pkgsrc/www/apache2/patches
itojun 1ea2573608 upgrade to 2.0.48
Changes with Apache 2.0.48

  *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
     the AF_UNIX socket used to communicate with the cgid daemon and
     the CGI script.  [Jeff Trawick]
  *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
     mod_rewrite which occurred if one configured a regular expression
     with more than 9 captures.  [André Malo]
  *) mod_include: fix segfault which occured if the filename was not
     set, for example, when processing some error conditions.
     PR 23836.  [Brian Akins <bakins@web.turner.com>, André Malo]
  *) fix the config parser to support <Foo>..</Foo> containers (no
     arguments in the opening tag) supported by httpd 1.3. Without
     this change mod_perl 2.0's <Perl> sections are broken.
     ["Philippe M. Chiasson" <gozer@cpan.org>]
  *) mod_cgid: fix a hash table corruption problem which could
     result in the wrong script being cleaned up at the end of a
     request.  [Jeff Trawick]
  *) Update httpd-*.conf to be clearer in describing the connection
     between AddType and AddEncoding for defining the meaning of
     compressed file extensions. [Roy Fielding]
  *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
     PR 23416.  [André Malo]
  *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
     rewritten request using "proxy:". The code was adding multiple "proxy:"
     fields in the rewritten URI. PR: 13946.
     [Eider Oliveira <eider@bol.com.br>]
  *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
     expires as directed in RFC 2616. [Thomas Castelle tcastelle@generali.fr]
  *) Ensure that ssl-std.conf is generated at configure time, and switch
     to using the expanded config variables to work the same as
     httpd-std.conf PR: 19611
     [Thom May]
  *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
     [Hartmut Keil <Hartmut.Keil@adnovum.ch>]
  *) mod_autoindex: If a directory contains a file listed in the
     DirectoryIndex directive, the folder icon is no longer replaced
     by the icon of that file. PR 9587.
     [David Shane Holden <dpejesh@yahoo.com>]
  *) Fixed mod_usertrack to not get false positive matches on the
     user-tracking cookie's name.  PR 16661.
     [Manni Wood <manniwood@planet-save.com>]
  *) mod_cache: Fix the cache code so that responses can be cached
     if they have an Expires header but no Etag or Last-Modified
     headers. PR 23130.
     [bjorn@exoweb.net]
  *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
     were sent (e.g. with 304 or 204 response codes).  [Astrid Keßler]
  *) Modify ap_get_client_block() to note if it has seen EOS.
     [Justin Erenkrantz]
  *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
     content if the Accept-Encoding header contained only other tokens than
     "gzip" (such as "deflate"). PR 21523.  [Joe Orton, André Malo]
  *) Avoid an infinite recursion, which occured if the name of an included
     config file or directory contained a wildcard character. PR 22194.
     [André Malo]
  *) mod_ssl: Fix a problem setting variables that represent the
     client certificate chain.  PR 21371  [Jeff Trawick]
  *) Unix: Handle permissions settings for flock-based mutexes in
     unixd_set_global|proc_mutex_perms().  Allow the functions to be
     called for any type of mutex.  PR 20312  [Jeff Trawick]
  *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
  *) Fix a misleading message from the some of the threaded MPMs when
     MaxClients has to be lowered due to the setting of ServerLimit.
     [Jeff Trawick]
  *) Lower the severity of the "listener thread didn't exit" message
     to debug, as it is of interest only to developers.  PR 9011
     [Jeff Trawick]
  *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
     [Cliff Woolley, Jean-Jacques Clar]
  *) Install config.nice into the build/ directory to make
     minor version upgrades easier. [Joshua Slive]
  *) Fix mod_deflate so that it does not call deflate() without checking
     first whether it has something to deflate. (Currently this causes
     deflate to generate a fatal error according to the zlib spec.)
     PR 22259. [Stas Bekman]
  *) mod_ssl: Fix FakeBasicAuth for subrequest.  Log an error when an
     identity spoof is encountered.
     [Sander Striker]
  *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
     containing the .htaccess file is requested without a trailing slash.
     PR 20195.  [André Malo]
  *) ab: Overlong credentials given via command line no longer clobber
     the buffer.  [André Malo]
  *) mod_deflate: Don't attempt to hold all of the response until we're
     done.  [Justin Erenkrantz]
  *) Assure that we block properly when reading input bodies with SSL.
     PR 19242.  [David Deaves <David.Deaves@dd.id.au>, William Rowe]
  *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]
  *) mod_ext_filter: Set additional environment variables for use by
     the external filter.  PR 20944.  [Andrew Ho, Jeff Trawick]
  *) Fix buildconf errors when libtool version changes.  [Jeff Trawick]
  *) Remember an authenticated user during internal redirects if the
     redirection target is not access protected and pass it
     to scripts using the REDIRECT_REMOTE_USER environment variable.
     PR 10678, 11602.  [André Malo]
  *) mod_include: Fix a trio of bugs that would cause various unusual
     sequences of parsed bytes to omit portions of the output stream.
     PR 21095. [Ron Park <ronald.park@cnet.com>, André Malo, Cliff Woolley]
  *) Update the header token parsing code to allow LWS between the
     token word and the ':' seperator.  [PR 16520]
     [Kris Verbeeck <kris.verbeeck@advalvas.be>, Nicel KM <mnicel@yahoo.com>]
  *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
     [Joe Schaefer <joe+gmane@sunstarsys.com>]
  *) Added FreeBSD directory layout. PR 21100.
     [Sander Holthaus <info@orangexl.com>, André Malo]
  *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
     response. PR 21085. [Glenn Nielsen <glenn@apache.org>, André Malo]
  *) mod_rewrite: Perform child initialization on the rewrite log lock.
     This fixes a log corruption issue when flock-based serialization
     is used (e.g., FreeBSD).  [Jeff Trawick]
  *) Don't respect the Server header field as set by modules and CGIs.
     As with 1.3, for proxy requests any such field is from the origin
     server; otherwise it will have our server info as controlled by
     the ServerTokens directive.  [Jeff Trawick]
2003-10-28 04:49:32 +00:00
..
patch-aa upgrade to 2.0.48 2003-10-28 04:49:32 +00:00
patch-ad Avoid hardcoding /usr/pkg in patch files. 2003-07-02 17:54:36 +00:00
patch-ag Updated apache2 to 2.0.44 (patch provided by Eric Gillespie in pkg/20086) 2003-01-28 14:21:56 +00:00
patch-ah Merge packages from the buildlink2 branch back into the main trunk that 2002-08-25 21:50:52 +00:00
patch-ak Merge packages from the buildlink2 branch back into the main trunk that 2002-08-25 21:50:52 +00:00
patch-al Updated apache to 2.0.40 2002-08-29 14:12:27 +00:00
patch-am -------------------------------------------------------------------------------- 2002-04-13 21:35:50 +00:00
patch-ar upgrade to apache 2.0.46. fixes two vulnerabilities: 2003-05-29 01:02:27 +00:00