Hey,
here's a security update to apache-httpd-2.2.14.
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
Please test and comment. Thanks!
Regards,
Bernd
Makefile | 2 +-
distinfo | 10 +++++-----
patches/patch-configure | 10 +++++-----
pkg/PLIST | 4 ++++
4 files changed, 15 insertions(+), 11 deletions(-)
Index: Makefile
===================================================================
RCS file: /d/OpenBSD/cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile 30 Aug 2009 18:06:07 -0000 1.21
+++ Makefile 9 Oct 2009 09:44:02 -0000
@@ -2,7 +2,7 @@
COMMENT= apache HTTP server
-V= 2.2.13
+V= 2.2.14
PKGNAME= apache-httpd-${V}
DISTNAME= httpd-${V}
Index: distinfo
===================================================================
RCS file: /d/OpenBSD/cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.8
diff -u -p -r1.8 distinfo
--- distinfo 30 Aug 2009 18:06:07 -0000 1.8
+++ distinfo 9 Oct 2009 09:45:51 -0000
@@ -1,5 +1,5 @@
-MD5 (httpd-2.2.13.tar.gz) = KAPjW+ZlD1tznm6R+qgk3Q==
-RMD160 (httpd-2.2.13.tar.gz) = bwK4HOD4za+wp6nU5MXDIff4xIs=
-SHA1 (httpd-2.2.13.tar.gz) = 1r7DVzEgC8x5Z52DuMPxQeywMEo=
-SHA256 (httpd-2.2.13.tar.gz) = 4n3OoMF1lq5nPDS+DDh6xxccLrCD5/RCuxOgxmzOBxI=
-SIZE (httpd-2.2.13.tar.gz) = 6897450
+MD5 (httpd-2.2.14.tar.gz) = LB48e6ALyqAWPaez5mqqHg==
+RMD160 (httpd-2.2.14.tar.gz) = 4sfk+Uii5WkNewlVIqKM+7dMG80=
+SHA1 (httpd-2.2.14.tar.gz) = 5uILP8WKV6URbgNuMb+X1AnbfPo=
+SHA256 (httpd-2.2.14.tar.gz) = 1XkoCedmfHhABShPr+KKVcuJvUz76ko087jlbBDWc8g=
+SIZE (httpd-2.2.14.tar.gz) = 6684081
Index: patches/patch-configure
===================================================================
RCS file: /d/OpenBSD/cvs/ports/www/apache-httpd/patches/patch-configure,v
retrieving revision 1.6
diff -u -p -r1.6 patch-configure
--- patches/patch-configure 9 Apr 2009 18:36:00 -0000 1.6
+++ patches/patch-configure 9 Oct 2009 09:52:07 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-configure,v 1.6 2009/04/09 18:36:00 bernd Exp $
---- configure.orig Sat Dec 6 16:17:59 2008
-+++ configure Fri Mar 13 03:16:01 2009
-@@ -2822,7 +2822,7 @@ do
+--- configure.orig Thu Sep 24 01:29:56 2009
++++ configure Fri Oct 9 11:52:03 2009
+@@ -3097,7 +3097,7 @@ do
ap_last="${ap_cur}"
ap_cur=`eval "echo ${ap_cur}"`
done
@@ -10,7 +10,7 @@ $OpenBSD: patch-configure,v 1.6 2009/04/
APACHE_VAR_SUBST="$APACHE_VAR_SUBST exp_sysconfdir"
-@@ -3825,7 +3825,7 @@ SHLIBPATH_VAR=`$apr_config --shlib-path-var`
+@@ -4077,7 +4077,7 @@ SHLIBPATH_VAR=`$apr_config --shlib-path-var`
APR_BINDIR=`$apr_config --bindir`
APR_INCLUDEDIR=`$apr_config --includedir`
APR_VERSION=`$apr_config --version`
@@ -19,7 +19,7 @@ $OpenBSD: patch-configure,v 1.6 2009/04/
echo $ac_n "${nl}Configuring Apache Portable Runtime Utility library...${nl}"
-@@ -4144,7 +4144,7 @@ fi
+@@ -4384,7 +4384,7 @@ fi
APU_BINDIR=`$apu_config --bindir`
APU_INCLUDEDIR=`$apu_config --includedir`
APU_VERSION=`$apu_config --version`
Index: pkg/PLIST
===================================================================
RCS file: /d/OpenBSD/cvs/ports/www/apache-httpd/pkg/PLIST,v
retrieving revision 1.16
diff -u -p -r1.16 PLIST
--- pkg/PLIST 30 Aug 2009 18:06:07 -0000 1.16
+++ pkg/PLIST 9 Oct 2009 09:55:51 -0000
@@ -98,6 +98,7 @@ lib/apache2/mod_proxy_balancer.so
lib/apache2/mod_proxy_connect.so
lib/apache2/mod_proxy_ftp.so
lib/apache2/mod_proxy_http.so
+lib/apache2/mod_proxy_scgi.so
lib/apache2/mod_rewrite.so
lib/apache2/mod_setenvif.so
lib/apache2/mod_speling.so
@@ -251,6 +252,7 @@ share/doc/apache2/howto/auth.html
share/doc/apache2/howto/auth.html.en
share/doc/apache2/howto/auth.html.ja.utf8
share/doc/apache2/howto/auth.html.ko.euc-kr
+share/doc/apache2/howto/auth.html.tr.utf8
share/doc/apache2/howto/cgi.html
share/doc/apache2/howto/cgi.html.en
share/doc/apache2/howto/cgi.html.ja.utf8
@@ -603,6 +605,8 @@ share/doc/apache2/mod/mod_proxy_ftp.html
share/doc/apache2/mod/mod_proxy_ftp.html.en
share/doc/apache2/mod/mod_proxy_http.html
share/doc/apache2/mod/mod_proxy_http.html.en
+share/doc/apache2/mod/mod_proxy_scgi.html
+share/doc/apache2/mod/mod_proxy_scgi.html.en
share/doc/apache2/mod/mod_rewrite.html
share/doc/apache2/mod/mod_rewrite.html.en
share/doc/apache2/mod/mod_setenvif.html
