svn commit: r306878 - in head: security/vuxml www/apache22 www/apache22/files

Olli Hauer ohauer at FreeBSD.org
Fri Nov 2 18:45:32 UTC 2012 

Author: ohauer
Date: Fri Nov  2 18:45:31 2012
New Revision: 306878
URL: http://svn.freebsd.org/changeset/ports/306878

Log:
  - update apache22 to version 2.22.23
  - trim vuxml/Makefile header
  
  with hat apache@
  
  Feature safe: yes
  
  Security:       CVE-2012-2687

Deleted:
  head/www/apache22/files/patch-server__util_pcre.c
Modified:
  head/security/vuxml/Makefile
  head/security/vuxml/vuln.xml
  head/www/apache22/Makefile
  head/www/apache22/Makefile.doc
  head/www/apache22/distinfo
  head/www/apache22/files/patch-Makefile.in
  head/www/apache22/files/patch-support__envvars-std.in

Modified: head/security/vuxml/Makefile
==============================================================================
--- head/security/vuxml/Makefile	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/security/vuxml/Makefile	Fri Nov  2 18:45:31 2012	(r306878)
@@ -1,9 +1,5 @@
-# New ports collection makefile for:	vuxml
-# Date created:		2004/02/12
-# Whom:			nectar at FreeBSD.org
-#
+# Created by: nectar at FreeBSD.org
 # $FreeBSD$
-#
 
 PORTNAME=	vuxml
 PORTVERSION=	1.1

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/security/vuxml/vuln.xml	Fri Nov  2 18:45:31 2012	(r306878)
@@ -51,6 +51,52 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="65539c54-2517-11e2-b9d6-20cf30e32f6d">
+    <topic>apache22 -- several vulnerability</topic>
+    <affects>
+      <package>
+	<name>apache22</name>
+	<range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+      </package>
+      <package>
+	<name>apache22-event-mpm</name>
+	<range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+      </package>
+      <package>
+	<name>apache22-itk-mpm</name>
+	<range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+      </package>
+      <package>
+	<name>apache22-peruser-mpm</name>
+	<range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+      </package>
+      <package>
+	<name>apache22-worker-mpm</name>
+	<range><gt>2.2.0</gt><lt>2.2.23</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Apache HTTP SERVER PROJECT reports:</h1>
+	<blockquote cite="http://httpd.apache.org/security/vulnerabilities_22.html">
+	  <h1>low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687</h1>
+	  <p>Possible XSS for sites which use mod_negotiation and
+	    allow untrusted uploads to locations which have MultiViews enabled.</p>
+	  <h1>low: insecure LD_LIBRARY_PATH handling CVE-2012-0883</h1>
+	  <p>This issue was already fixed in port version 2.2.22_5</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2012-2687</cvename>
+      <cvename>CVE-2012-0833</cvename><!-- already fixed in r301849 -->
+    </references>
+    <dates>
+      <discovery>2012-09-13</discovery>
+      <entry>2012-11-02</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="ec89dc70-2515-11e2-8eda-000a5e1e33c6">
     <topic>webmin -- potential XSS attack via real name field</topic>
     <affects>

Modified: head/www/apache22/Makefile
==============================================================================
--- head/www/apache22/Makefile	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/www/apache22/Makefile	Fri Nov  2 18:45:31 2012	(r306878)
@@ -1,8 +1,8 @@
 # $FreeBSD$
 
 PORTNAME=	apache22
-PORTVERSION=	2.2.22
-PORTREVISION=	8
+PORTVERSION=	2.2.23
+#PORTREVISION=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}

Modified: head/www/apache22/Makefile.doc
==============================================================================
--- head/www/apache22/Makefile.doc	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/www/apache22/Makefile.doc	Fri Nov  2 18:45:31 2012	(r306878)
@@ -71,7 +71,7 @@ MAKE_ENV+=	EXAMPLESDIR=${EXAMPLESDIR}
 MAKE_ENV+=	NOPORTDOCS=yes
 .endif
 
-MAN1=		ab.1 apxs.1 dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 logresolve.1
-MAN8=		apachectl.8 htcacheclean.8 httpd.8 rotatelogs.8 suexec.8
+MAN1=		dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1
+MAN8=		ab.8 apxs.8 apachectl.8 htcacheclean.8 httpd.8 logresolve.8 rotatelogs.8 suexec.8
 
 PORTDOCS=	* #don't blame me ;-)

Modified: head/www/apache22/distinfo
==============================================================================
--- head/www/apache22/distinfo	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/www/apache22/distinfo	Fri Nov  2 18:45:31 2012	(r306878)
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.22.tar.bz2) = dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231
-SIZE (apache22/httpd-2.2.22.tar.bz2) = 5378934
+SHA256 (apache22/httpd-2.2.23.tar.bz2) = 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34
+SIZE (apache22/httpd-2.2.23.tar.bz2) = 5485205

Modified: head/www/apache22/files/patch-Makefile.in
==============================================================================
--- head/www/apache22/files/patch-Makefile.in	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/www/apache22/files/patch-Makefile.in	Fri Nov  2 18:45:31 2012	(r306878)
@@ -96,10 +96,10 @@
  	@test -d $(DESTDIR)$(manualdir)   || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
 -	@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
 -	@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
-+	for i in ab apxs dbmmanage htdbm htdigest htpasswd httxt2dbm logresolve; do \
++	for i in dbmmanage htdbm htdigest htpasswd httxt2dbm ; do \
 +	  ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.1 $(DESTDIR)$(mandir)/man1; \
 +	done
-+	for i in apachectl htcacheclean httpd rotatelogs suexec; do \
++	for i in ab apachectl apxs htcacheclean httpd logresolve rotatelogs suexec; do \
 +	  ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.8 $(DESTDIR)$(mandir)/man8; \
 +	done
 +.if !defined(NOPORTDOCS)

Modified: head/www/apache22/files/patch-support__envvars-std.in
==============================================================================
--- head/www/apache22/files/patch-support__envvars-std.in	Fri Nov  2 18:08:19 2012	(r306877)
+++ head/www/apache22/files/patch-support__envvars-std.in	Fri Nov  2 18:45:31 2012	(r306878)
@@ -1,15 +1,6 @@
---- support/envvars-std.in.orig	2006-07-11 23:38:44.000000000 -0400
-+++ support/envvars-std.in	2012-08-01 23:11:16.000000000 -0400
-@@ -18,7 +18,18 @@
- #
- # This file is generated from envvars-std.in
- #
-- at SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
-+if test "x$@SHLIBPATH_VAR@" != "x" ; then
-+  @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
-+else
-+  @SHLIBPATH_VAR@="@exp_libdir@"
-+fi
+--- ./support/envvars-std.in.orig	2006-07-11 23:38:44.000000000 -0400
++++ ./support/envvars-std.in	2012-10-28 20:07:32.000000000 +0100
+@@ -26,3 +26,10 @@
  export @SHLIBPATH_VAR@
  #
  @OS_SPECIFIC_VARS@

More information about the svn-ports-all mailing list