head 1.9; access; symbols pkgsrc-2014Q1:1.8.0.80 pkgsrc-2014Q1-base:1.8 pkgsrc-2013Q4:1.8.0.78 pkgsrc-2013Q4-base:1.8 pkgsrc-2013Q3:1.8.0.76 pkgsrc-2013Q3-base:1.8 pkgsrc-2013Q2:1.8.0.74 pkgsrc-2013Q2-base:1.8 pkgsrc-2013Q1:1.8.0.72 pkgsrc-2013Q1-base:1.8 pkgsrc-2012Q4:1.8.0.70 pkgsrc-2012Q4-base:1.8 pkgsrc-2012Q3:1.8.0.68 pkgsrc-2012Q3-base:1.8 pkgsrc-2012Q2:1.8.0.66 pkgsrc-2012Q2-base:1.8 pkgsrc-2012Q1:1.8.0.64 pkgsrc-2012Q1-base:1.8 pkgsrc-2011Q4:1.8.0.62 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q3:1.8.0.60 pkgsrc-2011Q3-base:1.8 pkgsrc-2011Q2:1.8.0.58 pkgsrc-2011Q2-base:1.8 pkgsrc-2011Q1:1.8.0.56 pkgsrc-2011Q1-base:1.8 pkgsrc-2010Q4:1.8.0.54 pkgsrc-2010Q4-base:1.8 pkgsrc-2010Q3:1.8.0.52 pkgsrc-2010Q3-base:1.8 pkgsrc-2010Q2:1.8.0.50 pkgsrc-2010Q2-base:1.8 pkgsrc-2010Q1:1.8.0.48 pkgsrc-2010Q1-base:1.8 pkgsrc-2009Q4:1.8.0.46 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.8.0.44 pkgsrc-2009Q3-base:1.8 pkgsrc-2009Q2:1.8.0.42 pkgsrc-2009Q2-base:1.8 pkgsrc-2009Q1:1.8.0.40 pkgsrc-2009Q1-base:1.8 pkgsrc-2008Q4:1.8.0.38 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.36 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.34 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.32 pkgsrc-2008Q2-base:1.8 cwrapper:1.8.0.30 pkgsrc-2008Q1:1.8.0.28 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.26 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.24 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.22 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.20 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.8.0.18 pkgsrc-2006Q4-base:1.8 pkgsrc-2006Q3:1.8.0.16 pkgsrc-2006Q3-base:1.8 pkgsrc-2006Q2:1.8.0.14 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.8.0.12 pkgsrc-2006Q1-base:1.8 pkgsrc-2005Q4:1.8.0.10 pkgsrc-2005Q4-base:1.8 pkgsrc-2005Q3:1.8.0.8 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.8.0.6 pkgsrc-2005Q2-base:1.8 pkgsrc-2005Q1:1.8.0.4 pkgsrc-2005Q1-base:1.8 pkgsrc-2004Q4:1.8.0.2 pkgsrc-2004Q4-base:1.8 pkgsrc-2004Q3:1.7.0.16 pkgsrc-2004Q3-base:1.7 pkgsrc-2004Q2:1.7.0.14 pkgsrc-2004Q2-base:1.7 pkgsrc-2004Q1:1.7.0.12 pkgsrc-2004Q1-base:1.7 pkgsrc-2003Q4:1.7.0.10 pkgsrc-2003Q4-base:1.7 netbsd-1-6-1:1.7.0.6 netbsd-1-6-1-base:1.7 netbsd-1-6:1.7.0.8 netbsd-1-6-RELEASE-base:1.7 pkgviews:1.7.0.4 pkgviews-base:1.7 buildlink2:1.7.0.2 buildlink2-base:1.7 netbsd-1-5-PATCH003:1.7 netbsd-1-4-PATCH002:1.3 comdex-fall-1999:1.2 netbsd-1-4-PATCH001:1.2 netbsd-1-4-RELEASE:1.1; locks; strict; comment @# @; 1.9 date 2014.06.10.15.22.18; author joerg; state dead; branches; next 1.8; commitid djgMkPoOrhNxnZDx; 1.8 date 2004.10.29.13.48.31; author abs; state Exp; branches; next 1.7; 1.7 date 2001.10.17.19.17.00; author jlam; state Exp; branches 1.7.16.1; next 1.6; 1.6 date 2001.06.09.06.36.44; author jlam; state Exp; branches; next 1.5; 1.5 date 2000.09.12.14.17.33; author jlam; state dead; branches; next 1.4; 1.4 date 2000.09.06.05.52.49; author jlam; state Exp; branches; next 1.3; 1.3 date 99.11.27.22.52.09; author rh; state Exp; branches; next 1.2; 1.2 date 99.05.23.21.16.52; author tv; state Exp; branches; next 1.1; 1.1 date 98.12.03.17.23.54; author tv; state Exp; branches; next ; 1.7.16.1 date 2004.12.01.00.25.56; author salo; state Exp; branches; next ; desc @@ 1.9 log @Retire Apache 1.3 and 2.0. @ text @$NetBSD: patch-aj,v 1.8 2004/10/29 13:48:31 abs Exp $ --- htdocs/index.html.fr.orig 2001-06-27 09:38:39.000000000 +0100 +++ htdocs/index.html.fr @@@@ -36,12 +36,28 @@@@ site et ne peut intervenir sur sa config

