2008-07-10 17:18:23 by Joerg Sonnenberger | Files touched by this commit (2) |
Log message:
Fix abs_srcdir definition as done in apache22. Also install
mkdir.sh as expected e.g. by www/ap2-fcgid. Bump revision.
|
2008-06-23 01:01:19 by Havard Eidnes | Files touched by this commit (3) |
Log message:
As indicated by comments on pkgsrc-c, move PKGREVISION setting to
individual Makefile files and out of Makefile.common.
|
2008-06-20 15:28:08 by Havard Eidnes | Files touched by this commit (3) |
Log message:
Apply the patch for CVE-2008-2364 from apache.
Bump pkg revision.
|
2008-05-26 04:13:26 by Joerg Sonnenberger | Files touched by this commit (274) |
Log message:
Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
2008-04-13 00:43:15 by Johnny C. Lam | Files touched by this commit (370) |
Log message:
Convert to use PLIST_VARS instead of manually passing "@comment "
through PLIST_SUBST to the plist module.
|
2008-01-21 15:38:29 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Add comment that this file is used by devel/apr0/Makefile detected
by pkglint.
|
2008-01-21 15:37:22 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update apache package to 2.0.63.
Changes with Apache 2.0.63
*) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
to /Device/Nul as the server is starting up, mirroring unix MPM's.
PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
*) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
by recreating the bucket allocator each time the trans pool is cleared.
PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
Changes with Apache 2.0.62 (not released)
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox, Joe Orton]
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) Introduce the ProxyFtpDirCharset directive, allowing the administrator
to identify a default, or specific servers or paths which list their
contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
*) log.c: Ensure Win32 resurrects its lost robust logger processes.
[William Rowe]
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
shutdown of the server when the MaxClients is higher then 257,
in a more responsive manner [Mladen Turk, William Rowe]
*) Add explicit charset to the output of various modules to work around
possible cross-site scripting flaws affecting web browsers that do not
derive the response character set as required by RFC2616. One of these
reported by SecurityReason [Joe Orton]
*) http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings. [Jeff Trawick]
*) http_protocol: Escape request method in 413 error reporting.
Determined to be not generally exploitable, but a flaw in any case.
PR 44014 [Victor Stinner <victor.stinner inl.fr>]
|
2008-01-21 15:30:01 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
Start update of apr0 pacakge to 0.9.17 and apache2 package to 2.0.63.
cvs: ----------------------------------------------------------------------
|
2008-01-18 06:10:07 by Tobias Nygren | Files touched by this commit (245) |
Log message:
Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
2008-01-12 12:36:33 by Adam Ciarcinski | Files touched by this commit (40) | |
Log message:
db4 update related revision bump
|