pkgsrc.se | The NetBSD package collection

./www/apache22, Apache HTTP (Web) server, version 2.2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2009Q4, Version: 2.2.15, Package name: apache-2.2.15, Maintainer: tron

The Apache HTTP Server Project is an effort to develop and maintain an
open-source HTTP server for various modern desktop and server operating
systems, such as UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server which provides HTTP
services in sync with the current HTTP standards.

Required to run:
[devel/apr] [devel/apr-util] [textproc/expat] [lang/perl5]

Required to build:
[devel/pkg-config] [devel/libtool-base]

Master sites: (Expand)

SHA1: 5f0e973839ed2e38a4d03adba109ef5ce3381bc2
RMD160: e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf
Filesize: 4843.342 KB

Version history: (Expand)

(2010-03-29) Updated to version: apache-2.2.15
(2010-01-15) Package added to pkgsrc.se, version apache-2.2.14 (created)

CVS history: (Expand)

2010-03-28 15:02:33 by Matthias Scheler | Files touched by this commit (6) | Package updated

Log message:
Pullup ticket #3068 - requested by taca
apache22: security update

Revisions pulled up:
- www/apache22/Makefile				1.56
- www/apache22/PLIST				1.16
- www/apache22/distinfo				1.30-1.31
- www/apache22/patches/patch-aq			delete
- www/apache22/patches/patch-as			delete
- www/apache22/patches/patch-au			delete
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Fri Mar  5 00:22:59 UTC 2010

Modified Files:
	pkgsrc/www/apache22: distinfo
Removed Files:
	pkgsrc/www/apache22/patches: patch-aq patch-as patch-au

Log message:
Remove CVE-2007-3304 related patches.  CVE-2007-3304 was fixed
in Apache 2.2.6 and these patches are noop.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Tue Mar  9 02:30:15 UTC 2010

Modified Files:
	pkgsrc/www/apache22: Makefile PLIST distinfo

Log message:
Update apache22 package to 2.2.15.

For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.

Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).

Changes with Apache 2.2.15

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
     by rejecting any client-initiated renegotiations. Forcibly disable
     keepalive for the connection if there is any buffered data readable. Any
     configuration which requires renegotiation for per-directory/location
     access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

  *) SECURITY: CVE-2010-0408 (cve.mitre.org)
     mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
     when request headers indicate a request body is incoming; not a case of
     HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]

  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
     mod_isapi: Do not unload an isapi .dll module until the request
     processing is completed, avoiding orphaned callback pointers.
     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]