Module Name:	pkgsrc
Committed By:	adrianp
Date:		Mon Sep 20 17:13:06 UTC 2004

Modified Files:
	pkgsrc/devel/apr: Makefile buildlink3.mk distinfo
Removed Files:
	pkgsrc/devel/apr/patches: patch-aa patch-ab

Log Message:
- Update apr to 2.0.51
- Fix permissions on installed .h files

- ok'ed snj@, wiz@
- Thanks to epg@ for final check

This version of Apache is principally a bug fix release. Of particular note is
that 2.0.51 addresses five security vulnerabilities:

An input validation issue in IPv6 literal address parsing which can result in
a negative length parameter being passed to memcpy.
[CAN-2004-0786]

A buffer overflow in configuration file parsing could allow a local user to
gain the privileges of a httpd child if the server can be forced to parse a
carefully crafted .htaccess file.
[CAN-2004-0747]

A segfault in mod_ssl which can be triggered by a malicious remote server,
if proxying to SSL servers has been configured.
[CAN-2004-0751]

A potential infinite loop in mod_ssl which could be triggered given
particular timing of a connection abort.
[CAN-2004-0748]

A segfault in mod_dav_fs which can be remotely triggered by an indirect lock
refresh request.
[CAN-2004-0809]

For further details, see http://www.apache.org/dist/httpd/Announcement2.html
and http://apache.rmplc.co.uk/httpd/CHANGES_2.0.


To generate a diff of this commit:
cvs rdiff -r1.19 -r1.20 pkgsrc/devel/apr/Makefile
cvs rdiff -r1.4 -r1.5 pkgsrc/devel/apr/buildlink3.mk
cvs rdiff -r1.8 -r1.9 pkgsrc/devel/apr/distinfo
cvs rdiff -r1.1 -r0 pkgsrc/devel/apr/patches/patch-aa \
    pkgsrc/devel/apr/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.