Subject: PR/15242 CVS commit: pkgsrc/www/apache
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Thomas Klausner <wiz@netbsd.org>
List: pkgsrc-bugs
Date: 07/19/2006 22:50:02
The following reply was made to PR pkg/15242; it has been noted by GNATS.

From: Thomas Klausner <wiz@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/15242 CVS commit: pkgsrc/www/apache
Date: Wed, 19 Jul 2006 22:45:14 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	wiz
 Date:		Wed Jul 19 22:45:14 UTC 2006
 
 Modified Files:
 	pkgsrc/www/apache: Makefile distinfo
 Removed Files:
 	pkgsrc/www/apache/patches: patch-ap
 
 Log Message:
 Update to 1.3.36:
 
 Changes with Apache 1.3.36
 
   *) Reverted SVN rev #396294 due to unwanted regression.
      The new feature introduced in 1.3.35 (Allow usage of the
      "Include" configuration directive within previously "Include"d
      files) has been removed in the meantime.
      (http://svn.apache.org/viewcvs?rev=396294&view=rev)
 
 Changes with Apache 1.3.35
 
   *) SECURITY: CVE-2005-3352 (cve.mitre.org)
      mod_imap: Escape untrusted referer header before outputting in HTML
      to avoid potential cross-site scripting.  Change also made to
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
 
   *) core: Allow usage of the "Include" configuration directive within
      previously "Include"d files. [Colm MacCarthaigh]
 
   *) HTML-escape the Expect error message.  Not classed as security as
      an attacker has no way to influence the Expect header a victim will
      send to a target site.  Reported by Thiago Zaninotti [Mark Cox]
 
   *) mod_cgi: Remove block on OPTIONS method so that scripts can
      respond to OPTIONS directly rather than via server default.
      [Roy Fielding] PR 15242
 
 
 To generate a diff of this commit:
 cvs rdiff -r1.186 -r1.187 pkgsrc/www/apache/Makefile
 cvs rdiff -r1.51 -r1.52 pkgsrc/www/apache/distinfo
 cvs rdiff -r1.7 -r0 pkgsrc/www/apache/patches/patch-ap
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.