head	1.2;
access;
symbols
	RELEASE_9_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2012.01.01.19.30.37;	author ohauer;	state dead;
branches;
next	1.1;

1.1
date	2011.11.19.15.04.30;	author dinoex;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- remove apache13 and ports depending on apache13 from portstree
  ( EXPIRATION_DATE=2012-01-01 )

with hat apache@@
@
text
@diff -ur apache_1.3.41/src/CHANGES src/CHANGES
--- apache_1.3.41/src/CHANGES	2008-01-09 15:33:07.000000000 +0100
+++ src/CHANGES	2010-01-07 11:28:00.000000000 +0100
@@@@ -1,3 +1,33 @@@@
+Changes with Apache 1.3.42
+
+  *) SECURITY: CVE-2010-0010 (cve.mitre.org)
+     mod_proxy: Prevent chunk-size integer overflow on platforms 
+     where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. 
+     [Colm MacCrthaigh]
+ 
+  *) IMPORTANT: This is the final release of Apache httpd 1.3.
+     Apache httpd 1.3 has reached end of life, as of January 2010.
+     No further releases of this software will be made, although critical
+     security updates may be made available as patches from the following
+     website:
+
+     http://www.apache.org/dist/httpd/patches/
+
+     Apache 1.3.x users who wish to avail of security releases,
+     bug-fixes and community support are advised to use Apache 2.2 
+     or higher. 
+
+     Information on upgrading is available from the following website:
+
+     http://httpd.apache.org/docs/2.2/upgrading.html
+
+     Thank you to everyone who helped make Apache 1.3.x the most 
+     successful, and most used, webserver software on the planet! 
+     [Apache httpd group]
+
+  *) Protect logresolve from mismanaged DNS records that return 
+     blank/null hostnames. [Jim Jagielski]
+
 Changes with Apache 1.3.41
 
   *) SECURITY: CVE-2007-6388 (cve.mitre.org)
@@@@ -233,7 +263,7 @@@@
 
   *) Some syntax errors in mod_mime_magic's magic file can result
      in a 500 error, which previously was unlogged.  Now we log the
-     error.  [Jeff Trawick]
+     error.  PR 8329.  [Jeff Trawick]
 
   *) Linux 2.4+: If Apache is started as root and you code
      CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
diff -ur apache_1.3.41/src/Configure src/Configure
--- apache_1.3.41/src/Configure	2008-01-04 15:40:05.000000000 +0100
+++ src/Configure	2008-01-10 17:22:19.000000000 +0100
@@@@ -1936,7 +1936,7 @@@@
 	#    select the special subtarget for shared core generation
 	SUBTARGET=target_shared
 	#    determine additional suffixes for libhttpd.so
-	V=1 R=3 P=41
+	V=1 R=3 P=42
 	if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
 	    SHLIB_SUFFIX_LIST=""
 	fi
diff -ur apache_1.3.41/src/ap/ap_snprintf.c src/ap/ap_snprintf.c
--- apache_1.3.41/src/ap/ap_snprintf.c	2006-07-12 10:16:05.000000000 +0200
+++ src/ap/ap_snprintf.c	2008-05-02 19:31:15.000000000 +0200
@@@@ -77,8 +77,8 @@@@
 #define NUM_BUF_SIZE		512
 
 /*
- * cvt.c - IEEE floating point formatting routines for FreeBSD
- * from GNU libc-4.6.27.  Modified to be thread safe.
+ * cvt - IEEE floating point formatting routines.
+ *       Derived from UNIX V7, Copyright(C) Caldera International Inc.
  */
 
 /*
diff -ur apache_1.3.41/src/include/httpd.h src/include/httpd.h
--- apache_1.3.41/src/include/httpd.h	2008-01-10 17:20:45.000000000 +0100
+++ src/include/httpd.h	2010-01-08 12:42:57.000000000 +0100
@@@@ -389,7 +389,7 @@@@
 
 #define SERVER_BASEVENDOR   "Apache Group"
 #define SERVER_BASEPRODUCT  "Apache"
-#define SERVER_BASEREVISION "1.3.41"
+#define SERVER_BASEREVISION "1.3.42"
 #define SERVER_BASEVERSION  SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
 
 #define SERVER_PRODUCT  SERVER_BASEPRODUCT
@@@@ -410,7 +410,7 @@@@
  * Always increases along the same track as the source branch.
  * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
  */
-#define APACHE_RELEASE 10341100
+#define APACHE_RELEASE 10342100
 
 #define SERVER_PROTOCOL "HTTP/1.1"
 #ifndef SERVER_SUPPORT
diff -ur apache_1.3.41/src/main/buff.c src/main/buff.c
--- apache_1.3.41/src/main/buff.c	2006-07-12 10:16:05.000000000 +0200
+++ src/main/buff.c	2010-01-07 11:28:00.000000000 +0100
@@@@ -737,7 +737,7 @@@@
 {
     int i, nrd;
 
-    if (fb->flags & B_RDERR)
+    if (fb->flags & B_RDERR || nbyte < 0)
 	return -1;
     if (nbyte == 0)
 	return 0;
@@@@ -1258,7 +1258,7 @@@@
     static int csize = 0;
 #endif /*CHARSET_EBCDIC*/
 
-    if (fb->flags & (B_WRERR | B_EOUT))
+    if (fb->flags & (B_WRERR | B_EOUT) || nbyte < 0)
 	return -1;
     if (nbyte == 0)
 	return 0;
diff -ur apache_1.3.41/src/modules/proxy/proxy_util.c src/modules/proxy/proxy_util.c
--- apache_1.3.41/src/modules/proxy/proxy_util.c	2007-10-30 20:17:03.000000000 +0100
+++ src/modules/proxy/proxy_util.c	2010-01-07 11:28:00.000000000 +0100
@@@@ -507,7 +507,7 @@@@
 
             /* read the chunk */
             if (remaining > 0) {
-                n = ap_bread(f, buf, MIN((int)buf_size, (int)remaining));
+                n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
                 if (n > -1) {
                     remaining -= n;
                     end_of_chunk = (remaining == 0);
@@@@ -548,8 +548,8 @@@@
                 n = ap_bread(f, buf, buf_size);
             }
             else {
-                n = ap_bread(f, buf, MIN((int)buf_size,
-                                         (int)(len - total_bytes_rcvd)));
+                n = ap_bread(f, buf, (int) MIN(buf_size,
+                                               (len - total_bytes_rcvd)));
             }
         }
 
@


1.1
log
@- fix CVE-2011-3368
Feature safe:	yes
@
text
@@

