[CVS] OpenPKG: openpkg-src/apache apache.spec mod_ssl.patch

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   23-Oct-2002 11:26:27
  Branch: OPENPKG_1_1_SOLID                Handle: 2002102310262601

  Added files:              (Branch: OPENPKG_1_1_SOLID)
    openpkg-src/apache      mod_ssl.patch
  Modified files:           (Branch: OPENPKG_1_1_SOLID)
    openpkg-src/apache      apache.spec

  Log:
    add bugfixing patch for mod_ssl XSS problem

  Summary:
    Revision    Changes     Path
    1.81.2.3    +3  -1      openpkg-src/apache/apache.spec
    1.1.2.1     +17 -0      openpkg-src/apache/mod_ssl.patch
  ____________________________________________________________________________

  Index: openpkg-src/apache/apache.spec
  ============================================================
  $ cvs diff -u -r1.81.2.2 -r1.81.2.3 apache.spec
  --- openpkg-src/apache/apache.spec    4 Oct 2002 19:31:28 -0000       1.81.2.2
  +++ openpkg-src/apache/apache.spec    23 Oct 2002 09:26:26 -0000      1.81.2.3
  @@ -143,7 +143,7 @@
   Group:        Web
   License:      ASF
   Version:      %{V_apache}
  -Release:      1.1.1
  +Release:      1.1.2
   
   #   list of sources
   Source0:      http://www.apache.org/dist/httpd/apache_%{V_apache}.tar.gz
  @@ -167,6 +167,7 @@
   Source22:     apache.vhost
   Source23:     rc.apache
   Patch0:       apache.patch
  +Patch1:       mod_ssl.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -323,6 +324,7 @@
       #   unpack optional extension modules
   %if "%{with_mod_ssl}" == "yes"
       %setup1 -q -T -D -a 1
  +    %patch1 -p0
   %endif
   %if "%{with_mod_perl}" == "yes"
       %setup2 -q -T -D -a 2
  Index: openpkg-src/apache/mod_ssl.patch
  ============================================================
  $ cvs update -p -r1.1.2.1 mod_ssl.patch
  
  Security bugfix for mod_ssl Cross Side Scripting (XSS) problem.
  
  Index: mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c
  --- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c.orig 4 Oct 2002 13:31:09 
-0000       1.132
  +++ mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c      10 Oct 2002 14:27:45 
-0000      1.133
  @@ -622,7 +622,8 @@
           if (!ap_is_default_port(port, r))
               thisport = ap_psprintf(r->pool, ":%u", port);
           thisurl = ap_psprintf(r->pool, "https://%s%s/";,
  -                              ap_get_server_name(r), thisport);
  +                              ap_escape_html(r->pool, ap_get_server_name(r)),
  +                           thisport);
   
           ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool,
                         "Reason: You're speaking plain HTTP to an SSL-enabled server 
port.<BR>\n"
  
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]