cvs commit: ports/www/apache22 Makefile pkg-plist ports/www/apache22/files patch-CVE-2008-2939

Clement Laforet clement at
Sun Aug 31 23:00:27 UTC 2008

clement     2008-08-31 23:00:27 UTC

  FreeBSD ports repository

  Modified files:
    www/apache22         Makefile pkg-plist 
  Added files:
    www/apache22/files   patch-CVE-2008-2939 
  - Yet Another Plist Fix [1]
  - Completely shut up rc.d script when no profiles are enabled
    (add add support to disable profiles) [2]
  - Fix CVE-2008-2939 for mod_proxy_ftp
    (XSS attacks when using wildcards in the path of the FTP URL)
  - Add "apache22_fib" to start apache22 prefixed by
    "setfib -F ${apache22_fib}", so apache can use an alternate
    network view (not carefully tested yet)
  - Revert previous patch to "fix" missing rc.d scripts. It
    actually breaks profiles.
  PR:             ports/126670 [1],
                  ports/116627 [2]
  Submitted by:   Joseph S. Atkinson [1],
                  Eygene Ryabinkin [2]
  Security:       CVE-2008-2939
  Special thanks to: pgollucci@
  Revision  Changes    Path
  1.222     +5 -3      ports/www/apache22/Makefile
  1.6       +43 -2     ports/www/apache22/files/
  1.1       +11 -0     ports/www/apache22/files/patch-CVE-2008-2939 (new)
  1.89      +3 -2      ports/www/apache22/pkg-plist

More information about the cvs-all mailing list