pkgsrc-changes: CVS commit: pkgsrc/www/apache2

Subject: CVS commit: pkgsrc/www/apache2
To: None <pkgsrc-changes@NetBSD.org>
From: Matthias Scheler <tron@netbsd.org>
List: pkgsrc-changes
Date: 10/17/2005 10:37:11
Module Name:	pkgsrc
Committed By:	tron
Date:		Mon Oct 17 10:37:11 UTC 2005

Modified Files:
	pkgsrc/www/apache2: Makefile.common PLIST distinfo
	pkgsrc/www/apache2/patches: patch-ac
Removed Files:
	pkgsrc/www/apache2/patches: patch-ae patch-af patch-ah patch-aj

Log Message:
Update "apache2" package to version 2.0.54. Changes since version 2.0.55:
- worker MPM: Fix a memory leak which can occur after an aborted
  connection in some limited circumstances.  [Greg Ames]
- mod_ldap: Fix Bug 36563. Keep track of the number of attributes
  retrieved from LDAP so that all of the values can be properly
  cached even if the value is NULL.
  [Brad Nicholes, Ondrej Sury <ondrej sury.org>]
- Added TraceEnable [on|off|extended] per-server directive to alter
  the behavior of the TRACE method.  This addresses a flaw in proxy
  conformance to RFC 2616 - previously the proxy server would accept
  a TRACE request body although the RFC prohibited it.  The default
  remains 'TraceEnable on'.  [William Rowe]
- Add ap_log_cerror() for logging messages associated with particular
  client connections.  [Jeff Trawick]
- Correct mod_cgid's argv[0] so that the full path can be delved by the
  invoked cgi application, to conform to the behavior of mod_cgi.
  [Pradeep Kumar S <pradeep.smani gmail.com>]
- mod_include: Fix possible environment variable corruption when
  using nested includes.  Bug 12655.  [Joe Orton]
- Support the suppress-error-charset setting, as with Apache 1.3.x.
  Bug 31274.  [Jeff Trawick]
- EBCDIC: Handle chunked input from client or, with proxy, origin
  server.  [Jeff Trawick]
- Fix bad globbing comparison which could result in getting
  a directory listing when a file was requested. Bug 34512.
  [sean <infamous41md hotmail.com>]
- Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
  was called even if mod_auth_ldap_check_user_id() was not
  (or if it didn't succeed) for non-authoritative cases.
  [Jim Jagielski]
- mod_proxy: Fix over-eager handling of '%' for reverse proxies.
  Bug 15207.  [Jim Jagielski]
- mod_ldap: Fix various shared memory cache handling bugs.
  Bug 34209.  [Joe Orton]
- Fix a file descriptor leak when starting piped loggers.  Bug 33748.
  [Joe Orton]
- mod_ldap: Avoid segfaults when opening connections if using a version
  of OpenLDAP older than 2.2.21.  Bug 34618.  [Brad Nicholes]
- mod_ssl: Fix build with OpenSSL 0.9.8.  Bug 35757.  [William Rowe]
- proxy HTTP: If a response contains both Transfer-Encoding and a
  Content-Length, remove the Content-Length and don't reuse the
  connection, mitigating some HTTP Response Splitting attacks.
  [Jeff Trawick]
- Prevent hangs of child processes when writing to piped loggers at
  the time of graceful restart.  Bug 26467.  [Jeff Trawick]
- SECURITY: CAN-2005-1268 (cve.mitre.org)
  mod_ssl: Fix off-by-one overflow whilst printing CRL information
  at "LogLevel debug" which could be triggered if configured
  to use a "malicious" CRL.  Bug 35081.  [Marc Stern <mstern csc.com>]
- mod_userdir: Fix possible memory corruption issue.  Bug 34588.
  [David Leonard <dleonard vintela.com>]
- worker mpm: don't take down the whole server for a transient
  thread creation failure. Bug 34514 [Greg Ames]
- mod_rewrite: use buffered I/O to improve performance with large
  RewriteMap txt: files.  [Greg Ames]
- proxy HTTP: Rework the handling of request bodies to handle
  chunked input and input filters which modify content length, and
  avoid spooling arbitrary-sized request bodies in memory.
  Bug 15859.  [Jeff Trawick]

Patches supplied by Ben Collver. Addresses PR pkg/31817 by Zafer Aydogan.


To generate a diff of this commit:
cvs rdiff -r1.18 -r1.19 pkgsrc/www/apache2/Makefile.common
cvs rdiff -r1.30 -r1.31 pkgsrc/www/apache2/PLIST
cvs rdiff -r1.43 -r1.44 pkgsrc/www/apache2/distinfo
cvs rdiff -r1.5 -r1.6 pkgsrc/www/apache2/patches/patch-ac
cvs rdiff -r1.5 -r0 pkgsrc/www/apache2/patches/patch-ae
cvs rdiff -r1.4 -r0 pkgsrc/www/apache2/patches/patch-af
cvs rdiff -r1.8 -r0 pkgsrc/www/apache2/patches/patch-ah
cvs rdiff -r1.3 -r0 pkgsrc/www/apache2/patches/patch-aj

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.