kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache/distinfo

23 lines
1.2 KiB
Text
Raw Normal View History

Use "mod_ssl-2.8.19" sources for SSL hooks, bump package revision.
2004-07-17 14:44:28 +02:00
$NetBSD: distinfo,v 1.36 2004/07/17 12:44:28 tron Exp $
Add package patch checksum files.
1999-07-09 16:22:59 +02:00
Update apache package to 1.3.31. Apache 1.3.31 Major changes Security vulnerabilities * CAN-2003-0987 (cve.mitre.org) In mod_digest, verify whether the nonce returned in the client response is one we issued ourselves. This problem does not affect mod_auth_digest. * CAN-2003-0020 (cve.mitre.org) Escape arbitrary data before writing into the errorlog. * CAN-2004-0174 (cve.mitre.org) Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. * CAN-2003-0993 (cve.mitre.org) Fix parsing of Allow/Deny rules using IP addresses without a netmask; issue is only known to affect big-endian 64-bit platforms New features New features that relate to specific platforms: * Linux 2.4+: If Apache is started as root and you code CoreDumpDirectory, core dumps are enabled via the prctl() syscall. New features that relate to all platforms: * Add mod_whatkilledus and mod_backtrace (experimental) for reporting diagnostic information after a child process crash. * Add fatal exception hook for running diagnostic code after a crash. * Forensic logging module added (mod_log_forensic) * '%X' is now accepted as an alias for '%c' in the LogFormat directive. This allows you to configure logging to still log the connection status even with mod_ssl Bugs fixed The following noteworthy bugs were found in Apache 1.3.29 (or earlier) and have been fixed in Apache 1.3.31: * Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. * mod_usertrack no longer inspects the Cookie2 header for the cookie name. It also no longer overwrites other cookies. * Fix bug causing core dump when using CookieTracking without specifying a CookieName directly. * UseCanonicalName off was ignoring the client provided port information.
2004-05-13 13:39:09 +02:00
SHA1 (apache_1.3.31.tar.gz) = a5d4298e8f99cae220ba65b5ef128d5742c7298d
Size (apache_1.3.31.tar.gz) = 2467371 bytes
Move to sha1 digests, and add distfile sizes.
2001-04-20 14:02:30 +02:00
SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
Size (sitedrivenby.gif) = 8519 bytes
Use "mod_ssl-2.8.19" sources for SSL hooks, bump package revision.
2004-07-17 14:44:28 +02:00
SHA1 (mod_ssl-2.8.19-1.3.31.tar.gz) = aa6ecb4a87fffc99dad6f78845d4c660c741a9d0
Size (mod_ssl-2.8.19-1.3.31.tar.gz) = 754277 bytes
Regenerate patch-aa to obtain correct offsets so this works with Linux 'patch'. No functional change (other than building again on Linux)
2004-05-13 23:21:27 +02:00
SHA1 (patch-aa) = 3a655678f5e99769f27fca06a8279b14a8e8e8be
Update apache to 1.3.19nb1. Changes from 1.3.19 include using mod_ssl 2.8.2 patches and more thorough use of APACHE_SYSCONFDIR setting.
2001-04-29 22:42:28 +02:00
SHA1 (patch-ab) = 71ea1f3a59e0f7bc37175b0eefd462a1f7ca4fb6
Update apache to 1.3.20. Relevant changes from version 1.3.19 include: NetBSD Packages Collection (pkgsrc) changes: * Modify French page in same way as the English page. Translation provided by Remi Zara <remi_zara@mac.com> in private e-mail. * Use EAPI patches from mod_ssl-2.8.4-1.3.20. * Unify repeated SED replacement info for config.layout, apache.sh, DEINSTALL, and INSTALL into one location, FILES_SUBST. * Modify patch to apxs to use 0:0 instead of root:wheel, as some non-NetBSD systems don't have a wheel group. The general bug fixes: * Eliminate a potential segfault if an invalid floating point value is passed to the ap_snprintf() function, on platforms supporting isnan() and isinf(). * Fix a possible segfault at startup in the detection of a default ServerName or IP string when no ServerName was specified. * Fixed mod_proxy to retain empty headers, as allowed by RFC2068. * Properly resolve the location of ndbm on Linux and some glibc2 builds, where ndbm.h is in the nonstandard db1/ subdir. The main new features include: * Enhanced rotatelogs to allow a UTC offset to be specified, and the format logfile names with human-readable date/time stamps. * Added the NOESCAPE (NS) flag to RewriteRule, to disable *all* normal URI escaping. Note incautious use can give unexpected results or introduce security risks. * Added the '\' character to RewriteRule to allow escaping of special characters. Allows embedding of both the '$' and '%' characters in the results, so 'foo\$1' translates to 'foo$1' rather than 'foo\<value of $1>'. * Added the -V flag to suexec, to display the compile-time settings with which it was built. (Only valid for root or the HTTPD_USER username.) * Introduced EBCDIC conversion configuration options, controlling the conversion based on MIME type or file suffix.
