svn commit: r306878 - in head: security/vuxml www/apache22 www/apache22/files
Olli Hauer
ohauer at FreeBSD.org
Fri Nov 2 18:45:32 UTC 2012
Author: ohauer
Date: Fri Nov 2 18:45:31 2012
New Revision: 306878
URL: http://svn.freebsd.org/changeset/ports/306878
Log:
- update apache22 to version 2.22.23
- trim vuxml/Makefile header
with hat apache@
Feature safe: yes
Security: CVE-2012-2687
Deleted:
head/www/apache22/files/patch-server__util_pcre.c
Modified:
head/security/vuxml/Makefile
head/security/vuxml/vuln.xml
head/www/apache22/Makefile
head/www/apache22/Makefile.doc
head/www/apache22/distinfo
head/www/apache22/files/patch-Makefile.in
head/www/apache22/files/patch-support__envvars-std.in
Modified: head/security/vuxml/Makefile
==============================================================================
--- head/security/vuxml/Makefile Fri Nov 2 18:08:19 2012 (r306877)
+++ head/security/vuxml/Makefile Fri Nov 2 18:45:31 2012 (r306878)
@@ -1,9 +1,5 @@
-# New ports collection makefile for: vuxml
-# Date created: 2004/02/12
-# Whom: nectar at FreeBSD.org
-#
+# Created by: nectar at FreeBSD.org
# $FreeBSD$
-#
PORTNAME= vuxml
PORTVERSION= 1.1
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Nov 2 18:08:19 2012 (r306877)
+++ head/security/vuxml/vuln.xml Fri Nov 2 18:45:31 2012 (r306878)
@@ -51,6 +51,52 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="65539c54-2517-11e2-b9d6-20cf30e32f6d">
+ <topic>apache22 -- several vulnerability</topic>
+ <affects>
+ <package>
+ <name>apache22</name>
+ <range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+ </package>
+ <package>
+ <name>apache22-event-mpm</name>
+ <range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+ </package>
+ <package>
+ <name>apache22-itk-mpm</name>
+ <range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+ </package>
+ <package>
+ <name>apache22-peruser-mpm</name>
+ <range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+ </package>
+ <package>
+ <name>apache22-worker-mpm</name>
+ <range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Apache HTTP SERVER PROJECT reports:</h1>
+ <blockquote cite="http://httpd.apache.org/security/vulnerabilities_22.html">
+ <h1>low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687</h1>
+ <p>Possible XSS for sites which use mod_negotiation and
+ allow untrusted uploads to locations which have MultiViews enabled.</p>
+ <h1>low: insecure LD_LIBRARY_PATH handling CVE-2012-0883</h1>
+ <p>This issue was already fixed in port version 2.2.22_5</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-2687</cvename>
+ <cvename>CVE-2012-0833</cvename><!-- already fixed in r301849 -->
+ </references>
+ <dates>
+ <discovery>2012-09-13</discovery>
+ <entry>2012-11-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ec89dc70-2515-11e2-8eda-000a5e1e33c6">
<topic>webmin -- potential XSS attack via real name field</topic>
<affects>
Modified: head/www/apache22/Makefile
==============================================================================
--- head/www/apache22/Makefile Fri Nov 2 18:08:19 2012 (r306877)
+++ head/www/apache22/Makefile Fri Nov 2 18:45:31 2012 (r306878)
@@ -1,8 +1,8 @@
# $FreeBSD$
PORTNAME= apache22
-PORTVERSION= 2.2.22
-PORTREVISION= 8
+PORTVERSION= 2.2.23
+#PORTREVISION= 1
CATEGORIES= www ipv6
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
DISTNAME= httpd-${PORTVERSION}
Modified: head/www/apache22/Makefile.doc
==============================================================================
--- head/www/apache22/Makefile.doc Fri Nov 2 18:08:19 2012 (r306877)
+++ head/www/apache22/Makefile.doc Fri Nov 2 18:45:31 2012 (r306878)
@@ -71,7 +71,7 @@ MAKE_ENV+= EXAMPLESDIR=${EXAMPLESDIR}
MAKE_ENV+= NOPORTDOCS=yes
.endif
-MAN1= ab.1 apxs.1 dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 logresolve.1
-MAN8= apachectl.8 htcacheclean.8 httpd.8 rotatelogs.8 suexec.8
+MAN1= dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1
+MAN8= ab.8 apxs.8 apachectl.8 htcacheclean.8 httpd.8 logresolve.8 rotatelogs.8 suexec.8
PORTDOCS= * #don't blame me ;-)
Modified: head/www/apache22/distinfo
==============================================================================
--- head/www/apache22/distinfo Fri Nov 2 18:08:19 2012 (r306877)
+++ head/www/apache22/distinfo Fri Nov 2 18:45:31 2012 (r306878)
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.22.tar.bz2) = dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231
-SIZE (apache22/httpd-2.2.22.tar.bz2) = 5378934
+SHA256 (apache22/httpd-2.2.23.tar.bz2) = 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34
+SIZE (apache22/httpd-2.2.23.tar.bz2) = 5485205
Modified: head/www/apache22/files/patch-Makefile.in
==============================================================================
--- head/www/apache22/files/patch-Makefile.in Fri Nov 2 18:08:19 2012 (r306877)
+++ head/www/apache22/files/patch-Makefile.in Fri Nov 2 18:45:31 2012 (r306878)
@@ -96,10 +96,10 @@
@test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
- @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
- @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
-+ for i in ab apxs dbmmanage htdbm htdigest htpasswd httxt2dbm logresolve; do \
++ for i in dbmmanage htdbm htdigest htpasswd httxt2dbm ; do \
+ ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.1 $(DESTDIR)$(mandir)/man1; \
+ done
-+ for i in apachectl htcacheclean httpd rotatelogs suexec; do \
++ for i in ab apachectl apxs htcacheclean httpd logresolve rotatelogs suexec; do \
+ ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.8 $(DESTDIR)$(mandir)/man8; \
+ done
+.if !defined(NOPORTDOCS)
Modified: head/www/apache22/files/patch-support__envvars-std.in
==============================================================================
--- head/www/apache22/files/patch-support__envvars-std.in Fri Nov 2 18:08:19 2012 (r306877)
+++ head/www/apache22/files/patch-support__envvars-std.in Fri Nov 2 18:45:31 2012 (r306878)
@@ -1,15 +1,6 @@
---- support/envvars-std.in.orig 2006-07-11 23:38:44.000000000 -0400
-+++ support/envvars-std.in 2012-08-01 23:11:16.000000000 -0400
-@@ -18,7 +18,18 @@
- #
- # This file is generated from envvars-std.in
- #
-- at SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
-+if test "x$@SHLIBPATH_VAR@" != "x" ; then
-+ @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
-+else
-+ @SHLIBPATH_VAR@="@exp_libdir@"
-+fi
+--- ./support/envvars-std.in.orig 2006-07-11 23:38:44.000000000 -0400
++++ ./support/envvars-std.in 2012-10-28 20:07:32.000000000 +0100
+@@ -26,3 +26,10 @@
export @SHLIBPATH_VAR@
#
@OS_SPECIFIC_VARS@
More information about the svn-ports-all
mailing list