![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / devel / apr
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.35 / (download) - annotate - [select for diffs], Sun Mar 11 12:17:46 2012 UTC (2 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
HEAD
Changes since 1.34: +4 -6
lines
Diff to previous 1.34 (colored)
Update to 1.4.5
Changelog:
Changes for APR 1.4.5
*) Security: CVE-2011-1928
apr_fnmatch(): Fix high CPU loop. [William Rowe]
*) Fix top_builddir in installed apr_rules.mk. [Bojan Smojver]
Changes for APR 1.4.4
*) Windows: Fix command-line builds. [William Rowe]
Revision 1.33.2.1 / (download) - annotate - [select for diffs], Sun Feb 12 01:36:32 2012 UTC (3 months, 1 week ago) by sbd
Branch: pkgsrc-2011Q4
Changes since 1.33: +3 -1
lines
Diff to previous 1.33 (colored) next main 1.34 (colored)
Pullup ticket #3679 - requested by spz devel/apr security update Revisions pulled up: - devel/apr/Makefile 1.68 - devel/apr/distinfo 1.34 - devel/apr/patches/patch-tables_apr__hash.c 1.1 - devel/apr/patches/patch-test_testhash.c 1.1 --- Module Name: pkgsrc Committed By: spz Date: Sat Feb 11 12:44:09 UTC 2012 Modified Files: pkgsrc/devel/apr: Makefile distinfo Added Files: pkgsrc/devel/apr/patches: patch-tables_apr__hash.c patch-test_testhash.c Log Message: fix CVE-2012-0840 with patches taken from the Apache svn
Revision 1.34 / (download) - annotate - [select for diffs], Sat Feb 11 12:44:09 2012 UTC (3 months, 1 week ago) by spz
Branch: MAIN
Changes since 1.33: +3 -1
lines
Diff to previous 1.33 (colored)
fix CVE-2012-0840 with patches taken from the Apache svn
Revision 1.33 / (download) - annotate - [select for diffs], Sat Nov 19 21:16:22 2011 UTC (6 months ago) by alnsn
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base
Branch point for: pkgsrc-2011Q4
Changes since 1.32: +3 -1
lines
Diff to previous 1.32 (colored)
Add patches from upstream bug #51851. https://issues.apache.org/bugzilla/show_bug.cgi?id=51851
Revision 1.32 / (download) - annotate - [select for diffs], Sun May 22 22:41:00 2011 UTC (12 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.31: +4 -5
lines
Diff to previous 1.31 (colored)
Update "apr" package to version 1.4.5. Change since version 1.4.4: - Security: CVE-2011-1928 apr_fnmatch(): Fix high CPU loop. [William Rowe] - Fix top_builddir in installed apr_rules.mk. [Bojan Smojver] Please note the fix for CVE-2011-1928 was previously already integrated as a patch.
Revision 1.29.4.2 / (download) - annotate - [select for diffs], Sat May 21 09:02:08 2011 UTC (12 months ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.29.4.1: +2 -1
lines
Diff to previous 1.29.4.1 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored)
Pullup ticket #3436 - requested by drochner
devel/apr: security patch
Revisions pulled up:
- devel/apr/Makefile 1.63
- devel/apr/distinfo 1.31
- devel/apr/patches/patch-aa 1.5
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri May 20 09:23:16 UTC 2011
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Added Files:
pkgsrc/devel/apr/patches: patch-aa
Log Message:
add patch from upstream tp fix a regression in the last release
which could cause hangs
bump PKGREV
Revision 1.31 / (download) - annotate - [select for diffs], Fri May 20 09:23:15 2011 UTC (12 months ago) by drochner
Branch: MAIN
Changes since 1.30: +2 -1
lines
Diff to previous 1.30 (colored)
add patch from upstream tp fix a regression in the last release which could cause hangs bump PKGREV
Revision 1.29.4.1 / (download) - annotate - [select for diffs], Sun May 15 09:32:37 2011 UTC (12 months, 1 week ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.29: +4 -4
lines
Diff to previous 1.29 (colored)
Pullup ticket #3427 - requested by tron
devel/apr security update
Revisions pulled up:
- devel/apr/Makefile 1.62
- devel/apr/distinfo 1.30
---
Module Name: pkgsrc
Committed By: tron
Date: Wed May 11 18:07:16 UTC 2011
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update "apr" package to version 1.4.2. Changes since version 1.4.4:
- Reimplement apr_fnmatch() from scratch using a non-recursive
algorithm; now has improved compliance with the fnmatch() spec.
[William Rowe]
- Fix environment-related crash using some non-standard builds on
Windows 7/Server 2008. [Steve Hay <SteveHay planit.com>]
- poll, pollset, pollcb on Windows: Handle calls with no file/socket
descriptors. Bug 49882. [Stefan Ruppert <sr myarm.com>, Jeff Trawick]
- Fix APR_IPV6_V6ONLY issues on Windows related to run-time behavior
on Windows older than Vista and SDK/MinGW levels without IPV6_V6ONLY.
Bug 45321. [Sob <sob hisoftware.cz>]
- Fix address handling when accepting an AF_INET socket from a socket
bound as AF_INET6. Bug 49678. [Joe Orton]
- Fix error return values from apr_sockaddr_info_get() on Windows for
IPv6 builds. [Ivan Zhakov <ivan visualsvn.com>]
- Add new experimental configure option --enable-allocator-uses-mmap to
use mmap instead of malloc in apr_allocator_alloc(). This greatly reduces
memory fragmentation with malloc implementations (e.g. glibc) that
don't handle allocationss of a page-size-multiples in an efficient way.
It also makes apr_allocator_max_free_set() actually have some effect
on such platforms. [Stefan Fritsch]
- configure: Support 64 and 32 bit universal builds for Darwin/
OS X 10.6+. [Jim Jagielski]
- apr_sockaddr_info_get() on AIX: Fix a problem which could set
the port field in the native socket address to 1 when 0 was
specified. Bug 46964. [Jeff Trawick]
- configure: Make definition of apr_ino_t independent of
_FILE_OFFSET_BITS even on platforms where ino_t is 'unsigned int'.
[Stefan Fritsch]
- apr_ring: Workaround for aliasing problem that causes gcc 4.5 to
miscompile some brigade related code. Bug 50190. [Stefan Fritsch]
- apr_file_flush_locked(): Handle short writes. [Stefan Fritsch]
- apr_pollset_create_ex(): Trap errors from pollset providers.
Bug 49094. [Sami Tolvanen <sami.tolvanen mywot.com>]
- apr_pollset_create*(): Fix memory lifetime problem with the wakeup
pipe when the pollset was created with APR_POLLSET_NOCOPY.
[Neil Conway <nrc cs.berkeley.edu>]
- Fix detection of some Linux variants when configure is built with
recent GNU tools. [Eric Covener]
- Avoid a redundant fcntl() call in apr_file_open() where O_CLOEXEC
is supported. Bug 46297. [Joe Orton]
- Improve platform detection by updating config.guess and config.sub.
