Subject: PR/24801 CVS commit: pkgsrc/www/apache2
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Matthias Scheler <tron@netbsd.org>
List: netbsd-bugs
Date: 02/09/2005 14:58:19
The following reply was made to PR lib/24801; it has been noted by GNATS.

From: Matthias Scheler <tron@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/24801 CVS commit: pkgsrc/www/apache2
Date: Wed,  9 Feb 2005 14:57:52 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	tron
 Date:		Wed Feb  9 14:57:52 UTC 2005
 
 Modified Files:
 	pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
 	pkgsrc/www/apache2/patches: patch-aa
 Removed Files:
 	pkgsrc/www/apache2/patches: patch-as patch-at
 
 Log Message:
 Update "apache2" package to version 2.0.53. Changes since version 2.0.52:
 - Fix --with-apr=/usr and/or --with-apr-util=/usr.  Problem report 29740.
   [Max Bowsher <maxb ukf.net>]
 - mod_proxy: Fix ProxyRemoteMatch directive.  Problem report 33170.
   [Rici Lake <rici ricilake.net>]
 - mod_proxy: Respect errors reported by pre_connection hooks.
   [Jeff Trawick]
 - --with-module can now take more than one module to be statically
   linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
   If the <modtype>-subdirectory doesn't exist it will be created and
   populated with a standard Makefile.in.  [Erik Abele]
 - Fix the RPM spec file so that an RPM build now works. An RPM
   build now requires system installations of APR and APR-util.
   Remove some arbitrary moving around of binaries - the RPM now
   maps to the ASF build of httpd.
   [Graham Leggett]
 - mod_dumpio, an I/O logging/dumping module, added to the
   modules/expermimental subdirectory.  [Jim Jagielski]
 - mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
   library handles special characters.  Problem report 24437.
   [Jess Holle]
 - Win32 MPM: Correct typo in debugging output.  [William Rowe]
 - conf: Remove AddDefaultCharset from the default configuration because
   setting a site-wide default does more harm than good.
   Problem report 23421. [Roy Fielding]
 - Add charset to example CGI scripts.  [Roy Fielding]
 - mod_ssl: fail quickly if SSL connection is aborted rather than
   making many doomed ap_pass_brigade calls.
   Problem report 32699.  [Joe Orton]
 - Remove compiled-in upper limit on LimitRequestFieldSize.
   [Bill Stoddard]
 - Start keeping track of time-taken-to-process-request again for
   mod_status if ExtendedStatus is enabled. [Jim Jagielski]
 - mod_proxy: Handle client-aborted connections correctly.
   Problem report 32443.  [Janne Hietamäki, Joe Orton]
 - Fix handling of files >2Gb on all platforms (or builds) where
   apr_off_t is larger than apr_size_t.
   Problem report 28898.  [Joe Orton]
 - mod_include: Fix bug which could truncate variable expansions
   of N*64 characters by one byte.  Problem report 32985.  [Joe Orton]
 - Correct handling of certain bucket types in ap_save_brigade, fixing
   possible segfaults in mod_cgi with #include virtual.
   Problem report 31247.  [Joe Orton]
 - Allow for the use of --with-module=foo:bar where the ./modules/foo
   directory is local only. Assumes, of course, that the required
   files are in ./modules/foo, but makes it easier to statically
   build/log "external" modules.  [Jim Jagielski]
 - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
   ldap authorization only modules have access to the util_ldap
   user cache without having to require ldap authentication as well.
   Problem report 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]
 - mod_auth_ldap: Added the directive "Requires ldap-attribute" that
   allows the module to only authorize a user if the attribute value
   specified matches the value of the user object. Problem report 31913
   [Ryan Morgan <rmorgan pobox.com>]
 - SECURITY: CAN-2004-0942 (cve.mitre.org)
   Fix for memory consumption DoS in handling of MIME folded request
   headers.  [Joe Orton]
 - SECURITY: CAN-2004-0885 (cve.mitre.org)
   mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
   bypassed during an SSL renegotiation.  Problem report 31505.
   [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
 - mod_ssl: Fail at startup rather than segfault at runtime if a
   client cert is configured with an encrypted private key.
   Problem report 24030.  [Joe Orton]
 - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so".
   Problem report 31448 [Joe Orton]
 - mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
   [Jeff Trawick]
 - mod_cache: CacheDisable will only disable the URLs it was meant to
   disable, not all caching. Problem report 31128.
   [Edward Rudd <eddie omegaware.com>, Paul Querna]
 - mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
   cache responses.  [Justin Erenkrantz]
 - mod_rewrite: Handle per-location rules when r->filename is unset.
   Previously this would segfault or simply not match as expected,
   depending on the platform.  [Jeff Trawick]
 - mod_rewrite: Fix 0 bytes write into random memory position.
   Problem report 31036. [André Malo]
 - mod_disk_cache: Do not store aborted content.  Problem report 21492.
   [Rüdiger Plüm <r.pluem t-online.de>]
 - mod_disk_cache: Correctly store cached content type.
   Problem report 30278.
   [Rüdiger Plüm <r.pluem t-online.de>]
 - mod_ldap: prevent the possiblity of an infinite loop in the LDAP
   statistics display. Problem report 29216. [Graham Leggett]
 - mod_ldap: fix a bogus error message to tell the user which file
   is causing a potential problem with the LDAP shared memory cache.
   Problem report 31431 [Graham Leggett]
 - mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
 - Fix the re-linking issue when purging elements from the LDAP cache
   Problem report 24801.  [Jess Holle <jessh ptc.com>]
 - mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]
 - Fix Expires handling in mod_cache.  [Justin Erenkrantz]
 - Alter mod_expires to run at a different filter priority to allow
   proper Expires storage by mod_cache.  [Justin Erenkrantz]
 
 
 To generate a diff of this commit:
 cvs rdiff -r1.65 -r1.66 pkgsrc/www/apache2/Makefile
 cvs rdiff -r1.12 -r1.13 pkgsrc/www/apache2/Makefile.common
 cvs rdiff -r1.26 -r1.27 pkgsrc/www/apache2/PLIST
 cvs rdiff -r1.35 -r1.36 pkgsrc/www/apache2/distinfo
 cvs rdiff -r1.13 -r1.14 pkgsrc/www/apache2/patches/patch-aa
 cvs rdiff -r1.5 -r0 pkgsrc/www/apache2/patches/patch-as
 cvs rdiff -r1.1 -r0 pkgsrc/www/apache2/patches/patch-at
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.