pkgsrc-changes: CVS commit: pkgsrc

Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Jeremy C. Reed <reed@netbsd.org>
List: pkgsrc-changes
Date: 03/22/2004 19:50:16
Module Name:	pkgsrc
Committed By:	reed
Date:		Mon Mar 22 19:50:16 UTC 2004

Modified Files:
	pkgsrc/devel/apr: Makefile distinfo
	pkgsrc/www/apache2: Makefile Makefile.common PLIST buildlink2.mk
	    buildlink3.mk distinfo

Log Message:
Update apache2 to 2.0.49. This includes various changes since last release
including:
  *) SECURITY: CAN-2004-0174 (cve.mitre.org)
     Fix starvation issue on listening sockets where a short-lived
     connection on a rarely-accessed listening socket will cause a
     child to hold the accept mutex and block out new connections until
     another connection arrives on that rarely-accessed listening socket.
     With Apache 2.x there is no performance concern about enabling the
     logic for platforms which don't need it, so it is enabled everywhere
     except for Win32.  [Jeff Trawick]

  *) SECURITY: CAN-2004-0113 (cve.mitre.org)
     mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
     PR 27106.  [Joe Orton]

  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
     Escape arbitrary data before writing into the errorlog. Unescaped
     errorlogs are still possible using the compile time switch
     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, Andr<E9> Malo]

Complete changelog is at http://www.apache.org/dist/httpd/CHANGES_2.0

Package changes include:

buildlink depends increased for apache2 (but not for apr).

apr package version changes, but APR_VERSION stays same.

more files installed and added to PLIST.
share/httpd/manual/search/manual-index.cgi removed from PLIST.
Also removing share/httpd/htdocs and share/httpd directories
removed from PLIST because already handled by MAKE_DIRS.
(I think this should use OWN_DIRS.)

(jlam@ said he would like this update done during freeze.)


To generate a diff of this commit:
cvs rdiff -r1.16 -r1.17 pkgsrc/devel/apr/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/devel/apr/distinfo
cvs rdiff -r1.33 -r1.34 pkgsrc/www/apache2/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/www/apache2/Makefile.common
cvs rdiff -r1.18 -r1.19 pkgsrc/www/apache2/PLIST
cvs rdiff -r1.5 -r1.6 pkgsrc/www/apache2/buildlink2.mk
cvs rdiff -r1.2 -r1.3 pkgsrc/www/apache2/buildlink3.mk
cvs rdiff -r1.23 -r1.24 pkgsrc/www/apache2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.