[Rainer Jung]
Revision 1.30 / (download) - annotate - [select for diffs], Wed May 11 18:07:16 2011 UTC (12 months, 1 week ago) by tron
Branch: MAIN
Changes since 1.29: +4 -4
lines
Diff to previous 1.29 (colored)
Update "apr" package to version 1.4.2. Changes since version 1.4.4: - Reimplement apr_fnmatch() from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch() spec. [William Rowe] - Fix environment-related crash using some non-standard builds on Windows 7/Server 2008. [Steve Hay <SteveHay planit.com>] - poll, pollset, pollcb on Windows: Handle calls with no file/socket descriptors. Bug 49882. [Stefan Ruppert <sr myarm.com>, Jeff Trawick] - Fix APR_IPV6_V6ONLY issues on Windows related to run-time behavior on Windows older than Vista and SDK/MinGW levels without IPV6_V6ONLY. Bug 45321. [Sob <sob hisoftware.cz>] - Fix address handling when accepting an AF_INET socket from a socket bound as AF_INET6. Bug 49678. [Joe Orton] - Fix error return values from apr_sockaddr_info_get() on Windows for IPv6 builds. [Ivan Zhakov <ivan visualsvn.com>] - Add new experimental configure option --enable-allocator-uses-mmap to use mmap instead of malloc in apr_allocator_alloc(). This greatly reduces memory fragmentation with malloc implementations (e.g. glibc) that don't handle allocationss of a page-size-multiples in an efficient way. It also makes apr_allocator_max_free_set() actually have some effect on such platforms. [Stefan Fritsch] - configure: Support 64 and 32 bit universal builds for Darwin/ OS X 10.6+. [Jim Jagielski] - apr_sockaddr_info_get() on AIX: Fix a problem which could set the port field in the native socket address to 1 when 0 was specified. Bug 46964. [Jeff Trawick] - configure: Make definition of apr_ino_t independent of _FILE_OFFSET_BITS even on platforms where ino_t is 'unsigned int'. [Stefan Fritsch] - apr_ring: Workaround for aliasing problem that causes gcc 4.5 to miscompile some brigade related code. Bug 50190. [Stefan Fritsch] - apr_file_flush_locked(): Handle short writes. [Stefan Fritsch] - apr_pollset_create_ex(): Trap errors from pollset providers. Bug 49094. [Sami Tolvanen <sami.tolvanen mywot.com>] - apr_pollset_create*(): Fix memory lifetime problem with the wakeup pipe when the pollset was created with APR_POLLSET_NOCOPY. [Neil Conway <nrc cs.berkeley.edu>] - Fix detection of some Linux variants when configure is built with recent GNU tools. [Eric Covener] - Avoid a redundant fcntl() call in apr_file_open() where O_CLOEXEC is supported. Bug 46297. [Joe Orton] - Improve platform detection by updating config.guess and config.sub. [Rainer Jung]
Revision 1.29 / (download) - annotate - [select for diffs], Mon Nov 1 17:20:03 2010 UTC (18 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4
Branch point for: pkgsrc-2011Q1
Changes since 1.28: +4 -4
lines
Diff to previous 1.28 (colored)
Changes 1.4.2: * Undo a crash-bug introduced in 1.3.9 affecting some applications of the apr hash and table structures, reported to affect Subversion Changes 1.4.1: * Win32: Properly handle the ERROR_DIRECTORY system error code. Changes 1.4.0: * Add apr_global_mutex_lockfile() for retrieving the file, if any, associated with the mutex. Add apr_global_mutex_name() for retrieving the name of the lock mechanism used by the underlying proc mutex. * Add apr_socket_atreadeof to determine whether the receive part of the socket has been closed by the peer. * Make apr_pollset and apr_pollcb implementations using providers. Added apr_pollset_create_ex and apr_pollcb_create_ex that allows choosing non-default providers. * apr_temp_dir_get() now checks the TMPDIR environment variable first, instead of third. * Add apr_file_sync() and apr_file_datasync() calls. * apr_pollset_wakeup() on Windows: Fix core caused by closing the file_socket_pipe with standard file_close. * Introduce apr_hash_do() for iterating over a hash table. * Make sure WIN32 behaves the same as posix for file-backed shared memory by removing the file on cleanup/remove. * Introduce apr_pollset_wakeup() for interrupting the blocking apr_pollset_poll() call. * Add apr_file_link() function.
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Wed Dec 2 23:21:28 2009 UTC (2 years, 5 months ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored) next main 1.28 (colored)
Pullup ticket #2492 - requested by fhajny
apr: security update
Revisions pulled up:
- devel/apr/Makefile 1.60
- devel/apr/distinfo 1.28
---
Module Name: pkgsrc
Committed By: fhajny
Date: Wed Dec 2 11:36:27 UTC 2009
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update to 1.3.9 (security fix).
Changes for APR 1.3.9
*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork
and event MPMs on that platform. PR 47645. [Jeff Trawick]
Revision 1.28 / (download) - annotate - [select for diffs], Wed Dec 2 11:36:27 2009 UTC (2 years, 5 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored)
Update to 1.3.9 (security fix).
Changes for APR 1.3.9
*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork
and event MPMs on that platform. PR 47645. [Jeff Trawick]
Revision 1.25.2.2 / (download) - annotate - [select for diffs], Fri Aug 7 18:44:33 2009 UTC (2 years, 9 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.25.2.1: +4 -4
lines
Diff to previous 1.25.2.1 (colored) to branchpoint 1.25 (colored) next main 1.26 (colored)
Pullup ticket 2856 - requested by gdt
security update
Revisions pulled up:
- pkgsrc/devel/apr/Makefile 1.59
- pkgsrc/devel/apr/distinfo 1.27
Module Name: pkgsrc
Committed By: gdt
Date: Fri Aug 7 14:29:44 UTC 2009
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update to 1.3.8 (security fix).
Changes for APR 1.3.8
*) SECURITY: CVE-2009-2412 (cve.mitre.org)
Fix overflow in pools and rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
*) Make sure that "make check" is used in the RPM spec file, consistent
with apr-util. [Graham Leggett]
*) Pass default environment to testflock, testoc and testpipe children,
so that tests run when APR is compiled with Intel C Compiler.
[Bojan Smojver]
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/devel/apr/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/apr/distinfo
Revision 1.27 / (download) - annotate - [select for diffs], Fri Aug 7 14:29:44 2009 UTC (2 years, 9 months ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.26: +4 -4
lines
Diff to previous 1.26 (colored)
Update to 1.3.8 (security fix).
Changes for APR 1.3.8
*) SECURITY: CVE-2009-2412 (cve.mitre.org)
Fix overflow in pools and rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
*) Make sure that "make check" is used in the RPM spec file, consistent
with apr-util. [Graham Leggett]
*) Pass default environment to testflock, testoc and testpipe children,
so that tests run when APR is compiled with Intel C Compiler.
[Bojan Smojver]
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Fri Aug 7 12:22:17 2009 UTC (2 years, 9 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.25: +4 -4
lines
Diff to previous 1.25 (colored)
Pullup ticket 2854 - requested by tron
security update
Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.14
- pkgsrc/devel/apr-util/Makefile 1.8
- pkgsrc/devel/apr/Makefile 1.58
- pkgsrc/devel/apr/distinfo 1.26
Module Name: pkgsrc
Committed By: schmonz
Date: Fri Jul 24 13:09:32 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile
Log Message:
Configure --without-sqlite2 in case it's unavoidably on the include path.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/apr-util/Makefile
-----
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Aug 4 10:09:35 UTC 2009
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update to apr version 1.3.7, which, other than 1.3.5, is still downloadable.
Changes since 1.3.5:
- On Linux/hppa flock() returns EAGAIN instead of EWOULDBLOCK. This
causes proc mutex failures.
- Set CLOEXEC flags where appropriate. Either use new O_CLOEXEC flag and
associated functions, such as dup3(), accept4(), epoll_create1() etc.,
or simply set CLOEXEC flag using fcntl().
- More elaborate detection for dup3(), accept4() and epoll_create1().
To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 pkgsrc/devel/apr/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/devel/apr/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
-----
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Aug 4 10:13:04 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Upgrade apr-util to version 1.3.8, which, unlike 1.3.7, is still downloadab=
le.
Changes since 1.3.7:
- Use locally scoped variables in PostgreSQL driver to avoid stomping
on return codes.
- Fix race conditions in initialisation of DBD, DBM and DSO.
- Expose DBM libs in apu-1-config by default. To avoid that, use
apu-1-config --avoid-dbm --libs. To get just DBM libs, use
apu-1-config --dbm-libs.
- Make sure --without-ldap works.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apr-util/distinfo
-----
Module Name: pkgsrc
Committed By: tron
Date: Fri Aug 7 10:39:24 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Update "apr-util" package to version 1.3.8. Changes since 1.3.9:
- SECURITY: CVE-2009-2412 (cve.mitre.org)
Fix overflow in rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
- Make sure that "make check" is used in the RPM spec file, so that
the crypto, dbd and dbm tests pass. [Graham Leggett]
- Make sure the mysql version of dbd_mysql_get_entry() respects the
rule that if the column number exceeds the number of columns, we
return NULL. [Graham Leggett]
- Ensure the dbm module is packaged up correctly in the RPM.
[Graham Leggett]
- Clarify the error messages within the dbd tests. [Graham Leggett]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/apr-util/distinfo
Revision 1.26 / (download) - annotate - [select for diffs], Tue Aug 4 10:09:35 2009 UTC (2 years, 9 months ago) by tonnerre
Branch: MAIN
Changes since 1.25: +4 -4
lines
Diff to previous 1.25 (colored)
Update to apr version 1.3.7, which, other than 1.3.5, is still downloadable. Changes since 1.3.5: - On Linux/hppa flock() returns EAGAIN instead of EWOULDBLOCK. This causes proc mutex failures. - Set CLOEXEC flags where appropriate. Either use new O_CLOEXEC flag and associated functions, such as dup3(), accept4(), epoll_create1() etc., or simply set CLOEXEC flag using fcntl(). - More elaborate detection for dup3(), accept4() and epoll_create1().
