ports/137651: upgrade www/apache22
Tsurutani Naoki
turutani at scphys.kyoto-u.ac.jp
Tue Aug 11 02:00:13 UTC 2009
>Number: 137651
>Category: ports
>Synopsis: upgrade www/apache22
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 11 02:00:12 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Tsurutani Naoki
>Release: FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 7.2-STABLE FreeBSD 7.2-STABLE #19: Sun Jun 21 20:36:09 JST 2009 turutani at h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386
>Description:
apache 2.2.13 has been released.
it might not be necessary, for many patched are already included
in ports, but i think it is better to upgrade if possible.
thank you for many workers maintaining this ports.
>How-To-Repeat:
>Fix:
here is a patch:
diff -urN apache22.orig/Makefile apache22/Makefile
--- apache22.orig/Makefile 2009-08-07 05:59:22.000000000 +0900
+++ apache22/Makefile 2009-08-11 09:36:53.000000000 +0900
@@ -8,8 +8,7 @@
#
PORTNAME= apache
-PORTVERSION= 2.2.11
-PORTREVISION?= 7
+PORTVERSION= 2.2.13
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
DISTNAME= httpd-${PORTVERSION}
diff -urN apache22.orig/distinfo apache22/distinfo
--- apache22.orig/distinfo 2008-12-19 20:45:52.000000000 +0900
+++ apache22/distinfo 2009-08-11 09:38:20.000000000 +0900
@@ -1,3 +1,3 @@
-MD5 (apache22/httpd-2.2.11.tar.bz2) = 3e98bcb14a7122c274d62419566431bb
-SHA256 (apache22/httpd-2.2.11.tar.bz2) = 5ce34825c5b84d1808605a22f8d16d44c6f91882a538bb98a3affed8f5dff6fe
-SIZE (apache22/httpd-2.2.11.tar.bz2) = 5230130
+MD5 (apache22/httpd-2.2.13.tar.bz2) = 8d8d904e7342125825ec70f03c5745ef
+SHA256 (apache22/httpd-2.2.13.tar.bz2) = 24a812e010d936a3114141bad56461fcaa1089aa720bd16355feb3516ab8d6d6
+SIZE (apache22/httpd-2.2.13.tar.bz2) = 5300199
diff -urN apache22.orig/files/patch-apr-fix-apr_xml-expat-attack apache22/files/patch-apr-fix-apr_xml-expat-attack
--- apache22.orig/files/patch-apr-fix-apr_xml-expat-attack 2009-06-08 12:10:25.000000000 +0900
+++ apache22/files/patch-apr-fix-apr_xml-expat-attack 1970-01-01 09:00:00.000000000 +0900
@@ -1,51 +0,0 @@
-Taken from
- http://svn.apache.org/viewvc/apr/apr/trunk/xml/apr_xml.c?r1=757729&r2=781403&view=patch
-
---- srclib/apr-util/xml/apr_xml.c 2009/03/24 11:12:27 757729
-+++ srclib/apr-util/xml/apr_xml.c 2009/06/03 14:26:19 781403
-@@ -347,6 +347,25 @@
- return APR_SUCCESS;
- }
-
-+#if XML_MAJOR_VERSION > 1
-+/* Stop the parser if an entity declaration is hit. */
-+static void entity_declaration(void *userData, const XML_Char *entityName,
-+ int is_parameter_entity, const XML_Char *value,
-+ int value_length, const XML_Char *base,
-+ const XML_Char *systemId, const XML_Char *publicId,
-+ const XML_Char *notationName)
-+{
-+ apr_xml_parser *parser = userData;
-+
-+ XML_StopParser(parser->xp, XML_FALSE);
-+}
-+#else
-+/* A noop default_handler. */
-+static void default_handler(void *userData, const XML_Char *s, int len)
-+{
-+}
-+#endif
-+
- APU_DECLARE(apr_xml_parser *) apr_xml_parser_create(apr_pool_t *pool)
- {
- apr_xml_parser *parser = apr_pcalloc(pool, sizeof(*parser));
-@@ -372,6 +391,19 @@
- XML_SetElementHandler(parser->xp, start_handler, end_handler);
- XML_SetCharacterDataHandler(parser->xp, cdata_handler);
-
-+ /* Prevent the "billion laughs" attack against expat by disabling
-+ * internal entity expansion. With 2.x, forcibly stop the parser
-+ * if an entity is declared - this is safer and a more obvious
