From 24d5acb91aa6cc990c1ea822984b6f6f7d33ec3c Mon Sep 17 00:00:00 2001
From: Peter Volkov <pva@gentoo.org>
Date: Tue, 18 Oct 2011 06:43:56 +0000
Subject: [PATCH] Fix Reverse Proxy Mode Security Bypass (CVE-2011-3368), bug
 #385859 by Agostino Sarubbo. Init script fixes: 1. use
 extra_{,started}commands, bug #385637 by Martin von Gagern; 2. check config
 during restart, bug #384997 wrt Christian Ruppert (idl0r); 3. don't use pidof
 to check for running instances to make it more ConTainer friendly, bug
 #384267 by Stef Simoens. Updated defaults in 00_default_settings.conf to
 better match upstream intentions, bug #387157 by Steve Dibb.

Package-Manager: portage-2.1.10.27/cvs/Linux x86_64
---
 www-servers/apache/ChangeLog               |  13 ++-
 www-servers/apache/Manifest                |  16 ++--
 www-servers/apache/apache-2.2.21-r1.ebuild | 102 +++++++++++++++++++++
 3 files changed, 122 insertions(+), 9 deletions(-)
 create mode 100644 www-servers/apache/apache-2.2.21-r1.ebuild

diff --git a/www-servers/apache/ChangeLog b/www-servers/apache/ChangeLog
index 8bfe40cef24d..39bfd56fcae2 100644
--- a/www-servers/apache/ChangeLog
+++ b/www-servers/apache/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for www-servers/apache
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.166 2011/09/27 18:24:48 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.167 2011/10/18 06:43:56 pva Exp $
+
+*apache-2.2.21-r1 (18 Oct 2011)
+
+  18 Oct 2011; Peter Volkov <pva@gentoo.org> +apache-2.2.21-r1.ebuild:
+  Fix Reverse Proxy Mode Security Bypass (CVE-2011-3368), bug #385859 by
+  Agostino Sarubbo. Init script fixes: 1. use extra_{,started}commands, bug
+  #385637 by Martin von Gagern; 2. check config during restart, bug #384997 wrt
+  Christian Ruppert (idl0r); 3. don't use pidof to check for running instances
+  to make it more ConTainer friendly, bug #384267 by Stef Simoens. Updated
+  defaults in 00_default_settings.conf to better match upstream intentions, bug
+  #387157 by Steve Dibb.
 
   27 Sep 2011; Kacper Kowalik <xarthisius@gentoo.org> apache-2.2.21.ebuild:
   ppc/ppc64 stable wrt #382971
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
index 7216366a6fc5..4f3c82e86a89 100644
--- a/www-servers/apache/Manifest
+++ b/www-servers/apache/Manifest
@@ -1,5 +1,5 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
+Hash: SHA256
 
