Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
Redo the check for incomplete packages by annotating which meta data
field are required and count which were found during reading the binary
package. The original approach didn't work as loads from pkgdb are
reduced to the minimal set.
DansGuardian is a web content filtering proxy for Linux, FreeBSD, OpenBSD,
and Solaris. It relies on a proxy server, for all fetching. The preferred
proxy is Squid, however, DansGuardian should work with any proxy server.
"ncurses" option. "wide-curses" now just toggles whether we use
wide or narrow curses, which is a much simpler knob for users.
Bump the PKGREVISION to 2.
"ncurses" option. "wide-curses" now just toggles whether we use
wide or narrow curses, which is a much simpler knob for users.
Bump the PKGREVISION to 1.
Free libarchive's side of the package before closing the file descriptor.
This stops leaking up to 1MB / package when using bzip2 and addresses
PR 38082. Check that at least +COMMENTS, +CONTENTS and +DESC can be
extracted, otherwise skip the entry. This stops pkg_info -X from dumping
core on non-package files.
Based on PR 35543 by Kevin Sullivan, modify to adapt to recent emul framework.
This package supports running ELF binaries linked with glibc2 that
require kerberos shared libraries.
including inplace.mk causes a PIC version of libnbcompat to be built
alongside the regular static libnbcompat.
This will be used to extend the features framework in two ways:
1) Support linking features into shared modules
2) Ability to cherry-pick individual objects to link from the libnbcompat
build directory rather than linking the whole archive.
On IRIX, getopt.h is expected to provide extern declarations of optind
et al. (Not unistd.h) Do it here since we shadow the system header.
Part of PR pkg/38054
"ncurses" option. "wide-curses" now just toggles whether we use
wide or narrow curses, which is a much simpler knob for users.
Bump the PKGREVISION to 5.
under NetBSD-current without actually needing ncursesw.
+ It's not necessary to use ncurses for narrow curses support. The native
BSD curses on NetBSD is enough.
+ Add full DESTDIR support.
Bump the PKGREVISION to 1.
under NetBSD-current without actually needing ncursesw.
+ Only make "wide-curses" an available option on platforms that have the
necessary wide-character support. It turns out NetBSD-3.x is not one
of them.
+ Use a less patchy way to turn -ldb into -ldb3 by letting the wrappers
do it.
+ Add full DESTDIR support.
Bump the PKGREVISION to 6.
The key changes are that users will now quit faster (e.g. in netsplits, glines, etc)
K|G|Z|E:Line can now also be used on a nickname - e.g. /zline w00t 1d :foo would place an IP ban on my IP for one day.
A low risk crash with m_invisible and m_watch was also fixed.
Other miscellaneous fixes are also included
