diff options
author | ghen <ghen@pkgsrc.org> | 2008-01-29 13:54:20 +0000 |
---|---|---|
committer | ghen <ghen@pkgsrc.org> | 2008-01-29 13:54:20 +0000 |
commit | af0f09ed1d5c26828a3f32c4e7f57ff6b86c9def (patch) | |
tree | b737c75b7d460553513ca9aaf9352849c8a48697 | |
parent | 002e22438e1b6879f7e59fa906376bc93e0c1384 (diff) | |
download | pkgsrc-af0f09ed1d5c26828a3f32c4e7f57ff6b86c9def.tar.gz |
Pullup ticket 2278 - requested by taca
security update for apache2
- pkgsrc/devel/arp0/distinfo 1.3
- pkgsrc/www/apache2/Makefile.common 1.23, 1.24
- pkgsrc/www/apache2/distinfo 1.52
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 21 14:30:01 UTC 2008
Modified Files:
pkgsrc/www/apache2: Makefile.common
Log Message:
Start update of apr0 pacakge to 0.9.17 and apache2 package to 2.0.63.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 21 14:33:46 UTC 2008
Modified Files:
pkgsrc/devel/apr0: distinfo
Log Message:
Update apr0 package to 0.9.17.2.0.63.
Changes with APR 0.9.17
*) Fix DSO-related crash on z/OS caused by incorrect memory
allocation. [David Jones <oscaremma gmail.com>]
*) Define apr_ino_t in such a way that it doesn't change definition
based on the library consumer's -D'efines to the filesystem.
[Lucian Adrian Grijincu <lucian.grijincu gmail.com>]
*) Cause apr_file_dup2() on Win32 to update the MSVCRT psuedo-stdio
handles for fd-based and FILE * based I/O. [William Rowe]
*) Revert Win32 to the 0.9.14 behavior of apr_proc_create() for any
of the three stdio streams which are not initialized, through either
apr_procattr_io_set() or apr_procattr_child_XXX_set(), when given a
procattr_t with one or two streams which were initialized through
apr_procattr_child_XXX_set(). Once again, these do not inherit the
parent process stdio stream to WIN32 child processes (passing
INVALID_HANDLE_VALUE instead) as on Unix. Note APR 1.3.0 adopts
the Unix behavior of inheriting any uninitialized streams as the
parent's corresponding stdio stream, in such cases. [William Rowe]
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 21 14:37:22 UTC 2008
Modified Files:
pkgsrc/www/apache2: Makefile distinfo
Log Message:
Update apache package to 2.0.63.
Changes with Apache 2.0.63
*) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
to /Device/Nul as the server is starting up, mirroring unix MPM's.
PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
*) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
by recreating the bucket allocator each time the trans pool is cleared.
PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
Changes with Apache 2.0.62 (not released)
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox, Joe Orton]
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
*) log.c: Ensure Win32 resurrects its lost robust logger processes.
[William Rowe]
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
shutdown of the server when the MaxClients is higher then 257,
in a more responsive manner [Mladen Turk, William Rowe]
*) Add explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. One of these
reported by SecurityReason [Joe Orton]
*) http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner <victor.stinner inl.fr>]
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 21 14:38:29 UTC 2008
Modified Files:
pkgsrc/www/apache2: Makefile.common
Log Message:
Add comment that this file is used by devel/apr0/Makefile detected
by pkglint.
-rw-r--r-- | devel/apr0/distinfo | 8 | ||||
-rw-r--r-- | www/apache2/Makefile.common | 8 | ||||
-rw-r--r-- | www/apache2/distinfo | 8 |
3 files changed, 13 insertions, 11 deletions
diff --git a/devel/apr0/distinfo b/devel/apr0/distinfo index b8445f86773..abbf2d7b90a 100644 --- a/devel/apr0/distinfo +++ b/devel/apr0/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.2 2007/09/07 23:11:41 tron Exp $ +$NetBSD: distinfo,v 1.2.4.1 2008/01/29 13:54:20 ghen Exp $ -SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4 -RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882 -Size (httpd-2.0.61.tar.bz2) = 4580339 bytes +SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755 +RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870 +Size (httpd-2.0.63.tar.bz2) = 4587670 bytes SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9 SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596 SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e diff --git a/www/apache2/Makefile.common b/www/apache2/Makefile.common index 982a8c3fb7b..29d08db4e52 100644 --- a/www/apache2/Makefile.common +++ b/www/apache2/Makefile.common @@ -1,11 +1,13 @@ -# $NetBSD: Makefile.common,v 1.22 2007/09/07 23:11:40 tron Exp $ +# $NetBSD: Makefile.common,v 1.22.4.1 2008/01/29 13:54:20 ghen Exp $ + +# used by devel/apr0/Makefile DISTNAME= httpd-${APACHE_VERSION} EXTRACT_SUFX= .tar.bz2 # When updating this version be sure to update the checksum and remove # any PKGREVISION for devel/apr also. -APACHE_VERSION= 2.0.61 -APR_VERSION= 0.9.16 +APACHE_VERSION= 2.0.63 +APR_VERSION= 0.9.17 MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} \ http://www.NetBSD.org/images/logos/ diff --git a/www/apache2/distinfo b/www/apache2/distinfo index 4a7eb95c370..1efb500809f 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.51 2007/09/07 23:11:40 tron Exp $ +$NetBSD: distinfo,v 1.51.4.1 2008/01/29 13:54:20 ghen Exp $ -SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4 -RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882 -Size (httpd-2.0.61.tar.bz2) = 4580339 bytes +SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755 +RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870 +Size (httpd-2.0.63.tar.bz2) = 4587670 bytes SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad |