Updated apache to 2.0.40

  *  SECURITY: [CAN-2002-0661] Close a very significant security hole that
     applies only to the Win32, OS2 and Netware platforms.  Unix was not
     affected, Cygwin may be affected.  Certain URIs will bypass security
     and allow users to invoke or access any file depending on the system
     configuration.  Without upgrading, a single .conf change will close
     the vulnerability.  Add the following directive in the global server
     httpd.conf context before any other Alias or Redirect directives;
         RedirectMatch 400 "\\\.\."
     Reported by Auriemma Luigi <bugtest@sitoverde.com>.
     [Brad Nicholes]

  *  SECURITY:  Close a path-revealing exposure in multiview type
     map negotiation (such as the default error documents) where the
     module would report the full path of the typemapped .var file when
     multiple documents or no documents could be served based on the mime
     negotiation.  Reported by Auriemma Luigi <bugtest@sitoverde.com>.
     [CAN-2002-0654]  [William Rowe]

  *  SECURITY:  Close a path-revealing exposure in cgi/cgid when we
     fail to invoke a script.  The modules would report "couldn't create
     child process /path-to-script/script.pl" revealing the full path
     of the script.  Reported by Jim Race <jrace@qualys.com>.
     [CAN-2002-0654]  [Bill Stoddard]

  *  More bug fixes (see the CHANGES file)

1 files changed, 2 insertions, 3 deletions

diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 90916d9a928..a702a7f87d8 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2002/08/25 21:51:53 jlam Exp $
+# $NetBSD: Makefile,v 1.12 2002/08/29 14:12:27 martti Exp $
 
 DISTNAME=		httpd-${APACHE_VERSION}
 PKGNAME=		apache-${APACHE_VERSION}
-APACHE_VERSION=		2.0.39
-PKGREVISION=		1
+APACHE_VERSION=		2.0.40
 CATEGORIES=		www
 MASTER_SITES=		http://httpd.apache.org/dist/httpd/ \
 			http://httpd.apache.org/dist/httpd/old/ \