Security update for www/mod_access_referer
Simon L. Nielsen
simon at FreeBSD.org
Sat Dec 11 08:50:18 PST 2004
Hello mod_access_referer maintainer
As recently documented in the FreeBSD VuXML document [1] there is a
security vulnerability in mod_access_referer.
Niels Heinen <niels.heinen at ubizen.com> has created the attached update
for the port to fix the problem. Could somebody either commit this or
approve it so I can commit it?
Thanks in advance.
[1] http://vuxml.FreeBSD.org/af747389-42ba-11d9-bd37-00065be4b5b6.html
--
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/mod_access_referer/Makefile,v
retrieving revision 1.12
diff -u -d -r1.12 Makefile
--- Makefile 18 Aug 2004 16:21:44 -0000 1.12
+++ Makefile 11 Dec 2004 16:49:36 -0000
@@ -7,6 +7,7 @@
PORTNAME= mod_access_referer
PORTVERSION= 1.0.2
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= accessreferer
@@ -14,6 +15,11 @@
MAINTAINER= apache at FreeBSD.org
COMMENT= Provides access control based on Referer HTTP header for Apache
+PATCH_SITES= ${MASTER_SITE_SOURCEFORGE}
+PATCH_SITE_SUBDIR= accessreferer
+PATCHFILES= mod_access_referer_1.0.2_third_part_patch.txt
+PATCH_DIST_STRIP= -l
+
WANT_APACHE= 13
AP_FAST_BUILD= YES
AP_GENPLIST= YES
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/mod_access_referer/distinfo,v
retrieving revision 1.3
diff -u -d -r1.3 distinfo
--- distinfo 29 Jan 2004 16:12:19 -0000 1.3
+++ distinfo 11 Dec 2004 16:15:34 -0000
@@ -1,2 +1,4 @@
MD5 (mod_access_referer-1.0.2.tar.gz) = f1726cfe5965eda1bdca90b8db475377
SIZE (mod_access_referer-1.0.2.tar.gz) = 9745
+MD5 (mod_access_referer_1.0.2_third_part_patch.txt) = 4a1e4c0c9f39bf522f36b60178256072
+SIZE (mod_access_referer_1.0.2_third_part_patch.txt) = 1122
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-apache/attachments/20041211/869dbeb3/attachment.bin
More information about the freebsd-apache
mailing list