Subject: CVS commit: pkgsrc/www/apache6
To: None <pkgsrc-changes@NetBSD.org>
From: Quentin Garnier <cube@netbsd.org>
List: pkgsrc-changes
Date: 11/02/2003 09:35:12
Module Name: pkgsrc
Committed By: cube
Date: Sun Nov 2 09:35:12 UTC 2003
Modified Files:
pkgsrc/www/apache6: Makefile distinfo
Removed Files:
pkgsrc/www/apache6/patches: patch-an patch-ao patch-ap patch-aq
Log Message:
Update apache6 to 1.3.29 + ipv6 patch.
Major changes since 1.3.28:
Security vulnerabilities
* CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred if
one configured a regular expression with more than 9 captures.
Bugs fixed
The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
and have been fixed in Apache 1.3.29:
* Within ap_bclose(), ap_pclosesocket() is now called
* consistently
for sockets and ap_pclosef() for files. Also, closesocket()
is used consistenly to close socket fd's. The previous
confusion between socket and file fd's would cause problems
with some applications now that we proactively close fd's to
prevent leakage.
* Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name.
* Prevent creation of subprocess Zombies when using CGI wrappers
such as suEXEC and cgiwrap.
To generate a diff of this commit:
cvs rdiff -r1.85 -r1.86 pkgsrc/www/apache6/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/www/apache6/distinfo
cvs rdiff -r1.1 -r0 pkgsrc/www/apache6/patches/patch-an \
pkgsrc/www/apache6/patches/patch-ao pkgsrc/www/apache6/patches/patch-ap \
pkgsrc/www/apache6/patches/patch-aq
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.