Revision 1.25 / (download) - annotate - [select for diffs], Mon Jun 8 14:23:10 2009 UTC (2 years, 11 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.24: +4 -4
lines
Diff to previous 1.24 (colored)
Update "apr" package to version 1.3.3. Changes since version 1.3.5: - Dropped kqueue and apr_poll detection from Mac OS/X 10.5/Darwin 9 due to various reported problems. - apr_strerror() on OS/2: Fix problem with calculating buffer size. Bug 45689. - Prefer glibtool1/glibtoolize1. - Fix buildconf with libtool 2.2. - Fix a bug with the APR_DELONCLOSE flag. Child processes were (also) unlinking the file. - Fix compilation error on systems that do not have IPV6. Bug 46601 - apr_socket_sendfile() on Solaris: Fix handling of files truncated after the sender determines the length. (This fixes a busy loop in httpd when a file being served is truncated.) - Fix documentation for apr_temp_dir_get(). Bug 46303 - Add AC_MSG_RESULT after AC_MSG_CHECKING. Bug 46427 - Reset errno to zero in apr_strtoi64 to prevent returning an errno not equal zero in cases where the operation worked fine. - Win32: Do not error out on apr_pollset_poll() when there are no sockets. - Fix apr_tokenize_to_argv parsing. Bug 46128
Revision 1.24 / (download) - annotate - [select for diffs], Sat Sep 6 16:39:25 2008 UTC (3 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.23: +4 -4
lines
Diff to previous 1.23 (colored)
Update to 1.3.3:
Changes for APR 1.3.3
*) Rename apr_pool_create_core to apr_pool_create_unmanaged and
deprecate the old API name. It better reflects the scope and usage
of this function. [Mladen Turk]
*) Use proper return code for fcntl-based apr_proc_mutex_trylock()
on platforms that return EACCES instead of EAGAIN when the lock
is already held (AIX, HP-UX).
[Eric Covener]
*) Fix APR_PID_T_FMT detection on Solaris. PR 45513
[Rainer Jung <rainer.jung kippdata.de>]
Changes for APR 1.3.2
*) Fix getservbyname_r() detection. [Ruediger Pluem]
Changes for APR 1.3.1
*) Fix win32 apr.hw to pick up XP/2003 TCP/IP multicast constants and
revert to IPV6 disabled-by-default (a change present only in 1.3.0).
[William Rowe]
*) Fix autoconf cached detection of atomic builtins. [Jim Jagielski]
*) Use thread safe versions of getservbyname(). [Bojan Smojver]
*) Use thread safe getpass_r on Netware. [Guenter Knauf]
Changes for APR 1.3.0
*) Fix Solaris poll failure. PR 43000
[Henry Jen <henryjen ztune.net>]
*) apr_getservbyname(): Use proper method for converting port
to host byte order. PR 44903.
[Chris Taylor <ctaylor wadeford.plus.com>]
*) Use /dev/urandom in preference to /dev/random as entropy source
for apr_generate_random_bytes. PR 44881. [Bojan Smojver]
*) Implement apr_proc_wait_all_procs for windows.
The implementation uses tool help library present
on Windows 2000 and later. APR_ENOTIMPL is returned
on platforms missing tool help from kernel32.dll.
[Mladen Turk]
*) Introduce apr_pool_pre_cleanup_register() for registering
a cleanup that is called before any subpool is destroyed
within apr_pool_clear or apr_pool_destroy.
This allows to register a cleanup that will notify subpools
about its inevitable destruction.
[Mladen Turk]
*) Introduce apr_pool_create_core_ex() for creation of standalone
pools without parent. This function should be used for short
living pools, usually ones that are created and destroyed
either in a loop or inside function call. Since the pools
created with this function doesn't have a parent they must
be explicitly destroyed when done.
[Mladen Turk]
*) Fix return value when apr_pollset_poll interrupted.
PR 42580 [Basant Kumar Kukreja <basant.kukreja sun.com>]
*) Add missing semi-colon in Win9x code path of apr_file_open that breaks
Win9X Debug builds. PR 44329. [Curt Arnold]
*) z/OS: return standard apr_status_t codes from apr_dso_load()
and apr_dso_sym(). [David Jones <oscaremma gmail.com>]
*) Fix the make test target in the spec file. [Graham Leggett]
*) Fix DSO-related crash on z/OS caused by incorrect memory
allocation. [David Jones <oscaremma gmail.com>]
*) Implement Darwin-semantic (9.0.0 and later) sendfile support.
Use writev in lieu of hdtr vecs since how Darwin counts the
data is undocumented. [Geoff Greer <angryparsley mipsisrisc.com>,
William Rowe, Jim Jagielski]
*) Implemented the APR_FOPEN_SPARSE flag, permits win32 to create
sparse data files. Also bestow apr_fileinfo_t csize field for
Windows versions 2000 and later, which helps in the detection
that a sparse file is truly in use (see test/testlfs.c for an
example, because different filesystems can vary in behavior
even on an OS supporting sparse files). [William Rowe]
*) Corrected for Darwin and others to toggle APR_HAS_LARGE_FILES
where large off_t's are enabled without any extra defines, hints
or additional functions. This is binary compatible, but apps
may need to be recompiled to take full advantage depending on how
they detect this feature. [William Rowe]
*) Implement apr_atomic_casptr() and apr_atomic_xchgptr() for z/OS.
[David Jones <oscaremma gmail.com>]
*) Introduce apr_file_pipe_create_ex() to portably permit one pipe
end or another to be entirely blocking for non-APR applications
(e.g. stdio streams) and the other (or both ends) non blocking,
with a timeout of 0 by default.
[William Rowe]
*) apr_procattr_io_set() on Windows: Set non-blocking pipe handles
to a default timeout of 0, following the Unix default. No effect
on pipe handles configured to block. PR 43522.
[Eric Covener <covener gmail.com>]
*) apr_file_write() on Windows: Fix return code when writing to a non-
blocking pipe would have blocked. PR 43563.
[Eric Covener <covener gmail.com>]
*) Introduce APR_NO_FILE as an option to apr_procattr_io_set() for any
of the three stdio streams to cause the corresponding streams to be
closed to the child process. This becomes effective in 1.3.0 across
platforms (equivilant to APR_NO_PIPE in 1.2.x except on Win32.)
[William Rowe]
*) Solve WinNT inherited pipe leaks by mutexing apr_proc_create calls,
on WinNT (not WinCE, nor 9x) so that we toggle the inherited state
of the stdin/out/err pipes. All other file handles are treated as
not-inherited until apr_file_dup2'ed a std handle of this process,
or while they are used by apr_proc_create. [William Rowe]
*) Define the Mac OS/X filesystem_encoding as utf-8 (in previous
releases the interpretation would vary). [Branko ibej]
*) Add table cloning (deep copy) convenience function.
[Davi Arnaut]
*) Rework the WIN32 CV code to signal the condition only if one or
more threads are blocked on the condition variable. If no threads
are waiting on the condition variable, nothing happens. The change
also eliminates the thundering-herd problem of the manual-reset
event, which (theoretically) wakes up all threads waiting on. Now
the behavior of the CV's should be the same on Unix and win32
platforms. PR 42305. [Davi Arnaut]
*) Define SEM_FAILED if it isn't already defined, as the proc mutex
code already does it. Also search for the sem_open function in
the realtime library. (This fixes HP-UX sem_open detection).
[Davi Arnaut]
*) Define the _HPUX_SOURCE feature test macro to obtain maximum
functionality.
PR 42261. [Davi Arnaut]
*) Stop invoking the testshm* helpers upon 'make test' invocation.
[Kurt Miller <kurt intricatesoftware.com>]
*) Register a cleanup only if APR_FILE_NOCLEANUP was not flagged in
apr_file_mktemp. [Brian J. France <list firehawksystems.com>]
*) Numerous build fixes for non-GCC builds and GCC builds on Win32,
as well as WinCE builds. [Davi Arnaut <davi haxent.com.br>,
Curt Arnold <carnold apache.org>, John Mark Vandenberg,
Kouhei Sutou <kou cozmixng.org>, William Rowe]
*) Discard file buffers when running cleanups for exec.
PR 41119. [Davi Arnaut <davi haxent.com.br>, Bojan Smojver]
*) Improve thread safety of assorted file_io functions.
PR 42400. [Davi Arnaut <davi haxent.com.br>]
*) Add the apr_pollcb API as an alternative more efficient method
of polling sockets, compared to apr_pollset. [Paul Querna]
*) Fix possible crash in apr_pool_initialize() when built with
verbose pool debugging. PR 41063.
[Peter Steiner <peter.steiner+apache hugwi.ch>]
*) Fix --disable-ipv6 build on platforms with getifaddrs().
PR 39199. [Joe Orton]
*) Correctly retrieve 'empty' environment values with apr_env_get
on Win32 (e.g. "VAR="), and added validation to testall suite.
PR 40764. [Issac Goldstand <margol beamartyr.net>]
*) Portably check for EEXIST in mktemp code. PR 40818
[Kenneth Golomb <KGolomb TradeCard.com>]
*) Fix apr_socket_recvfrom() to ensure the peer's address is returned
through the "from" parameter. [Joe Orton]
*) Fix error checking in kqueue, epoll and event port versions of
apr_pollset_create. PR 40660, 40661, 40662
[Larry Cipriani <lvc lucent.com>]
*) Add some documentation on the format matched by apr_fnmatch.
