Prev: FreeBSD Port: py26-matplotlib-0.99.1.1
Next: Git daemon issues under FreeBSD
From: Stefan Bethke on 8 May 2010 08:21
One of the commits to www/apache20 in the past 24 hours breaks the port. See PR#146393

http://www.freebsd.org/cgi/query-pr.cgi?pr=146393

Downgrading to a revision from 2010-05-07 00:00 UTC or earlier works around this.


Stefan

--
Stefan Bethke <stb(a)lassitu.de> Fon +49 151 14070811



_______________________________________________
freebsd-ports(a)freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"

From: Benno on 12 May 2010 11:18
On 2010-05-08, Stefan Bethke <stb(a)lassitu.de> wrote:
> One of the commits to www/apache20 in the past 24 hours breaks the port. See PR#146393
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=146393
>
> Downgrading to a revision from 2010-05-07 00:00 UTC or earlier works around this.
>

Same problem here. After some searchig after mySrvFromConn, and checking
with the original Apache 2.0.63 sources, I figured out it must be in the
patches of the port. Indeed, in www/apache20/files/patch-CVE-2009-3555
there is the code injecting the line "s = mySrvFromConn(c);".

According to the header, it is:
"Modified patch from http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch".

In the original apache2.0.63 code there is no reference to mySrvFromConn,
and in the other port patches I cannot find any line defining
mySrvFromConn. Is this a partial backport of CVE-2009-3555?

Cheers,

-- Benno
 | 
Pages: 1
Prev: FreeBSD Port: py26-matplotlib-0.99.1.1
Next: Git daemon issues under FreeBSD