head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.24 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.22 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.20 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.18 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.16 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.14 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.12 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.10 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.8 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.4 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2007.09.08.11.02.09; author tron; state dead; branches; next 1.1; 1.1 date 2007.06.05.01.43.44; author lkundrak; state Exp; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2007.06.05.01.43.44; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2007.06.13.14.16.33; author salo; state Exp; branches; next ; 1.1.4.1 date 2007.09.10.20.57.51; author ghen; state dead; branches; next ; desc @@ 1.2 log @Update "apache22" package to version 2.2.6. This update is a bug and security fix release. The following security problem hasn't been fixed in "pkgsrc" before: - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. @ text @$NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $ Security fix for CVE-2007-1862 sensitive information disclosure http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 http://issues.apache.org/bugzilla/attachment.cgi?id=20065 --- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200 +++ modules/cache/mod_mem_cache.c @@@@ -539,12 +539,26 @@@@ static int remove_url(cache_handle_t *h, return OK; } +static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table) +{ + const apr_array_header_t *array = apr_table_elts(table); + apr_table_entry_t *elts = (apr_table_entry_t *) array->elts; + apr_table_t *copy = apr_table_make(p, array->nelts); + int i; + + for (i = 0; i < array->nelts; i++) { + apr_table_add(copy, elts[i].key, elts[i].val); + } + + return copy; +} + static apr_status_t recall_headers(cache_handle_t *h, request_rec *r) { mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj; - h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs); - h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out); + h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs); + h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out); return OK; } @@@@ -585,7 +599,7 @@@@ static apr_status_t store_headers(cache_ * - The original response headers (for returning with a cached response) * - The body of the message */ - mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in); + mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in); /* Precompute how much storage we need to hold the headers */ headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out, @@@@ -599,7 +613,7 @@@@ static apr_status_t store_headers(cache_ } headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out); - mobj->header_out = apr_table_copy(mobj->pool, headers_out); + mobj->header_out = deep_table_copy(mobj->pool, headers_out); /* Init the info struct */ obj->info.status = info->status; @ 1.1 log @Bump apache22 to 2.2.4nb4 due to: Security fix for CVE-2007-1862 sensitive information disclosure http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 http://issues.apache.org/bugzilla/attachment.cgi?id=20065 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.4.1 log @Pullup ticket 2185 - requested by tron security update for apache22 - pkgsrc/www/apache22/Makefile 1.18, 1.20 - pkgsrc/www/apache22/Makefile.common 1.6 - pkgsrc/www/apache22/PLIST 1.2, 1.3 - pkgsrc/www/apache22/distinfo 1.7 - pkgsrc/www/apache22/patches/patch-aa 1.2 - pkgsrc/www/apache22/patches/patch-ab removed - pkgsrc/www/apache22/patches/patch-an removed - pkgsrc/www/apache22/patches/patch-ao removed - pkgsrc/www/apache22/patches/patch-ap removed - pkgsrc/www/apache22/patches/patch-ar removed - pkgsrc/www/apache22/patches/patch-at removed Module Name: pkgsrc Committed By: tron Date: Sat Sep 8 11:02:11 UTC 2007 Modified Files: pkgsrc/www/apache22: Makefile Makefile.common PLIST distinfo pkgsrc/www/apache22/patches: patch-aa Removed Files: pkgsrc/www/apache22/patches: patch-ab patch-an patch-ao patch-ap patch-ar patch-at Log Message: Update "apache22" package to version 2.2.6. This update is a bug and security fix release. The following security problem hasn't been fixed in "pkgsrc" before: - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. --- Module Name: pkgsrc Committed By: rillig Date: Sun Sep 9 08:12:58 UTC 2007 Modified Files: pkgsrc/www/apache22: Makefile Log Message: Only fix the suexec permissions if the file exists. --- Module Name: pkgsrc Committed By: tron Date: Mon Sep 10 20:36:41 UTC 2007 Modified Files: pkgsrc/www/apache22: PLIST Log Message: Remove duplicate entry for "share/httpd/icons/README.html". Pointed out by Geert Hendrickx in private e-mail. @ text @d1 1 a1 1 $NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $ @ 1.1.2.1 log @file patch-an was added on branch pkgsrc-2007Q1 on 2007-06-13 14:16:33 +0000 @ text @d1 55 @ 1.1.2.2 log @Pullup ticket 2105 - requested by lkundrak security fix for apache22 Revisions pulled up: - pkgsrc/www/apache22/Makefile 1.12 - pkgsrc/www/apache22/distinfo 1.5 - pkgsrc/www/apache22/patches/patch-an 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Tue Jun 5 01:43:45 UTC 2007 Modified Files: pkgsrc/www/apache22: Makefile distinfo Added Files: pkgsrc/www/apache22/patches: patch-an Log Message: Bump apache22 to 2.2.4nb4 due to: Security fix for CVE-2007-1862 sensitive information disclosure http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 http://issues.apache.org/bugzilla/attachment.cgi?id=20065 @ text @a0 55 $NetBSD: patch-an,v 1.1 2007/06/05 01:43:44 lkundrak Exp $ Security fix for CVE-2007-1862 sensitive information disclosure http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 http://issues.apache.org/bugzilla/attachment.cgi?id=20065 --- modules/cache/mod_mem_cache.c.orig 2007-06-05 03:31:29.000000000 +0200 +++ modules/cache/mod_mem_cache.c @@@@ -539,12 +539,26 @@@@ static int remove_url(cache_handle_t *h, return OK; } +static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table) +{ + const apr_array_header_t *array = apr_table_elts(table); + apr_table_entry_t *elts = (apr_table_entry_t *) array->elts; + apr_table_t *copy = apr_table_make(p, array->nelts); + int i; + + for (i = 0; i < array->nelts; i++) { + apr_table_add(copy, elts[i].key, elts[i].val); + } + + return copy; +} + static apr_status_t recall_headers(cache_handle_t *h, request_rec *r) { mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj; - h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs); - h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out); + h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs); + h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out); return OK; } @@@@ -585,7 +599,7 @@@@ static apr_status_t store_headers(cache_ * - The original response headers (for returning with a cached response) * - The body of the message */ - mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in); + mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in); /* Precompute how much storage we need to hold the headers */ headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out, @@@@ -599,7 +613,7 @@@@ static apr_status_t store_headers(cache_ } headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out); - mobj->header_out = apr_table_copy(mobj->pool, headers_out); + mobj->header_out = deep_table_copy(mobj->pool, headers_out); /* Init the info struct */ obj->info.status = info->status; @