Subject: PR/15242 CVS commit: pkgsrc/www/apache
To: None <,,>
From: Thomas Klausner <>
List: pkgsrc-bugs
Date: 07/19/2006 22:50:02
The following reply was made to PR pkg/15242; it has been noted by GNATS.

From: Thomas Klausner <>
Subject: PR/15242 CVS commit: pkgsrc/www/apache
Date: Wed, 19 Jul 2006 22:45:14 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	wiz
 Date:		Wed Jul 19 22:45:14 UTC 2006
 Modified Files:
 	pkgsrc/www/apache: Makefile distinfo
 Removed Files:
 	pkgsrc/www/apache/patches: patch-ap
 Log Message:
 Update to 1.3.36:
 Changes with Apache 1.3.36
   *) Reverted SVN rev #396294 due to unwanted regression.
      The new feature introduced in 1.3.35 (Allow usage of the
      "Include" configuration directive within previously "Include"d
      files) has been removed in the meantime.
 Changes with Apache 1.3.35
   *) SECURITY: CVE-2005-3352 (
      mod_imap: Escape untrusted referer header before outputting in HTML
      to avoid potential cross-site scripting.  Change also made to
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
   *) core: Allow usage of the "Include" configuration directive within
      previously "Include"d files. [Colm MacCarthaigh]
   *) HTML-escape the Expect error message.  Not classed as security as
      an attacker has no way to influence the Expect header a victim will
      send to a target site.  Reported by Thiago Zaninotti [Mark Cox]
   *) mod_cgi: Remove block on OPTIONS method so that scripts can
      respond to OPTIONS directly rather than via server default.
      [Roy Fielding] PR 15242
 To generate a diff of this commit:
 cvs rdiff -r1.186 -r1.187 pkgsrc/www/apache/Makefile
 cvs rdiff -r1.51 -r1.52 pkgsrc/www/apache/distinfo
 cvs rdiff -r1.7 -r0 pkgsrc/www/apache/patches/patch-ap
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.