Subject: CVS commit: pkgsrc/www/apache2
To: None <>
From: Jun-ichiro itojun Hagino <>
List: pkgsrc-changes
Date: 10/28/2003 04:49:33
Module Name:	pkgsrc
Committed By:	itojun
Date:		Tue Oct 28 04:49:33 UTC 2003

Modified Files:
	pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
	pkgsrc/www/apache2/patches: patch-aa

Log Message:
upgrade to 2.0.48

Changes with Apache 2.0.48

  *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
     the AF_UNIX socket used to communicate with the cgid daemon and
     the CGI script.  [Jeff Trawick]
  *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
     mod_rewrite which occurred if one configured a regular expression
     with more than 9 captures.  [André Malo]
  *) mod_include: fix segfault which occured if the filename was not
     set, for example, when processing some error conditions.
     PR 23836.  [Brian Akins <>, André Malo]
  *) fix the config parser to support <Foo>..</Foo> containers (no
     arguments in the opening tag) supported by httpd 1.3. Without
     this change mod_perl 2.0's <Perl> sections are broken.
     ["Philippe M. Chiasson" <>]
  *) mod_cgid: fix a hash table corruption problem which could
     result in the wrong script being cleaned up at the end of a
     request.  [Jeff Trawick]
  *) Update httpd-*.conf to be clearer in describing the connection
     between AddType and AddEncoding for defining the meaning of
     compressed file extensions. [Roy Fielding]
  *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
     PR 23416.  [André Malo]
  *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
     rewritten request using "proxy:". The code was adding multiple "proxy:"
     fields in the rewritten URI. PR: 13946.
     [Eider Oliveira <>]
  *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
     expires as directed in RFC 2616. [Thomas Castelle]
  *) Ensure that ssl-std.conf is generated at configure time, and switch
     to using the expanded config variables to work the same as
     httpd-std.conf PR: 19611
     [Thom May]
  *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
     [Hartmut Keil <>]
  *) mod_autoindex: If a directory contains a file listed in the
     DirectoryIndex directive, the folder icon is no longer replaced
     by the icon of that file. PR 9587.
     [David Shane Holden <>]
  *) Fixed mod_usertrack to not get false positive matches on the
     user-tracking cookie's name.  PR 16661.
     [Manni Wood <>]
  *) mod_cache: Fix the cache code so that responses can be cached
     if they have an Expires header but no Etag or Last-Modified
     headers. PR 23130.
  *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
     were sent (e.g. with 304 or 204 response codes).  [Astrid Keßler]
  *) Modify ap_get_client_block() to note if it has seen EOS.
     [Justin Erenkrantz]
  *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
     content if the Accept-Encoding header contained only other tokens than
     "gzip" (such as "deflate"). PR 21523.  [Joe Orton, André Malo]
  *) Avoid an infinite recursion, which occured if the name of an included
     config file or directory contained a wildcard character. PR 22194.
     [André Malo]
  *) mod_ssl: Fix a problem setting variables that represent the
     client certificate chain.  PR 21371  [Jeff Trawick]
  *) Unix: Handle permissions settings for flock-based mutexes in
     unixd_set_global|proc_mutex_perms().  Allow the functions to be
     called for any type of mutex.  PR 20312  [Jeff Trawick]
  *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
  *) Fix a misleading message from the some of the threaded MPMs when
     MaxClients has to be lowered due to the setting of ServerLimit.
     [Jeff Trawick]
  *) Lower the severity of the "listener thread didn't exit" message
     to debug, as it is of interest only to developers.  PR 9011
     [Jeff Trawick]
  *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
     [Cliff Woolley, Jean-Jacques Clar]
  *) Install config.nice into the build/ directory to make
     minor version upgrades easier. [Joshua Slive]
  *) Fix mod_deflate so that it does not call deflate() without checking
     first whether it has something to deflate. (Currently this causes
     deflate to generate a fatal error according to the zlib spec.)
     PR 22259. [Stas Bekman]
  *) mod_ssl: Fix FakeBasicAuth for subrequest.  Log an error when an
     identity spoof is encountered.
     [Sander Striker]
  *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
     containing the .htaccess file is requested without a trailing slash.
     PR 20195.  [André Malo]
  *) ab: Overlong credentials given via command line no longer clobber
     the buffer.  [André Malo]
  *) mod_deflate: Don't attempt to hold all of the response until we're
     done.  [Justin Erenkrantz]
  *) Assure that we block properly when reading input bodies with SSL.
     PR 19242.  [David Deaves <>, William Rowe]
  *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]
  *) mod_ext_filter: Set additional environment variables for use by
     the external filter.  PR 20944.  [Andrew Ho, Jeff Trawick]
  *) Fix buildconf errors when libtool version changes.  [Jeff Trawick]
  *) Remember an authenticated user during internal redirects if the
     redirection target is not access protected and pass it
     to scripts using the REDIRECT_REMOTE_USER environment variable.
     PR 10678, 11602.  [André Malo]
  *) mod_include: Fix a trio of bugs that would cause various unusual
     sequences of parsed bytes to omit portions of the output stream.
     PR 21095. [Ron Park <>, André Malo, Cliff Woolley]
  *) Update the header token parsing code to allow LWS between the
     token word and the ':' seperator.  [PR 16520]
     [Kris Verbeeck <>, Nicel KM <>]
  *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
     [Joe Schaefer <>]
  *) Added FreeBSD directory layout. PR 21100.
     [Sander Holthaus <>, André Malo]
  *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
     response. PR 21085. [Glenn Nielsen <>, André Malo]
  *) mod_rewrite: Perform child initialization on the rewrite log lock.
     This fixes a log corruption issue when flock-based serialization
     is used (e.g., FreeBSD).  [Jeff Trawick]
  *) Don't respect the Server header field as set by modules and CGIs.
     As with 1.3, for proxy requests any such field is from the origin
     server; otherwise it will have our server info as controlled by
     the ServerTokens directive.  [Jeff Trawick]

To generate a diff of this commit:
cvs rdiff -r1.27 -r1.28 pkgsrc/www/apache2/Makefile
cvs rdiff -r1.4 -r1.5 pkgsrc/www/apache2/Makefile.common
cvs rdiff -r1.16 -r1.17 pkgsrc/www/apache2/PLIST
cvs rdiff -r1.22 -r1.23 pkgsrc/www/apache2/distinfo
cvs rdiff -r1.10 -r1.11 pkgsrc/www/apache2/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.