Update to 1.3.36:

Changes with Apache 1.3.36 *) Reverted SVN rev #396294 due to unwanted regression. The new feature introduced in 1.3.35 (Allow usage of the "Include" configuration directive within previously "Include"d files) has been removed in the meantime. (http://svn.apache.org/viewcvs?rev=396294&view=rev) Changes with Apache 1.3.35 *) SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox] *) core: Allow usage of the "Include" configuration directive within previously "Include"d files. [Colm MacCarthaigh] *) HTML-escape the Expect error message. Not classed as security as an attacker has no way to influence the Expect header a victim will send to a target site. Reported by Thiago Zaninotti [Mark Cox] *) mod_cgi: Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default. [Roy Fielding] PR 15242
author: wiz <wiz@pkgsrc.org> 2006-07-19 22:45:14 +0000
committer: wiz <wiz@pkgsrc.org> 2006-07-19 22:45:14 +0000
commit: 140413132753448b4f201473d8ac95284e47c769 (patch)
tree: 23387099d8333be9f1c3d941adeada9f9a95abea /www/apache
parent: 0991a161e94dcadcfc1f7637c933c477db940b13 (diff)
download: pkgsrc-140413132753448b4f201473d8ac95284e47c769.tar.gz
3 files changed, 11 insertions, 26 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile
index 727198a0cd0..5ef806143ca 100644
--- a/www/apache/Makefile
+++ b/www/apache/Makefile
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.186 2006/07/02 10:43:18 rillig Exp $
+# $NetBSD: Makefile,v 1.187 2006/07/19 22:45:14 wiz Exp $
 #
 # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of
 # code hooks that allow mod_ssl to be compiled separately later, if desired).
 
-DISTNAME=		apache_1.3.34
+DISTNAME=		apache_1.3.36
 PKGNAME=		${DISTNAME:S/_/-/}
-PKGREVISION=		6
 CATEGORIES=		www
 MASTER_SITES=		${MASTER_SITE_APACHE:=httpd/} \
 			${MASTER_SITE_APACHE:=httpd/old/}
@@ -18,8 +17,8 @@ COMMENT=		Apache HTTP (Web) server
 NETBSD_LOGO=		sitedrivenby.gif
 SITES.${NETBSD_LOGO}=	http://www.NetBSD.org/images/logos/
 
-MODSSL_VERSION=		2.8.25
-MODSSL_DISTNAME=	mod_ssl-${MODSSL_VERSION}-1.3.34
+MODSSL_VERSION=		2.8.27
+MODSSL_DISTNAME=	mod_ssl-${MODSSL_VERSION}-1.3.36
 MODSSL_DIST=		${MODSSL_DISTNAME}.tar.gz
 MODSSL_SRC=		${WRKDIR}/${MODSSL_DISTNAME}
 SITES.${MODSSL_DIST}=	http://www.modssl.org/source/ \
diff --git a/www/apache/distinfo b/www/apache/distinfo
index 615b80e9c9a..332490cc4a1 100644
--- a/www/apache/distinfo
+++ b/www/apache/distinfo
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.51 2006/02/21 22:44:17 wiz Exp $
+$NetBSD: distinfo,v 1.52 2006/07/19 22:45:14 wiz Exp $
 
-SHA1 (apache_1.3.34.tar.gz) = df082b73f1220555dc416c0c5afa746e30a9e0de
-RMD160 (apache_1.3.34.tar.gz) = e39dfc57b7f9164aa76641de3fa74f0314c9ec9e
-Size (apache_1.3.34.tar.gz) = 2468056 bytes
+SHA1 (apache_1.3.36.tar.gz) = ca91b3e347d92a65df6a3629cdec45665135fa7c
+RMD160 (apache_1.3.36.tar.gz) = b032cb2f9c0ac84116a4dd3b91752f063e146f6b
+Size (apache_1.3.36.tar.gz) = 2477854 bytes
+SHA1 (mod_ssl-2.8.27-1.3.36.tar.gz) = c6d2d7729dd98f5324cacc3711080f16053748dc
+RMD160 (mod_ssl-2.8.27-1.3.36.tar.gz) = 7acbcad5440f57f7250a68deb424360a15ad558a
+Size (mod_ssl-2.8.27-1.3.36.tar.gz) = 820432 bytes
 SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
 RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa
 Size (sitedrivenby.gif) = 8519 bytes
-SHA1 (mod_ssl-2.8.25-1.3.34.tar.gz) = 150f726539d74c0d2af02e482be78bbcdb811395
-RMD160 (mod_ssl-2.8.25-1.3.34.tar.gz) = 90a3913d30c7f4d194907463125c90101005837a
-Size (mod_ssl-2.8.25-1.3.34.tar.gz) = 820352 bytes
 SHA1 (patch-aa) = 28302d0f95ff345fb9c4cc3306e910bfaca82cef
 SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802
 SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c
@@ -23,5 +23,4 @@ SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a
 SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1
 SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0
 SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29
-SHA1 (patch-ap) = 90ac139c91dcc45abb04e9496273f2ef4742d260
 SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178
diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap
deleted file mode 100644
index acd2852b7a7..00000000000
--- a/www/apache/patches/patch-ap
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ap,v 1.7 2005/12/15 12:57:30 tron Exp $
-
---- src/modules/standard/mod_imap.c.orig	2004-11-24 20:10:19.000000000 +0100
-+++ src/modules/standard/mod_imap.c	2005-12-15 13:02:18.000000000 +0100
-@@ -328,7 +328,7 @@
-     if (!strcasecmp(value, "referer")) {
-         referer = ap_table_get(r->headers_in, "Referer");
-         if (referer && *referer) {
--	    return ap_pstrdup(r->pool, referer);
-+	    return ap_escape_html(r->pool, referer);
-         }
-         else {
- 	    /* XXX:  This used to do *value = '\0'; ... which is totally bogus
author	wiz <wiz@pkgsrc.org>	2006-07-19 22:45:14 +0000
committer	wiz <wiz@pkgsrc.org>	2006-07-19 22:45:14 +0000
commit	140413132753448b4f201473d8ac95284e47c769 (patch)
tree	23387099d8333be9f1c3d941adeada9f9a95abea /www/apache
parent	0991a161e94dcadcfc1f7637c933c477db940b13 (diff)
download	pkgsrc-140413132753448b4f201473d8ac95284e47c769.tar.gz