Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Matthias Scheler <tron@netbsd.org>
List: pkgsrc-changes
Date: 05/07/2006 12:35:28
Module Name:	pkgsrc
Committed By:	tron
Date:		Sun May  7 12:35:28 UTC 2006

Modified Files:
	pkgsrc/devel/apr: Makefile PLIST distinfo
	pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
Removed Files:
	pkgsrc/www/apache2/patches: patch-ae patch-af

Log Message:
Update "apr" package to version 0.9.12.2.0.58 and "apache" package
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
  instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
  Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
  when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
  run on Unix.
- HTML-escape the Expect error message.  Not classed as security as
  an attacker has no way to influence the Expect header a victim will
  send to a target site.  Reported by Thiago Zaninotti
  <thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
  mod_ssl: Fix a possible crash during access control checks if a
  non-SSL request is processed for an SSL vhost (such as the
  "HTTP request received on SSL port" error message when an 400
  ErrorDocument is configured, or if using "SSLEngine optional").
  Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
  mod_imap: Escape untrusted referer header before outputting in HTML
  to avoid potential cross-site scripting.  Change also made to
  ap_escape_html so we escape quotes.  Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
  output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
  incorrect status lines caused by filters which modify r->status without
  resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
  Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
  Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
  using Solaris make (amoung others) and avoid breakage in ./buildconf
  when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
  explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
  format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
  client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
  This provides a working mod_echo on all platforms, and ensures any
  custom protocol module is at least given an initial timeout value
  based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
  ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
  applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
  handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
  the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
  Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
  links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
  a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
  respond to OPTIONS directly rather than via server default.
  Apache#15242
- Added new module mod_version, which provides version dependent
  configuration containers.
- Add core version query function (ap_get_server_revision) and
  accompanying ap_version_t structure (minor MMN bump).


To generate a diff of this commit:
cvs rdiff -r1.43 -r1.44 pkgsrc/devel/apr/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/devel/apr/PLIST
cvs rdiff -r1.16 -r1.17 pkgsrc/devel/apr/distinfo
cvs rdiff -r1.100 -r1.101 pkgsrc/www/apache2/Makefile
cvs rdiff -r1.19 -r1.20 pkgsrc/www/apache2/Makefile.common
cvs rdiff -r1.32 -r1.33 pkgsrc/www/apache2/PLIST
cvs rdiff -r1.46 -r1.47 pkgsrc/www/apache2/distinfo
cvs rdiff -r1.7 -r0 pkgsrc/www/apache2/patches/patch-ae
cvs rdiff -r1.6 -r0 pkgsrc/www/apache2/patches/patch-af

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.