log Message:
   Add patch for security vulnerabilities reported in CVE-2012-0021
   and CVE-2012-0053 taken from Apache SVN repository.
@
text
@a0 42
$NetBSD$

Fix security vulnerability reported in CVE-2012-0021. Patch taken from
Apache SVN repository:

http://svn.apache.org/viewvc?view=revision&revision=1227292

--- modules/loggers/mod_log_config.c.orig	2010-08-24 07:41:38.000000000 +0100
+++ modules/loggers/mod_log_config.c	2012-01-29 12:08:13.000000000 +0000
@@@@ -524,19 +524,21 @@@@
 
         while ((cookie = apr_strtok(cookies, ";", &last1))) {
             char *name = apr_strtok(cookie, "=", &last2);
-            char *value;
-            apr_collapse_spaces(name, name);
+            if (name) {
+                char *value;
+                apr_collapse_spaces(name, name);
+
+                if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
+                    char *last;
+                    value += strspn(value, " \t");  /* Move past leading WS */
+                    last = value + strlen(value) - 1;
+                    while (last >= value && apr_isspace(*last)) {
+                       *last = '\0';
+                       --last;
+                    }
 
-            if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
-                char *last;
-                value += strspn(value, " \t");  /* Move past leading WS */
-                last = value + strlen(value) - 1;
-                while (last >= value && apr_isspace(*last)) {
-                   *last = '\0';
-                   --last;
+                    return ap_escape_logitem(r->pool, value);
                 }
-
-                return ap_escape_logitem(r->pool, value);
             }
             cookies = NULL;
         }
@