diff options
| author | wiz <wiz@pkgsrc.org> | 2006-07-19 22:45:14 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2006-07-19 22:45:14 +0000 |
| commit | 140413132753448b4f201473d8ac95284e47c769 (patch) | |
| tree | 23387099d8333be9f1c3d941adeada9f9a95abea /www | |
| parent | 0991a161e94dcadcfc1f7637c933c477db940b13 (diff) | |
| download | pkgsrc-140413132753448b4f201473d8ac95284e47c769.tar.gz | |
Update to 1.3.36:
Changes with Apache 1.3.36
*) Reverted SVN rev #396294 due to unwanted regression.
The new feature introduced in 1.3.35 (Allow usage of the
"Include" configuration directive within previously "Include"d
files) has been removed in the meantime.
(http://svn.apache.org/viewcvs?rev=396294&view=rev)
Changes with Apache 1.3.35
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti [Mark Cox]
*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache/Makefile | 9 | ||||
| -rw-r--r-- | www/apache/distinfo | 15 | ||||
| -rw-r--r-- | www/apache/patches/patch-ap | 13 |
3 files changed, 11 insertions, 26 deletions
diff --git a/www/apache/Makefile b/www/apache/Makefile index 727198a0cd0..5ef806143ca 100644 --- a/www/apache/Makefile +++ b/www/apache/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.186 2006/07/02 10:43:18 rillig Exp $ +# $NetBSD: Makefile,v 1.187 2006/07/19 22:45:14 wiz Exp $ # # This pkg does not compile in mod_ssl, only the `mod_ssl EAPI' (a set of # code hooks that allow mod_ssl to be compiled separately later, if desired). -DISTNAME= apache_1.3.34 +DISTNAME= apache_1.3.36 PKGNAME= ${DISTNAME:S/_/-/} -PKGREVISION= 6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \ ${MASTER_SITE_APACHE:=httpd/old/} @@ -18,8 +17,8 @@ COMMENT= Apache HTTP (Web) server NETBSD_LOGO= sitedrivenby.gif SITES.${NETBSD_LOGO}= http://www.NetBSD.org/images/logos/ -MODSSL_VERSION= 2.8.25 -MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.34 +MODSSL_VERSION= 2.8.27 +MODSSL_DISTNAME= mod_ssl-${MODSSL_VERSION}-1.3.36 MODSSL_DIST= ${MODSSL_DISTNAME}.tar.gz MODSSL_SRC= ${WRKDIR}/${MODSSL_DISTNAME} SITES.${MODSSL_DIST}= http://www.modssl.org/source/ \ diff --git a/www/apache/distinfo b/www/apache/distinfo index 615b80e9c9a..332490cc4a1 100644 --- a/www/apache/distinfo +++ b/www/apache/distinfo @@ -1,14 +1,14 @@ -$NetBSD: distinfo,v 1.51 2006/02/21 22:44:17 wiz Exp $ +$NetBSD: distinfo,v 1.52 2006/07/19 22:45:14 wiz Exp $ -SHA1 (apache_1.3.34.tar.gz) = df082b73f1220555dc416c0c5afa746e30a9e0de -RMD160 (apache_1.3.34.tar.gz) = e39dfc57b7f9164aa76641de3fa74f0314c9ec9e -Size (apache_1.3.34.tar.gz) = 2468056 bytes +SHA1 (apache_1.3.36.tar.gz) = ca91b3e347d92a65df6a3629cdec45665135fa7c +RMD160 (apache_1.3.36.tar.gz) = b032cb2f9c0ac84116a4dd3b91752f063e146f6b +Size (apache_1.3.36.tar.gz) = 2477854 bytes +SHA1 (mod_ssl-2.8.27-1.3.36.tar.gz) = c6d2d7729dd98f5324cacc3711080f16053748dc +RMD160 (mod_ssl-2.8.27-1.3.36.tar.gz) = 7acbcad5440f57f7250a68deb424360a15ad558a +Size (mod_ssl-2.8.27-1.3.36.tar.gz) = 820432 bytes SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658 RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa Size (sitedrivenby.gif) = 8519 bytes -SHA1 (mod_ssl-2.8.25-1.3.34.tar.gz) = 150f726539d74c0d2af02e482be78bbcdb811395 -RMD160 (mod_ssl-2.8.25-1.3.34.tar.gz) = 90a3913d30c7f4d194907463125c90101005837a -Size (mod_ssl-2.8.25-1.3.34.tar.gz) = 820352 bytes SHA1 (patch-aa) = 28302d0f95ff345fb9c4cc3306e910bfaca82cef SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802 SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c @@ -23,5 +23,4 @@ SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1 SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0 SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29 -SHA1 (patch-ap) = 90ac139c91dcc45abb04e9496273f2ef4742d260 SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178 diff --git a/www/apache/patches/patch-ap b/www/apache/patches/patch-ap deleted file mode 100644 index acd2852b7a7..00000000000 --- a/www/apache/patches/patch-ap +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ap,v 1.7 2005/12/15 12:57:30 tron Exp $ - ---- src/modules/standard/mod_imap.c.orig 2004-11-24 20:10:19.000000000 +0100 -+++ src/modules/standard/mod_imap.c 2005-12-15 13:02:18.000000000 +0100 -@@ -328,7 +328,7 @@ - if (!strcasecmp(value, "referer")) { - referer = ap_table_get(r->headers_in, "Referer"); - if (referer && *referer) { -- return ap_pstrdup(r->pool, referer); -+ return ap_escape_html(r->pool, referer); - } - else { - /* XXX: This used to do *value = '\0'; ... which is totally bogus |