diff options
author | Peter Volkov <pva@gentoo.org> | 2011-10-18 06:43:56 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2011-10-18 06:43:56 +0000 |
commit | d572b206d4a504d3e23ee4e8e88e732b92184acc (patch) | |
tree | ad4ad8e73c75f021457ffacf800b044eb732b232 /www-servers | |
parent | x86 stable wrt bug #387467 (diff) | |
download | gentoo-2-d572b206d4a504d3e23ee4e8e88e732b92184acc.tar.gz gentoo-2-d572b206d4a504d3e23ee4e8e88e732b92184acc.tar.bz2 gentoo-2-d572b206d4a504d3e23ee4e8e88e732b92184acc.zip |
Fix Reverse Proxy Mode Security Bypass (CVE-2011-3368), bug #385859 by Agostino Sarubbo. Init script fixes: 1. use extra_{,started}commands, bug #385637 by Martin von Gagern; 2. check config during restart, bug #384997 wrt Christian Ruppert (idl0r); 3. don't use pidof to check for running instances to make it more ConTainer friendly, bug #384267 by Stef Simoens. Updated defaults in 00_default_settings.conf to better match upstream intentions, bug #387157 by Steve Dibb.
(Portage version: 2.1.10.27/cvs/Linux x86_64)
Diffstat (limited to 'www-servers')
-rw-r--r-- | www-servers/apache/ChangeLog | 13 | ||||
-rw-r--r-- | www-servers/apache/apache-2.2.21-r1.ebuild | 102 |
2 files changed, 114 insertions, 1 deletions
diff --git a/www-servers/apache/ChangeLog b/www-servers/apache/ChangeLog index 8bfe40cef24d..39bfd56fcae2 100644 --- a/www-servers/apache/ChangeLog +++ b/www-servers/apache/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for www-servers/apache # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.166 2011/09/27 18:24:48 xarthisius Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.167 2011/10/18 06:43:56 pva Exp $ + +*apache-2.2.21-r1 (18 Oct 2011) + + 18 Oct 2011; Peter Volkov <pva@gentoo.org> +apache-2.2.21-r1.ebuild: + Fix Reverse Proxy Mode Security Bypass (CVE-2011-3368), bug #385859 by + Agostino Sarubbo. Init script fixes: 1. use extra_{,started}commands, bug + #385637 by Martin von Gagern; 2. check config during restart, bug #384997 wrt + Christian Ruppert (idl0r); 3. don't use pidof to check for running instances + to make it more ConTainer friendly, bug #384267 by Stef Simoens. Updated + defaults in 00_default_settings.conf to better match upstream intentions, bug + #387157 by Steve Dibb. 27 Sep 2011; Kacper Kowalik <xarthisius@gentoo.org> apache-2.2.21.ebuild: ppc/ppc64 stable wrt #382971 diff --git a/www-servers/apache/apache-2.2.21-r1.ebuild b/www-servers/apache/apache-2.2.21-r1.ebuild new file mode 100644 index 000000000000..f906abbaa4c9 --- /dev/null +++ b/www-servers/apache/apache-2.2.21-r1.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.21-r1.ebuild,v 1.1 2011/10/18 06:43:56 pva Exp $ + +# latest gentoo apache files +GENTOO_PATCHSTAMP="20111018" +GENTOO_DEVELOPER="pva" +# We want the patch from r0 +GENTOO_PATCHNAME="gentoo-${P}-r1" + +# IUSE/USE_EXPAND magic +IUSE_MPMS_FORK="itk peruser prefork" +IUSE_MPMS_THREAD="event worker" + +IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon +authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default +authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta +charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio +env expires ext_filter file_cache filter headers ident imagemap include info +log_config log_forensic logio mem_cache mime mime_magic negotiation proxy +proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite +reqtimeout setenvif speling status substitute unique_id userdir usertrack +version vhost_alias" +# The following are also in the source as of this version, but are not available +# for user selection: +# bucketeer case_filter case_filter_in echo http isapi optional_fn_export +# optional_fn_import optional_hook_export optional_hook_import + +# inter-module dependencies +# TODO: this may still be incomplete +MODULE_DEPENDS=" + dav_fs:dav + dav_lock:dav + deflate:filter + disk_cache:cache + ext_filter:filter + file_cache:cache + log_forensic:log_config + logio:log_config + mem_cache:cache + mime_magic:mime + proxy_ajp:proxy + proxy_balancer:proxy + proxy_connect:proxy + proxy_ftp:proxy + proxy_http:proxy + proxy_scgi:proxy + substitute:filter +" + +# module<->define mappings +MODULE_DEFINES=" + auth_digest:AUTH_DIGEST + authnz_ldap:AUTHNZ_LDAP + cache:CACHE + dav:DAV + dav_fs:DAV + dav_lock:DAV + disk_cache:CACHE + file_cache:CACHE + info:INFO + ldap:LDAP + mem_cache:CACHE + proxy:PROXY + proxy_ajp:PROXY + proxy_balancer:PROXY + proxy_connect:PROXY + proxy_ftp:PROXY + proxy_http:PROXY + ssl:SSL + status:STATUS + suexec:SUEXEC + userdir:USERDIR +" + +# critical modules for the default config +MODULE_CRITICAL=" + authz_host + dir + mime +" + +inherit apache-2 + +DESCRIPTION="The Apache Web Server." +HOMEPAGE="http://httpd.apache.org/" + +# some helper scripts are Apache-1.1, thus both are here +LICENSE="Apache-2.0 Apache-1.1" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="" + +DEPEND="${DEPEND} + >=dev-libs/openssl-0.9.8m + apache2_modules_deflate? ( sys-libs/zlib )" + +# dependency on >=dev-libs/apr-1.4.5 for bug #368651 +RDEPEND="${RDEPEND} + >=dev-libs/apr-1.4.5 + >=dev-libs/openssl-0.9.8m + apache2_modules_mime? ( app-misc/mime-types )" |