2004-10-02 17:37:57 by Jeremy C. Reed | Files touched by this commit (1) |
Log message:
Sort include files in PLIST. This makes it easier when
checking for PLIST changes when updating.
No changes to PLIST entries.
|
2004-09-28 19:59:55 by Eric Haszlakiewicz | Files touched by this commit (1) |
Log message:
Not all ap-* packages are apache1. Some work for either apache so don't force
a conflict.
|
2004-09-24 00:51:52 by grant beattie | Files touched by this commit (1) | |
Log message:
update checksum for patch-ab (hi, reed!)
|
2004-09-23 23:07:25 by Jeremy C. Reed | Files touched by this commit (2) |
Log message:
Add patch for Apache security issue.
2.0.51 had a regression where the Satisfy directive could take
effect for different directories (and could bypass some access
control).
This patch is direct from Apache.
Also bumped the package revision.
|
2004-09-20 19:19:34 by Adrian Portelli | Files touched by this commit (8) |
Log message:
- Update apache to 2.0.51
- Remove patch-as and patch-ah as they are now outdated and included in the src
- ok'ed snj@, wiz@
- Thanks to epg@ for final check
This version of Apache is principally a bug fix release. Of particular note
is that 2.0.51 addresses five security vulnerabilities:
An input validation issue in IPv6 literal address parsing which can result
in a negative length parameter being passed to memcpy.
[CAN-2004-0786]
A buffer overflow in configuration file parsing could allow a local user to
gain the privileges of a httpd child if the server can be forced to parse a
carefully crafted .htaccess file.
[CAN-2004-0747]
A segfault in mod_ssl which can be triggered by a malicious remote server,
if proxying to SSL servers has been configured.
[CAN-2004-0751]
A potential infinite loop in mod_ssl which could be triggered given
particular timing of a connection abort.
[CAN-2004-0748]
A segfault in mod_dav_fs which can be remotely triggered by an indirect lock
refresh request.
[CAN-2004-0809]
For further details, see http://www.apache.org/dist/httpd/Announcement2.html
and http://apache.rmplc.co.uk/httpd/CHANGES_2.0.
|
2004-09-07 21:43:03 by Adrian Portelli | Files touched by this commit (4) | |
Log message:
Security update for apache2 with the changes backported from the
Apache CVS tree.
CAN-2004-0748
http://issues.apache.org/bugzilla/show_bug.cgi?id=29964
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.124&r2=1.125
CAN-2004-0751
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126
|
2004-07-17 02:18:31 by Juan Romero Pardines | Files touched by this commit (1) |
Log message:
Enable OpenLDAP support if APR_USE_OPENLDAP == [Yy][Ee][Ss].
(ldap and auth_ldap modules).
This closes PR pkg/26166.
|
2004-07-15 06:38:17 by Adrian Portelli | Files touched by this commit (3) |
Log message:
- Backout recent APACHE_DEFAULT_FILES build def as some ppl are having
problems with it and it also looks like it might be breaking some
apache related packages.
|
2004-07-14 16:36:48 by Stoned Elipot | Files touched by this commit (1) |
Log message:
Fix PLIST issue.
As soon as PLIST_SRC is defined the "default" PLIST files are not
added to PLIST_SRC. So 'PLIST' has to be explicitly listed in the
APACHE_DEFAULT_FILES == "yes" case.
|
2004-07-14 15:21:37 by Juan Romero Pardines | Files touched by this commit (1) |
Log message:
s,/var,${VARBASE},g
|