diff options
| author | taca <taca> | 2008-01-21 14:37:22 +0000 |
|---|---|---|
| committer | taca <taca> | 2008-01-21 14:37:22 +0000 |
| commit | efed2d4c3ce1ae353d30b1954b27cfadf21bbb1a (patch) | |
| tree | 724f8133fda7e49bc39ae9c2648856702c7bcd74 /www/apache2 | |
| parent | 4e1ad1f99a70f162fc3bdf98bc6a3dedd4b81525 (diff) | |
| download | pkgsrc-efed2d4c3ce1ae353d30b1954b27cfadf21bbb1a.tar.gz | |
Update apache package to 2.0.63.
Changes with Apache 2.0.63
*) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
to /Device/Nul as the server is starting up, mirroring unix MPM's.
PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
*) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
by recreating the bucket allocator each time the trans pool is cleared.
PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
Changes with Apache 2.0.62 (not released)
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox, Joe Orton]
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
*) log.c: Ensure Win32 resurrects its lost robust logger processes.
[William Rowe]
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
shutdown of the server when the MaxClients is higher then 257,
in a more responsive manner [Mladen Turk, William Rowe]
*) Add explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. One of these
reported by SecurityReason [Joe Orton]
*) http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner <victor.stinner inl.fr>]
Diffstat (limited to 'www/apache2')
| -rw-r--r-- | www/apache2/Makefile | 3 | ||||
| -rw-r--r-- | www/apache2/distinfo | 8 |
2 files changed, 5 insertions, 6 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile index cd92097ddd7..eb469418273 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.120 2008/01/18 05:09:47 tnn Exp $ +# $NetBSD: Makefile,v 1.121 2008/01/21 14:37:22 taca Exp $ .include "Makefile.common" PKGNAME= apache-${APACHE_VERSION} -PKGREVISION= 2 CATEGORIES= www HOMEPAGE= http://httpd.apache.org/ diff --git a/www/apache2/distinfo b/www/apache2/distinfo index 4a7eb95c370..7a74aab02db 100644 --- a/www/apache2/distinfo +++ b/www/apache2/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.51 2007/09/07 23:11:40 tron Exp $ +$NetBSD: distinfo,v 1.52 2008/01/21 14:37:22 taca Exp $ -SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4 -RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882 -Size (httpd-2.0.61.tar.bz2) = 4580339 bytes +SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755 +RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870 +Size (httpd-2.0.63.tar.bz2) = 4587670 bytes SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad |