aboutsummaryrefslogtreecommitdiff
path: root/www/mod_auth_any
Commit message (Collapse)AuthorAgeFilesLines
* - SIZEify distinfoClement Laforet2004-02-071-0/+1
| | | | Notes: svn path=/head/; revision=100265
* - Update my email addressClement Laforet2004-01-131-1/+1
| | | | | | | Approved and reviewed by: erwin (mentor) Notes: svn path=/head/; revision=98067
* Use the new Apache bits from bsd.port.mk.Joe Marcus Clarke2003-11-071-6/+1
| | | | | | | Submitted by: dinoex Notes: svn path=/head/; revision=93294
* [update orphand port] www/mod_auth_any: Update to 1.3.2 and take maintainershipEdwin Groothuis2003-10-065-95/+9
| | | | | | | | | | | | - update to 1.3.2 - update WWW - take maintainership PR: ports/57413 Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org> Notes: svn path=/head/; revision=90445
* o Fix vulnerability that allows execution of arbitrary commands onMario Sergio Fujikawa Ferreira2003-03-253-0/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the server with the uid of the apache process. Background [1]: "The module accepts a username and password from the web client, passes them to a user-space executable (using popen(3), which invokes a shell) and waits for a response in order to authenticate the user. The password is quoted on the popen() command line to avoid interpretation of shell special chars, but the username is not. Thus a malicious user can execute commands by supplying an appropriately crafted username. (e.g. "foo&mail me@my.home</etc/passwd") "The problem is easily fixed by adding quotes (and escaping any quotes already present) to the username and password in the popen command line." o Fix this by adding a escaping function from [2]. Then, modifying this function appropriately with ideas from [3]. Apply the new escaping code to mod_auth_any. o Bump PORTREVISION Submitted by: Security Officer (nectar), Red Hat Security Response Team <security@redhat.com> [1] Obtained from: mod_auth_any CVS [2], nalin@redhat.com [3] Notes: svn path=/head/; revision=77439
* De-pkg-comment.Akinori MUSHA2003-02-202-1/+1
| | | | Notes: svn path=/head/; revision=75976
* o Rollback PORTCOMMENT modifications while this feature's implementationMario Sergio Fujikawa Ferreira2002-11-102-2/+1
| | | | | | | | | | | is better studied o Turn PORTCOMMENT variable in Makefile back into pkg-comment files Approved by: kris (portmgr hat), portmgr, re (silence) Notes: svn path=/head/; revision=69808
* Use PORTCOMMENT in the Makefile, and whack the pkg-comment.Adam Weinberger2002-11-062-1/+2
| | | | | | | Approved by: pat Notes: svn path=/head/; revision=69612
* support appache13-modssl by defining APACHE_PORT in /etc/make.confDirk Meyer2002-09-091-2/+3
| | | | | | | others variants of the apache ports can be used too. Notes: svn path=/head/; revision=65932
* Add mod_auth_any 1.0.2, an apache module to use any command lineWill Andrews2001-04-105-0/+38
program to authenticate a user. Notes: svn path=/head/; revision=41245
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 07:11:59 +0000