[David Glasser <glasser mit.edu>]
*) Add apr_hash_clear. [Daniel L. Rall <dlr apache.org>]
*) Don't try to build apr_app.c on MinGW.
[Matthias Miller <Blog outofhanwell.com>]
*) Fix the timeout converstion in apr_pollset with the KQueue
backend. [Marco Molteni <mmolteni cisco.com>]
*) Support MinGW. [John Vandenberg, Justin Erenkrantz]
*) Implement apr_thread_yield on Unix in terms of pthread_yield or
sched_yield. [Keisuke Nishida <keisuke.nishida gmail.com>]
*) Provide folding in autogenerated .manifest files for Win32 builders
using VisualStudio 2005 [William Rowe]
*) Utilise Solaris' native atomic_* functions for apr_atomics
where appropriate. [Colm MacCárthaigh]
*) Make apr_socket_recvfrom initialize the port field in the from
sockaddr. PR 39325 [Anthony Minessale <anthmct yahoo.com>]
*) NetBSD: Avoid leaving zombie process when using apr_signal()
to ignore SIGCHLD. PR 36750. [Todd Vierling <tv pobox.com>]
*) Implement support for apr_proc_mutex_trylock() on Unix platforms.
PR 38785. [Chris Darroch <chrisd pearsoncmg.com>]
*) APR_FIND_APR macro now supports customisable detailed checks on
each installed apr. [Justin Erenkrantz, Colm MacCárthaigh]
*) APR_FIND_APR macro no longer checks /usr/local/apache2/
[Colm MacCárthaigh]
*) Add APR_POLLSET_NOCOPY option to apr_pollset API to eliminate
O(n)-time lookup in apr_pollset_remove() (currently implemented
only for epoll). [Brian Pane]
*) Add apr_file_buffer_set() and apr_file_buffer_size_get() functions
to support variable buffer sizes with APR file handles.
[Colm MacCárthaigh]
*) Add apr_file_open_flags_std[err|out|in]() functions.
[Colm MacCárthaigh]
*) stdio: apr_file_open_std[err|out|in]() functions now set the APR_WRITE
or APR_READ flag as appropriate. [Colm MacCárthaigh]
*) multicast: apr_mcast_*() no longer return APR_ENOTIMPL when invoked
for non-UDP/RAW sockets. The caller is expected to ensure that the
socket-type is suitable for multicast. [Colm MacCárthaigh]
*) Add apr_sockaddr_ip_getbuf() function. [Joe Orton]
*) Fix handling of %pI in apr_psprintf. [Joe Orton]
*) Provide APR_VERSION_AT_LEAST() macro for applications which
want to enable features based on a required level of APR.
[Jeff Trawick]
*) jlibtool: Teach to use static libraries with -static.
[Justin Erenkrantz]
*) Fix checks for alloca() support in configure. PR 13037.
[Noah Misch <noah cs.caltech.edu>]
*) Add %pm support to apr_snprintf() for printing the error string
corresponding to an apr_status_t value. [Joe Orton]
*) Add APR_ARRAY_IDX() and APR_ARRAY_PUSH() convenience macros to
apr_tables.h. [Garrett Rooney]
Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 9 22:08:32 2007 UTC (4 years, 5 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
cwrapper
Changes since 1.22: +4 -4
lines
Diff to previous 1.22 (colored)
Updated to 1.2.12. This includes apr_socket_sendfile for OS X 10.5.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Oct 11 09:12:09 2007 UTC (4 years, 7 months ago) by tron
Branch: MAIN
Changes since 1.21: +4 -4
lines
Diff to previous 1.21 (colored)
Update "apr" package to version 1.2.11. Changes since version 1.2.9: - Win32 apr_file_read; Correctly handle completion-based read-to-EOF. - Fixed Win32 regression of stdout inheritance in apr_proc_create. - Solve winNT inherited pipe leaks by mutexing apr_proc_create calls, on WinNT (not WinCE, nor 9x) so that we toggle the inherited state of the stdin/out/err pipes. All other file handles are treated as not-inherited until apr_file_dup2'ed a std handle of this process, or while they are used by apr_proc_create. - Define the Mac OS/X filesystem_encoding as utf-8 (in previous releases the interpretation would vary). - Fix day of year (tm_day) calculation for July. The bug only affects Windows builds. Apache Bug #42953. - Fix LFS detection when building over NFS. The mode must be specified when O_CREAT is in the flags to open(). Apache Bug #42821. - Avoid overwriting the hash_mutex table for applications that incorrectly calls apr_atomic_init(). Apache Bug #42760. - Allow IPv6 connectivity test to fail, avoiding a potentially fatal error. - The MinGW Windows headers effectively redefines WINADVAPI from __stdcall to empty which results in a link failure when wincrypt.h is placed after an include to apr_private.h. Apache Bug #42293. - Define SEM_FAILED if it isn't already defined, as the proc mutex code already does it. Also search for the sem_open function in the realtime library. (This fixes HP-UX sem_open detection). - Define the _HPUX_SOURCE feature test macro to obtain maximum functionality. Fixes broken sendfile with LFS support on HP-UX. Apache Bug #42261.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Sep 5 13:47:36 2007 UTC (4 years, 8 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base,
pkgsrc-2007Q3
Changes since 1.20: +4 -4
lines
Diff to previous 1.20 (colored)
Update to 1.2.9:
*) Stop invoking the testshm* helpers upon 'make test' invocation.
[Kurt Miller <kurt intricatesoftware.com>]
*) Register a cleanup only if APR_FILE_NOCLEANUP was not flagged in
apr_file_mktemp. [Brian J. France <list firehawksystems.com>]
*) Numerous build fixes for non-GCC builds and GCC builds on Win32,
as well as WinCE builds.
*) Discard file buffers when running cleanups for exec.
*) If apr_proc_create() fails to exec in the fork()ed child, call
_exit() not exit() to avoid running atexit()-registered functions
in the child. [Joe Orton]
*) Improve thread safety of assorted file_io functions.
[Davi Arnaut <davi haxent.com.br>]
*) Fix file pointer position calculation in apr_file_writev() on
buffered file. [Davi Arnaut <davi haxent.com.br>]
*) Fix formatting of unsigned integers larger than 2^63 in the
vformatter/apr_*printf.
[Wynn Wilkes <wynn bungeelabs.com>]
*) Fix possible EFAULT failures in apr_socket_sendfile() on 32-bit
Solaris with LFS enabled.
*) Fix deadlock in apr_file_gets() for a file opened with both the
APR_BUFFERED and APR_XTHREAD flags.
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jan 24 19:46:45 2007 UTC (5 years, 3 months ago) by epg
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.19: +4 -13
lines
Diff to previous 1.19 (colored)
devel/apr:
Update to 1.2.8 (formerly in devel/apr1), no longer build from the
httpd distfile.
devel/rapidsvn:
devel/subversion-base:
parallel/ganglia-monitor-core:
security/hydra:
www/apache2:
Use devel/apr0.
www/apache22:
Use devel/apr and devel/apr-util.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Oct 4 21:51:31 2006 UTC (5 years, 7 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Changes since 1.18: +2 -1
lines
Diff to previous 1.18 (colored)
Added a patch to make the tests runnable on NetBSD. Sadly, they seem to reach an endless loop.
Revision 1.17.2.1 / (download) - annotate - [select for diffs], Fri Jul 28 12:52:28 2006 UTC (5 years, 9 months ago) by salo
Branch: pkgsrc-2006Q2
Changes since 1.17: +4 -4
lines
Diff to previous 1.17 (colored) next main 1.18 (colored)
Pullup ticket 1757 - requested by tron
security update for apache2
Revisions pulled up:
- pkgsrc/devel/apr/distinfo 1.18
Updated via patch provided by the submitter.
Module Name: pkgsrc
Committed By: tron
Date: Fri Jul 28 10:38:36 UTC 2006
Modified Files:
pkgsrc/devel/apr: distinfo
pkgsrc/www/apache2: Makefile Makefile.common distinfo options.mk
Log Message:
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package
to version 2.0.59. Changes since *2.0.58:
- SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.
Revision 1.18 / (download) - annotate - [select for diffs], Fri Jul 28 10:38:36 2006 UTC (5 years, 9 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.17: +4 -4
lines
Diff to previous 1.17 (colored)
Update "apr" package to version 0.9.12.2.0.59 and "apache2" package to version 2.0.59. Changes since *2.0.58: - SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee.
Revision 1.17 / (download) - annotate - [select for diffs], Sun May 7 12:35:27 2006 UTC (6 years ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.16: +4 -4
lines
Diff to previous 1.16 (colored)
Update "apr" package to version 0.9.12.2.0.58 and "apache" package
to version 2.0.58. Change since Apache relase 2.0.55:
- Legal: Restored original years in copyright notices.
- mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. Apache#36410.
- core: Prevent read of unitialized memory in ap_rgetline_core.
Apache#39282.
