head 1.9; access; symbols pkgsrc-2014Q1:1.8.0.80 pkgsrc-2014Q1-base:1.8 pkgsrc-2013Q4:1.8.0.78 pkgsrc-2013Q4-base:1.8 pkgsrc-2013Q3:1.8.0.76 pkgsrc-2013Q3-base:1.8 pkgsrc-2013Q2:1.8.0.74 pkgsrc-2013Q2-base:1.8 pkgsrc-2013Q1:1.8.0.72 pkgsrc-2013Q1-base:1.8 pkgsrc-2012Q4:1.8.0.70 pkgsrc-2012Q4-base:1.8 pkgsrc-2012Q3:1.8.0.68 pkgsrc-2012Q3-base:1.8 pkgsrc-2012Q2:1.8.0.66 pkgsrc-2012Q2-base:1.8 pkgsrc-2012Q1:1.8.0.64 pkgsrc-2012Q1-base:1.8 pkgsrc-2011Q4:1.8.0.62 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q3:1.8.0.60 pkgsrc-2011Q3-base:1.8 pkgsrc-2011Q2:1.8.0.58 pkgsrc-2011Q2-base:1.8 pkgsrc-2011Q1:1.8.0.56 pkgsrc-2011Q1-base:1.8 pkgsrc-2010Q4:1.8.0.54 pkgsrc-2010Q4-base:1.8 pkgsrc-2010Q3:1.8.0.52 pkgsrc-2010Q3-base:1.8 pkgsrc-2010Q2:1.8.0.50 pkgsrc-2010Q2-base:1.8 pkgsrc-2010Q1:1.8.0.48 pkgsrc-2010Q1-base:1.8 pkgsrc-2009Q4:1.8.0.46 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.8.0.44 pkgsrc-2009Q3-base:1.8 pkgsrc-2009Q2:1.8.0.42 pkgsrc-2009Q2-base:1.8 pkgsrc-2009Q1:1.8.0.40 pkgsrc-2009Q1-base:1.8 pkgsrc-2008Q4:1.8.0.38 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.36 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.34 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.32 pkgsrc-2008Q2-base:1.8 cwrapper:1.8.0.30 pkgsrc-2008Q1:1.8.0.28 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.26 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.24 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.22 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.20 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.8.0.18 pkgsrc-2006Q4-base:1.8 pkgsrc-2006Q3:1.8.0.16 pkgsrc-2006Q3-base:1.8 pkgsrc-2006Q2:1.8.0.14 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.8.0.12 pkgsrc-2006Q1-base:1.8 pkgsrc-2005Q4:1.8.0.10 pkgsrc-2005Q4-base:1.8 pkgsrc-2005Q3:1.8.0.8 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.8.0.6 pkgsrc-2005Q2-base:1.8 pkgsrc-2005Q1:1.8.0.4 pkgsrc-2005Q1-base:1.8 pkgsrc-2004Q4:1.8.0.2 pkgsrc-2004Q4-base:1.8 pkgsrc-2004Q3:1.7.0.16 pkgsrc-2004Q3-base:1.7 pkgsrc-2004Q2:1.7.0.14 pkgsrc-2004Q2-base:1.7 pkgsrc-2004Q1:1.7.0.12 pkgsrc-2004Q1-base:1.7 pkgsrc-2003Q4:1.7.0.10 pkgsrc-2003Q4-base:1.7 netbsd-1-6-1:1.7.0.6 netbsd-1-6-1-base:1.7 netbsd-1-6:1.7.0.8 netbsd-1-6-RELEASE-base:1.7 pkgviews:1.7.0.4 pkgviews-base:1.7 buildlink2:1.7.0.2 buildlink2-base:1.7 netbsd-1-5-PATCH003:1.7 netbsd-1-5-PATCH001:1.6 netbsd-1-5-RELEASE:1.4 netbsd-1-4-PATCH003:1.4; locks; strict; comment @# @; 1.9 date 2014.06.10.15.22.18; author joerg; state dead; branches; next 1.8; commitid djgMkPoOrhNxnZDx; 1.8 date 2004.10.29.13.48.31; author abs; state Exp; branches; next 1.7; 1.7 date 2001.06.09.06.36.43; author jlam; state Exp; branches 1.7.16.1; next 1.6; 1.6 date 2001.02.03.20.53.10; author jlam; state Exp; branches; next 1.5; 1.5 date 2001.02.02.16.39.57; author jlam; state Exp; branches; next 1.4; 1.4 date 2000.10.13.21.46.46; author jlam; state Exp; branches; next 1.3; 1.3 date 2000.09.12.14.17.32; author jlam; state Exp; branches; next 1.2; 1.2 date 99.04.30.17.05.20; author tv; state dead; branches; next 1.1; 1.1 date 98.10.02.14.40.13; author tv; state Exp; branches; next ; 1.7.16.1 date 2004.12.01.00.25.56; author salo; state Exp; branches; next ; desc @@ 1.9 log @Retire Apache 1.3 and 2.0. @ text @$NetBSD: patch-ac,v 1.8 2004/10/29 13:48:31 abs Exp $ --- htdocs/index.html.en.orig 2001-05-04 01:00:38.000000000 +0100 +++ htdocs/index.html.en @@@@ -27,12 +27,26 @@@@ issues.

