diff options
| author | adam <adam@pkgsrc.org> | 2010-11-01 18:03:03 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2010-11-01 18:03:03 +0000 |
| commit | bc6a2a1c8227701f6792a9c8345beb72d34474ba (patch) | |
| tree | 8757480a73e7f8c3d07c729555549b12c57d777a /www/apache2/buildlink3.mk | |
| parent | 47da5dcd5e485d5e840437ff5f0d7fcc6d4b6283 (diff) | |
| download | pkgsrc-bc6a2a1c8227701f6792a9c8345beb72d34474ba.tar.gz | |
Changes 2.0.64:
* SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav: Fix Handling of requests without a path segment.
* SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects.
* SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
* SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
and offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol, RFC 5746.
* SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
for OpenSSL versions prior to 0.9.8l; reject any client-initiated
renegotiations. Forcibly disable keepalive for the connection if there
is any buffered data readable. Any configuration which requires
renegotiation for per-directory/location access control is still
vulnerable, unless using openssl 0.9.8l or later.
* SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body.
* SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage.
* SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
* SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7.
* Fix recursive ErrorDocument handling.
* mod_ssl: Do not do overlapping memcpy.
* Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
through on a 304 response.
* apxs: Fix -A and -a options to ignore whitespace in httpd.conf
Diffstat (limited to 'www/apache2/buildlink3.mk')
| -rw-r--r-- | www/apache2/buildlink3.mk | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/www/apache2/buildlink3.mk b/www/apache2/buildlink3.mk index 744628cdb0d..8cd6636fd96 100644 --- a/www/apache2/buildlink3.mk +++ b/www/apache2/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.29 2010/01/17 12:02:48 wiz Exp $ +# $NetBSD: buildlink3.mk,v 1.30 2010/11/01 18:03:04 adam Exp $ BUILDLINK_TREE+= apache @@ -9,16 +9,16 @@ BUILDLINK_API_DEPENDS.apache+= apache>=2.0.51<2.2 BUILDLINK_ABI_DEPENDS.apache+= apache>=2.0.63nb6 BUILDLINK_PKGSRCDIR.apache?= ../../www/apache2 BUILDLINK_DEPMETHOD.apache?= build -. if defined(APACHE_MODULE) +.if defined(APACHE_MODULE) BUILDLINK_DEPMETHOD.apache+= full -. endif +.endif USE_TOOLS+= perl # for "apxs" CONFIGURE_ENV+= APR_LIBTOOL=${LIBTOOL:Q} # make apxs use the libtool we specify MAKE_ENV+= APR_LIBTOOL=${LIBTOOL:Q} APXS?= ${BUILDLINK_PREFIX.apache}/sbin/apxs -. if defined(GNU_CONFIGURE) +.if defined(GNU_CONFIGURE) CONFIGURE_ARGS+= --with-apxs2=${APXS:Q} -. endif +.endif .include "../../devel/apr0/buildlink3.mk" .endif # APACHE_BUILDLINK3_MK |