Subject: CVS commit: [pkgsrc-2006Q2] pkgsrc/www/apache
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 07/30/2006 19:21:26
Module Name:	pkgsrc
Committed By:	salo
Date:		Sun Jul 30 19:21:26 UTC 2006

Modified Files:
	pkgsrc/www/apache [pkgsrc-2006Q2]: Makefile buildlink3.mk distinfo
	    module.mk
Removed Files:
	pkgsrc/www/apache/patches [pkgsrc-2006Q2]: patch-ap

Log Message:
Pullup ticket 1761 - requested by wiz
security update for apache

Revisions pulled up:
- pkgsrc/www/apache/Makefile			1.186, 1.187
- pkgsrc/www/apache/buildlink3.mk		1.16
- pkgsrc/www/apache/distinfo			1.52
- pkgsrc/www/apache/module.mk			1.11
- pkgsrc/www/apache/patches/patch-ap		removed

   Module Name:		pkgsrc
   Committed By:	rillig
   Date:		Sun Jul  2 10:43:19 UTC 2006

   Modified Files:
   	pkgsrc/www/apache: Makefile buildlink3.mk module.mk

   Log Message:
   Fixed some easy pkglint warnings.
---
   Module Name:		pkgsrc
   Committed By:	wiz
   Date:		Wed Jul 19 22:45:14 UTC 2006

   Modified Files:
   	pkgsrc/www/apache: Makefile distinfo
   Removed Files:
   	pkgsrc/www/apache/patches: patch-ap

   Log Message:
   Update to 1.3.36:

   Changes with Apache 1.3.36

     *) Reverted SVN rev #396294 due to unwanted regression.
        The new feature introduced in 1.3.35 (Allow usage of the
        "Include" configuration directive within previously "Include"d
        files) has been removed in the meantime.
        (http://svn.apache.org/viewcvs?rev=396294&viewąev)

   Changes with Apache 1.3.35

     *) SECURITY: CVE-2005-3352 (cve.mitre.org)
        mod_imap: Escape untrusted referer header before outputting in HTML
        to avoid potential cross-site scripting.  Change also made to
        ap_escape_html so we escape quotes.  Reported by JPCERT.
        [Mark Cox]

     *) core: Allow usage of the "Include" configuration directive within
        previously "Include"d files. [Colm MacCarthaigh]

     *) HTML-escape the Expect error message.  Not classed as security as
        an attacker has no way to influence the Expect header a victim will
        send to a target site.  Reported by Thiago Zaninotti [Mark Cox]

     *) mod_cgi: Remove block on OPTIONS method so that scripts can
        respond to OPTIONS directly rather than via server default.
        [Roy Fielding] PR 15242


To generate a diff of this commit:
cvs rdiff -r1.185 -r1.185.2.1 pkgsrc/www/apache/Makefile
cvs rdiff -r1.15 -r1.15.2.1 pkgsrc/www/apache/buildlink3.mk
cvs rdiff -r1.51 -r1.51.4.1 pkgsrc/www/apache/distinfo
cvs rdiff -r1.10 -r1.10.10.1 pkgsrc/www/apache/module.mk
cvs rdiff -r1.7 -r0 pkgsrc/www/apache/patches/patch-ap

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.