<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pkgsrc/www/apache22, branch pkgsrc_2008Q2</title>
<subtitle>[no description]</subtitle>
<id>https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2</id>
<link rel='self' href='https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2'/>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/'/>
<updated>2008-08-12T18:16:33Z</updated>
<entry>
<title>Pullup ticket 2476 - requested by tron</title>
<updated>2008-08-12T18:16:33Z</updated>
<author>
<name>spz</name>
<email>spz</email>
</author>
<published>2008-08-12T18:16:33Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=a7f819e28919fbb0603dee904b3cf7cbb2a6c224'/>
<id>urn:sha1:a7f819e28919fbb0603dee904b3cf7cbb2a6c224</id>
<content type='text'>
Security fix

Revisions pulled up:
- pkgsrc/www/apache22/Makefile			1.28
- pkgsrc/www/apache22/distinfo			1.12
- pkgsrc/www/apache22/patches/patch-ab		1.8

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sat Aug  9 22:16:44 UTC 2008

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-ab

   Log Message:
   Add patch from Apache SVN repository to avoid cross-site scripting attacks
   in the FTP proxy module. This fixes the security vulnerability reported
   in CVE-2008-2939.


   To generate a diff of this commit:
   cvs rdiff -r1.27 -r1.28 pkgsrc/www/apache22/Makefile
   cvs rdiff -r1.11 -r1.12 pkgsrc/www/apache22/distinfo
   cvs rdiff -r0 -r1.8 pkgsrc/www/apache22/patches/patch-ab
</content>
</entry>
<entry>
<title>Update "apache22" package to version 2.2.9.</title>
<updated>2008-06-18T21:38:00Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2008-06-18T21:38:00Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=b13a234b28154de06ace1ae0f7dc4d3135ae602f'/>
<id>urn:sha1:b13a234b28154de06ace1ae0f7dc4d3135ae602f</id>
<content type='text'>
This version of Apache is principally a bug and security fix release.
The following potential security flaws are addressed:
- CVE-2008-2364: mod_proxy_http: Better handling of excessive interim
  responses from origin server to prevent potential denial of service and
  high memory usage. Reported by Ryujiro Shibuya.
- CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the
  balancer-manager interface.

pkgsrc related notes:
- CVE-2008-2364 was already fixed in "pkgsrc"
- CVE-2007-6420 doesn't affect the package in the default configuration
  because the "proxy_balancer" isn't enabled.
</content>
</entry>
<entry>
<title>Add patch for CVE-2008-2364 from the Apache SVN repository.</title>
<updated>2008-06-12T14:12:19Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2008-06-12T14:12:19Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=9877974439cd6c6fe77f6b11a3f176cb106e9e75'/>
<id>urn:sha1:9877974439cd6c6fe77f6b11a3f176cb106e9e75</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Second round of explicit pax dependencies. As reminded by tnn@,</title>
<updated>2008-05-26T02:13:14Z</updated>
<author>
<name>joerg</name>
<email>joerg</email>
</author>
<published>2008-05-26T02:13:14Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=2374ca422f2eb8b46ed600c7bb21740b2865d899'/>
<id>urn:sha1:2374ca422f2eb8b46ed600c7bb21740b2865d899</id>
<content type='text'>
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
</content>
</entry>
<entry>
<title>Convert to use PLIST_VARS instead of manually passing "@comment "</title>
<updated>2008-04-12T22:42:57Z</updated>
<author>
<name>jlam</name>
<email>jlam</email>
</author>
<published>2008-04-12T22:42:57Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=84db467ec7c8386066718011f8d47775d5608811'/>
<id>urn:sha1:84db467ec7c8386066718011f8d47775d5608811</id>
<content type='text'>
through PLIST_SUBST to the plist module.
</content>
</entry>
<entry>
<title>Update to 2.2.8, please check http://www.apache.org/dist/httpd/CHANGES_2.2.8</title>
<updated>2008-01-21T15:07:10Z</updated>
<author>
<name>xtraeme</name>
<email>xtraeme</email>
</author>
<published>2008-01-21T15:07:10Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=58922d83962b247d223934eb39fd0bebd13020c1'/>
<id>urn:sha1:58922d83962b247d223934eb39fd0bebd13020c1</id>
<content type='text'>
for the list of changes.
</content>
</entry>
<entry>
<title>Per the process outlined in revbump(1), perform a recursive revbump</title>
<updated>2008-01-18T05:06:18Z</updated>
<author>
<name>tnn</name>
<email>tnn</email>
</author>
<published>2008-01-18T05:06:18Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=1c8e24b168b5909ecc586bdbb660570b490d92ef'/>
<id>urn:sha1:1c8e24b168b5909ecc586bdbb660570b490d92ef</id>
<content type='text'>
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
</content>
</entry>
<entry>
<title>db4 update related revision bump</title>
<updated>2008-01-12T11:36:28Z</updated>
<author>
<name>adam</name>
<email>adam</email>
</author>
<published>2008-01-12T11:36:28Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=54a9e8b02ddc06323222b7d4f5cc4bd2d0333725'/>
<id>urn:sha1:54a9e8b02ddc06323222b7d4f5cc4bd2d0333725</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Update www/apache to 2.2.6nb1</title>
<updated>2007-12-04T12:08:45Z</updated>
<author>
<name>abs</name>
<email>abs</email>
</author>
<published>2007-12-04T12:08:45Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=aabc40fadefac9ad55aec37a6693de06d7ba15f2'/>
<id>urn:sha1:aabc40fadefac9ad55aec37a6693de06d7ba15f2</id>
<content type='text'>
Add apache SVN revision 574884 to fix garbage characters in Server header
http://issues.apache.org/bugzilla/show_bug.cgi?id=43334

When it hits, this issue can completely screw up returned pages if the
Server header gets embedded newlines
</content>
</entry>
<entry>
<title>Remove duplicate entry for "share/httpd/icons/README.html".</title>
<updated>2007-09-10T20:36:40Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2007-09-10T20:36:40Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=26ec8bac0ecfe22ad8c309ec4cc9bf0b1746f9d3'/>
<id>urn:sha1:26ec8bac0ecfe22ad8c309ec4cc9bf0b1746f9d3</id>
<content type='text'>
Pointed out by Geert Hendrickx in private e-mail.
</content>
</entry>
</feed>