-+ * failure mode. With older versions, installing a noop
-+ * DefaultHandler means that internal entities will be expanded as
-+ * the empty string, which is also sufficient to prevent the
-+ * attack. */
-+#if XML_MAJOR_VERSION > 1
-+ XML_SetEntityDeclHandler(parser->xp, entity_declaration);
-+#else
-+ XML_SetDefaultHandler(parser->xp, default_handler);
-+#endif
-+
- return parser;
- }
-
diff -urN apache22.orig/files/patch-apr-fix-brigade_vprintf_overflow apache22/files/patch-apr-fix-brigade_vprintf_overflow
--- apache22.orig/files/patch-apr-fix-brigade_vprintf_overflow 2009-06-08 12:10:25.000000000 +0900
+++ apache22/files/patch-apr-fix-brigade_vprintf_overflow 1970-01-01 09:00:00.000000000 +0900
@@ -1,18 +0,0 @@
-Equal to the fix in the apr-util itself:
- http://svn.apache.org/viewvc/apr/apr/trunk/buckets/apr_brigade.c?r1=768417&r2=768416&pathrev=768417&view=patch
-
-See discuission about original vulnerability at
- http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
-
---- srclib/apr-util/buckets/apr_brigade.c.orig 2009-06-06 12:32:12.000000000 +0400
-+++ srclib/apr-util/buckets/apr_brigade.c 2009-06-06 12:35:30.000000000 +0400
-@@ -689,9 +689,6 @@
- return -1;
- }
-
-- /* tack on null terminator to remaining string */
-- *(vd.vbuff.curpos) = '\0';
--
- /* write out what remains in the buffer */
- return apr_brigade_write(b, flush, ctx, buf, vd.vbuff.curpos - buf);
- }
diff -urN apache22.orig/files/patch-apr-fix-strmatch-underflow apache22/files/patch-apr-fix-strmatch-underflow
--- apache22.orig/files/patch-apr-fix-strmatch-underflow 2009-06-08 12:10:25.000000000 +0900
+++ apache22/files/patch-apr-fix-strmatch-underflow 1970-01-01 09:00:00.000000000 +0900
@@ -1,21 +0,0 @@
-Fix underflow in apr_strmatch_precompile,
- http://svn.apache.org/viewvc/apr/apr/trunk/strmatch/apr_strmatch.c?r1=757729&r2=779878&view=patch
-
---- srclib/apr-util/strmatch/apr_strmatch.c 2009/03/24 11:12:27 757729
-+++ srclib/apr-util/strmatch/apr_strmatch.c 2009/05/29 07:47:52 779878
-@@ -103,13 +103,13 @@
- if (case_sensitive) {
- pattern->compare = match_boyer_moore_horspool;
- for (i = 0; i < pattern->length - 1; i++) {
-- shift[(int)s[i]] = pattern->length - i - 1;
-+ shift[(unsigned char)s[i]] = pattern->length - i - 1;
- }
- }
- else {
- pattern->compare = match_boyer_moore_horspool_nocase;
- for (i = 0; i < pattern->length - 1; i++) {
-- shift[apr_tolower(s[i])] = pattern->length - i - 1;
-+ shift[(unsigned char)apr_tolower(s[i])] = pattern->length - i - 1;
- }
- }
- pattern->context = shift;
diff -urN apache22.orig/files/patch-libtool22 apache22/files/patch-libtool22
--- apache22.orig/files/patch-libtool22 2009-08-03 04:35:57.000000000 +0900
+++ apache22/files/patch-libtool22 1970-01-01 09:00:00.000000000 +0900
@@ -1,122 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 025_libtool_2.x_fixes.dpatch by <jsw at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Update build system to work with libtool 2.x
-## DP:
-## DP: This corresponds to upstream revisions:
-## DP: 733052
-## DP: 742752
-## DP: 748902
-## DP: 757363
-diff --git a/buildconf b/buildconf
-index bc0e9fd..11554ed 100755
---- srclib/apr/buildconf
-+++ srclib/apr/buildconf
-@@ -35,17 +35,20 @@ fi
- # Note: APR supplies its own config.guess and config.sub -- we do not
- # rely on libtool's versions
- #
--echo "Copying libtool helper files ..."
