pkgsrc/www/apache2/distinfo
itojun 8a40a41e87 upgrade to 2.0.43.
Changes with Apache 2.0.43

  *) SECURITY: [CAN-2002-0840] HTML-escape the address produced by
     ap_server_signature() against this cross-site scripting
     vulnerability exposed by the directive 'UseCanonicalName Off'.
     Also HTML-escape the SERVER_NAME environment variable for CGI
     and SSI requests.  It's safe to escape as only the '<', '>',
     and '&' characters are affected, which won't appear in a valid
     hostname.  Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
     [Brian Pane]

  *) Fix a core dump in mod_cache when it attemtped to store uncopyable
     buckets. This happened, for instance, when a file to be cached
     contained SSI tags to execute a CGI script (passed as a pipe
     bucket). [Paul J. Reder]

  *) Ensure that output already available is flushed to the network
     when the content-length filter realizes that no new output will
     be available for a while.  This helps some streaming CGIs as
     well as some other dynamically-generated content.  [Jeff Trawick]

  *) Fix a mutex problem in mod_ssl session cache support which
     could lead to an infinite loop.  PR 12705
     [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]

  *) SECURITY: Allow POST requests and CGI scripts to work when DAV
     is enabled on the location.  [Ryan Bloom]

  *) Allow the UserDir directive to accept a list of directories.
     This matches what Apache 1.3 does.  Also add documentation for
     this feature. [Jay Ball <jay@veggiespam.com>]

  *) New Module: mod_logio. adds the ability to log bytes sent and
     received. [Bojan Smojver <bojan@rexursive.com>]

  *) SuExec needs to use the same default directory as the rest of
     server, namely /usr/local/apache2.
     [SangBeom han <sbhan@os.korea.ac.kr>]

  *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
     [Thomas Bennett <thomas.bennett@eds.com>, Graham Leggett]

  *) Make sure the contents of the WWW-Authenticate header is
     passed on a 4xx error by proxy. Previously all headers
     were dropped, resulting in the browser being unable to
     authenticate. [Dr Richard Reiner <rreiner@fscinternet.com>,
     Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman
     <gwiseman@fscinternet.com>, David Henderson
     <dhenderson@fscinternet.com>]

  *) Make mod_cache's CacheMaxStreamingBuffer directive work
     properly for virtual hosts that override server-wide mod_cache
     setttings.  [Matthieu Estrade <estrade-m@ifrance.com>]

  *) Add -p option to apxs to allow programs to be compiled with apxs.
     [Justin Erenkrantz]
2002-10-04 02:35:51 +00:00

13 lines
703 B
Text

$NetBSD: distinfo,v 1.12 2002/10/04 02:35:52 itojun Exp $
SHA1 (httpd-2.0.43.tar.gz) = 92f1feac1232919f5c6eaac5de0cc7d7eb44e237
Size (httpd-2.0.43.tar.gz) = 4835188 bytes
SHA1 (patch-aa) = 9d74b4ddeab96761f1bb3a7d39a5ab9001e3ea84
SHA1 (patch-ad) = e4a0c729ce5fbf43855ea080946052ef025334f1
SHA1 (patch-ag) = 3d68e475caef0555097a9756533034686e81d474
SHA1 (patch-ah) = f655dbabb32884a20e77f4791fa762e6c0e6cf74
SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
SHA1 (patch-an) = c596758ee0c9327be8d748c95921903dba4dc971
SHA1 (patch-ao) = 8e26a8d43f578071e4ec1b2c2f442e9753667f02