- mod_proxy: Report the proxy server name correctly in the "Via:" header,
when UseCanonicalName is Off. Apache#11971.
- mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
run on Unix.
- HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>.
- SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
Apache#37791.
- SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
- Add APR/APR-Util Compiled and Runtime Version numbers to the
output of 'httpd -V'.
- Ensure that the proper status line is written to the client, fixing
incorrect status lines caused by filters which modify r->status without
resetting r->status_line, such as the built-in byterange filter.
- Default handler: Don't return output filter apr_status_t values.
Apache#31759.
- mod_speling: Stop crashing with certain non-file requests.
- keep the Content-Length header for a HEAD with no response body.
Apache#18757
- Modify apr[util] .h detection to avoid breakage on VPATH builds
using Solaris make (amoung others) and avoid breakage in ./buildconf
when srclib/apr[-util] are symlinks rather than directories proper.
- Avoid server-driven negotiation when a CGI script has emitted an
explicit "Status:" header. Apache#38070.
- mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. Apache#27787.
- mod_cache: Correctly handle responses with a 301 status. Apache#37347.
- mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. Apache#37145.
- Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
- mod_ssl: Correct issue where mod_ssl does not pick up the
ssl-unclean-shutdown setting when configured. Apache#34452.
- Document the ReceiveBufferSize change done in r157583.
- mod_deflate: Merge the Vary header, instead of Setting it. Fixes
applications that send the Vary Header themselves. Apache#37559.
- mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
- mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows.
- Write message to error log if AuthGroupFile cannot be opened.
Apache#37566.
- Add ReceiveBufferSize directive to control the TCP receive buffer.
- mod_cache: Fix 'Vary: *' behavior to be RFC compliant. Apache#16125.
- Remove the base href tag from proxy_ftp, as it breaks relative
links for clients not using an Authorization header.
- http_request.c: Add missing va_end call.
- Add httxt2dbm to support/ for creating RewriteMap DBM Files.
- support/check_forensic: Fix temp file usage
- Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets.
- mod_cgi(d): Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
Apache#15242
- Added new module mod_version, which provides version dependent
configuration containers.
- Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Tue Oct 18 21:21:27 2005 UTC (6 years, 7 months ago) by seb
Branch: pkgsrc-2005Q3
Changes since 1.15: +5 -5
lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
Pullup ticket 838 - requested by Matthias Scheler
sync devel/apr and www/apache2 with HEAD as precautionary/preventive step
Revisions pulled up:
- devel/apr/Makefile 1.37
- devel/apr/distinfo 1.16
- devel/apr/patches/patch-ao 1.3
- www/apache2/Makefile 1.84
- www/apache2/Makefile.common 1.19
- www/apache2/PLIST 1.31
- www/apache2/distinfo 1.43,1.44
- www/apache2/patches/patch-ac 1.6
- www/apache2/patches/patch-ae removed
- www/apache2/patches/patch-af removed
- www/apache2/patches/patch-ah removed
- www/apache2/patches/patch-aj removed
- www/apache2/patches/patch-ao 1.7
Module Name: pkgsrc
Committed By: joerg
Date: Tue Oct 11 20:10:35 UTC 2005
Modified Files:
pkgsrc/www/apache2: distinfo
Added Files:
pkgsrc/www/apache2/patches: patch-ao
Log Message:
Allow mod_ssl to build with OpenSSL 0.9.8. The patch is from
Georg v. Zezschwitz on dev@httpd.apache.org.
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Oct 17 10:28:46 UTC 2005
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
pkgsrc/devel/apr/patches: patch-ao
pkgsrc/www/apache2: Makefile
Log Message:
Update "apr" package to version 0.9.7. Changes since version 0.9.6:
- Fix crash in apr_dir_make_recursive() for relative path
when the working directory has been deleted. [Joe Orton]
- Win32: fix apr_proc_mutex_trylock() to handle WAIT_TIMEOUT,
returning APR_EBUSY. [Ronen Mizrahi <ronen@tversity.com>]
- Fix apr_file_read() to catch write failures when flushing pending
writes for a buffered file. [Joe Orton]
- Fix apr_file_write() infinite loop on write failure for buffered
files. [Erik Huelsmann <ehuels gmail.com>]
- Fix error handling where apr_uid_* and apr_gid_* could segfault
or return APR_SUCCESS in failure cases. Bug 34053. [Joe Orton,
Paul Querna]
- Refactor Win32 condition variables code to address bugs 27654, 34336.
[Henry Jen <henryjen ztune.net>, E Holyat <eholyat yahoo.com>]
- Support APR_SO_SNDBUF and APR_SO_RCVBUF on Windows. Bug 32177.
[Sim <sgobbi datamanagement.it>, Jeff Trawick]
- Fix detection of rwlocks on Mac OS X. [Aaron Bannert]
- Fix issue with poll() followed by net I/O yielding EAGAIN on
Mac OS 10.4 (Darwin 8). [Wilfredo Sanchez]
Update based on patches supplied by Ben Collver. Addresses first part
of PR pkg/31817 by Zafer Aydogan.
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Oct 17 10:37:11 UTC 2005
Modified Files:
pkgsrc/www/apache2: Makefile.common PLIST distinfo
pkgsrc/www/apache2/patches: patch-ac
Removed Files:
pkgsrc/www/apache2/patches: patch-ae patch-af patch-ah patch-aj
Log Message:
Update "apache2" package to version 2.0.55. Changes since version 2.0.54:
- worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances. [Greg Ames]
- mod_ldap: Fix Bug 36563. Keep track of the number of attributes
retrieved from LDAP so that all of the values can be properly
cached even if the value is NULL.
[Brad Nicholes, Ondrej Sury <ondrej sury.org>]
- Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
remains 'TraceEnable on'. [William Rowe]
- Add ap_log_cerror() for logging messages associated with particular
client connections. [Jeff Trawick]
- Correct mod_cgid's argv[0] so that the full path can be delved by the
invoked cgi application, to conform to the behavior of mod_cgi.
[Pradeep Kumar S <pradeep.smani gmail.com>]
- mod_include: Fix possible environment variable corruption when
using nested includes. Bug 12655. [Joe Orton]
- Support the suppress-error-charset setting, as with Apache 1.3.x.
Bug 31274. [Jeff Trawick]
- EBCDIC: Handle chunked input from client or, with proxy, origin
server. [Jeff Trawick]
- Fix bad globbing comparison which could result in getting
a directory listing when a file was requested. Bug 34512.
[sean <infamous41md hotmail.com>]
- Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
was called even if mod_auth_ldap_check_user_id() was not
(or if it didn't succeed) for non-authoritative cases.
[Jim Jagielski]
- mod_proxy: Fix over-eager handling of '%' for reverse proxies.
Bug 15207. [Jim Jagielski]
- mod_ldap: Fix various shared memory cache handling bugs.
Bug 34209. [Joe Orton]
- Fix a file descriptor leak when starting piped loggers. Bug 33748.
[Joe Orton]
- mod_ldap: Avoid segfaults when opening connections if using a version
of OpenLDAP older than 2.2.21. Bug 34618. [Brad Nicholes]
- mod_ssl: Fix build with OpenSSL 0.9.8. Bug 35757. [William Rowe]
- proxy HTTP: If a response contains both Transfer-Encoding and a
Content-Length, remove the Content-Length and don't reuse the
connection, mitigating some HTTP Response Splitting attacks.
[Jeff Trawick]
- Prevent hangs of child processes when writing to piped loggers at
the time of graceful restart. Bug 26467. [Jeff Trawick]
- SECURITY: CAN-2005-1268 (cve.mitre.org)
mod_ssl: Fix off-by-one overflow whilst printing CRL information
at "LogLevel debug" which could be triggered if configured
to use a "malicious" CRL. Bug 35081. [Marc Stern <mstern csc.com>]
- mod_userdir: Fix possible memory corruption issue. Bug 34588.
[David Leonard <dleonard vintela.com>]
- worker mpm: don't take down the whole server for a transient
thread creation failure. Bug 34514 [Greg Ames]
- mod_rewrite: use buffered I/O to improve performance with large
RewriteMap txt: files. [Greg Ames]
- proxy HTTP: Rework the handling of request bodies to handle
chunked input and input filters which modify content length, and
avoid spooling arbitrary-sized request bodies in memory.
Bug 15859. [Jeff Trawick]
Patches supplied by Ben Collver. Addresses PR pkg/31817 by Zafer Aydogan.
