Security update for www/mod_access_referer

Simon L. Nielsen simon at FreeBSD.org
Sat Dec 11 08:50:18 PST 2004 

Hello mod_access_referer maintainer

As recently documented in the FreeBSD VuXML document [1] there is a
security vulnerability in mod_access_referer.

Niels Heinen <niels.heinen at ubizen.com> has created the attached update
for the port to fix the problem.  Could somebody either commit this or
approve it so I can commit it?

Thanks in advance.

[1] http://vuxml.FreeBSD.org/af747389-42ba-11d9-bd37-00065be4b5b6.html

-- 
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/mod_access_referer/Makefile,v
retrieving revision 1.12
diff -u -d -r1.12 Makefile
--- Makefile	18 Aug 2004 16:21:44 -0000	1.12
+++ Makefile	11 Dec 2004 16:49:36 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=	mod_access_referer
 PORTVERSION=	1.0.2
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	accessreferer
@@ -14,6 +15,11 @@
 MAINTAINER=	apache at FreeBSD.org
 COMMENT=	Provides access control based on Referer HTTP header for Apache
 
+PATCH_SITES=    ${MASTER_SITE_SOURCEFORGE}
+PATCH_SITE_SUBDIR=	accessreferer
+PATCHFILES=	mod_access_referer_1.0.2_third_part_patch.txt
+PATCH_DIST_STRIP=	-l
+
 WANT_APACHE=	13
 AP_FAST_BUILD=	YES
 AP_GENPLIST=	YES
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/mod_access_referer/distinfo,v
retrieving revision 1.3
diff -u -d -r1.3 distinfo
--- distinfo	29 Jan 2004 16:12:19 -0000	1.3
+++ distinfo	11 Dec 2004 16:15:34 -0000
@@ -1,2 +1,4 @@
 MD5 (mod_access_referer-1.0.2.tar.gz) = f1726cfe5965eda1bdca90b8db475377
 SIZE (mod_access_referer-1.0.2.tar.gz) = 9745
+MD5 (mod_access_referer_1.0.2_third_part_patch.txt) = 4a1e4c0c9f39bf522f36b60178256072
+SIZE (mod_access_referer_1.0.2_third_part_patch.txt) = 1122
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-apache/attachments/20041211/869dbeb3/attachment.bin

More information about the freebsd-apache mailing list