 DIST gentoo-apache-2.2.14-r1-20091008.tar.bz2 62359 RMD160 0e78de9a61265be2ef797e02bce0cf89f0a5fd2a SHA1 357316581f7d7d289655992216be6c5f5342f32c SHA256 99db378884b33af1c97713f63d92f0bb1d02eef6dc1f8f47a9addd258b3f7233
 DIST gentoo-apache-2.2.15-20100307.tar.bz2 63716 RMD160 aa16c46ec930c020820293b884876946b81bd476 SHA1 20fa102d6094d00d3c874b0b1df69d0ddcf34339 SHA256 b3c4ca6eed24ea82ff37bfa331403b09c94f3b2a8b5b1058761651c6824787c1
@@ -7,6 +7,7 @@ DIST gentoo-apache-2.2.16-20100828.tar.bz2 63742 RMD160 c001f1f55099977c41b03346
 DIST gentoo-apache-2.2.17-20110218.tar.bz2 62615 RMD160 05b57ab08e1938e5bf41ead2ce53c71c59303d60 SHA1 2a877d8269c3df5bb11f1a3c30953b38e8a17119 SHA256 8cc3cfe47d55877eaff15d6688d9ced1e7e54c93f012f4d84561d7ef7a3118ad
 DIST gentoo-apache-2.2.20-20110901.tar.bz2 63251 RMD160 279438975a3890ac5c14f882c2ffa436b2841912 SHA1 012db5dc78129b627f633c4fd5ff0319d6d0bba2 SHA256 3b4e809673516efb7c78d904d1d776e243e03437227c472eb08e6ec3688fc067
 DIST gentoo-apache-2.2.21-20110915.tar.bz2 63319 RMD160 797b3236145631fb18236cbc120775e5a634d82e SHA1 e0bbd052d7ccab1eb32887489aaad27990c1e355 SHA256 5cad94064254f00ffd561a3cf4e736b41aeaa082815450463cd4face6ded0f27
+DIST gentoo-apache-2.2.21-r1-20111018.tar.bz2 64196 RMD160 fb3d4c1716ecf2763caef5f5d927d8276ebaca47 SHA1 347138d7738c6bbfc0eab1d520f101ac1bb0fa35 SHA256 8c78505a34184b526099db5edb36b6b4ab57b6d2a43eec537ca7984f94639ec7
 DIST httpd-2.2.14.tar.bz2 5147171 RMD160 ff5077e444ba995475202bb3b9be733384c809d1 SHA1 eacd04c87b489231ae708c84a77dc8e9ee176fd2 SHA256 b2deab8a5e797fde7a04fb4a5ebfa9c80f767d064dd19dcd2857c94838ae3ac6
 DIST httpd-2.2.15.tar.bz2 4959582 RMD160 e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf SHA1 5f0e973839ed2e38a4d03adba109ef5ce3381bc2 SHA256 5ae0c428e7abd87eecbac8564d90a7182104325bae7086c21db7b3a1e3140ca7
 DIST httpd-2.2.16.tar.bz2 4775545 RMD160 2e6d7d1dae40905be7fdd793140f62cf58112095 SHA1 ef92f5b3124fe5e9ba6121ea7f4bab8c014068f9 SHA256 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52
@@ -19,15 +20,14 @@ EBUILD apache-2.2.16-r1.ebuild 2680 RMD160 619727d2b7f48b8357dbb4112b001f67593ad
 EBUILD apache-2.2.16.ebuild 2326 RMD160 ea97a265f787b20329c592a6a4aaed5a97884a42 SHA1 dcea03fbf229d138f6f42d15813a59875c7bf965 SHA256 2f8ab433d60d88650df0602894606d0c4b4b730dda216b7398eb9c0849f39edb
 EBUILD apache-2.2.17.ebuild 2662 RMD160 504b6e5e1fca0e16802dc07a1244517e7c868b66 SHA1 881c6fa19547502b3d8e33a927d27c707569c8d9 SHA256 5f18d3f92d278467e839898adeb130c13b30be9a4eb9094c6b18a12700ff4332
 EBUILD apache-2.2.20.ebuild 2663 RMD160 45ffdb6ac45a8d2227128c3008aa66dfa84ab797 SHA1 c3d254c5239772964241527083a9d703848c8024 SHA256 abf0ff5141cb2335c9e826dfb59101079c559b945b2042da7266741004df4ce7
+EBUILD apache-2.2.21-r1.ebuild 2751 RMD160 9409afe74aa71d83ae04b9a5e24be387491cf56b SHA1 93ca2b316d1a08d5e3c3b2d83df911450d98a0d0 SHA256 e263f5fd46ce520e36dd0e54099e30aa9e32ab5d739886d230a78ef18d8898a2
 EBUILD apache-2.2.21.ebuild 2666 RMD160 888196d1e2490b734809bc1f9568ce3c54e58e5d SHA1 78b858ee8ba94444775d157888b013c01b69173b SHA256 9731f01eebf6acdd83c32b982497bc5c22c36bd03387cc192c001a60fc2652e0
-MISC ChangeLog 115024 RMD160 200526683831bd5f2acd01d9694d378b175ac3b3 SHA1 cb662f88519c76f080a584a3727da6919d6c1293 SHA256 88f8d51738847c0d51c74dbbe2e08cad735987b39aed36227a9bd5ee9bfac805
+MISC ChangeLog 115610 RMD160 7f7462dac3228929092bd3f8bcc363a7356d430d SHA1 bdf85cb3912188295bf38192bac3fbc4ea1400ab SHA256 871d9257a61b4b9d95daefb91bbcf41803aab0a0fa40f85c0fb3041aca3b18a8
 MISC metadata.xml 767 RMD160 3b4215160698916a68964b0bcbd63907fef5b124 SHA1 a27777ba897768cfbcebf7779a6cf8be2029ed9b SHA256 8378ce2aa8e0adbe9d7b2f093f115a11d0ec170c74232111b7f46bd692e5aa5c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (GNU/Linux)
+Version: GnuPG v2.0.17 (GNU/Linux)
 
