- security update to release 2.4.10

- add OPTION for new mod_authnz_fcgi module - s/libluajit.so/libluajit-5.1.so/ (there is no libluajit.so) - backport for mod_lua: Don't quote values in cookies Make IE happy again [#56734] http://svn.apache.org/viewvc?view=revision&revision=1611744 - disable sanity check on demand [1] Release Notes: http://www.apache.org/dist/httpd/CHANGES_2.4.10 PR: 191398 [1] Submitted by: Robert Schulze <rs@bytecamp.net> MFH: 2014Q3 Security: 4364e1f1-0f44-11e4-b090-20cf30e32f6d CVE-2014-0117 CVE-2014-3523 CVE-2014-0226 CVE-2014-0118 CVE-2014-0231
author: Olli Hauer <ohauer@FreeBSD.org> 2014-07-20 20:49:32 +0000
committer: Olli Hauer <ohauer@FreeBSD.org> 2014-07-20 20:49:32 +0000
commit: d9e7beb0e9a989db07a09085dfdb8ea3e95239f9 (patch)
tree: 02b85620b98ae86c8cb82d99491f300aca53edb5 /www/apache24/files
parent: 8b8e1b085cc713158e6483135b50d9e6d1218686 (diff)
download: ports-d9e7beb0e9a989db07a09085dfdb8ea3e95239f9.tar.gz
ports-d9e7beb0e9a989db07a09085dfdb8ea3e95239f9.zip
3 files changed, 45 insertions, 44 deletions
diff --git a/www/apache24/files/apache24.in b/www/apache24/files/apache24.in
index e5fd89e8dac3..768e5cdc8218 100644
--- a/www/apache24/files/apache24.in
+++ b/www/apache24/files/apache24.in
@@ -23,6 +23,7 @@
 #                             Set to yes to check for accf_http kernel
 #                             module on start up and load if not loaded.
 # apache24_fib (str):	      Set an altered default network view for apache
+# apache24_configcheck_disable (bool): Set to "YES" to disable sanity check on startup
 
 . /etc/rc.subr
 
@@ -46,6 +47,7 @@ envvars="%%PREFIX%%/sbin/envvars"
 [ -z "$apache24limits_enable" ] && apache24limits_enable="NO"
 [ -z "$apache24limits_args" ]   && apache24limits_args="-e -C daemon"
 [ -z "$apache24_http_accept_enable" ] && apache24_http_accept_enable="NO"
+[ -z "$apache24_configcheck_disable" ] && apache24_configcheck_disable="NO"
 
 apache24_accf()
 {
@@ -75,6 +77,7 @@ if [ -n "$2" ]; then
 		eval apache24limits_enable="\${apache24limits_${profile}_enable:-${apache24limits_enable}}"
 		eval apache24limits_args="\${apache24limits_${profile}_args:-${apache24limits_args}}"
 		eval apache24_fib="\${apache24_${profile}_fib:-${apache24_fib}}"
+		eval apache24_configcheck_disable="\${apache24_${profile}_configcheck_disable:-${apache24_configcheck_disable}}"
 		eval command="\${apache24_${profile}_command:-${command}}"
 		eval pidfile="\${apache24_${profile}_pidfile:-${pidfile}}"
 		eval apache24_envvars="\${apache24_${profile}_envvars:-${envvars}}"
@@ -123,10 +126,14 @@ if [ "${1}" != "stop" ] ; then \
 	apache24_accf
 fi
 
+if checkyesno apache24_configcheck_disable
+then
+        unset restart_precmd
+        unset reload_precmd
+fi
+
 apache24_requirepidfile()
 {
-    apache24_checkconfig
-
 	if [ ! "0`check_pidfile ${pidfile} ${command}`" -gt 1 ]; then
 		echo "${name} not running? (check $pidfile)."
 		exit 1
@@ -147,6 +154,11 @@ apache24_checkconfig()
 apache24_graceful() {
 	apache24_requirepidfile
 
+	if ! checkyesno apache24_configcheck_disable
+	then
+		apache24_checkconfig
+	fi
+
 	echo "Performing a graceful restart"
 	eval ${command} ${apache24_flags} -k graceful
 }
@@ -154,13 +166,21 @@ apache24_graceful() {
 apache24_gracefulstop() {
 	apache24_requirepidfile
 