Revision 1.16 / (download) - annotate - [select for diffs], Mon Oct 17 10:28:46 2005 UTC (6 years, 7 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.15: +5 -5
lines
Diff to previous 1.15 (colored)
Update "apr" package to version 0.9.7. Changes since version 0.9.6: - Fix crash in apr_dir_make_recursive() for relative path when the working directory has been deleted. [Joe Orton] - Win32: fix apr_proc_mutex_trylock() to handle WAIT_TIMEOUT, returning APR_EBUSY. [Ronen Mizrahi <ronen@tversity.com>] - Fix apr_file_read() to catch write failures when flushing pending writes for a buffered file. [Joe Orton] - Fix apr_file_write() infinite loop on write failure for buffered files. [Erik Huelsmann <ehuels gmail.com>] - Fix error handling where apr_uid_* and apr_gid_* could segfault or return APR_SUCCESS in failure cases. PR 34053. [Joe Orton, Paul Querna] - Refactor Win32 condition variables code to address bugs 27654, 34336. [Henry Jen <henryjen ztune.net>, E Holyat <eholyat yahoo.com>] - Support APR_SO_SNDBUF and APR_SO_RCVBUF on Windows. PR 32177. [Sim <sgobbi datamanagement.it>, Jeff Trawick] - Fix detection of rwlocks on Mac OS X. [Aaron Bannert] - Fix issue with poll() followed by net I/O yielding EAGAIN on Mac OS 10.4 (Darwin 8). [Wilfredo Sanchez] Update based on patches supplied by Ben Collver. Addresses first part of PR pkg/31817 by Zafer Aydogan.
Revision 1.15 / (download) - annotate - [select for diffs], Wed Sep 21 00:01:01 2005 UTC (6 years, 8 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Extend the Darwin avoid_zombies() signal hack to NetBSD, which needs explicit waits as well. Eliminates the CGI zombie problem on NetBSD 2.0+ using the "worker" MPM in Apache 2.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Sep 7 11:39:55 2005 UTC (6 years, 8 months ago) by reed
Branch: MAIN
Changes since 1.13: +4 -1
lines
Diff to previous 1.13 (colored)
Add support for DragonFly from Joerg Sonnenberger. Okayed by tron.
Revision 1.13 / (download) - annotate - [select for diffs], Mon Apr 25 09:13:02 2005 UTC (7 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.12: +6 -6
lines
Diff to previous 1.12 (colored)
Changes 2.0.54:
*) mod_cache: Add CacheIgnoreHeaders directive.
*) mod_ldap: Added the directive LDAPConnectionTimeout to configure
the ldap socket connection timeout value.
*) Correctly export all mod_dav public functions.
*) Add a build script to create a solaris package.
*) worker MPM: Fix a problem which could cause httpd processes to
remain active after shutdown.
*) Unix MPMs: Shut down the server more quickly when child processes are
slow to exit.
*) Remove formatting characters from ap_log_error() calls. These
were escaped as fallout from CAN-2003-0020.
*) mod_ssl: If SSLUsername is used, set r->user earlier.
*) htdigest: Fix permissions of created files.
*) core_input_filter: Move buckets to a persistent brigade instead of
creating a new brigade. This stop a memory leak when proxying a
Streaming Media Server.
*) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
hiccups from additional path information passed in non-utf-8 format.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Feb 23 22:24:09 2005 UTC (7 years, 3 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Add RMD160 digests.
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Thu Feb 10 15:22:24 2005 UTC (7 years, 3 months ago) by salo
Branch: pkgsrc-2004Q4
Changes since 1.10: +3 -3
lines
Diff to previous 1.10 (colored) next main 1.11 (colored)
Pullup ticket 277 - requested by Matthias Scheler
security fix for apache2
Revisions pulled up:
- pkgsrc/devel/apr/Makefile 1.31
- pkgsrc/devel/apr/distinfo 1.11
- pkgsrc/www/apache2/Makefile 1.66 (merged by hand)
- pkgsrc/www/apache2/Makefile.common 1.13
- pkgsrc/www/apache2/PLIST 1.27
- pkgsrc/www/apache2/distinfo 1.36 (merged by hand)
- pkgsrc/www/apache2/patches/patch-aa 1.14
- pkgsrc/www/apache2/patches/patch-as removed
- pkgsrc/www/apache2/patches/patch-at removed
Module Name: pkgsrc
Committed By: tron
Date: Wed Feb 9 14:52:12 UTC 2005
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update "apr" package to version 0.9.6.2.0.53. Changes since
version 0.9.5.2.0.52:
- Add apr_threadattr_stacksize_set() for overriding the default
stack size for threads created by apr_thread_create().
- Add an RPM spec file.
- Add a build script to create a solaris package.
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Feb 9 14:57:52 UTC 2005
Modified Files:
pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
pkgsrc/www/apache2/patches: patch-aa
Removed Files:
pkgsrc/www/apache2/patches: patch-as patch-at
Log Message:
Update "apache2" package to version 2.0.53. Changes since version 2.0.52:
- Fix --with-apr=/usr and/or --with-apr-util=/usr. Bug report 29740.
[Max Bowsher <maxb ukf.net>]
- mod_proxy: Fix ProxyRemoteMatch directive. Bug report 33170.
[Rici Lake <rici ricilake.net>]
- mod_proxy: Respect errors reported by pre_connection hooks.
[Jeff Trawick]
- --with-module can now take more than one module to be statically
linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
If the <modtype>-subdirectory doesn't exist it will be created and
populated with a standard Makefile.in. [Erik Abele]
- Fix the RPM spec file so that an RPM build now works. An RPM
build now requires system installations of APR and APR-util.
Remove some arbitrary moving around of binaries - the RPM now
maps to the ASF build of httpd.
[Graham Leggett]
- mod_dumpio, an I/O logging/dumping module, added to the
modules/expermimental subdirectory. [Jim Jagielski]
- mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
library handles special characters. Bug report 24437.
[Jess Holle]
- Win32 MPM: Correct typo in debugging output. [William Rowe]
- conf: Remove AddDefaultCharset from the default configuration because
setting a site-wide default does more harm than good.
Bug report 23421. [Roy Fielding]
- Add charset to example CGI scripts. [Roy Fielding]
- mod_ssl: fail quickly if SSL connection is aborted rather than
making many doomed ap_pass_brigade calls.
Bug report 32699. [Joe Orton]
- Remove compiled-in upper limit on LimitRequestFieldSize.
[Bill Stoddard]
- Start keeping track of time-taken-to-process-request again for
mod_status if ExtendedStatus is enabled. [Jim Jagielski]
- mod_proxy: Handle client-aborted connections correctly.
Bug report 32443. [Janne Hietamäki, Joe Orton]
- Fix handling of files >2Gb on all platforms (or builds) where
apr_off_t is larger than apr_size_t.
Bug report 28898. [Joe Orton]
- mod_include: Fix bug which could truncate variable expansions
of N*64 characters by one byte. Bug report 32985. [Joe Orton]
- Correct handling of certain bucket types in ap_save_brigade, fixing
possible segfaults in mod_cgi with #include virtual.
Bug report 31247. [Joe Orton]
- Allow for the use of --with-module=foo:bar where the ./modules/foo
directory is local only. Assumes, of course, that the required
files are in ./modules/foo, but makes it easier to statically
build/log "external" modules. [Jim Jagielski]
- Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
ldap authorization only modules have access to the util_ldap
user cache without having to require ldap authentication as well.
Bug report 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
- mod_auth_ldap: Added the directive "Requires ldap-attribute" that
allows the module to only authorize a user if the attribute value
specified matches the value of the user object. Bug report 31913
[Ryan Morgan <rmorgan pobox.com>]
- SECURITY: CAN-2004-0942 (cve.mitre.org)
Fix for memory consumption DoS in handling of MIME folded request
headers. [Joe Orton]
- SECURITY: CAN-2004-0885 (cve.mitre.org)
mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
bypassed during an SSL renegotiation. Bug report 31505.
[Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
- mod_ssl: Fail at startup rather than segfault at runtime if a
client cert is configured with an encrypted private key.
Bug report 24030. [Joe Orton]
- apxs: fix handling of -Wc/-Wl and "-o mod_foo.so".
Bug report 31448 [Joe Orton]
- mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
[Jeff Trawick]
- mod_cache: CacheDisable will only disable the URLs it was meant to
disable, not all caching. Bug report 31128.
[Edward Rudd <eddie omegaware.com>, Paul Querna]
- mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
cache responses. [Justin Erenkrantz]
- mod_rewrite: Handle per-location rules when r->filename is unset.
Previously this would segfault or simply not match as expected,
depending on the platform. [Jeff Trawick]
- mod_rewrite: Fix 0 bytes write into random memory position.
Bug report 31036. [André Malo]
- mod_disk_cache: Do not store aborted content. Bug report 21492.
[Rüdiger Plüm <r.pluem t-online.de>]
- mod_disk_cache: Correctly store cached content type.
Bug report 30278.
[Rüdiger Plüm <r.pluem t-online.de>]
- mod_ldap: prevent the possiblity of an infinite loop in the LDAP
statistics display. Bug report 29216. [Graham Leggett]
- mod_ldap: fix a bogus error message to tell the user which file
is causing a potential problem with the LDAP shared memory cache.
