diff options
| author | taca <taca> | 2004-05-13 11:39:09 +0000 |
|---|---|---|
| committer | taca <taca> | 2004-05-13 11:39:09 +0000 |
| commit | 794efce466c8aaea676057edb6da1d38eb2e2cda (patch) | |
| tree | db7798594ffc861faa4a36f8155fb8a9016c0b23 /www/ap-auth-postgresql | |
| parent | 5a6f99914689920054dc426df424b42700f0144f (diff) | |
| download | pkgsrc-794efce466c8aaea676057edb6da1d38eb2e2cda.tar.gz | |
Update apache package to 1.3.31.
Apache 1.3.31 Major changes
Security vulnerabilities
* CAN-2003-0987 (cve.mitre.org)
In mod_digest, verify whether the nonce returned in the client
response is one we issued ourselves. This problem does not affect
mod_auth_digest.
* CAN-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog.
* CAN-2004-0174 (cve.mitre.org)
Fix starvation issue on listening sockets where a short-lived
connection on a rarely-accessed listening socket will cause a
child to hold the accept mutex and block out new connections until
another connection arrives on that rarely-accessed listening socket.
* CAN-2003-0993 (cve.mitre.org)
Fix parsing of Allow/Deny rules using IP addresses without a
netmask; issue is only known to affect big-endian 64-bit
platforms
New features
New features that relate to specific platforms:
* Linux 2.4+: If Apache is started as root and you code
CoreDumpDirectory, core dumps are enabled via the prctl() syscall.
New features that relate to all platforms:
* Add mod_whatkilledus and mod_backtrace (experimental) for
reporting diagnostic information after a child process crash.
* Add fatal exception hook for running diagnostic code after a
crash.
* Forensic logging module added (mod_log_forensic)
* '%X' is now accepted as an alias for '%c' in the
LogFormat directive. This allows you to configure logging
to still log the connection status even with mod_ssl
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.29 (or earlier)
and have been fixed in Apache 1.3.31:
* Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
* mod_usertrack no longer inspects the Cookie2 header for
the cookie name. It also no longer overwrites other cookies.
* Fix bug causing core dump when using CookieTracking without
specifying a CookieName directly.
* UseCanonicalName off was ignoring the client provided
port information.
Diffstat (limited to 'www/ap-auth-postgresql')
0 files changed, 0 insertions, 0 deletions