-+echo "buildconf: copying libtool helper files using $libtoolize"
-
- # Remove any libtool files so one can switch between libtool 1.3
- # and libtool 1.4 by simply rerunning the buildconf script.
--(cd build ; rm -f ltconfig ltmain.sh libtool.m4)
--
--$libtoolize --copy --automake
--
--if [ -f libtool.m4 ]; then
-- ltfile=`pwd`/libtool.m4
--else
-+(cd build ; rm -f ltconfig ltmain.sh libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4)
-+
-+lt_pversion=`$libtoolize --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
-+lt_version=`echo $lt_pversion|sed -e 's/\([a-z]*\)$/.\1/'`
-+IFS=.; set $lt_version; IFS=' '
-+if test "$1" = "1"; then
-+ $libtoolize --copy --automake
-+ if [ -f libtool.m4 ]; then
-+ ltfile=`pwd`/libtool.m4
-+ else
- ltfindcmd="`sed -n \"/=[^\\\`]/p;/libtool_m4=/{s/.*=/echo /p;q;}\" \
- < $libtoolize`"
- ltfile=${LIBTOOL_M4-`eval "$ltfindcmd"`}
-@@ -54,21 +57,21 @@ else
- ltpath=`dirname $libtoolize`
- ltfile=`cd $ltpath/../share/aclocal ; pwd`/libtool.m4
- fi
--fi
--
--if [ ! -f $ltfile ]; then
-+ fi
-+ if [ ! -f $ltfile ]; then
- echo "$ltfile not found"
- exit 1
-+ fi
-+ # Do we need this anymore?
-+ echo "buildconf: Using libtool.m4 at ${ltfile}."
-+ cat $ltfile | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4
- fi
--
--echo "buildconf: Using libtool.m4 at ${ltfile}."
--
--cat $ltfile | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4
--
--# libtool.m4 from 1.6 requires ltsugar.m4
--if [ -f ltsugar.m4 ]; then
-- rm -f build/ltsugar.m4
-- mv ltsugar.m4 build/ltsugar.m4
-+if test "$1" = "2"; then
-+ $libtoolize --copy
-+ # Wouldn't it just be better to define top_builddir??
-+ mv build/libtool.m4 build/libtool.m4.$$
-+ cat build/libtool.m4.$$ | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4
-+ rm build/libtool.m4.$$
- fi
-
- # Clean up any leftovers
-diff --git a/configure.in b/configure.in
-index 46b4b32..2ac1439 100644
---- srclib/apr/configure.in
-+++ srclib/apr/configure.in
-@@ -9,6 +9,7 @@ AC_PREREQ(2.50)
- AC_INIT(build/apr_common.m4)
- AC_CONFIG_HEADER(include/arch/unix/apr_private.h)
- AC_CONFIG_AUX_DIR(build)
-+AC_CONFIG_MACRO_DIR(build)
-
- dnl
- dnl Include our own M4 macros along with those for libtool
-@@ -20,6 +21,10 @@ sinclude(build/apr_win32.m4)
- sinclude(build/apr_hints.m4)
- sinclude(build/libtool.m4)
- sinclude(build/ltsugar.m4)
-+sinclude(build/argz.m4)
-+sinclude(build/ltoptions.m4)
-+sinclude(build/ltversion.m4)
-+sinclude(build/lt~obsolete.m4)
-
- dnl Hard-coded inclusion at the tail end of apr_private.h:
- AH_BOTTOM([
-@@ -117,6 +122,8 @@ dnl can only be used once within a configure script, so this prevents a
- dnl preload section from invoking the macro to get compiler info.
- AC_PROG_CC
-
-+AC_PROG_SED
-+
- dnl Preload
- APR_PRELOAD
-
-@@ -160,6 +167,11 @@ echo "performing libtool configuration..."
- AC_ARG_ENABLE(experimental-libtool,[ --enable-experimental-libtool Use experimental custom libtool],
- [experimental_libtool=$enableval],[experimental_libtool=no])
-
-+dnl Workarounds for busted Libtool 2.x when we don't call AC_PROG_LIBTOOL
-+if test "x$Xsed" = "x"; then
-+ Xsed="$SED -e 1s/^X//"
-+fi
-+
- case $host in
- *-os2*)
- # Use a custom-made libtool replacement
diff -urN apache22.orig/files/patch-server__mpm__prefork__prefork.c apache22/files/patch-server__mpm__prefork__prefork.c
--- apache22.orig/files/patch-server__mpm__prefork__prefork.c 2009-06-12 09:33:30.000000000 +0900
+++ apache22/files/patch-server__mpm__prefork__prefork.c 1970-01-01 09:00:00.000000000 +0900
@@ -1,42 +0,0 @@
---- ./server/mpm/prefork/prefork.c.orig 2008-05-31 07:58:46.000000000 -0400
-+++ ./server/mpm/prefork/prefork.c 2009-06-11 20:10:12.151389121 -0400
-@@ -573,19 +573,27 @@
- apr_int32_t numdesc;
- const apr_pollfd_t *pdesc;
-
-- /* timeout == -1 == wait forever */
-- status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc);
-+ /* check for termination first so we don't sleep for a while in
-+ * poll if already signalled
-+ */
-+ if (one_process && shutdown_pending) {
-+ SAFE_ACCEPT(accept_mutex_off());
-+ return;
-+ }
-+ else if (die_now) {
-+ /* In graceful stop/restart; drop the mutex
-+ * and terminate the child. */
-+ SAFE_ACCEPT(accept_mutex_off());
-+ clean_child_exit(0);
-+ }
-+ /* timeout == 10 seconds to avoid a hang at graceful restart/stop
-+ * caused by the closing of sockets by the signal handler
-+ */
-+ status = apr_pollset_poll(pollset, apr_time_from_sec(10),
-+ &numdesc, &pdesc);
- if (status != APR_SUCCESS) {
-- if (APR_STATUS_IS_EINTR(status)) {
-- if (one_process && shutdown_pending) {
-- return;
-- }
-- else if (die_now) {
-- /* In graceful stop/restart; drop the mutex
-- * and terminate the child. */
-- SAFE_ACCEPT(accept_mutex_off());
-- clean_child_exit(0);
-- }
-+ if (APR_STATUS_IS_TIMEUP(status) ||
-+ APR_STATUS_IS_EINTR(status)) {
- continue;
- }
- /* Single Unix documents select as returning errnos
diff -urN apache22.orig/files/patch-srclib-apr-buildconf apache22/files/patch-srclib-apr-buildconf
--- apache22.orig/files/patch-srclib-apr-buildconf 2009-08-07 05:59:22.000000000 +0900
+++ apache22/files/patch-srclib-apr-buildconf 2009-08-11 10:14:56.000000000 +0900
@@ -4,12 +4,12 @@
#
build/buildcheck.sh || exit 1
--libtoolize=`build/PrintPath glibtoolize libtoolize15 libtoolize14 libtoolize`
+-libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize15 libtoolize14 libtoolize`
+libtoolize="${LIBTOOLIZE}"
if [ "x$libtoolize" = "x" ]; then
echo "libtoolize not found in path"
exit 1
-@@ -52,7 +52,7 @@
+@@ -60,7 +60,7 @@
# Expecting the code above to be very portable, but just in case...
if [ -z "$ltfile" -o ! -f "$ltfile" ]; then
ltpath=`dirname $libtoolize`
@@ -18,7 +18,7 @@
fi
fi
-@@ -87,8 +87,11 @@
+@@ -95,8 +95,11 @@
# Remove autoconf 2.5x's cache directory
rm -rf autom4te*.cache
diff -urN apache22.orig/files/patch-srclib:apr:build:buildcheck.sh apache22/files/patch-srclib:apr:build:buildcheck.sh
--- apache22.orig/files/patch-srclib:apr:build:buildcheck.sh 2006-09-26 20:25:38.000000000 +0900
+++ apache22/files/patch-srclib:apr:build:buildcheck.sh 2009-08-11 10:17:17.000000000 +0900
@@ -20,7 +20,7 @@
# output is multiline from 1.5 onwards
# Require libtool 1.4 or newer
--libtool=`build/PrintPath glibtool libtool libtool15 libtool14`
+-libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+libtool=${LIBTOOL}
lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
if test -z "$lt_pversion"; then
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list