diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 19 | ||||
| -rw-r--r-- | www/apache22/Makefile | 6 | ||||
| -rw-r--r-- | www/apache22/Makefile.modules | 2 | ||||
| -rw-r--r-- | www/apache22/distinfo | 4 | ||||
| -rw-r--r-- | www/apache22/files/patch-modules__mappers__mod_rewrite.c | 27 |
5 files changed, 18 insertions, 40 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a91b5ac06423..663f752d32e0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -121,27 +121,27 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="f3d24aee-e5ad-11e2-b183-20cf30e32f6d"> - <topic>apache22 -- mod_rewrite vulnerability</topic> + <topic>apache22 -- several vulnerabilities</topic> <affects> <package> <name>apache22</name> - <range><gt>2.2.0</gt><lt>2.2.24_1</lt></range> + <range><gt>2.2.0</gt><lt>2.2.25</lt></range> </package> <package> <name>apache22-event-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.24_1</lt></range> + <range><gt>2.2.0</gt><lt>2.2.25</lt></range> </package> <package> <name>apache22-itk-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.24_1</lt></range> + <range><gt>2.2.0</gt><lt>2.2.25</lt></range> </package> <package> <name>apache22-peruser-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.24_1</lt></range> + <range><gt>2.2.0</gt><lt>2.2.25</lt></range> </package> <package> <name>apache22-worker-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.24_1</lt></range> + <range><gt>2.2.0</gt><lt>2.2.25</lt></range> </package> </affects> <description> @@ -153,16 +153,21 @@ Note: Please add new entries to the beginning of this file. non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.</p> + <p>mod_dav: Sending a MERGE request against a URI handled by + mod_dav_svn with the source href (sent as part of the request + body as XML) pointing to a URI that is not configured for DAV + will trigger a segfault.</p> </blockquote> </body> </description> <references> <cvename>CVE-2013-1862</cvename> + <cvename>CVE-2013-1896</cvename> </references> <dates> <discovery>2013-06-21</discovery> <entry>2013-07-05</entry> - <modified>2013-07-06</modified> + <modified>2013-07-10</modified> </dates> </vuln> diff --git a/www/apache22/Makefile b/www/apache22/Makefile index b6997f0eded0..d62b9df334aa 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= apache22 -PORTVERSION= 2.2.24 -PORTREVISION?= 1 +PORTVERSION= 2.2.25 +#PORTREVISION?= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} @@ -98,7 +98,7 @@ IGNORE= suEXEC resource limit patch requires mod_suexec.\ .endif .if ${PORT_OPTIONS:MSUEXEC_USERDIR} -EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_userdir +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_userdir . if empty(PORT_OPTIONS:MSUEXEC) IGNORE= suEXEC UserDir patch requires mod_suexec.\ Please (re)run 'make config' and choose SUEXEC option also diff --git a/www/apache22/Makefile.modules b/www/apache22/Makefile.modules index 69e04a7ad3a9..227cc482327a 100644 --- a/www/apache22/Makefile.modules +++ b/www/apache22/Makefile.modules @@ -72,7 +72,7 @@ LATEST_LINK= apache22-${WITH_MPM}-mpm .if ${WITH_MPM} == "worker" || ${WITH_MPM} == "event" PORT_OPTIONS+= CGID .if ${PORT_OPTIONS:MCGI} -IGNORE= When using a multi-threaded MPM, the module CGID should be used in place CGI. \ +IGNORE= When using a multi-threaded MPM, the module CGID should be used in place CGI. \ Please de-select CGI and select CGID instead. \ See http://httpd.apache.org/docs/2.2/mod/mod_cgi.html .endif diff --git a/www/apache22/distinfo b/www/apache22/distinfo index d9122d8a3189..a9c6d4ffbbc4 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,2 +1,2 @@ -SHA256 (apache22/httpd-2.2.24.tar.bz2) = 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7 -SIZE (apache22/httpd-2.2.24.tar.bz2) = 5490439 +SHA256 (apache22/httpd-2.2.25.tar.bz2) = 4bcaf3524796a514b31aa5c64ce80b0cdb484bab5735416de29d00f6d50fa65a +SIZE (apache22/httpd-2.2.25.tar.bz2) = 5524905 diff --git a/www/apache22/files/patch-modules__mappers__mod_rewrite.c b/www/apache22/files/patch-modules__mappers__mod_rewrite.c deleted file mode 100644 index 1c1790b36c55..000000000000 --- a/www/apache22/files/patch-modules__mappers__mod_rewrite.c +++ /dev/null @@ -1,27 +0,0 @@ ---- ./modules/mappers/mod_rewrite.c.orig 2013-02-18 22:31:42.000000000 +0100 -+++ ./modules/mappers/mod_rewrite.c 2013-05-14 16:41:30.000000000 +0200 -@@ -500,11 +500,11 @@ - - logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] " - "(%d) %s%s%s%s" APR_EOL_STR, -- rhost ? rhost : "UNKNOWN-HOST", -- rname ? rname : "-", -- r->user ? (*r->user ? r->user : "\"\"") : "-", -+ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST", -+ rname ? ap_escape_logitem(r->pool, rname) : "-", -+ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-", - current_logtime(r), -- ap_get_server_name(r), -+ ap_escape_logitem(r->pool, ap_get_server_name(r)), - (void *)(r->server), - (void *)r, - r->main ? "subreq" : "initial", -@@ -514,7 +514,7 @@ - perdir ? "[perdir " : "", - perdir ? perdir : "", - perdir ? "] ": "", -- text); -+ ap_escape_logitem(r->pool, text)); - - nbytes = strlen(logline); - apr_file_write(conf->rewritelogfp, logline, &nbytes); |