kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache2
History
itojun 8a40a41e87 upgrade to 2.0.43. 
Changes with Apache 2.0.43

  *) SECURITY: [CAN-2002-0840] HTML-escape the address produced by
     ap_server_signature() against this cross-site scripting
     vulnerability exposed by the directive 'UseCanonicalName Off'.
     Also HTML-escape the SERVER_NAME environment variable for CGI
     and SSI requests.  It's safe to escape as only the '<', '>',
     and '&' characters are affected, which won't appear in a valid
     hostname.  Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
     [Brian Pane]

  *) Fix a core dump in mod_cache when it attemtped to store uncopyable
     buckets. This happened, for instance, when a file to be cached
     contained SSI tags to execute a CGI script (passed as a pipe
     bucket). [Paul J. Reder]

  *) Ensure that output already available is flushed to the network
     when the content-length filter realizes that no new output will
     be available for a while.  This helps some streaming CGIs as
     well as some other dynamically-generated content.  [Jeff Trawick]

  *) Fix a mutex problem in mod_ssl session cache support which
     could lead to an infinite loop.  PR 12705
     [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]

  *) SECURITY: Allow POST requests and CGI scripts to work when DAV
     is enabled on the location.  [Ryan Bloom]

  *) Allow the UserDir directive to accept a list of directories.
     This matches what Apache 1.3 does.  Also add documentation for
     this feature. [Jay Ball <jay@veggiespam.com>]

  *) New Module: mod_logio. adds the ability to log bytes sent and
     received. [Bojan Smojver <bojan@rexursive.com>]

  *) SuExec needs to use the same default directory as the rest of
     server, namely /usr/local/apache2.
     [SangBeom han <sbhan@os.korea.ac.kr>]

  *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
     [Thomas Bennett <thomas.bennett@eds.com>, Graham Leggett]

  *) Make sure the contents of the WWW-Authenticate header is
     passed on a 4xx error by proxy. Previously all headers
     were dropped, resulting in the browser being unable to
     authenticate. [Dr Richard Reiner <rreiner@fscinternet.com>,
     Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman
     <gwiseman@fscinternet.com>, David Henderson
     <dhenderson@fscinternet.com>]

  *) Make mod_cache's CacheMaxStreamingBuffer directive work
     properly for virtual hosts that override server-wide mod_cache
     setttings.  [Matthieu Estrade <estrade-m@ifrance.com>]

  *) Add -p option to apxs to allow programs to be compiled with apxs.
     [Justin Erenkrantz]
2002-10-04 02:35:51 +00:00
..
files Make these scripts more portable by taking advantage of automatic rc.d 2002-09-20 02:01:54 +00:00
patches Updated apache to 2.0.40 2002-08-29 14:12:27 +00:00
DESCR -------------------------------------------------------------------------------- 2002-04-13 21:35:50 +00:00
distinfo upgrade to 2.0.43. 2002-10-04 02:35:51 +00:00
Makefile upgrade to 2.0.43. 2002-10-04 02:35:51 +00:00
PLIST upgrade to 2.0.43. 2002-10-04 02:35:51 +00:00