8a40a41e87
Changes with Apache 2.0.43 *) SECURITY: [CAN-2002-0840] HTML-escape the address produced by ap_server_signature() against this cross-site scripting vulnerability exposed by the directive 'UseCanonicalName Off'. Also HTML-escape the SERVER_NAME environment variable for CGI and SSI requests. It's safe to escape as only the '<', '>', and '&' characters are affected, which won't appear in a valid hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>. [Brian Pane] *) Fix a core dump in mod_cache when it attemtped to store uncopyable buckets. This happened, for instance, when a file to be cached contained SSI tags to execute a CGI script (passed as a pipe bucket). [Paul J. Reder] *) Ensure that output already available is flushed to the network when the content-length filter realizes that no new output will be available for a while. This helps some streaming CGIs as well as some other dynamically-generated content. [Jeff Trawick] *) Fix a mutex problem in mod_ssl session cache support which could lead to an infinite loop. PR 12705 [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick] *) SECURITY: Allow POST requests and CGI scripts to work when DAV is enabled on the location. [Ryan Bloom] *) Allow the UserDir directive to accept a list of directories. This matches what Apache 1.3 does. Also add documentation for this feature. [Jay Ball <jay@veggiespam.com>] *) New Module: mod_logio. adds the ability to log bytes sent and received. [Bojan Smojver <bojan@rexursive.com>] *) SuExec needs to use the same default directory as the rest of server, namely /usr/local/apache2. [SangBeom han <sbhan@os.korea.ac.kr>] *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN. [Thomas Bennett <thomas.bennett@eds.com>, Graham Leggett] *) Make sure the contents of the WWW-Authenticate header is passed on a 4xx error by proxy. Previously all headers were dropped, resulting in the browser being unable to authenticate. [Dr Richard Reiner <rreiner@fscinternet.com>, Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman <gwiseman@fscinternet.com>, David Henderson <dhenderson@fscinternet.com>] *) Make mod_cache's CacheMaxStreamingBuffer directive work properly for virtual hosts that override server-wide mod_cache setttings. [Matthieu Estrade <estrade-m@ifrance.com>] *) Add -p option to apxs to allow programs to be compiled with apxs. [Justin Erenkrantz]
13 lines
703 B
Text
13 lines
703 B
Text
$NetBSD: distinfo,v 1.12 2002/10/04 02:35:52 itojun Exp $
|
|
|
|
SHA1 (httpd-2.0.43.tar.gz) = 92f1feac1232919f5c6eaac5de0cc7d7eb44e237
|
|
Size (httpd-2.0.43.tar.gz) = 4835188 bytes
|
|
SHA1 (patch-aa) = 9d74b4ddeab96761f1bb3a7d39a5ab9001e3ea84
|
|
SHA1 (patch-ad) = e4a0c729ce5fbf43855ea080946052ef025334f1
|
|
SHA1 (patch-ag) = 3d68e475caef0555097a9756533034686e81d474
|
|
SHA1 (patch-ah) = f655dbabb32884a20e77f4791fa762e6c0e6cf74
|
|
SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
|
|
SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
|
|
SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
|
|
SHA1 (patch-an) = c596758ee0c9327be8d748c95921903dba4dc971
|
|
SHA1 (patch-ao) = 8e26a8d43f578071e4ec1b2c2f442e9753667f02
|