The Apache documentation has been included -with this distribution.

+with this distribution. If the mod_ssl SSL extension has +been installed, then please carefully read the +SSL documentation.

-

You are free to use the image below on an Apache-powered web -server. Thanks for using Apache!

+

Information on the NetBSD multi-platform operating system can be found at +The NetBSD Project homepage

-
+

Please feel free to use the images below on an Apache/NetBSD-powered web +server. Thanks for using +Apache on +NetBSD!

+ +
+ + Powered by Apache + + + Site driven by NetBSD + +
@ 1.8 log @Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.7 2001/06/09 06:36:43 jlam Exp $ @ 1.7 log @Update apache to 1.3.20. Relevant changes from version 1.3.19 include: NetBSD Packages Collection (pkgsrc) changes: * Modify French page in same way as the English page. Translation provided by Remi Zara in private e-mail. * Use EAPI patches from mod_ssl-2.8.4-1.3.20. * Unify repeated SED replacement info for config.layout, apache.sh, DEINSTALL, and INSTALL into one location, FILES_SUBST. * Modify patch to apxs to use 0:0 instead of root:wheel, as some non-NetBSD systems don't have a wheel group. The general bug fixes: * Eliminate a potential segfault if an invalid floating point value is passed to the ap_snprintf() function, on platforms supporting isnan() and isinf(). * Fix a possible segfault at startup in the detection of a default ServerName or IP string when no ServerName was specified. * Fixed mod_proxy to retain empty headers, as allowed by RFC2068. * Properly resolve the location of ndbm on Linux and some glibc2 builds, where ndbm.h is in the nonstandard db1/ subdir. The main new features include: * Enhanced rotatelogs to allow a UTC offset to be specified, and the format logfile names with human-readable date/time stamps. * Added the NOESCAPE (NS) flag to RewriteRule, to disable *all* normal URI escaping. Note incautious use can give unexpected results or introduce security risks. * Added the '\' character to RewriteRule to allow escaping of special characters. Allows embedding of both the '$' and '%' characters in the results, so 'foo\$1' translates to 'foo$1' rather than 'foo\'. * Added the -V flag to suexec, to display the compile-time settings with which it was built. (Only valid for root or the HTTPD_USER username.) * Introduced EBCDIC conversion configuration options, controlling the conversion based on MIME type or file suffix. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- htdocs/index.html.en.orig Thu May 3 20:00:38 2001 +++ htdocs/index.html.en Sat Jun 9 01:44:14 2001 @@@@ -27,12 +27,26 @@@@ @ 1.7.16.1 log @Pullup ticket 141 - requested by David Brownlee security fix for apache Module Name: pkgsrc Committed By: tron Date: Mon Oct 25 08:44:16 UTC 2004 Modified Files: pkgsrc/www/apache: Makefile PLIST distinfo Removed Files: pkgsrc/www/apache/patches: patch-ap Log Message: Update "apache" package to version 1.3.32. Changes since version 1.3.31: - mod_rewrite: Fix query string handling for proxied URLs. PR 14518. [michael teitler , Jan Kratochvil ] - mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. [André Malo] - mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton] - Trigger an error when a LoadModule directive attempts to load a module which is built-in. This is a common error when switching from a DSO build to a static build. [Jeff Trawick, Geoffrey Young] - Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. [Will Slater ] - Fix memory leak in the cache handling of mod_rewrite. PR 27862. [chunyan sheng , André Malo] - mod_rewrite no longer confuses the RewriteMap caches if different maps defined in different virtual hosts use the same map name. PR 26462. [André Malo] - mod_setenvif: Remove "support" for Remote_User variable which never worked at all. PR 25725. [André Malo] - mod_usertrack: Escape the cookie name before pasting into the regexp. [André Malo] - Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. [Jeff Trawick] - SECURITY: CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox] - Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects mod_usertrack and core. PR 28218. [André Malo] - No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. [Jim Jagielski, Rasmus Lerdorf] - COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. [Jim Jagielski] --- Module Name: pkgsrc Committed By: abs Date: Fri Oct 29 13:48:31 UTC 2004 Modified Files: pkgsrc/www/apache: Makefile distinfo pkgsrc/www/apache/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-am patch-ao Removed Files: pkgsrc/www/apache/patches: patch-al Log Message: Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. --- Module Name: pkgsrc Committed By: salo Date: Mon Nov 15 19:13:41 UTC 2004 Modified Files: pkgsrc/www/apache/patches: patch-ai Log Message: Revert rev 1.9, do not expand @@INSTALL@@, it's done in post-patch. (hi abs!) --- Module Name: pkgsrc Committed By: tron Date: Tue Nov 16 08:23:45 UTC 2004 Modified Files: pkgsrc/www/apache: distinfo Log Message: Regen after "patch-ai" was changed. (hi salo!) @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.8 2004/10/29 13:48:31 abs Exp $ d3 3 a5 3 --- htdocs/index.html.en.orig 2001-05-04 01:00:38.000000000 +0100 +++ htdocs/index.html.en @@@@ -27,12 +27,26 @@@@ issues.

