config.layout file instead of CONFIGURE_ARGS, to avoid defining things
twice. No actual change, since the paths are still the same.
Added all necessary variables to BUILD_DEFS, as reported by pkglint.
to version 2.0.59. Changes since *2.0.58:
- SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
Change behaviour of APACHE_MODULES and DFLT_APACHE_MODULES
If you do not define APACHE_MODULES this change will not impact you, the
default behaviour of the package modules has not been changed.
The new functionality is as follows:
1) If you need to add an additional module to be installed with apache
you would use:
APACHE_MODULES+= spelling
This would include mod_spelling as a static module in addition to the
default modules installed.
2) If you need a highly customised version of apache and would like to
explicitly list which modules are installed by default you would use:
APACHE_MODULES= spelling access auth include env autoindex
This would install _only_ the listed modules as static modules with
apache.
If you use APACHE_MODULES= please read the apache documentation at:
http://httpd.apache.org/docs/2.0/
To determine which modules you will need to install to get the level
of functionality you require. By default when using APACHE_MODULES=
apache only includes with the following static modules:
core.c
prefork.c
http_core.c
mod_so.c
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
- Fix crash in apr_dir_make_recursive() for relative path
when the working directory has been deleted. [Joe Orton]
- Win32: fix apr_proc_mutex_trylock() to handle WAIT_TIMEOUT,
returning APR_EBUSY. [Ronen Mizrahi <ronen@tversity.com>]
- Fix apr_file_read() to catch write failures when flushing pending
writes for a buffered file. [Joe Orton]
- Fix apr_file_write() infinite loop on write failure for buffered
files. [Erik Huelsmann <ehuels gmail.com>]
- Fix error handling where apr_uid_* and apr_gid_* could segfault
or return APR_SUCCESS in failure cases. PR 34053. [Joe Orton,
Paul Querna]
- Refactor Win32 condition variables code to address bugs 27654, 34336.
[Henry Jen <henryjen ztune.net>, E Holyat <eholyat yahoo.com>]
- Support APR_SO_SNDBUF and APR_SO_RCVBUF on Windows. PR 32177.
[Sim <sgobbi datamanagement.it>, Jeff Trawick]
- Fix detection of rwlocks on Mac OS X. [Aaron Bannert]
- Fix issue with poll() followed by net I/O yielding EAGAIN on
Mac OS 10.4 (Darwin 8). [Wilfredo Sanchez]
Update based on patches supplied by Ben Collver. Addresses first part
of PR pkg/31817 by Zafer Aydogan.
package now, and this header file is only directly used by apr itself,
hidden from httpd. (Clarifies bug 36750 that I have on file with Apache
Bugzilla.)
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
for revisions for a single package. I don't think this "suexec"
PKGREVISION was meant for the apr package, but since it was used
it is now there.
I noticed this problem when building wip/apachebench2 which has
nothing to do with suexec. Although, I did not make this change
for pkgsrc-wip's wip/apachebench2 since this is a work in progress.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
*) mod_cache: Add CacheIgnoreHeaders directive.
*) mod_ldap: Added the directive LDAPConnectionTimeout to configure
the ldap socket connection timeout value.
*) Correctly export all mod_dav public functions.
*) Add a build script to create a solaris package.
*) worker MPM: Fix a problem which could cause httpd processes to
remain active after shutdown.
*) Unix MPMs: Shut down the server more quickly when child processes are
slow to exit.
*) Remove formatting characters from ap_log_error() calls. These
were escaped as fallout from CAN-2003-0020.
*) mod_ssl: If SSLUsername is used, set r->user earlier.
*) htdigest: Fix permissions of created files.
*) core_input_filter: Move buckets to a persistent brigade instead of
creating a new brigade. This stop a memory leak when proxying a
Streaming Media Server.
*) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
hiccups from additional path information passed in non-utf-8 format.