+	if ! checkyesno apache24_configcheck_disable
+	then
+		apache24_checkconfig
+	fi
+
 	echo "Performing a graceful stop"
 	eval ${command} ${apache24_flags} -k graceful-stop
 }
 
 apache24_precmd()
 {
-	apache24_checkconfig
+	if ! checkyesno apache24_configcheck_disable
+	then
+		apache24_checkconfig
+	fi
 
 	if checkyesno apache24limits_enable
 	then
diff --git a/www/apache24/files/patch-mod_authn_socache.c b/www/apache24/files/patch-mod_authn_socache.c
deleted file mode 100644
index a0d6c2fbf1ec..000000000000
--- a/www/apache24/files/patch-mod_authn_socache.c
+++ /dev/null
@@ -1,41 +0,0 @@
-mod_authn_socache.c: fix creation of default socache_instance.
-
-In pre_config, default socache_provider is created, but socache_instance
-initialization is missing. This leads to crash on startup if default
-socache_provider is used (AuthnCacheSOCache is not called) and
-AuthnCacheEnable or AuthnCacheProvideFor is used.
-
-
-Optained from: http://svn.apache.org/viewvc?view=revision&revision=1576233
-======================================================================================
---- ./modules/aaa/mod_authn_socache.c	2014/03/11 08:51:11	1576232
-+++ ./modules/aaa/mod_authn_socache.c	2014/03/11 08:52:54	1576233
-@@ -86,6 +86,7 @@
- {
-     apr_status_t rv;
-     static struct ap_socache_hints authn_cache_hints = {64, 32, 60000000};
-+    const char *errmsg;
- 
-     if (!configured) {
-         return OK;    /* don't waste the overhead of creating mutex & cache */
-@@ -98,6 +99,20 @@
-         return 500; /* An HTTP status would be a misnomer! */
-     }
- 
-+    /* We have socache_provider, but do not have socache_instance. This should
-+     * happen only when using "default" socache_provider, so create default
-+     * socache_instance in this case. */
-+    if (socache_instance == NULL) {
-+        errmsg = socache_provider->create(&socache_instance, NULL,
-+                                          ptmp, pconf);
-+        if (errmsg) {
-+            ap_log_perror(APLOG_MARK, APLOG_CRIT, rv, plog, APLOGNO(02612)
-+                        "failed to create mod_socache_shmcb socache "
-+                        "instance: %s", errmsg);
-+            return 500;
-+        }
-+    }
-+
-     rv = ap_global_mutex_create(&authn_cache_mutex, NULL,
-                                 authn_cache_id, NULL, s, pconf, 0);
-     if (rv != APR_SUCCESS) {
diff --git a/www/apache24/files/patch-r1611744-modules__lua__lua_request.c b/www/apache24/files/patch-r1611744-modules__lua__lua_request.c
new file mode 100644
index 000000000000..15b0e05cb33f
--- /dev/null
+++ b/www/apache24/files/patch-r1611744-modules__lua__lua_request.c
@@ -0,0 +1,22 @@
+backport for mod_lua: Don't quote values in cookies; Make IE happy again [#56734]
+http://svn.apache.org/viewvc?view=revision&revision=1611744
+
+
+--- ./modules/lua/lua_request.c.orig	2014-07-20 10:48:19.000000000 +0200
++++ ./modules/lua/lua_request.c	2014-07-20 10:48:46.000000000 +0200
+@@ -2086,13 +2086,13 @@
+     if (expires > 0) {
+         rv = apr_rfc822_date(cdate, apr_time_from_sec(expires));
+         if (rv == APR_SUCCESS) {
+-            strexpires = apr_psprintf(r->pool, "Expires=\"%s\";", cdate);
++            strexpires = apr_psprintf(r->pool, "Expires=%s;", cdate);
+         }
+     }
+     
+     /* Create path segment */
+     if (path != NULL && strlen(path) > 0) {
+-        strpath = apr_psprintf(r->pool, "Path=\"%s\";", path);
++        strpath = apr_psprintf(r->pool, "Path=%s;", path);
+     }
+     
+     /* Create domain segment */
author	Olli Hauer <ohauer@FreeBSD.org>	2014-07-20 20:49:32 +0000
committer	Olli Hauer <ohauer@FreeBSD.org>	2014-07-20 20:49:32 +0000
commit	d9e7beb0e9a989db07a09085dfdb8ea3e95239f9 (patch)
tree	02b85620b98ae86c8cb82d99491f300aca53edb5 /www/apache24/files
parent	8b8e1b085cc713158e6483135b50d9e6d1218686 (diff)
download	ports-d9e7beb0e9a989db07a09085dfdb8ea3e95239f9.tar.gz ports-d9e7beb0e9a989db07a09085dfdb8ea3e95239f9.zip