@ 1.6 log @Correct HTML syntax. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.5 2001/02/02 16:39:57 jlam Exp $ d3 3 a5 4 --- htdocs/index.html.en.orig Fri Jan 19 14:39:47 2001 +++ htdocs/index.html.en @@@@ -33,12 +33,26 @@@@
d7 4 a10 3

The Apache documentation has been included with -this distribution.

+this distribution. If the mod_ssl SSL extension has d12 1 a12 1 +SSL documentation.

d14 2 a15 2 -

You are free to use the image below on an Apache-powered web server. -Thanks for using Apache!

d17 1 a17 1 +The NetBSD Project homepage

d19 1 a19 1 -
d22 2 a23 2 +Apache on +NetBSD!

d25 10 a34 8 + a35 2 @ 1.5 log @Update apache to 1.3.17. Important changes from version 1.3.14 include: -) Remove patch to avoid dlclose()ing on NetBSD. The mod_perl vs. perl CGI mis-interaction seems to be gone and I wasn't able to reproduce it on my system. *) Fix the declaration of the module structure in mod_example. *) Fix the handling of variable expansion look-ahead in mod_rewrite, i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of more complicated nested RewriteMap lookups. *) mod_status now respects ?refresh=n of 1 or greater. If the given refresh value is not a number, ?refresh is set to 1 second. *) Accomodate an out-of-space condition in the piped logs and the rotatelogs.c code, and no longer churn log processes for this condition. *) Make cgi-bin work as a regular directory when using mod_vhost_alias with no VirtualScriptAlias directives. *) Move the check of the Expect request header field after the hook for ap_post_read_request, since that is the only opportunity for modules to handle Expect extensions. *) Eliminate caching problems of mod_autoindex results, so the last modified date of the directory is returned as the Last-Modified and ETag HTTP header tags are sent if IndexOptions TrackModified directive/option is used. *) Correct an issue with Alias and ScriptAlias directives that file path arguments were not normalized in canonical form. This correction makes no attempt to normalize regular expression forms of Alias or ScriptAlias. *) Add a new LogFormat directive, %c, that will log connection status at the end of the response. *) Update the mime.types file to the registered media types as of 2000-10-19. *) Restore functionality broken by the mod_rewrite security fix: rewrite map lookup keys and default values are now expanded so that the lookup can depend on the requested URI etc. @ text @d1 1 a1 1 $NetBSD$ d22 2 a23 2 + on +!

