diff options
| author | tron <tron@pkgsrc.org> | 2006-05-07 12:35:27 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2006-05-07 12:35:27 +0000 |
| commit | 97d23b0a136213aa86eda190a41d06b2837b4a84 (patch) | |
| tree | 970eb1838c7fcdaffebe57e1ae70497bdfab9e5f /www/apache2/Makefile.common | |
| parent | 94a284b8dd2c73232cab945a728fa88ae0363080 (diff) | |
| download | pkgsrc-97d23b0a136213aa86eda190a41d06b2837b4a84.tar.gz | |
Update "apr" package to version 0.9.12.2.0.58 and "apache" package
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
Diffstat (limited to 'www/apache2/Makefile.common')
| -rw-r--r-- | www/apache2/Makefile.common | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/www/apache2/Makefile.common b/www/apache2/Makefile.common index b10d9cbdf7d..b83955e84bb 100644 --- a/www/apache2/Makefile.common +++ b/www/apache2/Makefile.common @@ -1,11 +1,11 @@ -# $NetBSD: Makefile.common,v 1.19 2005/10/17 10:37:11 tron Exp $ +# $NetBSD: Makefile.common,v 1.20 2006/05/07 12:35:27 tron Exp $ DISTNAME= httpd-${APACHE_VERSION} EXTRACT_SUFX= .tar.bz2 # When updating this version be sure to update the checksum and remove # any PKGREVISION for devel/apr also. -APACHE_VERSION= 2.0.55 -APR_VERSION= 0.9.7 +APACHE_VERSION= 2.0.58 +APR_VERSION= 0.9.12 MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} \ http://www.NetBSD.org/images/logos/ |