FreeBSD Bugzilla – Attachment 98702 Details for
Bug 137651
upgrade www/apache22
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 13.54 KB, created by
TsurutaniNaoki
on 2009-08-11 03:00:12 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
TsurutaniNaoki
Created:
2009-08-11 03:00:12 UTC
Size:
13.54 KB
patch
obsolete
>diff -urN apache22.orig/Makefile apache22/Makefile >--- apache22.orig/Makefile 2009-08-07 05:59:22.000000000 +0900 >+++ apache22/Makefile 2009-08-11 09:36:53.000000000 +0900 >@@ -8,8 +8,7 @@ > # > > PORTNAME= apache >-PORTVERSION= 2.2.11 >-PORTREVISION?= 7 >+PORTVERSION= 2.2.13 > CATEGORIES= www > MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} > DISTNAME= httpd-${PORTVERSION} >diff -urN apache22.orig/distinfo apache22/distinfo >--- apache22.orig/distinfo 2008-12-19 20:45:52.000000000 +0900 >+++ apache22/distinfo 2009-08-11 09:38:20.000000000 +0900 >@@ -1,3 +1,3 @@ >-MD5 (apache22/httpd-2.2.11.tar.bz2) = 3e98bcb14a7122c274d62419566431bb >-SHA256 (apache22/httpd-2.2.11.tar.bz2) = 5ce34825c5b84d1808605a22f8d16d44c6f91882a538bb98a3affed8f5dff6fe >-SIZE (apache22/httpd-2.2.11.tar.bz2) = 5230130 >+MD5 (apache22/httpd-2.2.13.tar.bz2) = 8d8d904e7342125825ec70f03c5745ef >+SHA256 (apache22/httpd-2.2.13.tar.bz2) = 24a812e010d936a3114141bad56461fcaa1089aa720bd16355feb3516ab8d6d6 >+SIZE (apache22/httpd-2.2.13.tar.bz2) = 5300199 >diff -urN apache22.orig/files/patch-apr-fix-apr_xml-expat-attack apache22/files/patch-apr-fix-apr_xml-expat-attack >--- apache22.orig/files/patch-apr-fix-apr_xml-expat-attack 2009-06-08 12:10:25.000000000 +0900 >+++ apache22/files/patch-apr-fix-apr_xml-expat-attack 1970-01-01 09:00:00.000000000 +0900 >@@ -1,51 +0,0 @@ >-Taken from >- http://svn.apache.org/viewvc/apr/apr/trunk/xml/apr_xml.c?r1=757729&r2=781403&view=patch >- >---- srclib/apr-util/xml/apr_xml.c 2009/03/24 11:12:27 757729 >-+++ srclib/apr-util/xml/apr_xml.c 2009/06/03 14:26:19 781403 >-@@ -347,6 +347,25 @@ >- return APR_SUCCESS; >- } >- >-+#if XML_MAJOR_VERSION > 1 >-+/* Stop the parser if an entity declaration is hit. */ >-+static void entity_declaration(void *userData, const XML_Char *entityName, >-+ int is_parameter_entity, const XML_Char *value, >-+ int value_length, const XML_Char *base, >-+ const XML_Char *systemId, const XML_Char *publicId, >-+ const XML_Char *notationName) >-+{ >-+ apr_xml_parser *parser = userData; >-+ >-+ XML_StopParser(parser->xp, XML_FALSE); >-+} >-+#else >-+/* A noop default_handler. */ >-+static void default_handler(void *userData, const XML_Char *s, int len) >-+{ >-+} >-+#endif >-+ >- APU_DECLARE(apr_xml_parser *) apr_xml_parser_create(apr_pool_t *pool) >- { >- apr_xml_parser *parser = apr_pcalloc(pool, sizeof(*parser)); >-@@ -372,6 +391,19 @@ >- XML_SetElementHandler(parser->xp, start_handler, end_handler); >- XML_SetCharacterDataHandler(parser->xp, cdata_handler); >- >-+ /* Prevent the "billion laughs" attack against expat by disabling >-+ * internal entity expansion. With 2.x, forcibly stop the parser >-+ * if an entity is declared - this is safer and a more obvious >-+ * failure mode. With older versions, installing a noop >-+ * DefaultHandler means that internal entities will be expanded as >-+ * the empty string, which is also sufficient to prevent the >-+ * attack. */ >-+#if XML_MAJOR_VERSION > 1 >-+ XML_SetEntityDeclHandler(parser->xp, entity_declaration); >-+#else >-+ XML_SetDefaultHandler(parser->xp, default_handler); >-+#endif >-+ >- return parser; >- } >- >diff -urN apache22.orig/files/patch-apr-fix-brigade_vprintf_overflow apache22/files/patch-apr-fix-brigade_vprintf_overflow >--- apache22.orig/files/patch-apr-fix-brigade_vprintf_overflow 2009-06-08 12:10:25.000000000 +0900 >+++ apache22/files/patch-apr-fix-brigade_vprintf_overflow 1970-01-01 09:00:00.000000000 +0900 >@@ -1,18 +0,0 @@ >-Equal to the fix in the apr-util itself: >- http://svn.apache.org/viewvc/apr/apr/trunk/buckets/apr_brigade.c?r1=768417&r2=768416&pathrev=768417&view=patch >- >-See discuission about original vulnerability at >- http://www.mail-archive.com/dev@apr.apache.org/msg21592.html >- >---- srclib/apr-util/buckets/apr_brigade.c.orig 2009-06-06 12:32:12.000000000 +0400 >-+++ srclib/apr-util/buckets/apr_brigade.c 2009-06-06 12:35:30.000000000 +0400 >-@@ -689,9 +689,6 @@ >- return -1; >- } >- >-- /* tack on null terminator to remaining string */ >-- *(vd.vbuff.curpos) = '\0'; >-- >- /* write out what remains in the buffer */ >- return apr_brigade_write(b, flush, ctx, buf, vd.vbuff.curpos - buf); >- } >diff -urN apache22.orig/files/patch-apr-fix-strmatch-underflow apache22/files/patch-apr-fix-strmatch-underflow >--- apache22.orig/files/patch-apr-fix-strmatch-underflow 2009-06-08 12:10:25.000000000 +0900 >+++ apache22/files/patch-apr-fix-strmatch-underflow 1970-01-01 09:00:00.000000000 +0900 >@@ -1,21 +0,0 @@ >-Fix underflow in apr_strmatch_precompile, >- http://svn.apache.org/viewvc/apr/apr/trunk/strmatch/apr_strmatch.c?r1=757729&r2=779878&view=patch >- >---- srclib/apr-util/strmatch/apr_strmatch.c 2009/03/24 11:12:27 757729 >-+++ srclib/apr-util/strmatch/apr_strmatch.c 2009/05/29 07:47:52 779878 >-@@ -103,13 +103,13 @@ >- if (case_sensitive) { >- pattern->compare = match_boyer_moore_horspool; >- for (i = 0; i < pattern->length - 1; i++) { >-- shift[(int)s[i]] = pattern->length - i - 1; >-+ shift[(unsigned char)s[i]] = pattern->length - i - 1; >- } >- } >- else { >- pattern->compare = match_boyer_moore_horspool_nocase; >- for (i = 0; i < pattern->length - 1; i++) { >-- shift[apr_tolower(s[i])] = pattern->length - i - 1; >-+ shift[(unsigned char)apr_tolower(s[i])] = pattern->length - i - 1; >- } >- } >- pattern->context = shift; >diff -urN apache22.orig/files/patch-libtool22 apache22/files/patch-libtool22 >--- apache22.orig/files/patch-libtool22 2009-08-03 04:35:57.000000000 +0900 >+++ apache22/files/patch-libtool22 1970-01-01 09:00:00.000000000 +0900 >@@ -1,122 +0,0 @@ >-#! /bin/sh /usr/share/dpatch/dpatch-run >-## 025_libtool_2.x_fixes.dpatch by <jsw@debian.org> >-## >-## All lines beginning with `## DP:' are a description of the patch. >-## DP: Update build system to work with libtool 2.x >-## DP: >-## DP: This corresponds to upstream revisions: >-## DP: 733052 >-## DP: 742752 >-## DP: 748902 >-## DP: 757363 >-diff --git a/buildconf b/buildconf >-index bc0e9fd..11554ed 100755 >---- srclib/apr/buildconf >-+++ srclib/apr/buildconf >-@@ -35,17 +35,20 @@ fi >- # Note: APR supplies its own config.guess and config.sub -- we do not >- # rely on libtool's versions >- # >--echo "Copying libtool helper files ..." >-+echo "buildconf: copying libtool helper files using $libtoolize" >- >- # Remove any libtool files so