-iJwEAQECAAYFAk6CFPYACgkQIiMqcbOVdxSsFwQAnW9sVAfz81UZ19GZjyrqTSdS
-4sZVJR3NrG4u9sCspnesdNuztOjhrJBq1KaCybkbCEJeaArmyz/uF4rPGK5Bn+Sb
-TJ5l3hH9Zzb4/dKtUDvZkooxK7CmMGAU5OBMYviMsgFRXpuzSUnMTUR6yvjSnL0q
-2NmsYoXGA7cRkH9DMT0=
-=ETjx
+iF4EAREIAAYFAk6dH8AACgkQGrk+8vGYmwcfYwEA1pQADwv0Z47g2yhyllrPc5E6
+858UNxJxz9QiBmD/VN8BAOc0sFZD08UMrPS4duL+yo/0GhrTKBD0uJfrIAqSSVcX
+=PfyV
 -----END PGP SIGNATURE-----
diff --git a/www-servers/apache/apache-2.2.21-r1.ebuild b/www-servers/apache/apache-2.2.21-r1.ebuild
new file mode 100644
index 000000000000..f906abbaa4c9
--- /dev/null
+++ b/www-servers/apache/apache-2.2.21-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.21-r1.ebuild,v 1.1 2011/10/18 06:43:56 pva Exp $
+
+# latest gentoo apache files
+GENTOO_PATCHSTAMP="20111018"
+GENTOO_DEVELOPER="pva"
+# We want the patch from r0
+GENTOO_PATCHNAME="gentoo-${P}-r1"
+
+# IUSE/USE_EXPAND magic
+IUSE_MPMS_FORK="itk peruser prefork"
+IUSE_MPMS_THREAD="event worker"
+
+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
+charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
+env expires ext_filter file_cache filter headers ident imagemap include info
+log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
+proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
+reqtimeout setenvif speling status substitute unique_id userdir usertrack
+version vhost_alias"
+# The following are also in the source as of this version, but are not available
+# for user selection:
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
+# optional_fn_import optional_hook_export optional_hook_import
+
+# inter-module dependencies
+# TODO: this may still be incomplete
+MODULE_DEPENDS="
+	dav_fs:dav
+	dav_lock:dav
+	deflate:filter
+	disk_cache:cache
+	ext_filter:filter
+	file_cache:cache
+	log_forensic:log_config
+	logio:log_config
+	mem_cache:cache
+	mime_magic:mime
+	proxy_ajp:proxy
+	proxy_balancer:proxy
+	proxy_connect:proxy
+	proxy_ftp:proxy
+	proxy_http:proxy
+	proxy_scgi:proxy
+	substitute:filter
+"
+
+# module<->define mappings
+MODULE_DEFINES="
+	auth_digest:AUTH_DIGEST
+	authnz_ldap:AUTHNZ_LDAP
+	cache:CACHE
+	dav:DAV
+	dav_fs:DAV
+	dav_lock:DAV
+	disk_cache:CACHE
+	file_cache:CACHE
+	info:INFO
+	ldap:LDAP
+	mem_cache:CACHE
+	proxy:PROXY
+	proxy_ajp:PROXY
+	proxy_balancer:PROXY
+	proxy_connect:PROXY
+	proxy_ftp:PROXY
+	proxy_http:PROXY
+	ssl:SSL
+	status:STATUS
+	suexec:SUEXEC
+	userdir:USERDIR
+"
+
+# critical modules for the default config
+MODULE_CRITICAL="
+	authz_host
+	dir
+	mime
+"
+
+inherit apache-2
+
+DESCRIPTION="The Apache Web Server."
+HOMEPAGE="http://httpd.apache.org/"
+
+# some helper scripts are Apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="${DEPEND}
+	>=dev-libs/openssl-0.9.8m
+	apache2_modules_deflate? ( sys-libs/zlib )"
+
+# dependency on >=dev-libs/apr-1.4.5 for bug #368651
+RDEPEND="${RDEPEND}
+	>=dev-libs/apr-1.4.5
+	>=dev-libs/openssl-0.9.8m
+	apache2_modules_mime? ( app-misc/mime-types )"
-- 
2.26.2