pkgsrc/www/apache/distinfo

$NetBSD: distinfo,v 1.57 2007/10/07 20:49:57 dmcmahill Exp $

SHA1 (apache_1.3.37.tar.gz) = b422fac1dda10baa483e8f4378dff58faf3f85b4
RMD160 (apache_1.3.37.tar.gz) = de84adf2fd0a745c32072ca5dc5e1374cfcf04f7
Size (apache_1.3.37.tar.gz) = 2665370 bytes
SHA1 (mod_ssl-2.8.28-1.3.37.tar.gz) = 9db2a7240e499da2b99d0df9c1a6fbae0580ba0b
RMD160 (mod_ssl-2.8.28-1.3.37.tar.gz) = 6b12c0a52fe0fbb7b91221d1cb37f93fbe59bb11
Size (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417 bytes
SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa
Size (sitedrivenby.gif) = 8519 bytes
SHA1 (patch-aa) = 28302d0f95ff345fb9c4cc3306e910bfaca82cef
SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802
SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c
SHA1 (patch-ad) = c02cd1af3c4b5e0d49aaa7f0eff20a8d76a633aa
SHA1 (patch-ae) = 59318dd3376b10b84c0126d90f4b244a18268791
SHA1 (patch-af) = 55b27779b63cd86d3aef5b700c13600f0d840554
SHA1 (patch-ag) = 0c075960215e55525ffee15c381b82775614a2d2
SHA1 (patch-ah) = 1db5811a74ecadb5f8db2d74483f95c537b9c18d
SHA1 (patch-ai) = e2e48f48bec8cba85345e31541d4e4ddcc30e799
SHA1 (patch-aj) = ac7337b51d7d4ca25cef4020961736404ec79f01
SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a
SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1
SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0
SHA1 (patch-an) = 45a5bf946628b1e1b2e60c217214965390f7b3d7
SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29
SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178
SHA1 (patch-ar) = 882ad0cf40e3f6ebfcf8a210e0ac5e6f7e707909
SHA1 (patch-as) = 404167a7449f2e5b90d5035ced9c838942f08555
Be sure we actually use the db stuff as set up by bdb.buildlink3.mk. This fixes a long standing build failure on SunOS-5.9/sparc and does not seem to break things on NetBSD. 2007-10-07 22:49:57 +02:00			$NetBSD: distinfo,v 1.57 2007/10/07 20:49:57 dmcmahill Exp $
Add package patch checksum files. 1999-07-09 16:22:59 +02:00
Update to 1.3.37: Changes with Apache 1.3.37 *) SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee. [Mark Cox] 2006-07-30 13:17:51 +02:00			`SHA1 (apache_1.3.37.tar.gz) = b422fac1dda10baa483e8f4378dff58faf3f85b4`
			`RMD160 (apache_1.3.37.tar.gz) = de84adf2fd0a745c32072ca5dc5e1374cfcf04f7`
			`Size (apache_1.3.37.tar.gz) = 2665370 bytes`
			`SHA1 (mod_ssl-2.8.28-1.3.37.tar.gz) = 9db2a7240e499da2b99d0df9c1a6fbae0580ba0b`
			`RMD160 (mod_ssl-2.8.28-1.3.37.tar.gz) = 6b12c0a52fe0fbb7b91221d1cb37f93fbe59bb11`
			`Size (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417 bytes`
Move to sha1 digests, and add distfile sizes. 2001-04-20 14:02:30 +02:00			`SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658`
Add RMD160 checksums. 2005-02-24 15:08:26 +01:00			`RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa`
Move to sha1 digests, and add distfile sizes. 2001-04-20 14:02:30 +02:00			`Size (sitedrivenby.gif) = 8519 bytes`
Fix config file handling; fix CHECK_PLIST build. Bump PKGREVISION. 2006-02-21 23:44:17 +01:00			`SHA1 (patch-aa) = 28302d0f95ff345fb9c4cc3306e910bfaca82cef`
Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. 2004-10-29 15:48:31 +02:00			`SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802`
			`SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c`
			`SHA1 (patch-ad) = c02cd1af3c4b5e0d49aaa7f0eff20a8d76a633aa`
			`SHA1 (patch-ae) = 59318dd3376b10b84c0126d90f4b244a18268791`
			`SHA1 (patch-af) = 55b27779b63cd86d3aef5b700c13600f0d840554`
			`SHA1 (patch-ag) = 0c075960215e55525ffee15c381b82775614a2d2`
Update apache to apache_1-3.33nb3: Previously rc.d/apache was updated to run stop & start for restart. '/etc/rc.d/apache restart' then picked up startssl if apache was not running, but if apache was running it has a large chance of the start running before the stop completes, leaving no httpd running. Instead, add a restartssl option to apachectl, and use it. 2005-03-01 00:30:48 +01:00			`SHA1 (patch-ah) = 1db5811a74ecadb5f8db2d74483f95c537b9c18d`
Regen after "patch-ai" was changed. (hi salo!) 2004-11-16 09:23:45 +01:00			`SHA1 (patch-ai) = e2e48f48bec8cba85345e31541d4e4ddcc30e799`
Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. 2004-10-29 15:48:31 +02:00			`SHA1 (patch-aj) = ac7337b51d7d4ca25cef4020961736404ec79f01`
Pass the DL_* flags to the compiler when building httpd so that dlopen will work correctly on NetBSD-2.x. This should fix PR pkg/29398. 2004-11-26 19:52:47 +01:00			`SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a`
In patch-al, DragonFly has to be spelled in lower case. 2006-01-09 14:40:34 +01:00			`SHA1 (patch-al) = cdb6d8ecbf418024e8a198ebc9c8f15f259397c1`
Add DragonFly support. (An httpd service was only briefly tested.) 2005-08-22 18:19:00 +02:00			`SHA1 (patch-am) = b8551fca1ec8a62b3b420435479a896a7de1dfe0`
Be sure we actually use the db stuff as set up by bdb.buildlink3.mk. This fixes a long standing build failure on SunOS-5.9/sparc and does not seem to break things on NetBSD. 2007-10-07 22:49:57 +02:00			`SHA1 (patch-an) = 45a5bf946628b1e1b2e60c217214965390f7b3d7`
Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. 2004-10-29 15:48:31 +02:00			`SHA1 (patch-ao) = 9ec5f32b2e9cf4c423b5d819fc76f652b27c6c29`
Fix httpd linkage on DragonFly: -Wl,-E is needed, otherwise ap-php can't use ap_block_alarms. Bump revision. Problem noticed by Justin Sherrill on DragonFly's bugs list. 2006-01-09 01:51:03 +01:00			`SHA1 (patch-aq) = aee36110e604f990a1b017268810a28358c90178`
Description for one patch referred to incorrect issue, the other patch lacked ending semicolons. 2007-06-28 03:24:39 +02:00			`SHA1 (patch-ar) = 882ad0cf40e3f6ebfcf8a210e0ac5e6f7e707909`
			`SHA1 (patch-as) = 404167a7449f2e5b90d5035ced9c838942f08555`