Module Name:	pkgsrc
Committed By:	salo
Date:		Sun Jan 22 20:39:37 UTC 2006

Modified Files:
	pkgsrc/www/ap-auth-ldap [pkgsrc-2005Q4]: Makefile distinfo

Log Message:
Pullup ticket 1051 - requested by Klaus Klein
security update for ap-auth-ldap

Updated via patch provided by the submitter.

   Module Name:		pkgsrc
   Committed By:	kleink
   Date:		Sun Jan 15 16:25:41 UTC 2006

   Modified Files:
   	pkgsrc/www/ap-auth-ldap: Makefile distinfo

   Log Message:
   Update to ap-auth-ldap to 1.6.1; changes since 1.6.0 include:

        * Fixed security bug that could allow attacker to execute arbitrary
          commands as the apache user. [Digital Armaments, seregon at
          bughunter dot net]

        * Fixed bug that sometimes resulted in segfaults during periodic cache
          cleanup. [Stefan Gaffga]
        * Add AuthLDAPVersion option to specify which LDAP version to use on
          LDAP server. [Hans Petter Selasky]
        * Support ldaps:// urls automatically under OpenLDAP. No need to
          compile with --with-ssl; this is just to enable SSL with
          the Netscape SDK.  [Andrew McAllister, Malcolm Locke]
        * Fixed bug where auth_ldap didn't always rebind as the AuthLDAPBindDN
          after doing an authorization. [Stephen Lombardo, Brent Putnam, Ace
          Suares, Ted Cabeen, others].
        * Fixed bug where we forgot to note a failed auth attempt which would
          result in the browser never giving the user a second chance to enter
          a password. [Thanks to many other people]


To generate a diff of this commit:
cvs rdiff -r1.22 -r1.22.6.1 pkgsrc/www/ap-auth-ldap/Makefile
cvs rdiff -r1.4 -r1.4.8.1 pkgsrc/www/ap-auth-ldap/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.