./www/apache2, Apache HTTP (Web) server, version 2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2007Q4, Version: 2.0.63, Package name: apache-2.0.63, Maintainer: pkgsrc-users

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.


Required to run:
[textproc/expat] [lang/perl5] [devel/apr0]

Required to build:
[devel/pkg-config] [devel/libtool-base]

Master sites: (Expand)

SHA1: 20e2b64944e38e96491af788a37cb709d2c5b755
RMD160: f6a7de59860f627ac40b245fcf742fb07e1b4870
Filesize: 4480.146 KB

Version history: (Expand)

CVS history: (Expand)


   2008-01-29 14:54:21 by Geert Hendrickx | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket 2278 - requested by taca
security update for apache2

- pkgsrc/devel/arp0/distinfo				1.3
- pkgsrc/www/apache2/Makefile.common			1.23, 1.24
- pkgsrc/www/apache2/distinfo				1.52

   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 21 14:30:01 UTC 2008

   Modified Files:
	   pkgsrc/www/apache2: Makefile.common

   Log message:
   Start update of apr0 pacakge to 0.9.17 and apache2 package to 2.0.63.
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 21 14:33:46 UTC 2008

   Modified Files:
	   pkgsrc/devel/apr0: distinfo

   Log message:
   Update apr0 package to 0.9.17.2.0.63.

   Changes with APR 0.9.17

     *) Fix DSO-related crash on z/OS caused by incorrect memory
        allocation.  [David Jones <oscaremma gmail.com>]

     *) Define apr_ino_t in such a way that it doesn't change definition
        based on the library consumer's -D'efines to the filesystem.
        [Lucian Adrian Grijincu <lucian.grijincu gmail.com>]

     *) Cause apr_file_dup2() on Win32 to update the MSVCRT psuedo-stdio
        handles for fd-based and FILE * based I/O.  [William Rowe]

     *) Revert Win32 to the 0.9.14 behavior of apr_proc_create() for any
        of the three stdio streams which are not initialized, through either
        apr_procattr_io_set() or apr_procattr_child_XXX_set(), when given a
        procattr_t with one or two streams which were initialized through
        apr_procattr_child_XXX_set().  Once again, these do not inherit the
        parent process stdio stream to WIN32 child processes (passing
        INVALID_HANDLE_VALUE instead) as on Unix.  Note APR 1.3.0 adopts
        the Unix behavior of inheriting any uninitialized streams as the
        parent's corresponding stdio stream, in such cases.  [William Rowe]
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 21 14:37:22 UTC 2008

   Modified Files:
	   pkgsrc/www/apache2: Makefile distinfo

   Log message:
   Update apache package to 2.0.63.

   Changes with Apache 2.0.63

     *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
        to /Device/Nul as the server is starting up, mirroring unix MPM's.
        PR: 43534  [Tom Donovan <Tom.Donovan acm.org>, William Rowe]

     *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
        by recreating the bucket allocator each time the trans pool is cleared.
        PR: 11427 #16 (follow-on)  [Tom Donovan <Tom.Donovan acm.org>]

   Changes with Apache 2.0.62 (not released)

     *) SECURITY: CVE-2007-6388 (cve.mitre.org)
        mod_status: Ensure refresh parameter is numeric to prevent
        a possible XSS attack caused by redirecting to other URLs.
        Reported by SecurityReason.  [Mark Cox, Joe Orton]

     *) SECURITY: CVE-2007-5000 (cve.mitre.org)
        mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
        [Joe Orton]

     *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
        to identify a default, or specific servers or paths which list their
        contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]

     *) log.c: Ensure Win32 resurrects its lost robust logger processes.
        [William Rowe]

     *) mpm_winnt: Eliminate wait_for_many_objects.  Allows the clean
        shutdown of the server when the MaxClients is higher then 257,
        in a more responsive manner [Mladen Turk, William Rowe]

     *) Add explicit charset to the output of various modules to work around
        possible cross-site scripting flaws affecting web browsers that do not
        derive the response character set as required by  RFC2616.  One of these
        reported by SecurityReason [Joe Orton]

     *) http_protocol: Escape request method in 405 error reporting.
        This has no security impact since the browser cannot be tricked
        into sending arbitrary method strings.  [Jeff Trawick]

     *) http_protocol: Escape request method in 413 error reporting.
        Determined to be not generally exploitable, but a flaw in any case.
        PR 44014 [Victor Stinner <victor.stinner inl.fr>]
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 21 14:38:29 UTC 2008

   Modified Files:
	   pkgsrc/www/apache2: Makefile.common

   Log message:
   Add comment that this file is used by devel/apr0/Makefile detected
   by pkglint.