summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2011-10-18 06:43:56 +0000
committerPeter Volkov <pva@gentoo.org>2011-10-18 06:43:56 +0000
commitd572b206d4a504d3e23ee4e8e88e732b92184acc (patch)
treead4ad8e73c75f021457ffacf800b044eb732b232 /www-servers
parentx86 stable wrt bug #387467 (diff)
downloadgentoo-2-d572b206d4a504d3e23ee4e8e88e732b92184acc.tar.gz
gentoo-2-d572b206d4a504d3e23ee4e8e88e732b92184acc.tar.bz2
gentoo-2-d572b206d4a504d3e23ee4e8e88e732b92184acc.zip
Fix Reverse Proxy Mode Security Bypass (CVE-2011-3368), bug #385859 by Agostino Sarubbo. Init script fixes: 1. use extra_{,started}commands, bug #385637 by Martin von Gagern; 2. check config during restart, bug #384997 wrt Christian Ruppert (idl0r); 3. don't use pidof to check for running instances to make it more ConTainer friendly, bug #384267 by Stef Simoens. Updated defaults in 00_default_settings.conf to better match upstream intentions, bug #387157 by Steve Dibb.
(Portage version: 2.1.10.27/cvs/Linux x86_64)
Diffstat (limited to 'www-servers')
-rw-r--r--www-servers/apache/ChangeLog13
-rw-r--r--www-servers/apache/apache-2.2.21-r1.ebuild102
2 files changed, 114 insertions, 1 deletions
diff --git a/www-servers/apache/ChangeLog b/www-servers/apache/ChangeLog
index 8bfe40cef24d..39bfd56fcae2 100644
--- a/www-servers/apache/ChangeLog
+++ b/www-servers/apache/ChangeLog
@@ -1,6 +1,17 @@
# ChangeLog for www-servers/apache
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.166 2011/09/27 18:24:48 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.167 2011/10/18 06:43:56 pva Exp $
+
+*apache-2.2.21-r1 (18 Oct 2011)
+
+ 18 Oct 2011; Peter Volkov <pva@gentoo.org> +apache-2.2.21-r1.ebuild:
+ Fix Reverse Proxy Mode Security Bypass (CVE-2011-3368), bug #385859 by
+ Agostino Sarubbo. Init script fixes: 1. use extra_{,started}commands, bug
+ #385637 by Martin von Gagern; 2. check config during restart, bug #384997 wrt
+ Christian Ruppert (idl0r); 3. don't use pidof to check for running instances
+ to make it more ConTainer friendly, bug #384267 by Stef Simoens. Updated
+ defaults in 00_default_settings.conf to better match upstream intentions, bug
+ #387157 by Steve Dibb.
27 Sep 2011; Kacper Kowalik <xarthisius@gentoo.org> apache-2.2.21.ebuild:
ppc/ppc64 stable wrt #382971
diff --git a/www-servers/apache/apache-2.2.21-r1.ebuild b/www-servers/apache/apache-2.2.21-r1.ebuild
new file mode 100644
index 000000000000..f906abbaa4c9
--- /dev/null
+++ b/www-servers/apache/apache-2.2.21-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.21-r1.ebuild,v 1.1 2011/10/18 06:43:56 pva Exp $
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20111018"
+GENTOO_DEVELOPER="pva"
+# We want the patch from r0
+GENTOO_PATCHNAME="gentoo-${P}-r1"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="itk peruser prefork"
+IUSE_MPMS_THREAD="event worker"
+
+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
+charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
+env expires ext_filter file_cache filter headers ident imagemap include info
+log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
+proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
+reqtimeout setenvif speling status substitute unique_id userdir usertrack
+version vhost_alias"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+ dav_fs:dav
+ dav_lock:dav
+ deflate:filter
+ disk_cache:cache
+ ext_filter:filter
+ file_cache:cache
+ log_forensic:log_config
+ logio:log_config
+ mem_cache:cache
+ mime_magic:mime
+ proxy_ajp:proxy
+ proxy_balancer:proxy
+ proxy_connect:proxy
+ proxy_ftp:proxy
+ proxy_http:proxy
+ proxy_scgi:proxy
+ substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+ auth_digest:AUTH_DIGEST
+ authnz_ldap:AUTHNZ_LDAP
+ cache:CACHE
+ dav:DAV
+ dav_fs:DAV
+ dav_lock:DAV
+ disk_cache:CACHE
+ file_cache:CACHE
+ info:INFO
+ ldap:LDAP
+ mem_cache:CACHE
+ proxy:PROXY
+ proxy_ajp:PROXY
+ proxy_balancer:PROXY
+ proxy_connect:PROXY
+ proxy_ftp:PROXY
+ proxy_http:PROXY
+ ssl:SSL
+ status:STATUS
+ suexec:SUEXEC
+ userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+ authz_host
+ dir
+ mime
+"
+
+inherit apache-2
+
+DESCRIPTION="The Apache Web Server."
+HOMEPAGE="http://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="${DEPEND}
+ >=dev-libs/openssl-0.9.8m
+ apache2_modules_deflate? ( sys-libs/zlib )"
+
+# dependency on >=dev-libs/apr-1.4.5 for bug #368651
+RDEPEND="${RDEPEND}
+ >=dev-libs/apr-1.4.5
+ >=dev-libs/openssl-0.9.8m
+ apache2_modules_mime? ( app-misc/mime-types )"