one can switch between libtool 1.3 >- # and libtool 1.4 by simply rerunning the buildconf script. >--(cd build ; rm -f ltconfig ltmain.sh libtool.m4) >-- >--$libtoolize --copy --automake >-- >--if [ -f libtool.m4 ]; then >-- ltfile=`pwd`/libtool.m4 >--else >-+(cd build ; rm -f ltconfig ltmain.sh libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4) >-+ >-+lt_pversion=`$libtoolize --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'` >-+lt_version=`echo $lt_pversion|sed -e 's/\([a-z]*\)$/.\1/'` >-+IFS=.; set $lt_version; IFS=' ' >-+if test "$1" = "1"; then >-+ $libtoolize --copy --automake >-+ if [ -f libtool.m4 ]; then >-+ ltfile=`pwd`/libtool.m4 >-+ else >- ltfindcmd="`sed -n \"/=[^\\\`]/p;/libtool_m4=/{s/.*=/echo /p;q;}\" \ >- < $libtoolize`" >- ltfile=${LIBTOOL_M4-`eval "$ltfindcmd"`} >-@@ -54,21 +57,21 @@ else >- ltpath=`dirname $libtoolize` >- ltfile=`cd $ltpath/../share/aclocal ; pwd`/libtool.m4 >- fi >--fi >-- >--if [ ! -f $ltfile ]; then >-+ fi >-+ if [ ! -f $ltfile ]; then >- echo "$ltfile not found" >- exit 1 >-+ fi >-+ # Do we need this anymore? >-+ echo "buildconf: Using libtool.m4 at ${ltfile}." >-+ cat $ltfile | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4 >- fi >-- >--echo "buildconf: Using libtool.m4 at ${ltfile}." >-- >--cat $ltfile | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4 >-- >--# libtool.m4 from 1.6 requires ltsugar.m4 >--if [ -f ltsugar.m4 ]; then >-- rm -f build/ltsugar.m4 >-- mv ltsugar.m4 build/ltsugar.m4 >-+if test "$1" = "2"; then >-+ $libtoolize --copy >-+ # Wouldn't it just be better to define top_builddir?? >-+ mv build/libtool.m4 build/libtool.m4.$$ >-+ cat build/libtool.m4.$$ | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4 >-+ rm build/libtool.m4.$$ >- fi >- >- # Clean up any leftovers >-diff --git a/configure.in b/configure.in >-index 46b4b32..2ac1439 100644 >---- srclib/apr/configure.in >-+++ srclib/apr/configure.in >-@@ -9,6 +9,7 @@ AC_PREREQ(2.50) >- AC_INIT(build/apr_common.m4) >- AC_CONFIG_HEADER(include/arch/unix/apr_private.h) >- AC_CONFIG_AUX_DIR(build) >-+AC_CONFIG_MACRO_DIR(build) >- >- dnl >- dnl Include our own M4 macros along with those for libtool >-@@ -20,6 +21,10 @@ sinclude(build/apr_win32.m4) >- sinclude(build/apr_hints.m4) >- sinclude(build/libtool.m4) >- sinclude(build/ltsugar.m4) >-+sinclude(build/argz.m4) >-+sinclude(build/ltoptions.m4) >-+sinclude(build/ltversion.m4) >-+sinclude(build/lt~obsolete.m4) >- >- dnl Hard-coded inclusion at the tail end of apr_private.h: >- AH_BOTTOM([ >-@@ -117,6 +122,8 @@ dnl can only be used once within a configure script, so this prevents a >- dnl preload section from invoking the macro to get compiler info. >- AC_PROG_CC >- >-+AC_PROG_SED >-+ >- dnl Preload >- APR_PRELOAD >- >-@@ -160,6 +167,11 @@ echo "performing libtool configuration..." >- AC_ARG_ENABLE(experimental-libtool,[ --enable-experimental-libtool Use experimental custom libtool], >- [experimental_libtool=$enableval],[experimental_libtool=no]) >- >-+dnl Workarounds for busted Libtool 2.x when we don't call AC_PROG_LIBTOOL >-+if test "x$Xsed" = "x"; then >-+ Xsed="$SED -e 1s/^X//" >-+fi >-+ >- case $host in >- *-os2*) >- # Use a custom-made libtool replacement >diff -urN apache22.orig/files/patch-server__mpm__prefork__prefork.c apache22/files/patch-server__mpm__prefork__prefork.c >--- apache22.orig/files/patch-server__mpm__prefork__prefork.c 2009-06-12 09:33:30.000000000 +0900 >+++ apache22/files/patch-server__mpm__prefork__prefork.c 1970-01-01 09:00:00.000000000 +0900 >@@ -1,42 +0,0 @@ >---- ./server/mpm/prefork/prefork.c.orig 2008-05-31 07:58:46.000000000 -0400 >-+++ ./server/mpm/prefork/prefork.c 2009-06-11 20:10:12.151389121 -0400 >-@@ -573,19 +573,27 @@ >- apr_int32_t numdesc; >- const apr_pollfd_t *pdesc; >- >-- /* timeout == -1 == wait forever */ >-- status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc); >-+ /* check for termination first so we don't sleep for a while in >-+ * poll if already signalled >-+ */ >-+ if (one_process && shutdown_pending) { >-+ SAFE_ACCEPT(accept_mutex_off()); >-+ return; >-+ } >-+ else if (die_now) { >-+ /* In graceful stop/restart; drop the mutex >-+ * and terminate the child. */ >-+ SAFE_ACCEPT(accept_mutex_off()); >-+ clean_child_exit(0); >-+ } >-+ /* timeout == 10 seconds to avoid a hang at graceful restart/stop >-+ * caused by the closing of sockets by the signal handler >-+ */ >-+ status = apr_pollset_poll(pollset, apr_time_from_sec(10), >-+ &numdesc, &pdesc); >- if (status != APR_SUCCESS) { >-- if (APR_STATUS_IS_EINTR(status)) { >-- if (one_process && shutdown_pending) { >-- return; >-- } >-- else if (die_now) { >-- /* In graceful stop/restart; drop the mutex >-- * and terminate the child. */ >-- SAFE_ACCEPT(accept_mutex_off()); >-- clean_child_exit(0); >-- } >-+ if (APR_STATUS_IS_TIMEUP(status) || >-+ APR_STATUS_IS_EINTR(status)) { >- continue; >- } >- /* Single Unix documents select as returning errnos >diff -urN apache22.orig/files/patch-srclib-apr-buildconf apache22/files/patch-srclib-apr-buildconf >--- apache22.orig/files/patch-srclib-apr-buildconf 2009-08-07 05:59:22.000000000 +0900 >+++ apache22/files/patch-srclib-apr-buildconf 2009-08-11 10:14:56.000000000 +0900 >@@ -4,12 +4,12 @@ > # > build/buildcheck.sh || exit 1 > >--libtoolize=`build/PrintPath glibtoolize libtoolize15 libtoolize14 libtoolize` >+-libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize15 libtoolize14 libtoolize` > +libtoolize="${LIBTOOLIZE}" > if [ "x$libtoolize" = "x" ]; then > echo "libtoolize not found in path" > exit 1 >-@@ -52,7 +52,7 @@ >+@@ -60,7 +60,7 @@ > # Expecting the code above to be very portable, but just in case... > if [ -z "$ltfile" -o ! -f "$ltfile" ]; then > ltpath=`dirname $libtoolize` >@@ -18,7 +18,7 @@ > fi > fi > >-@@ -87,8 +87,11 @@ >+@@ -95,8 +95,11 @@ > # Remove autoconf 2.5x's cache directory > rm -rf autom4te*.cache > >diff -urN apache22.orig/files/patch-srclib:apr:build:buildcheck.sh apache22/files/patch-srclib:apr:build:buildcheck.sh >--- apache22.orig/files/patch-srclib:apr:build:buildcheck.sh 2006-09-26 20:25:38.000000000 +0900 >+++ apache22/files/patch-srclib:apr:build:buildcheck.sh 2009-08-11 10:17:17.000000000 +0900 >@@ -20,7 +20,7 @@ > # output is multiline from 1.5 onwards > > # Require libtool 1.4 or newer >--libtool=`build/PrintPath glibtool libtool libtool15 libtool14` >+-libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14` > +libtool=${LIBTOOL} > lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'` > if test -z "$lt_pversion"; then
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=98702">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 137651
: 98702