Navigation:
Browse pkgsrc
(this page)
www apache2
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] 2014-06-10 17:22:19 by Joerg Sonnenberger | Files touched by this commit (239) |  |
Log message: Retire Apache 1.3 and 2.0. |
| 2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049) |
Log message: Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time. |
| 2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350) |
Log message: Remove example rc.d scripts from PLISTs. These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or ignored otherwise. |
| 2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568) |
Log message: Recursive PKGREVISION bump for OpenSSL API version bump. |
| 2013-12-12 13:24:48 by Jonathan Perkin | Files touched by this commit (3) |
Log message: When recursively chowning, ensure the -P flag is specified. This is default on BSD but not on strict POSIX implementations, leading to failures when building as an unprivileged user in the presence of symlinks. Fixes recent breakage on SunOS when the '-h' flag was removed for MirBSD. |
| 2013-12-03 22:18:36 by Benny Siegert | Files touched by this commit (3) |
Log message: Remove -h from the chown commands in post-install. The chown manpage (on MirBSD) says: "The -R and -h options are mutually exclusive." |
2013-12-01 11:18:04 by Ryo ONODERA | Files touched by this commit (32) |  |
Log message: Revbump from devel/apr update |
| 2013-08-04 04:45:42 by OBATA Akio | Files touched by this commit (3) |
Log message:
Update apache2 to 2.0.65.
Changes with Apache 2.0.65
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. [Eric Covener, Jeff Trawick, Joe Orton]
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
to cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
bug#51714. [Jeff Trawick, Stefan Fritsch, Jim Jagielski, Ruediger Pluem,
Eric Covener, <lowprio20 gmail.com>]
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
NOTE: it remains possible to exhaust all memory using a carefully
crafted .htaccess rule, which will not be addressed in 2.0; enabling
processing of .htaccess files authored by untrusted users is the root
of such security risks. Upgrade to httpd 2.2.25 or later to limit
this specific risk.
*) core: Add MaxRanges directive to control the number of ranges permitted
before returning the entire resource, with a default limit of 200.
[Eric Covener, Rainer Jung]
*) Set 'Accept-Ranges: none' in the case Ranges are being ignored with
MaxRanges none. [Eric Covener, Rainer Jung]
*) mod_rewrite: Allow merging RewriteBase down to subdirectories
if new option 'RewriteOptions MergeBase' is configured.
[Eric Covener]
*) mod_rewrite: Fix the RewriteEngine directive to work within a
location. Previously, once RewriteEngine was switched on globally,
it was impossible to switch off. [Graham Leggett]
*) mod_rewrite: Add "AllowAnyURI" option. bug#52774. [Joe Orton]
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. bug#54893. [Rainer Jung]
*) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
OpenSSL 0.9.7 flag which uses the server's cipher order rather
than the client's. bug#28665.
[Jim Schneider <jschneid netilla.com>]
*) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
including multiple INCLUDES filters. bug#39369 [Joe Orton]
*) mod_rewrite: When evaluating a proxy rule in directory context, do
escape the filename by default. bug#46428 [Joe Orton]
*) Improve platform detection for bundled PCRE by updating config.guess
and config.sub. [Rainer Jung]
*) ssl-std.conf: Disable AECDH ciphers in example config. bug#51363.
[Rob Stradling <rob comodo com>]
*) ssl-std.conf: Change the SSLCipherSuite default to a shorter,
whitelist oriented definition. [Rainer Jung, Kaspar Brand]
*) ssl-std.conf: Only select old MSIE browsers for the downgrade
in http/https behavior. [Greg Stein, Stefan Fritsch]
|
New packages: