<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pkgsrc/www/apache22, branch pkgsrc_2009Q3</title>
<subtitle>[no description]</subtitle>
<id>https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2009Q3</id>
<link rel='self' href='https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2009Q3'/>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/'/>
<updated>2009-11-12T09:47:12Z</updated>
<entry>
<title>Pullup ticket 2931 - requested by tron</title>
<updated>2009-11-12T09:47:12Z</updated>
<author>
<name>spz</name>
<email>spz</email>
</author>
<published>2009-11-12T09:47:12Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=f848629045ff18237af581f1535bd241dd7fe452'/>
<id>urn:sha1:f848629045ff18237af581f1535bd241dd7fe452</id>
<content type='text'>
MASTER_SITES list update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile		patch 1.53 to 1.54

   -------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Nov 11 22:28:51 UTC 2009

   Modified Files:
   	pkgsrc/www/apache22: Makefile

   Log Message:
   Provide working URLs for fetching old Apache releases.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/Makefile
</content>
</entry>
<entry>
<title>Add patch from the Apache SVN repository to the vulnerability reported</title>
<updated>2009-10-04T12:21:34Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-10-04T12:21:34Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=c8a5e836fb1a9f1a5dd3f225ce8bcbee16071883'/>
<id>urn:sha1:c8a5e836fb1a9f1a5dd3f225ce8bcbee16071883</id>
<content type='text'>
in CVE-2009-3095.
</content>
</entry>
<entry>
<title>Use official fix for CVE-2009-3094 taken from the Apache SVN repository.</title>
<updated>2009-09-14T22:09:33Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-09-14T22:09:33Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=0a6caa219cf87b5053972b734ddce6babd52eeda'/>
<id>urn:sha1:0a6caa219cf87b5053972b734ddce6babd52eeda</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Add a fix for the remote Denial of Service vulnerability reported</title>
<updated>2009-09-13T13:32:50Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-09-13T13:32:50Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=c9a6fd1205177f10f32c972c3c0d08917d1ca057'/>
<id>urn:sha1:c9a6fd1205177f10f32c972c3c0d08917d1ca057</id>
<content type='text'>
in CVE-2009-3094.
</content>
</entry>
<entry>
<title>Update "apache22" package to version 2.2.13. Changes since 2.2.12:</title>
<updated>2009-08-10T11:45:08Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-08-10T11:45:08Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=600e0c8f94e268276a25110dc2db761fedc03960'/>
<id>urn:sha1:600e0c8f94e268276a25110dc2db761fedc03960</id>
<content type='text'>
- mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas.  Report
  warnings compiling mod_ssl against OpenSSL to the httpd developers.
  [Guenter Knauf]
- mod_cgid: Do not add an empty argument when calling the CGI script.
  Bug 46380 [Ruediger Pluem]
- Fix potential segfaults with use of the legacy ap_rputs() etc
  interfaces, in cases where an output filter fails.  Bug 36780.
  [Joe Orton]
</content>
</entry>
<entry>
<title>Add patches provided by Adam Ciarcinski to fix build with recent versions</title>
<updated>2009-08-06T08:21:44Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-08-06T08:21:44Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=c7f4ae835a70d3e78a11d67a982748f65c8f488b'/>
<id>urn:sha1:c7f4ae835a70d3e78a11d67a982748f65c8f488b</id>
<content type='text'>
of OpenSSL (e.g. the version in NetBSD-current).
</content>
</entry>
<entry>
<title>Update "apache22" package to version 2.2.12. Changes since version 2.2.11:</title>
<updated>2009-08-06T07:07:23Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-08-06T07:07:23Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=62861387f59127fdf607f9e22e5bde71be74eab9'/>
<id>urn:sha1:62861387f59127fdf607f9e22e5bde71be74eab9</id>
<content type='text'>
- SECURITY: CVE-2009-1891 (cve.mitre.org)
  Fix a potential Denial-of-Service attack against mod_deflate or other
  modules, by forcing the server to consume CPU time in compressing a
  large file after a client disconnects. Bug 39605.
  [Joe Orton, Ruediger Pluem]
- SECURITY: CVE-2009-1195 (cve.mitre.org)
  Prevent the "Includes" Option from being enabled in an .htaccess
  file if the AllowOverride restrictions do not permit it.
  [Jonathan Peatfield &lt;j.s.peatfield damtp.cam.ac.uk&gt;, Joe Orton,
   Ruediger Pluem, Jeff Trawick]
- SECURITY: CVE-2009-1890 (cve.mitre.org)
  Fix a potential Denial-of-Service attack against mod_proxy in a
  reverse proxy configuration, where a remote attacker can force a
  proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
- SECURITY: CVE-2009-1191 (cve.mitre.org)
  mod_proxy_ajp: Avoid delivering content from a previous request which
  failed to send a request body. Bug 46949 [Ruediger Pluem]
- SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
  The bundled copy of the APR-util library has been updated, fixing three
  different security issues which may affect particular configurations
  and third-party modules.
- mod_include: fix potential segfault when handling back references
  on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]
- mod_alias: check sanity in Redirect arguments.
  Bug 44729 [Sönke Tesch &lt;st kino-fahrplan.de&gt;, Jim Jagielski]
- mod_proxy_http: fix Host: header for literal IPv6 addresses.
  Bug 47177 [Carlos Garcia Braschi &lt;cgbraschi gmail.com&gt;]
- mod_rewrite: Remove locking for writing to the rewritelog.
  Bug 46942
- mod_alias: Ensure Redirect emits HTTP-compliant URLs.
  Bug 44020
- mod_proxy_http: fix case sensitivity checking transfer encoding
  Bug 47383 [Ryuzo Yamamoto &lt;ryuzo.yamamoto gmail.com&gt;]
- mod_rewrite: Fix the error string returned by RewriteRule.
  RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
  argument of RewriteRule was not started with "[" or not ended with "]".
  Bug 45082 [Vitaly Polonetsky &lt;m_vitaly topixoft.com&gt;]
- mod_proxy: Complete ProxyPassReverse to handle balancer URL's.  Given;
    BalancerMember balancer://alias http://example.com/foo
    ProxyPassReverse /bash balancer://alias/bar
  backend url http://example.com/foo/bar/that is now translated /bash/that
  [William Rowe]
- New piped log syntax: Use "||process args" to launch the given process
  without invoking the shell/command interpreter.  Use "|$command line"
  (the default behavior of "|command line" in 2.2) to invoke using shell,
  consuming an additional shell process for the lifetime of the logging
  pipe program but granting additional process invocation flexibility.
  [William Rowe]
- mod_ssl: Add server name indication support (RFC 4366) and better
  support for name based virtual hosts with SSL. Bug 34607
  [Peter Sylvester &lt;peter.sylvester edelweb.fr&gt;,
   Kaspar Brand &lt;asfbugz velox.ch&gt;, Guenter Knauf, Joe Orton,
   Ruediger Pluem]
- mod_negotiation: Escape pathes of filenames in 406 responses to avoid
  HTML injections and HTTP response splitting.  Bug 46837.
  [Geoff Keating &lt;geoffk apple.com&gt;]
- mod_include: Prevent a case of SSI timefmt-smashing with filter chains
  including multiple INCLUDES filters. Bug 39369 [Joe Orton]
- mod_rewrite: When evaluating a proxy rule in directory context, do
  escape the filename by default. Bug 46428 [Joe Orton]
- mod_proxy_ajp: Check more strictly that the backend follows the AJP
  protocol. [Mladen Turk]
- mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
  to enable stricter checking of remote server certificates.
  [Ruediger Pluem]
- mod_substitute: Fix a memory leak. Bug 44948
  [Dan Poirier &lt;poirier pobox.com&gt;]
- mod_proxy_ajp: Forward remote port information by default.
  [Rainer Jung]
- mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders
  directive to correctly remove headers before storing them.
  [Lars Eilebrecht]
- mod_deflate: revert changes in 2.2.8 that caused an invalid
  etag to be emitted for on-the-fly gzip content-encoding.
  Bug 39727 will require larger fixes and this fix was far more
  harmful than the original code. Bug 45023. [Roy T. Fielding]
- mod_disk_cache: The module now turns off sendfile support if
  'EnableSendfile off' is defined globally. Bug 41218.
  [Lars Eilebrecht, Issac Goldstand]
- prefork: Fix child process hang during graceful restart/stop in
  configurations with multiple listening sockets.  Bug 42829.  [Joe Orton,
  Jeff Trawick]
- mod_ssl: Add SSLRenegBufferSize directive to allow changing the
  size of the buffer used for the request-body where necessary
  during a per-dir renegotiation.  Bug 39243.  [Joe Orton]
- mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
  way that per-directory rewrites append the previous notion of PATH_INFO
  to each substitution before evaluating subsequent rules.
  Bug 38642 [Eric Covener]
- mod_authnz_ldap: Reduce number of initialization debug messages and make
  information more clear. Bug 46342 [Dan Poirier]
- mod_cache: Introduce 'no-cache' per-request environment variable
  to prevent the saving of an otherwise cacheable response.
  [Eric Covener]
- core: Translate the status line to ASCII on EBCDIC platforms in
  ap_send_interim_response() and for locally generated "100 Continue"
  responses.  [Eric Covener]
- CGI: return 504 (Gateway timeout) rather than 500 when a script
  times out before returning status line/headers.
  Bug 42190 [Nick Kew]
- prefork: Log an error instead of segfaulting when child startup fails
  due to pollset creation failures.  Bug 46467.  [Jeff Trawick]
- mod_ext_filter: fix error handling when the filter prog fails to start,
  and introduce an onfail configuration option to abort

