Subject: PR/31817 CVS commit: pkgsrc/www/apache2
To: None <,,>
From: Matthias Scheler <>
List: pkgsrc-bugs
Date: 10/17/2005 10:38:02
The following reply was made to PR pkg/31817; it has been noted by GNATS.

From: Matthias Scheler <>
Subject: PR/31817 CVS commit: pkgsrc/www/apache2
Date: Mon, 17 Oct 2005 10:37:11 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	tron
 Date:		Mon Oct 17 10:37:11 UTC 2005
 Modified Files:
 	pkgsrc/www/apache2: Makefile.common PLIST distinfo
 	pkgsrc/www/apache2/patches: patch-ac
 Removed Files:
 	pkgsrc/www/apache2/patches: patch-ae patch-af patch-ah patch-aj
 Log Message:
 Update "apache2" package to version 2.0.54. Changes since version 2.0.55:
 - worker MPM: Fix a memory leak which can occur after an aborted
   connection in some limited circumstances.  [Greg Ames]
 - mod_ldap: Fix Bug 36563. Keep track of the number of attributes
   retrieved from LDAP so that all of the values can be properly
   cached even if the value is NULL.
   [Brad Nicholes, Ondrej Sury <ondrej>]
 - Added TraceEnable [on|off|extended] per-server directive to alter
   the behavior of the TRACE method.  This addresses a flaw in proxy
   conformance to RFC 2616 - previously the proxy server would accept
   a TRACE request body although the RFC prohibited it.  The default
   remains 'TraceEnable on'.  [William Rowe]
 - Add ap_log_cerror() for logging messages associated with particular
   client connections.  [Jeff Trawick]
 - Correct mod_cgid's argv[0] so that the full path can be delved by the
   invoked cgi application, to conform to the behavior of mod_cgi.
   [Pradeep Kumar S <pradeep.smani>]
 - mod_include: Fix possible environment variable corruption when
   using nested includes.  Bug 12655.  [Joe Orton]
 - Support the suppress-error-charset setting, as with Apache 1.3.x.
   Bug 31274.  [Jeff Trawick]
 - EBCDIC: Handle chunked input from client or, with proxy, origin
   server.  [Jeff Trawick]
 - Fix bad globbing comparison which could result in getting
   a directory listing when a file was requested. Bug 34512.
   [sean <infamous41md>]
 - Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
   was called even if mod_auth_ldap_check_user_id() was not
   (or if it didn't succeed) for non-authoritative cases.
   [Jim Jagielski]
 - mod_proxy: Fix over-eager handling of '%' for reverse proxies.
   Bug 15207.  [Jim Jagielski]
 - mod_ldap: Fix various shared memory cache handling bugs.
   Bug 34209.  [Joe Orton]
 - Fix a file descriptor leak when starting piped loggers.  Bug 33748.
   [Joe Orton]
 - mod_ldap: Avoid segfaults when opening connections if using a version
   of OpenLDAP older than 2.2.21.  Bug 34618.  [Brad Nicholes]
 - mod_ssl: Fix build with OpenSSL 0.9.8.  Bug 35757.  [William Rowe]
 - proxy HTTP: If a response contains both Transfer-Encoding and a
   Content-Length, remove the Content-Length and don't reuse the
   connection, mitigating some HTTP Response Splitting attacks.
   [Jeff Trawick]
 - Prevent hangs of child processes when writing to piped loggers at
   the time of graceful restart.  Bug 26467.  [Jeff Trawick]
 - SECURITY: CAN-2005-1268 (
   mod_ssl: Fix off-by-one overflow whilst printing CRL information
   at "LogLevel debug" which could be triggered if configured
   to use a "malicious" CRL.  Bug 35081.  [Marc Stern <mstern>]
 - mod_userdir: Fix possible memory corruption issue.  Bug 34588.
   [David Leonard <dleonard>]
 - worker mpm: don't take down the whole server for a transient
   thread creation failure. Bug 34514 [Greg Ames]
 - mod_rewrite: use buffered I/O to improve performance with large
   RewriteMap txt: files.  [Greg Ames]
 - proxy HTTP: Rework the handling of request bodies to handle
   chunked input and input filters which modify content length, and
   avoid spooling arbitrary-sized request bodies in memory.
   Bug 15859.  [Jeff Trawick]
 Patches supplied by Ben Collver. Addresses PR pkg/31817 by Zafer Aydogan.
 To generate a diff of this commit:
 cvs rdiff -r1.18 -r1.19 pkgsrc/www/apache2/Makefile.common
 cvs rdiff -r1.30 -r1.31 pkgsrc/www/apache2/PLIST
 cvs rdiff -r1.43 -r1.44 pkgsrc/www/apache2/distinfo
 cvs rdiff -r1.5 -r1.6 pkgsrc/www/apache2/patches/patch-ac
 cvs rdiff -r1.5 -r0 pkgsrc/www/apache2/patches/patch-ae
 cvs rdiff -r1.4 -r0 pkgsrc/www/apache2/patches/patch-af
 cvs rdiff -r1.8 -r0 pkgsrc/www/apache2/patches/patch-ah
 cvs rdiff -r1.3 -r0 pkgsrc/www/apache2/patches/patch-aj
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.