Bug report 31431 [Graham Leggett]
- mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
- Fix the re-linking issue when purging elements from the LDAP cache
Bug report 24801. [Jess Holle <jessh ptc.com>]
- mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
- Fix Expires handling in mod_cache. [Justin Erenkrantz]
- Alter mod_expires to run at a different filter priority to allow
proper Expires storage by mod_cache. [Justin Erenkrantz]
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 9 14:52:12 2005 UTC (7 years, 3 months ago) by tron
Branch: MAIN
Changes since 1.10: +3 -3
lines
Diff to previous 1.10 (colored)
Update "apr" package to version 0.9.6.2.0.53. Changes since version 0.9.5.2.0.52: - Add apr_threadattr_stacksize_set() for overriding the default stack size for threads created by apr_thread_create(). - Add an RPM spec file. - Add a build script to create a solaris package.
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Fri Nov 26 19:59:05 2004 UTC (7 years, 5 months ago) by snj
Branch: pkgsrc-2004Q3
Changes since 1.9: +3 -3
lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
Pullup ticket 119 - requested by Jeremy C. Reed
security fix for apache2
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 2 15:47:03 UTC 2004
Modified Files:
pkgsrc/devel/apr: distinfo
pkgsrc/www/apache2: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/www/apache2/patches: patch-ab
Log Message:
Update apache to apache-2.0.52.
Also added comment to www/apache2/Makefile.common to remind to
update checksum in devel/apr also.
No actual devel/apr changes seen.
Also removed www/apache2/patches/patch-ab because it is identical to
fix for security in new version.
Changes with Apache 2.0.52
*) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
*) Fix the global mutex crash when the global mutex is never allocated
due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
*) Fix a segfault in the LDAP cache when it is configured switched
off. [Jess Holle <jessh ptc.com>]
*) SECURITY: CAN-2004-0811 (cve.mitre.org)
Fix merging of the Satisfy directive, which was applied to
the surrounding context and could allow access despite configured
authentication. PR 31315. [Rici Lake <rici ricilake.net>]
*) Fix the handling of URIs containing %2F when AllowEncodedSlashes
is enabled. Previously, such urls would still be rejected.
[Jeff Trawick, Bill Stoddard]
*) mod_mem_cache: Fixed race condition causing segfault because of memory being
freed twice, or reused after being freed.
[J. Clar, W. Stoddard, G. Ames]
*) Add -l option to rotatelogs to let it use local time rather than
UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
*) mod_log_config: Fix a bug which prevented request completion time
from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
processing. PR 29696. [Alois Treindl <alois astro.ch>]
---
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 2 16:38:38 UTC 2004
Modified Files:
pkgsrc/www/apache2: Makefile PLIST
Log Message:
Sort the share/httpd/manual entries in the PLIST.
Added 35 share/httpd/manual entries to PLIST. Most are .ko.euc-kr,
.ko, ja.euc-jp, and .ja files.
I don't know when these were added.
Bump PKGREVISION because now package has several more files.
Revision 1.10 / (download) - annotate - [select for diffs], Sat Oct 2 15:47:02 2004 UTC (7 years, 7 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base
Branch point for: pkgsrc-2004Q4
Changes since 1.9: +3 -3
lines
Diff to previous 1.9 (colored)
Update apache to apache-2.0.52.
Also added comment to www/apache2/Makefile.common to remind to
update checksum in devel/apr also.
No actual devel/apr changes seen.
Also removed www/apache2/patches/patch-ab because it is identical to
fix for security in new version.
Changes with Apache 2.0.52
*) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
*) Fix the global mutex crash when the global mutex is never allocated
due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
*) Fix a segfault in the LDAP cache when it is configured switched
off. [Jess Holle <jessh ptc.com>]
*) SECURITY: CAN-2004-0811 (cve.mitre.org)
Fix merging of the Satisfy directive, which was applied to
the surrounding context and could allow access despite configured
authentication. PR 31315. [Rici Lake <rici ricilake.net>]
*) Fix the handling of URIs containing %2F when AllowEncodedSlashes
is enabled. Previously, such urls would still be rejected.
[Jeff Trawick, Bill Stoddard]
*) mod_mem_cache: Fixed race condition causing segfault because of memory being
freed twice, or reused after being freed.
[J. Clar, W. Stoddard, G. Ames]
*) Add -l option to rotatelogs to let it use local time rather than
UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
*) mod_log_config: Fix a bug which prevented request completion time
from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
processing. PR 29696. [Alois Treindl <alois astro.ch>]
Revision 1.9 / (download) - annotate - [select for diffs], Mon Sep 20 17:13:06 2004 UTC (7 years, 8 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base
Branch point for: pkgsrc-2004Q3
Changes since 1.8: +3 -5
lines
Diff to previous 1.8 (colored)
- Update apr to 2.0.51 - Fix permissions on installed .h files - ok'ed snj@, wiz@ - Thanks to epg@ for final check This version of Apache is principally a bug fix release. Of particular note is that 2.0.51 addresses five security vulnerabilities: An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy. [CAN-2004-0786] A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file. [CAN-2004-0747] A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. [CAN-2004-0751] A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort. [CAN-2004-0748] A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request. [CAN-2004-0809] For further details, see http://www.apache.org/dist/httpd/Announcement2.html and http://apache.rmplc.co.uk/httpd/CHANGES_2.0.
Revision 1.7.4.1 / (download) - annotate - [select for diffs], Wed Jul 14 12:39:00 2004 UTC (7 years, 10 months ago) by agc
Branch: pkgsrc-2004Q2
Changes since 1.7: +3 -3
lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Pullup ticket 57 to the pkgsrc-2004Q2 branch, requested by Grant Beattie. Security and other bug fixes for apache2. Module Name: pkgsrc Committed By: adrianp Date: Wed Jul 14 08:28:51 UTC 2004 Modified Files: pkgsrc/www/apache2: Makefile Makefile.common PLIST buildlink3.mk distinfo pkgsrc/www/apache2/patches: patch-aa Added Files: pkgsrc/www/apache2: PLIST.deffiles Removed Files: pkgsrc/www/apache2/patches: patch-as Log Message: - Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES and Module Name: pkgsrc Committed By: adrianp Date: Wed Jul 14 08:31:12 UTC 2004 Modified Files: pkgsrc/devel/apr: buildlink3.mk distinfo Log Message: - Update to apache 2.0.50 - Add new build def APACHE_DEFAULT_FILES
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jul 14 08:31:12 2004 UTC (7 years, 10 months ago) by adrianp
Branch: MAIN
Changes since 1.7: +3 -3
lines
Diff to previous 1.7 (colored)
- Update to apache 2.0.50
- Add new build def APACHE_DEFAULT_FILES
Changes with Apache 2.0.50
*) SECURITY: CAN-2004-0493 (cve.mitre.org)
Close a denial of service vulnerability identified by Georgi
Guninski which could lead to memory exhaustion with certain
input data. [Jeff Trawick]
*) mod_cgi: Handle output on stderr during script execution on Unix
platforms; preventing deadlock when stderr output fills pipe buffer.
Also fixes case where stderr from nph- scripts could be lost.
PR 22030, 18348. [Joe Orton, Jeff Trawick]
*) mod_alias now emits a warning if it detects overlapping *Alias*
directives. [André Malo]
*) mod_rewrite no longer turns forward proxy requests into reverse proxy
requests. PR 28125 [ast domdv.de, André Malo]
*) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
exported on Win32 and Netware as well (minor MMN bump). PR 28523.
[Edward Rudd <eddie omegaware.com>, André Malo]
*) Restore the ability to disable the use of AcceptEx on Win9x systems
automatically (broken in 2.0.49). PR 28529. [André Malo]
*) <VirtualHost myhost> now applies to all IP addresses for myhost
instead of just the first one reported by the resolver. This
corrects a regression since 1.3. [Jeff Trawick]
*) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
against ServerRoot PR#26602 [Brad Nicholes]
*) SECURITY: CAN-2004-0488 (cve.mitre.org)
mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
(trusted) client certificate subject DN which exceeds 6K in length.
[Joe Orton]
*) mod_dav_fs: Fix MKCOL response for missing parent collections, which
caused issues for the Eclipse WebDAV extension.
PR 29034. [Joe Orton]
*) mod_deflate: Fix memory consumption (which was proportional to the
response size). PR 29318. [Joe Orton]
*) mod_ssl: Log the errors returned on failure to load or initialize
a crypto accelerator engine. [Joe Orton]
*) Allow RequestHeader directives to be conditional. PR 27951.
[Vincent Deffontaines <vincent gryzor.com>, André Malo]
*) Allow LimitRequestBody to be reset to unlimited. PR 29106
[André Malo]
*) Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects: mod_setenvif, mod_usertrack,
mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
*) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
*) Remove 2Gb log file size restriction on some 32-bit platforms.
PR 13511. [Joe Orton]
*) mod_logio no longer removes the EOS bucket. PR 27928.