2001-06-09 08:36:42 +02:00
SHA1 (patch-ac) = 12347c7a306d3e898b032c2b4b3b01670b62d4fd
Update apache to 1.3.19. The pkgsrc-related changes include adding a config.layout file instead of specifying every directory as on option to the Apache configure script. This layout file might be useful later when we package Apache 2.x. I also reordered a few lines so that it's easier to diff apache/Makefile and apache6/Makefile (hi itojun!). Also build the mod_define shared module from the mod_ssl sources. Relevant changes from version 1.3.17.1 include: *) Rewrite ap_unparse_uri_components() to make it safer and more readable *) Under certain circumstances, Apache did not supply the right response headers when requiring authentication. *) Clean up some end-of-loop not reached warnings *) Add the correct language tag for interoperation with the Taiwanese versions of MSIE and Netscape. *) Workaround enabled for a core dump which appeared in broken NameVirtualHost configurations. *) Sporadic core dump in ap_default_port_for_scheme() with internal requests *) SECURITY: The default installation could lead to mod_negotiation and mod_dir/mod_autoindex displaying a directory listing instead of the index.html.* files, if a very long path was created artificially by using many slashes. Now a 403 FORBIDDEN is returned. *) Trailing slashes (if they exist) are now removed from ServerRoot, because there were known problems with them. *) TPF startup/shutdown fixes. *) Correct a typo in httpd.conf. *) Get the correct IP address if ServerName isn't set and we can't find a fully-qualified domain name at startup. *) Fix pointer arithmetic in mod_rewrite map expansion. *) Fixed a problem with file extensions being truncated during the call to ap_os_canonical_filename().
2001-03-13 21:52:26 +01:00
SHA1 (patch-ad) = 79e9b2adb23e412195f0382b30b56496af735297
Update apache to 1.3.22. Relevant changes from version 1.3.20 include using the pkgsrc expat library instead of the builtin one (this is to avoid conflicts between expat libraries when an expat XML parser is loaded by either mod_perl or mod_php), and: Security vulnerabilities * A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to. * A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERY_STRING of M=D could return a directory listing rather than the expected index page. General bug fixes and improvements * Bug fixes * The supplied icons are now also distributed in PNG format * New directives have been added to the mod_usertrack module, The first, CookieDomain, can be used to customise the Domain attribute. * A new directive, AcceptMutex, allows run-time configuration of the mutex type used for accept serialization. * mod_auth has been enhanced to allow access to a document to be controlled based on the owner of the file being served. * A new directive, AcceptFilter, has been added to control BSD accept filters at run-time. The functionality can postpone the requirement for a child process to handle a new connection until an HTTP request has arrived, therefore increasing the number of connections that a given number of child processes can handle
2001-10-17 21:17:00 +02:00
SHA1 (patch-ae) = 037e24a3019025f031172af0102f043ddf2f0556
Update apache to 1.3.23 with the EAPI patch from mod_ssl-2.8.6-1.3.23. The main new features in 1.3.23 (compared to 1.3.22) are: * HTTP/1.1 support for mod_proxy. * Other mod_proxy improvements. * The new 'FileETag' directive to allow one to build the format of the ETag via runtime directives. * Addition of a 'filter callback' function to enable modules to intercept the output byte stream for dynamic page caching. The following bugs were found in Apache 1.3.22 and have been fixed in Apache 1.3.23: * Fix incorrect "Content-Length" header in the 416 response. * Revert mod_negotation's handling of path_info and query_args to the 1.3.20 behavior (PRs: 8628, 8582, 8538). * Prevent an Apache module from being loaded or added twice due to duplicate LoadModule or AddModule directives.
2002-02-01 17:04:39 +01:00
SHA1 (patch-af) = 4b4450ceede5c803023eef41c63a2058e7577821
SHA1 (patch-ag) = f1cc9b833afd87b42aac99431d696f3780762bab
Update apache to 1.3.19. The pkgsrc-related changes include adding a config.layout file instead of specifying every directory as on option to the Apache configure script. This layout file might be useful later when we package Apache 2.x. I also reordered a few lines so that it's easier to diff apache/Makefile and apache6/Makefile (hi itojun!). Also build the mod_define shared module from the mod_ssl sources. Relevant changes from version 1.3.17.1 include: *) Rewrite ap_unparse_uri_components() to make it safer and more readable *) Under certain circumstances, Apache did not supply the right response headers when requiring authentication. *) Clean up some end-of-loop not reached warnings *) Add the correct language tag for interoperation with the Taiwanese versions of MSIE and Netscape. *) Workaround enabled for a core dump which appeared in broken NameVirtualHost configurations. *) Sporadic core dump in ap_default_port_for_scheme() with internal requests *) SECURITY: The default installation could lead to mod_negotiation and mod_dir/mod_autoindex displaying a directory listing instead of the index.html.* files, if a very long path was created artificially by using many slashes. Now a 403 FORBIDDEN is returned. *) Trailing slashes (if they exist) are now removed from ServerRoot, because there were known problems with them. *) TPF startup/shutdown fixes. *) Correct a typo in httpd.conf. *) Get the correct IP address if ServerName isn't set and we can't find a fully-qualified domain name at startup. *) Fix pointer arithmetic in mod_rewrite map expansion. *) Fixed a problem with file extensions being truncated during the call to ap_os_canonical_filename().
2001-03-13 21:52:26 +01:00
SHA1 (patch-ah) = 553f8f2bf4bf7278adb46ff8749be154f10e39d3
Update www/apache to 1.3.24 with EAPI patch from mod_ssl-2.8.8-1.3.24. Relevant changes from version 1.3.23 include: * Prevent invalid client hostnames from appearing in the log file. * Various mod_proxy improvements, such as the new ProxyIOBufferSize directive. * The new ''IgnoreCase' keyword to the IndexOptions directive. * mod_rewrite's 'rnd' was broken and has been fixed. * The '-S' option of 'apxs' was not able to handle quotes; also 'apxs' is now rebuilt when options are changed. * proxy now correctly handles Cookies and X-Cache headers. * Fixed a problem in TPF when we were using the wrong subpool when opening the error log. * pthread accept() mutexes on Solaris were broken (since we were not linking against pthread)
2002-04-02 16:13:01 +02:00
SHA1 (patch-ai) = 08a27cd408c409a9f94b9b8579aeec2c40ea86dc
Update apache to 1.3.22. Relevant changes from version 1.3.20 include using the pkgsrc expat library instead of the builtin one (this is to avoid conflicts between expat libraries when an expat XML parser is loaded by either mod_perl or mod_php), and: Security vulnerabilities * A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to. * A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERY_STRING of M=D could return a directory listing rather than the expected index page. General bug fixes and improvements * Bug fixes * The supplied icons are now also distributed in PNG format * New directives have been added to the mod_usertrack module, The first, CookieDomain, can be used to customise the Domain attribute. * A new directive, AcceptMutex, allows run-time configuration of the mutex type used for accept serialization. * mod_auth has been enhanced to allow access to a document to be controlled based on the owner of the file being served. * A new directive, AcceptFilter, has been added to control BSD accept filters at run-time. The functionality can postpone the requirement for a child process to handle a new connection until an HTTP request has arrived, therefore increasing the number of connections that a given number of child processes can handle
2001-10-17 21:17:00 +02:00
SHA1 (patch-aj) = 1cdd2f010d381ec9c13f59b31caab7d1f6f63100
Update apache{,6} to 1.3.20nb1. Changes from version 1.3.20 are: On NetBSD, we need to link libgcc.a whole-archive so that certain symbols from the C++ implementation (__get_eh_context, etc.) referenced by DSOs written in C++ will resolve correctly. This makes php4-sablot work with mod_php4.so (from ap-php4) on ELF platforms when loaded by Apache's httpd.
2001-10-16 06:11:06 +02:00
SHA1 (patch-ak) = 8f790a692ed9b2dd6943be43fa1cf7629c673955
Update www/apache to 1.3.23nb1. Changes from version 1.3.23 include using the EAPI patches from modssl-2.8.7-1.3.23. Also, link against the MM Shared Memory library (devel/libmm) to provide shared memory support in Apache/EAPI. For example, this allows mod_ssl to use a high-performance RAM-based session cache instead of a disk-based one.
2002-02-28 06:45:33 +01:00
SHA1 (patch-al) = a27b9676998621229dc3a1d920ea44b8e622feb2
Fix build on arm-elf.
2002-03-28 18:17:08 +01:00
SHA1 (patch-am) = d05f7c30b73c0e90daf17d9d1c4838be7fd73b02
- Add share/httpd/htdocs/index.html.lb.utf8 to PLIST. - Prevent chown whole files under ${PREFIX}/share/httpd.
2002-06-20 19:12:36 +02:00
SHA1 (patch-ao) = 5930f9ea0f5080b260a6e0c66a37c6d1ad0df4d4
Reference in a new issue Copy permalink