pkgsrc/www/apache/distinfo

$NetBSD: distinfo,v 1.58 2008/02/23 05:16:33 obache Exp $

SHA1 (apache_1.3.41.tar.gz) = 3bbd4c4bc648e6ad5b696bb83420533f4d23daf8
RMD160 (apache_1.3.41.tar.gz) = 74786c65c143af123f1d13e9d93dd5ff07e9a201
Size (apache_1.3.41.tar.gz) = 2483180 bytes
SHA1 (mod_ssl-2.8.31-1.3.41.tar.gz) = f2d2210041332fc1d4b7243a856d4d81f961d306
RMD160 (mod_ssl-2.8.31-1.3.41.tar.gz) = c3083c29710c4537ca8c79ddd8c1992eb95cbfee
Size (mod_ssl-2.8.31-1.3.41.tar.gz) = 820067 bytes
SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658
RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa
Size (sitedrivenby.gif) = 8519 bytes
SHA1 (patch-aa) = 54c32338f0dd6f37f28e3ef37b26d2867f90280d
SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802
SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c
SHA1 (patch-ad) = c02cd1af3c4b5e0d49aaa7f0eff20a8d76a633aa
SHA1 (patch-ae) = 1654cdaa58622b7572ab9190928854e80e8c88c7
SHA1 (patch-af) = 4eb5041f2ae8f1d434abbcab416d25739a0979e8
SHA1 (patch-ag) = e29d1d4934a7490e9c51e338375d4d1cc9e93304
SHA1 (patch-ah) = 7c7ad1c09a1c849129313bb272106a1dcd2abf7b
SHA1 (patch-ai) = 80e35b111e3cbdebf5dc7a8265f454caab791f50
SHA1 (patch-aj) = ac7337b51d7d4ca25cef4020961736404ec79f01
SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a
SHA1 (patch-al) = aa6add3b91ee87846dd9cbbe5fd563b606fdcfb8
SHA1 (patch-am) = 76bbb4ae3a8cce666bf91fb605f72572350f23a1
SHA1 (patch-an) = 45a5bf946628b1e1b2e60c217214965390f7b3d7
SHA1 (patch-ao) = 96b97e1faf6828a6880c39eb246d07c4a56bfe12
SHA1 (patch-aq) = 1fda54aae47edb675549095adac2eb0378d1f60c
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			$NetBSD: distinfo,v 1.58 2008/02/23 05:16:33 obache Exp $
Add package patch checksum files. 1999-07-09 16:22:59 +02:00
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`SHA1 (apache_1.3.41.tar.gz) = 3bbd4c4bc648e6ad5b696bb83420533f4d23daf8`
			`RMD160 (apache_1.3.41.tar.gz) = 74786c65c143af123f1d13e9d93dd5ff07e9a201`
			`Size (apache_1.3.41.tar.gz) = 2483180 bytes`
			`SHA1 (mod_ssl-2.8.31-1.3.41.tar.gz) = f2d2210041332fc1d4b7243a856d4d81f961d306`
			`RMD160 (mod_ssl-2.8.31-1.3.41.tar.gz) = c3083c29710c4537ca8c79ddd8c1992eb95cbfee`
			`Size (mod_ssl-2.8.31-1.3.41.tar.gz) = 820067 bytes`
Move to sha1 digests, and add distfile sizes. 2001-04-20 14:02:30 +02:00			`SHA1 (sitedrivenby.gif) = 7671e9a8ec2cad3961b268befd33c0920e07c658`
Add RMD160 checksums. 2005-02-24 15:08:26 +01:00			`RMD160 (sitedrivenby.gif) = 2e350e6531a800da8796207509c12fb590d0affa`
Move to sha1 digests, and add distfile sizes. 2001-04-20 14:02:30 +02:00			`Size (sitedrivenby.gif) = 8519 bytes`
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`SHA1 (patch-aa) = 54c32338f0dd6f37f28e3ef37b26d2867f90280d`
Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. 2004-10-29 15:48:31 +02:00			`SHA1 (patch-ab) = 084d52bb2afbacf18b9d0793293d8ae333c67802`
			`SHA1 (patch-ac) = b961c90a58a94f48daff417af146df98d5ec428c`
			`SHA1 (patch-ad) = c02cd1af3c4b5e0d49aaa7f0eff20a8d76a633aa`
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`SHA1 (patch-ae) = 1654cdaa58622b7572ab9190928854e80e8c88c7`
			`SHA1 (patch-af) = 4eb5041f2ae8f1d434abbcab416d25739a0979e8`
			`SHA1 (patch-ag) = e29d1d4934a7490e9c51e338375d4d1cc9e93304`
			`SHA1 (patch-ah) = 7c7ad1c09a1c849129313bb272106a1dcd2abf7b`
			`SHA1 (patch-ai) = 80e35b111e3cbdebf5dc7a8265f454caab791f50`
Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. 2004-10-29 15:48:31 +02:00			`SHA1 (patch-aj) = ac7337b51d7d4ca25cef4020961736404ec79f01`
Pass the DL_* flags to the compiler when building httpd so that dlopen will work correctly on NetBSD-2.x. This should fix PR pkg/29398. 2004-11-26 19:52:47 +01:00			`SHA1 (patch-ak) = 1be52fb5fca6c05c7cf489de541e0d52383ee43a`
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`SHA1 (patch-al) = aa6add3b91ee87846dd9cbbe5fd563b606fdcfb8`
			`SHA1 (patch-am) = 76bbb4ae3a8cce666bf91fb605f72572350f23a1`
Be sure we actually use the db stuff as set up by bdb.buildlink3.mk. This fixes a long standing build failure on SunOS-5.9/sparc and does not seem to break things on NetBSD. 2007-10-07 22:49:57 +02:00			`SHA1 (patch-an) = 45a5bf946628b1e1b2e60c217214965390f7b3d7`
Update apache to 1.3.41. Changes with Apache 1.3.41 ) SECURITY: CVE-2007-6388 (cve.mitre.org) mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason. [Mark Cox] Changes with Apache 1.3.40 (not released) ) SECURITY: CVE-2007-5000 (cve.mitre.org) mod_imap: Fix cross-site scripting issue. Reported by JPCERT. [Joe Orton] ) SECURITY: CVE-2007-3847 (cve.mitre.org) mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms. [Jeff Trawick] ) More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus "Bad pid" errors. [Jim Jagielski, Jeff Trawick] Changes with Apache 1.3.39 ) SECURITY: CVE-2006-5752 (cve.mitre.org) mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton] ) SECURITY: CVE-2007-3304 (cve.mitre.org) Ensure that the parent process cannot be forced to kill non-child processes by checking scoreboard PID data with parent process privately stored PID data. [Jim Jagielski] *) mime.types: Many updates to sync with IANA registry and common unregistered types that the owners refuse to register. Admins are encouraged to update their installed mime.types file. pr: 35550, 37798, 39317, 31483 [Roy T. Fielding] There was no Apache 1.3.38 2008-02-23 06:16:33 +01:00			`SHA1 (patch-ao) = 96b97e1faf6828a6880c39eb246d07c4a56bfe12`
			`SHA1 (patch-aq) = 1fda54aae47edb675549095adac2eb0378d1f60c`