Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
-) Remove patch to avoid dlclose()ing on NetBSD. The mod_perl vs. perl CGI
mis-interaction seems to be gone and I wasn't able to reproduce it on my
system.
*) Fix the declaration of the module structure in mod_example.
*) Fix the handling of variable expansion look-ahead in mod_rewrite,
i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
more complicated nested RewriteMap lookups.
*) mod_status now respects ?refresh=n of 1 or greater. If the given
refresh value is not a number, ?refresh is set to 1 second.
*) Accomodate an out-of-space condition in the piped logs and the
rotatelogs.c code, and no longer churn log processes for this condition.
*) Make cgi-bin work as a regular directory when using mod_vhost_alias
with no VirtualScriptAlias directives.
*) Move the check of the Expect request header field after the hook
for ap_post_read_request, since that is the only opportunity for
modules to handle Expect extensions.
*) Eliminate caching problems of mod_autoindex results, so the last
modified date of the directory is returned as the Last-Modified
and ETag HTTP header tags are sent if IndexOptions TrackModified
directive/option is used.
*) Correct an issue with Alias and ScriptAlias directives that
file path arguments were not normalized in canonical form.
This correction makes no attempt to normalize regular expression
forms of Alias or ScriptAlias.
*) Add a new LogFormat directive, %c, that will log connection
status at the end of the response.
*) Update the mime.types file to the registered media types as of 2000-10-19.
*) Restore functionality broken by the mod_rewrite security fix:
rewrite map lookup keys and default values are now expanded
so that the lookup can depend on the requested URI etc.
|
|
|
|
The security fixes are:
* A problem with the Rewrite module, mod_rewrite, allowed access to
any file on the web server under certain circumstances
* The handling of Host: headers in mass virtual hosting
configurations, mod_vhost_alias, could allow access to any file on
the server
* If a cgi-bin directory is under the document root, the source to
the scripts inside it could be sent if using mass virtual hosting
The main new features include:
* Support for a directory-based configuration system. If any of the
configuration directives point to directories instead of files,
all files in that directory (and in subdirectories) will be also
parsed as configuration files
* Support name-based virtual hosting without needing to specify an
IP address in the Apache configuration file. This enables sites
that use dynamic IP addresses to support name-based virtual
hosting as well as allowing identical machines to share a
configuration file, say in a load-balanced cluster
* The SetEnvIf and BrowserMatch range of directives are now able to
be used in .htaccess files.
* Administrators who are nervous about their full server version
details being public can use the new keyword 'ProductOnly' in the
ServerTokens directive. This keyword forces the server to only
return the string "Apache" as the server version.
* The new digest authentication module, mod_auth_digest has had a
number of fixes and upgrades applied
|
|
EAPI didn't change so no need to change Apache's version number.
Also standardize package builds to have Apache listen on ports 80/443
regardless of UID of user that builds the package, and make MAINTAINER
point to me.
|
|
version numbers change, and it doesn't work correctly on a.out anyway.
Closes pkg/10309.
|
|
|
|
|
|
|
|
|
|
suppled by SUNAGAWA Keiki in PR pkg/8819. This version mostly fixes
bugs discovered since version 1.3.6.
|
|
will be fixed at OpenSSL 0.9.3's update.
|
|
last fix.
|
|
is extremely confusing to new users, and isn't necessary for proper
Apache operation. Make Makefile.tmpl skip the code which does this.
|
|
now makes use of OpenSSL.
|
|
|
|
bump; EAPI is unchanged)
- Remove restriction of mod_include to disallow "../" or "/" prefixed
file names in <!--#include file=""--> if Includes (but not
IncludesNOEXEC) is set; proposed in Apache PR mod_include/3500
- Add signature for hook function used to do mod_include callbacks
(perl-embedded SSI was not working with new 4 argument call)
|
|
|
|
POTENTIAL DENIAL OF SERVICE BUGS IN APACHE 1.3.3 (and 1.3.2, in the case
of patch-core-404).
|
|
before their cleanup procedures are called. Fixes mod_perl vs. CGI
interaction bug.
|
|
ap_include_extern_func's (needed for a couple upcoming XSSI-extending
modules). Also fix apxs to use `install' and fix the cgi-bin
`preservation' while we're here.
|
|
interface, and use the EAPI hooks interface for calling external
mod_include subs. (Needed to make mod_perl work as a DSO.)
|
|
details). No security fixes in Apache 1.3.3, so immediate upgrade from
1.3.2 is not necessary.
|
|
|
|
Also submitted to the Apache Group, gnats number os-netsd/3120.
|
|
apache-modssl: update mod_ssl to 2.0.12, and rename pkg to
"apache-1.3.2-modssl-2.0.12" such that mod_ssl version changes are noted.
|
|
symbol underscore, on ELF systems.
|
|
|
|
|
|
the distribution is extrated with umask 077 (so that src/include/* are
not world readable) they never get those permissions turned on when
installed.
|
|
- Now uses APACI, Apache's GNU-autoconf-style (but not GNU autoconf)
configuration system to configure, build, and install
- Enables build and install of all `support' tools
- Enables use of shared modules, and compiles mod_include dynamically
- Installs the Apache user manual by default.
|
|
http tree to somewhere other than /usr/pkg/http. Move pid file to /var/run.
|
|
|