[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2004Q4 2004-12-19T04:02:43Z 2004-12-19T04:02:43Z grant grant 2004-12-19T04:02:43Z urn:sha1:b4e7c5ba626d8e22fb65b7ca86b7b674596ad01f header file #includes <dlfcn.h>, so we need to include dlopen.buildlink3.mk so that dlfcn.h can be found by packages which use httpd/os.h. XXX this is not entirely correct, but works around the problem XXX sufficiently. the problem is that Darwin (7.7.x) has dlopen() and XXX friends but does not provide prototypes in dlfcn.h (or anywhere else). 2004-11-26T18:52:47Z jlam jlam 2004-11-26T18:52:47Z urn:sha1:b9f196a835f8e7326399b710109e74b80e0752c5 will work correctly on NetBSD-2.x. This should fix PR pkg/29398. 2004-11-22T22:19:35Z wiz wiz 2004-11-22T22:19:35Z urn:sha1:165c836518f9eedbc91e80862633ab5b8cf6aa90 we add c++ to the variable. 2004-11-16T08:23:45Z tron tron 2004-11-16T08:23:45Z urn:sha1:567d6a14278e6280a81b1a74b5ba47ee09404589 2004-11-15T19:13:41Z salo salo 2004-11-15T19:13:41Z urn:sha1:718ed11aa3f1b2826a5da797027b86ad22467d57 2004-11-15T15:05:34Z sketch sketch 2004-11-15T15:05:34Z urn:sha1:1875913cef680fde22ac6542d84f4f83b565e70f 2004-10-29T13:48:31Z abs abs 2004-10-29T13:48:31Z urn:sha1:1f19fe5722aa08524041af3b8951755442f51deb The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. 2004-10-25T08:44:16Z tron tron 2004-10-25T08:44:16Z urn:sha1:fbdda4b95a0e2527173e78f8ef149f426304ec07 - mod_rewrite: Fix query string handling for proxied URLs. PR 14518. [michael teitler <michael.teitler cetelem.fr>, Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>] - mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. [André Malo] - mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton] - Trigger an error when a LoadModule directive attempts to load a module which is built-in. This is a common error when switching from a DSO build to a static build. [Jeff Trawick, Geoffrey Young] - Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. [Will Slater <Will Slater orbisuk.com>] - Fix memory leak in the cache handling of mod_rewrite. PR 27862. [chunyan sheng <shengperson yahoo.com>, André Malo] - mod_rewrite no longer confuses the RewriteMap caches if different maps defined in different virtual hosts use the same map name. PR 26462. [André Malo] - mod_setenvif: Remove "support" for Remote_User variable which never worked at all. PR 25725. [André Malo] - mod_usertrack: Escape the cookie name before pasting into the regexp. [André Malo] - Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. [Jeff Trawick] - SECURITY: CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox] - Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects mod_usertrack and core. PR 28218. [André Malo] - No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. [Jim Jagielski, Rasmus Lerdorf] - COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. [Jim Jagielski] 2004-10-18T09:28:08Z tron tron 2004-10-18T09:28:08Z urn:sha1:7a6362379ec10e038f6db16695051934b449aecb 2004-10-03T00:12:51Z tv tv 2004-10-03T00:12:51Z urn:sha1:b5510d5a2d7f9a1406603d922ae5d8548950233c in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.