Path to this page:
Subject: CVS commit: [pkgsrc-2011Q2] pkgsrc/www/apache22
From: Matthias Scheler
Date: 2011-09-14 20:03:18
Message id: 20110914180318.F0DD5175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3526 - requested by taca
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.68-1.70
- www/apache22/distinfo 1.40-1.42
- www/apache22/patches/patch-CVE-2011-3192 deleted
- www/apache22/patches/patch-lock.c 1.1
- www/apache22/patches/patch-repos.c 1.1
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 31 12:52:45 UTC 2011
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-CVE-2011-3192
Log Message:
Update "apache22" package to version 2.2.20. Changes since version \
2.2.19:
- mod_authnz_ldap: If the LDAP server returns constraint violation,
don't treat this as an error but as "auth denied". [Stefan Fritsch]
- mod_filter: Fix FilterProvider conditions of type "resp=" (response
headers) for CGI. [Joe Orton, Rainer Jung]
- mod_reqtimeout: Fix a timed out connection going into the keep-alive
state after a timeout when discarding a request body. Bug 51103.
[Stefan Fritsch]
- core: Do the hook sorting earlier so that the hooks are properly sorted
for the pre_config hook and during parsing the config. [Stefan Fritsch]
---
Module Name: pkgsrc
Committed By: sborrill
Date: Mon Sep 12 17:18:46 UTC 2011
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-lock.c patch-repos.c
Log Message:
Atomically create files when using DAV to stop files being deleted on error
From:
https://issues.apache.org/bugzilla/show_bug.cgi?id=39815
Bump PKGREVISION.
OK tron@
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 14 07:10:21 UTC 2011
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Log Message:
Update apahce22 package to 2.2.21.
Quote from release announce:
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.2.21 of the Apache HTTP
Server ("Apache"). This version of Apache is principally a security
and bug fix release:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
unrecognized HTTP methods from marking ajp: balancer members
in an error state, avoiding denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use
less memory, to avoid denial of service. This patch includes fixes
to the patch introduced in release 2.2.20 for protocol compliance,
as well as the MaxRanges directive.
Note the further advisories on the state of CVE-2011-3192 will no longer
be broadcast, but will be kept up to date at;
http://httpd.apache.org/security/CVE-2011-3192.txt
We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
Files: