pkgsrc-changes: CVS commit: pkgsrc

Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@netbsd.org>
List: pkgsrc-changes
Date: 07/09/2003 08:09:07
Module Name:	pkgsrc
Committed By:	itojun
Date:		Wed Jul  9 08:09:07 UTC 2003

Modified Files:
	pkgsrc/devel/apr: buildlink2.mk distinfo
	pkgsrc/www/apache2: Makefile.common PLIST distinfo

Log Message:
upgrade to apache-2.0.47/apr-0.9.4.2.0.47.

Changes with Apache 2.0.47
  *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
     of per-directory renegotiations and the SSLCipherSuite directive
     being used to upgrade from a weak ciphersuite to a strong one
     could result in the weak ciphersuite being used in place of the
     strong one.  [Ben Laurie]
  *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
     temporary denial of service when accept() on a rarely accessed port
     returns certain errors.  Reported by Saheed Akhtar
     <S.Akhtar@talis.com>.  [Jeff Trawick]
  *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
     of service when target host is IPv6 but proxy server can't create
     IPv6 socket.  Fixed by the reporter.  [Yoshioka Tsuneo
     <tsuneo.yoshioka@f-secure.com>]
  *) SECURITY [VU#379828] Prevent the server from crashing when entering
     infinite loops. The new LimitInternalRecursion directive configures
     limits of subsequent internal redirects and nested subrequests, after
     which the request will be aborted.  PR 19753 (and probably others).
     [William Rowe, Jeff Trawick, André Malo]
  *) core_output_filter: don't split the brigade after a FLUSH bucket if
     it's the last bucket.  This prevents creating unneccessary empty
     brigades which may not be destroyed until the end of a keepalive
     connection.
     [Juan Rivera <Juan.Rivera@citrix.com>]
  *) Add support for "streamy" PROPFIND responses.
     [Ben Collins-Sussman <sussman@collab.net>]
  *) mod_cgid: Eliminate a double-close of a socket.  This resolves
     various operational problems in a threaded MPM, since on the
     second attempt to close the socket, the same descriptor was
     often already in use by another thread for another purpose.
     [Jeff Trawick]
  *) mod_negotiation: Introduce "prefer-language" environment variable,
     which allows to influence the negotiation process on request basis
     to prefer a certain language.  [André Malo]
  *) Make mod_expires' ExpiresByType work properly, including for
     dynamically-generated documents.  [Ken Coar, Bill Stoddard]


To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 pkgsrc/devel/apr/buildlink2.mk
cvs rdiff -r1.4 -r1.5 pkgsrc/devel/apr/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/www/apache2/Makefile.common
cvs rdiff -r1.15 -r1.16 pkgsrc/www/apache2/PLIST
cvs rdiff -r1.21 -r1.22 pkgsrc/www/apache2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.