@ 1.4 log @Update apache to 1.3.14. Changes from version 1.3.12 are listed below. The security fixes are: * A problem with the Rewrite module, mod_rewrite, allowed access to any file on the web server under certain circumstances * The handling of Host: headers in mass virtual hosting configurations, mod_vhost_alias, could allow access to any file on the server * If a cgi-bin directory is under the document root, the source to the scripts inside it could be sent if using mass virtual hosting The main new features include: * Support for a directory-based configuration system. If any of the configuration directives point to directories instead of files, all files in that directory (and in subdirectories) will be also parsed as configuration files * Support name-based virtual hosting without needing to specify an IP address in the Apache configuration file. This enables sites that use dynamic IP addresses to support name-based virtual hosting as well as allowing identical machines to share a configuration file, say in a load-balanced cluster * The SetEnvIf and BrowserMatch range of directives are now able to be used in .htaccess files. * Administrators who are nervous about their full server version details being public can use the new keyword 'ProductOnly' in the ServerTokens directive. This keyword forces the server to only return the string "Apache" as the server version. * The new digest authentication module, mod_auth_digest has had a number of fixes and upgrades applied @ text @d3 1 a3 1 --- htdocs/index.html.en.orig Sat Nov 20 16:29:40 1999 d5 2 a6 1 @@@@ -28,11 +28,29 @@@@ d8 5 d14 4 a17 18

-The Apache documentation has been included with this distribution. +The Apache documentation has been included with this distribution.
+If the mod_ssl SSL extension has been installed, read the +SSL documentation carefully. +

+

+Information on the NetBSD multiplatform operating system can be found at +NetBSD's homepage on the net. +

-You are free to use the image below on an Apache-powered web server. Thanks for using Apache! +The Webmaster of this site is free to use the images below on an +Apache/NetBSD-powered Web server. Thanks for using +Apache on +NetBSD! +

d20 5 d33 1 @ 1.3 log @Update build to work with mod_ssl-2.6.6-1.3.12 to keep in sync with ap-ssl. EAPI didn't change so no need to change Apache's version number. Also standardize package builds to have Apache listen on ports 80/443 regardless of UID of user that builds the package, and make MAINTAINER point to me. @ text @d10 1 a10 3 - +The Apache documentation +has been included with this distribution.
d12 1 a12 4 +SSL documentation +carefully. d15 2 a16 2 +Information on the NetBSD multiplatform operating system can be found +at NetBSD's homepage on the net. d18 1 d21 2 a22 2 +The Webmaster of this site is free to use the images below on +an Apache/NetBSD-powered Web server. Thanks for using d28 7 a34 4 +
+ +Site driven by NetBSD - NetBSD rocks! @ 1.2 log @Update Apache to 1.3.6, mod_ssl to 2.2.8, and mod_perl to 1.19. mod_ssl now makes use of OpenSSL. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 1998/10/02 14:40:13 tv Exp $ d3 3 a5 5 --- src/os/unix/os.h.orig Fri Oct 2 10:14:27 1998 +++ src/os/unix/os.h Fri Oct 2 10:14:54 1998 @@@@ -114,7 +114,8 @@@@ #define RTLD_GLOBAL 0 #endif a6 5 -#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__FreeBSD__) || defined(__OpenBSD__) || \ + (defined(__NetBSD__) && !defined(__ELF__)) #define DLSYM_NEEDS_UNDERSCORE #endif d8 31 @ 1.1 log @Make this work properly on ELF. Use -Wl,--export-dynamic, and no leading symbol underscore, on ELF systems. @ text @d1 1 a1 1 $NetBSD$ @