[Bojan Smojver <bojan rexursive.com>]
*) htpasswd no longer refuses to process files that contain empty
lines. [André Malo]
*) Regression from 1.3: At startup, suexec now will be checked for
availability, the setuid bit and user root. The works only if
httpd is compiled with the shipped APR version (0.9.5).
PR 28287. [André Malo]
*) Unix MPMs: Stop dropping connections when the file descriptor
is at least FD_SETSIZE. [Jeff Trawick]
*) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
*) mod_isapi: send_response_header() failed to copy status string's
last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
*) Fix a segfault when requests for shared memory fails and returns
NULL. Fix a segfault caused by a lack of bounds checking on the
cache. PR 24801. [Graham Leggett]
*) Throw an error message if an attempt is made to use the LDAPTrustedCA
or LDAPTrustedCAType directives in a VirtualHost. PR 26390
[Brad Nicholes]
*) Fix a potential segfault if the bind password in the LDAP cache
is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
*) Quotes cannot be used around require group and require dn
directives, update the documentation to reflect this. Also add
quotes around the dn and group within debug messages, to make it
more obvious why authentication is failing if quotes are used in
error. PR 19304. [Graham Leggett]
*) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
from escaping filters twice when the backslash character is used.
PR 24437. [Jess Holle <jessh ptc.com>]
*) Overhaul handling of LDAP error conditions, so that the util_ldap_*
functions leave the connections in a sane state after errors have
occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
27271 [Graham Leggett]
*) mod_ldap calls ldap_simple_bind_s() to validate the user
credentials. If the bind fails, the connection is left
in an unbound state. Make sure that the ldap connection
record is updated to show that the connection is no longer
bound. [Brad Nicholes]
*) Ensure that lines in the request which are too long are
properly terminated before logging.
[Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
*) Update the bind credentials for the cached LDAP connection to
reflect the last bind. This prevents util_ldap from creating
unnecessary connections rather than reusing cached connections.
[Brad Nicholes]
*) mod_isapi: GetServerVariable returned improperly terminated header
fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
[Jesse Pelton <jsp pkc.com>]
*) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
size. PR 20617. [Jesse Pelton <jsp pkc.com>]
*) mod_dav: Fix a problem that could cause crashes when manipulating
locks on some platforms. [Jeff Trawick]
*) mod_headers no longer crashes if an empty header value should
be added. [André Malo]
*) Fix segfault in mod_expires, which occured under certain
circumstances. PR 28047. [André Malo]
*) htpasswd: use apr_temp_dir_get() and general cleanup
[Guenter Knauf <eflash gmx.net>, Thom May]
*) mod_ssl: Fix memory leak in session cache handling. PR 26562
[Madhusudan Mathihalli]
*) mod_ssl: Fix potential segfaults when performing SSL shutdown from
a pool cleanup. PR 27945. [Joe Orton]
*) Add forensic logging module (mod_log_forensic).
[Ben Laurie]
*) logresolve: Allow size of log line buffer to be overridden at
build time (MAXLINE). PR 27793. [Jeff Trawick]
*) Fix the comment delimiter in htdbm so that it correctly parses the
username comment. Also add a terminate function to allow NetWare
to pause the output before the screen is destroyed.
[Guenter Knauf <eflash gmx.net>, Brad Nicholes]
*) Fix crash when Apache was started with no Listen directives.
[Michael Corcoran <mcorcoran warpsolutions.com>]
*) core_output_filter: Fix bug that could result in sending
garbage over the network when module handlers construct
bucket brigades containing multiple file buckets all referencing
the same open file descriptor. [Bojan Smojver]
*) Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
[Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
*) Win32: Tweak worker thread accounting routines to eliminate
server hang when number of Listen directives in httpd.conf
is greater than or equal to the setting of ThreadsPerChild.
[Bill Stoddard]
Revision 1.7 / (download) - annotate - [select for diffs], Mon Mar 22 19:50:16 2004 UTC (8 years, 2 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Branch point for: pkgsrc-2004Q2
Changes since 1.6: +3 -3
lines
Diff to previous 1.6 (colored)
Update apache2 to 2.0.49. This includes various changes since last release
including:
*) SECURITY: CAN-2004-0174 (cve.mitre.org)
Fix starvation issue on listening sockets where a short-lived
connection on a rarely-accessed listening socket will cause a
child to hold the accept mutex and block out new connections until
another connection arrives on that rarely-accessed listening socket.
With Apache 2.x there is no performance concern about enabling the
logic for platforms which don't need it, so it is enabled everywhere
except for Win32. [Jeff Trawick]
*) SECURITY: CAN-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
PR 27106. [Joe Orton]
*) SECURITY: CAN-2003-0020 (cve.mitre.org)
Escape arbitrary data before writing into the errorlog. Unescaped
errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr<E9> Malo]
Complete changelog is at http://www.apache.org/dist/httpd/CHANGES_2.0
Package changes include:
buildlink depends increased for apache2 (but not for apr).
apr package version changes, but APR_VERSION stays same.
more files installed and added to PLIST.
share/httpd/manual/search/manual-index.cgi removed from PLIST.
Also removing share/httpd/htdocs and share/httpd directories
removed from PLIST because already handled by MAKE_DIRS.
(I think this should use OWN_DIRS.)
(jlam@ said he would like this update done during freeze.)
Revision 1.6 / (download) - annotate - [select for diffs], Tue Oct 28 21:12:11 2003 UTC (8 years, 6 months ago) by mason
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.5: +3 -3
lines
Diff to previous 1.5 (colored)
Update checksums to account for Apache 2.0.48, so this will build.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jul 9 08:09:04 2003 UTC (8 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
upgrade to apache-2.0.47/apr-0.9.4.2.0.47.
Changes with Apache 2.0.47
*) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
of per-directory renegotiations and the SSLCipherSuite directive
being used to upgrade from a weak ciphersuite to a strong one
could result in the weak ciphersuite being used in place of the
strong one. [Ben Laurie]
*) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
temporary denial of service when accept() on a rarely accessed port
returns certain errors. Reported by Saheed Akhtar
<S.Akhtar@talis.com>. [Jeff Trawick]
*) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
of service when target host is IPv6 but proxy server can't create
IPv6 socket. Fixed by the reporter. [Yoshioka Tsuneo
<tsuneo.yoshioka@f-secure.com>]
*) SECURITY [VU#379828] Prevent the server from crashing when entering
infinite loops. The new LimitInternalRecursion directive configures
limits of subsequent internal redirects and nested subrequests, after
which the request will be aborted. PR 19753 (and probably others).
[William Rowe, Jeff Trawick, André Malo]
*) core_output_filter: don't split the brigade after a FLUSH bucket if
it's the last bucket. This prevents creating unneccessary empty
brigades which may not be destroyed until the end of a keepalive
connection.
[Juan Rivera <Juan.Rivera@citrix.com>]
*) Add support for "streamy" PROPFIND responses.
[Ben Collins-Sussman <sussman@collab.net>]
*) mod_cgid: Eliminate a double-close of a socket. This resolves
various operational problems in a threaded MPM, since on the
second attempt to close the socket, the same descriptor was
often already in use by another thread for another purpose.
[Jeff Trawick]
*) mod_negotiation: Introduce "prefer-language" environment variable,
which allows to influence the negotiation process on request basis
to prefer a certain language. [André Malo]
*) Make mod_expires' ExpiresByType work properly, including for
dynamically-generated documents. [Ken Coar, Bill Stoddard]
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jun 6 10:49:59 2003 UTC (8 years, 11 months ago) by jmmv
Branch: MAIN
Changes since 1.3: +3 -3
lines
Diff to previous 1.3 (colored)
Avoid hardcoding /usr/pkg in the configuration layouts (using the value from
the ${PREFIX} variable).
Revision 1.3 / (download) - annotate - [select for diffs], Fri May 30 10:14:21 2003 UTC (8 years, 11 months ago) by epg
Branch: MAIN
Changes since 1.2: +3 -1
lines
Diff to previous 1.2 (colored)
Fix apr-config and apu-config scripts when run from
${BUILDLINK_DIR}/bin. This may help fix ap2-perl, but won't help
ap2-php4.
Revision 1.2 / (download) - annotate - [select for diffs], Thu May 29 01:02:28 2003 UTC (8 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.1: +3 -4
lines
Diff to previous 1.1 (colored)
upgrade to apache 2.0.46. fixes two vulnerabilities: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0189
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun May 25 08:55:19 2003 UTC (9 years ago) by epg
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
import apr-0.9.1.2.0.45 This package contains apr and apr-util from the latest Apache2 distribution (currently httpd-2.0.45). It is currently (er, currently in a few minutes) shared between the Apache2 and Subversion packages.
Revision 1.1 / (download) - annotate - [select for diffs], Sun May 25 08:55:19 2003 UTC (9 years ago) by epg
Branch: MAIN
Initial revision