pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/15242 CVS commit: [pkgsrc-2006Q2] pkgsrc/www/apache



The following reply was made to PR pkg/15242; it has been noted by GNATS.

From: Lubomir Sedlacik <salo%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: PR/15242 CVS commit: [pkgsrc-2006Q2] pkgsrc/www/apache
Date: Sun, 30 Jul 2006 19:21:26 +0000 (UTC)

 Module Name:   pkgsrc
 Committed By:  salo
 Date:          Sun Jul 30 19:21:26 UTC 2006
 
 Modified Files:
        pkgsrc/www/apache [pkgsrc-2006Q2]: Makefile buildlink3.mk distinfo
            module.mk
 Removed Files:
        pkgsrc/www/apache/patches [pkgsrc-2006Q2]: patch-ap
 
 Log Message:
 Pullup ticket 1761 - requested by wiz
 security update for apache
 
 Revisions pulled up:
 - pkgsrc/www/apache/Makefile                   1.186, 1.187
 - pkgsrc/www/apache/buildlink3.mk              1.16
 - pkgsrc/www/apache/distinfo                   1.52
 - pkgsrc/www/apache/module.mk                  1.11
 - pkgsrc/www/apache/patches/patch-ap           removed
 
    Module Name:                pkgsrc
    Committed By:       rillig
    Date:               Sun Jul  2 10:43:19 UTC 2006
 
    Modified Files:
        pkgsrc/www/apache: Makefile buildlink3.mk module.mk
 
    Log Message:
    Fixed some easy pkglint warnings.
 ---
    Module Name:                pkgsrc
    Committed By:       wiz
    Date:               Wed Jul 19 22:45:14 UTC 2006
 
    Modified Files:
        pkgsrc/www/apache: Makefile distinfo
    Removed Files:
        pkgsrc/www/apache/patches: patch-ap
 
    Log Message:
    Update to 1.3.36:
 
    Changes with Apache 1.3.36
 
      *) Reverted SVN rev #396294 due to unwanted regression.
         The new feature introduced in 1.3.35 (Allow usage of the
         "Include" configuration directive within previously "Include"d
         files) has been removed in the meantime.
         (http://svn.apache.org/viewcvs?rev=396294&viewàev)
 
    Changes with Apache 1.3.35
 
      *) SECURITY: CVE-2005-3352 (cve.mitre.org)
         mod_imap: Escape untrusted referer header before outputting in HTML
         to avoid potential cross-site scripting.  Change also made to
         ap_escape_html so we escape quotes.  Reported by JPCERT.
         [Mark Cox]
 
      *) core: Allow usage of the "Include" configuration directive within
         previously "Include"d files. [Colm MacCarthaigh]
 
      *) HTML-escape the Expect error message.  Not classed as security as
         an attacker has no way to influence the Expect header a victim will
         send to a target site.  Reported by Thiago Zaninotti [Mark Cox]
 
      *) mod_cgi: Remove block on OPTIONS method so that scripts can
         respond to OPTIONS directly rather than via server default.
         [Roy Fielding] PR 15242
 
 
 To generate a diff of this commit:
 cvs rdiff -r1.185 -r1.185.2.1 pkgsrc/www/apache/Makefile
 cvs rdiff -r1.15 -r1.15.2.1 pkgsrc/www/apache/buildlink3.mk
 cvs rdiff -r1.51 -r1.51.4.1 pkgsrc/www/apache/distinfo
 cvs rdiff -r1.10 -r1.10.10.1 pkgsrc/www/apache/module.mk
 cvs rdiff -r1.7 -r0 pkgsrc/www/apache/patches/patch-ap
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 



Home | Main Index | Thread Index | Old Index