pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/15242 CVS commit: [pkgsrc-2006Q2] pkgsrc/www/apache
The following reply was made to PR pkg/15242; it has been noted by GNATS.
From: Lubomir Sedlacik <salo%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: PR/15242 CVS commit: [pkgsrc-2006Q2] pkgsrc/www/apache
Date: Sun, 30 Jul 2006 19:21:26 +0000 (UTC)
Module Name: pkgsrc
Committed By: salo
Date: Sun Jul 30 19:21:26 UTC 2006
Modified Files:
pkgsrc/www/apache [pkgsrc-2006Q2]: Makefile buildlink3.mk distinfo
module.mk
Removed Files:
pkgsrc/www/apache/patches [pkgsrc-2006Q2]: patch-ap
Log Message:
Pullup ticket 1761 - requested by wiz
security update for apache
Revisions pulled up:
- pkgsrc/www/apache/Makefile 1.186, 1.187
- pkgsrc/www/apache/buildlink3.mk 1.16
- pkgsrc/www/apache/distinfo 1.52
- pkgsrc/www/apache/module.mk 1.11
- pkgsrc/www/apache/patches/patch-ap removed
Module Name: pkgsrc
Committed By: rillig
Date: Sun Jul 2 10:43:19 UTC 2006
Modified Files:
pkgsrc/www/apache: Makefile buildlink3.mk module.mk
Log Message:
Fixed some easy pkglint warnings.
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jul 19 22:45:14 UTC 2006
Modified Files:
pkgsrc/www/apache: Makefile distinfo
Removed Files:
pkgsrc/www/apache/patches: patch-ap
Log Message:
Update to 1.3.36:
Changes with Apache 1.3.36
*) Reverted SVN rev #396294 due to unwanted regression.
The new feature introduced in 1.3.35 (Allow usage of the
"Include" configuration directive within previously "Include"d
files) has been removed in the meantime.
(http://svn.apache.org/viewcvs?rev=396294&viewàev)
Changes with Apache 1.3.35
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti [Mark Cox]
*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
To generate a diff of this commit:
cvs rdiff -r1.185 -r1.185.2.1 pkgsrc/www/apache/Makefile
cvs rdiff -r1.15 -r1.15.2.1 pkgsrc/www/apache/buildlink3.mk
cvs rdiff -r1.51 -r1.51.4.1 pkgsrc/www/apache/distinfo
cvs rdiff -r1.10 -r1.10.10.1 pkgsrc/www/apache/module.mk
cvs rdiff -r1.7 -r0 pkgsrc/www/apache/patches/patch-ap
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index