All the security problems mentioned above had already been fixed in
"pkgsrc" via patches. Thanks a lot to Adam Ciarcinski for letting me
know that new version had finally been released.
</content>
</entry>
<entry>
<title>Add patches from the Apache SVN repository to fix the security</title>
<updated>2009-07-14T12:23:39Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-07-14T12:23:39Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=0225df243ef4b900b950d7309a6fbeaa8d30bfa9'/>
<id>urn:sha1:0225df243ef4b900b950d7309a6fbeaa8d30bfa9</id>
<content type='text'>
vulnerabilities reported in CVE-2009-1890 and CVE-2009-1891.
</content>
</entry>
<entry>
<title>Convert @exec/@unexec to @pkgdir or drop it.</title>
<updated>2009-06-14T22:00:14Z</updated>
<author>
<name>joerg</name>
<email>joerg</email>
</author>
<published>2009-06-14T22:00:14Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=71a32296ba11763abadcde92e96627deb1c72b1d'/>
<id>urn:sha1:71a32296ba11763abadcde92e96627deb1c72b1d</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Import improved version of the fix for CVE-2009-1195 to restore</title>
<updated>2009-06-11T20:30:58Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2009-06-11T20:30:58Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=5894abf811bdd73e3d5da04785df884c0beca17c'/>
<id>urn:sha1:5894abf811bdd73e3d5da04785df884c0beca17c</id>
<content type='text'>
backwards compatibility with e.g. "mod_perl".
</content>
</entry>
</feed>
