diff options
| -rw-r--r-- | security/vuxml/Makefile | 6 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 46 | ||||
| -rw-r--r-- | www/apache22/Makefile | 4 | ||||
| -rw-r--r-- | www/apache22/Makefile.doc | 4 | ||||
| -rw-r--r-- | www/apache22/distinfo | 4 | ||||
| -rw-r--r-- | www/apache22/files/patch-Makefile.in | 4 | ||||
| -rw-r--r-- | www/apache22/files/patch-server__util_pcre.c | 12 | ||||
| -rw-r--r-- | www/apache22/files/patch-support__envvars-std.in | 15 |
8 files changed, 58 insertions, 37 deletions
diff --git a/security/vuxml/Makefile b/security/vuxml/Makefile index 365834aa428e..ca13a1182141 100644 --- a/security/vuxml/Makefile +++ b/security/vuxml/Makefile @@ -1,9 +1,5 @@ -# New ports collection makefile for: vuxml -# Date created: 2004/02/12 -# Whom: nectar@FreeBSD.org -# +# Created by: nectar@FreeBSD.org # $FreeBSD$ -# PORTNAME= vuxml PORTVERSION= 1.1 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 84ea24f20d70..eb93bd044461 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,52 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="65539c54-2517-11e2-b9d6-20cf30e32f6d"> + <topic>apache22 -- several vulnerability</topic> + <affects> + <package> + <name>apache22</name> + <range><gt>2.2.0</gt><lt>2.2.23</lt></range> + </package> + <package> + <name>apache22-event-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.23</lt></range> + </package> + <package> + <name>apache22-itk-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.23</lt></range> + </package> + <package> + <name>apache22-peruser-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.23</lt></range> + </package> + <package> + <name>apache22-worker-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Apache HTTP SERVER PROJECT reports:</h1> + <blockquote cite="http://httpd.apache.org/security/vulnerabilities_22.html"> + <h1>low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687</h1> + <p>Possible XSS for sites which use mod_negotiation and + allow untrusted uploads to locations which have MultiViews enabled.</p> + <h1>low: insecure LD_LIBRARY_PATH handling CVE-2012-0883</h1> + <p>This issue was already fixed in port version 2.2.22_5</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-2687</cvename> + <cvename>CVE-2012-0833</cvename><!-- already fixed in r301849 --> + </references> + <dates> + <discovery>2012-09-13</discovery> + <entry>2012-11-02</entry> + </dates> + </vuln> + <vuln vid="ec89dc70-2515-11e2-8eda-000a5e1e33c6"> <topic>webmin -- potential XSS attack via real name field</topic> <affects> diff --git a/www/apache22/Makefile b/www/apache22/Makefile index 066293121e77..bc784a7a589e 100644 --- a/www/apache22/Makefile +++ b/www/apache22/Makefile @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= apache22 -PORTVERSION= 2.2.22 -PORTREVISION= 8 +PORTVERSION= 2.2.23 +#PORTREVISION= 1 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} diff --git a/www/apache22/Makefile.doc b/www/apache22/Makefile.doc index 580310dc4ede..6c308457181a 100644 --- a/www/apache22/Makefile.doc +++ b/www/apache22/Makefile.doc @@ -71,7 +71,7 @@ MAKE_ENV+= EXAMPLESDIR=${EXAMPLESDIR} MAKE_ENV+= NOPORTDOCS=yes .endif -MAN1= ab.1 apxs.1 dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 logresolve.1 -MAN8= apachectl.8 htcacheclean.8 httpd.8 rotatelogs.8 suexec.8 +MAN1= dbmmanage.1 htdbm.1 htdigest.1 htpasswd.1 httxt2dbm.1 +MAN8= ab.8 apxs.8 apachectl.8 htcacheclean.8 httpd.8 logresolve.8 rotatelogs.8 suexec.8 PORTDOCS= * #don't blame me ;-) diff --git a/www/apache22/distinfo b/www/apache22/distinfo index 83575cc46e94..d8b6232d01d9 100644 --- a/www/apache22/distinfo +++ b/www/apache22/distinfo @@ -1,2 +1,2 @@ -SHA256 (apache22/httpd-2.2.22.tar.bz2) = dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231 -SIZE (apache22/httpd-2.2.22.tar.bz2) = 5378934 +SHA256 (apache22/httpd-2.2.23.tar.bz2) = 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34 +SIZE (apache22/httpd-2.2.23.tar.bz2) = 5485205 diff --git a/www/apache22/files/patch-Makefile.in b/www/apache22/files/patch-Makefile.in index 1e375390a0fd..e77f63d68718 100644 --- a/www/apache22/files/patch-Makefile.in +++ b/www/apache22/files/patch-Makefile.in @@ -96,10 +96,10 @@ @test -d $(DESTDIR)$(manualdir) || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir) - @cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1 - @cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8 -+ for i in ab apxs dbmmanage htdbm htdigest htpasswd httxt2dbm logresolve; do \ ++ for i in dbmmanage htdbm htdigest htpasswd httxt2dbm ; do \ + ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.1 $(DESTDIR)$(mandir)/man1; \ + done -+ for i in apachectl htcacheclean httpd rotatelogs suexec; do \ ++ for i in ab apachectl apxs htcacheclean httpd logresolve rotatelogs suexec; do \ + ${INSTALL_MAN} $(top_srcdir)/docs/man/$$i.8 $(DESTDIR)$(mandir)/man8; \ + done +.if !defined(NOPORTDOCS) diff --git a/www/apache22/files/patch-server__util_pcre.c b/www/apache22/files/patch-server__util_pcre.c deleted file mode 100644 index 8950e56de897..000000000000 --- a/www/apache22/files/patch-server__util_pcre.c +++ /dev/null @@ -1,12 +0,0 @@ ---- server/util_pcre.c.orig 2005-11-10 16:20:05.000000000 +0100 -+++ server/util_pcre.c 2012-02-13 23:11:17.898984171 +0100 -@@ -137,7 +137,8 @@ - - if (preg->re_pcre == NULL) return AP_REG_INVARG; - --preg->re_nsub = pcre_info((const pcre *)preg->re_pcre, NULL, NULL); -+pcre_fullinfo((const pcre *)preg->re_pcre, NULL, -+ PCRE_INFO_CAPTURECOUNT, &(preg->re_nsub)); - return 0; - } - diff --git a/www/apache22/files/patch-support__envvars-std.in b/www/apache22/files/patch-support__envvars-std.in index 657bba5991b8..6f1c3c6665f4 100644 --- a/www/apache22/files/patch-support__envvars-std.in +++ b/www/apache22/files/patch-support__envvars-std.in @@ -1,15 +1,6 @@ ---- support/envvars-std.in.orig 2006-07-11 23:38:44.000000000 -0400 -+++ support/envvars-std.in 2012-08-01 23:11:16.000000000 -0400 -@@ -18,7 +18,18 @@ - # - # This file is generated from envvars-std.in - # --@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" -+if test "x$@SHLIBPATH_VAR@" != "x" ; then -+ @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" -+else -+ @SHLIBPATH_VAR@="@exp_libdir@" -+fi +--- ./support/envvars-std.in.orig 2006-07-11 23:38:44.000000000 -0400 ++++ ./support/envvars-std.in 2012-10-28 20:07:32.000000000 +0100 +@@ -26,3 +26,10 @@ export @SHLIBPATH_VAR@ # @OS_SPECIFIC_VARS@ |