[CVS] OpenPKG: openpkg-src/apache apache.spec mod_ssl.patch

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   23-Oct-2002 11:30:38
  Branch: OPENPKG_1_0_SOLID                Handle: 2002102310303800

  Added files:              (Branch: OPENPKG_1_0_SOLID)
    openpkg-src/apache      mod_ssl.patch
  Modified files:           (Branch: OPENPKG_1_0_SOLID)
    openpkg-src/apache      apache.spec

  Log:
    add bugfixing patch for mod_ssl XSS problem

  Summary:
    Revision    Changes     Path
    1.16.2.8    +3  -1      openpkg-src/apache/apache.spec
    1.1.4.1     +17 -0      openpkg-src/apache/mod_ssl.patch
  ____________________________________________________________________________

  Index: openpkg-src/apache/apache.spec
  ============================================================
  $ cvs diff -u -r1.16.2.7 -r1.16.2.8 apache.spec
  --- openpkg-src/apache/apache.spec    4 Oct 2002 19:39:16 -0000       1.16.2.7
  +++ openpkg-src/apache/apache.spec    23 Oct 2002 09:30:38 -0000      1.16.2.8
  @@ -71,13 +71,14 @@
   Group:        Web
   License:      BSD-style
   Version:      %{V_apache}
  -Release:      1.0.5
  +Release:      1.0.6
   
   #   list of sources
   Source0:      http://httpd.apache.org/dist/httpd/apache_%{V_apache}.tar.gz
   Patch0:       apache.patch
   # %if "%{mod_ssl}" == "yes"
   Source1:      http://www.modssl.org/source/mod_ssl-%{V_mod_ssl}-%{V_apache}.tar.gz
  +Patch1:       mod_ssl.patch
   # %endif
   # %if "%{mod_perl}" == "yes"
   Source2:      http://perl.apache.org/dist/mod_perl-%{V_mod_perl}.tar.gz
  @@ -179,6 +180,7 @@
       %patch0 -p0
   %if "%{mod_ssl}" == "yes"
       %setup1 -q -T -D -a 1
  +    %patch1 -p0
   %endif
   %if "%{mod_perl}" == "yes"
       %setup2 -q -T -D -a 2
  Index: openpkg-src/apache/mod_ssl.patch
  ============================================================
  $ cvs update -p -r1.1.4.1 mod_ssl.patch
  
  Security bugfix for mod_ssl Cross Side Scripting (XSS) problem.
  
  Index: mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_kernel.c
  --- mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_kernel.c.orig  4 Oct 2002 13:31:09 
-0000       1.132
  +++ mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_kernel.c       10 Oct 2002 14:27:45 
-0000      1.133
  @@ -622,7 +622,8 @@
           if (!ap_is_default_port(port, r))
               thisport = ap_psprintf(r->pool, ":%u", port);
           thisurl = ap_psprintf(r->pool, "https://%s%s/";,
  -                              ap_get_server_name(r), thisport);
  +                              ap_escape_html(r->pool, ap_get_server_name(r)),
  +                           thisport);
   
           ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool,
                         "Reason: You're speaking plain HTTP to an SSL-enabled server 
port.<BR>\n"
  
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]