La documentation Apache est incluse dans cette -distribution.

+distribution. Si l'extension SSL mod_ssl a \xe9t\xe9 +install\xe9e, lisez alors attentivement la +documentation SSL.

+ +

Des informations sur le syst\xe8me d'exploitation multi-plateforme NetBSD +peuvent être trouv\xe9es sur +la homepage du projet NetBSD.

+ +

Le webmaster de ce site peut librement utiliser les images ci-dessous sur u -

Le webmaster de ce site peut librement utiliser l'image ci-dessous sur un -site web utilisant le logiciel Apache. Merci d'avoir choisi Apache !

+site web utilisant les logiciels Apache et NetBSD. Merci d'avoir choisi +Apache sur +NetBSD !

-
+
+ + Powered by Apache + + + Site driven by NetBSD + +
@ 1.8 log @Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.7 2001/10/17 19:17:00 jlam Exp $ @ 1.7 log @Update apache to 1.3.22. Relevant changes from version 1.3.20 include using the pkgsrc expat library instead of the builtin one (this is to avoid conflicts between expat libraries when an expat XML parser is loaded by either mod_perl or mod_php), and: Security vulnerabilities * A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to. * A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERY_STRING of M=D could return a directory listing rather than the expected index page. General bug fixes and improvements * Bug fixes * The supplied icons are now also distributed in PNG format * New directives have been added to the mod_usertrack module, The first, CookieDomain, can be used to customise the Domain attribute. * A new directive, AcceptMutex, allows run-time configuration of the mutex type used for accept serialization. * mod_auth has been enhanced to allow access to a document to be controlled based on the owner of the file being served. * A new directive, AcceptFilter, has been added to control BSD accept filters at run-time. The functionality can postpone the requirement for a child process to handle a new connection until an HTTP request has arrived, therefore increasing the number of connections that a given number of child processes can handle @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- htdocs/index.html.fr.orig Wed Jun 27 08:38:39 2001 +++ htdocs/index.html.fr Tue Oct 16 22:29:50 2001 @@@@ -36,12 +36,28 @@@@ @ 1.7.16.1 log @Pullup ticket 141 - requested by David Brownlee security fix for apache Module Name: pkgsrc Committed By: tron Date: Mon Oct 25 08:44:16 UTC 2004 Modified Files: pkgsrc/www/apache: Makefile PLIST distinfo Removed Files: pkgsrc/www/apache/patches: patch-ap Log Message: Update "apache" package to version 1.3.32. Changes since version 1.3.31: - mod_rewrite: Fix query string handling for proxied URLs. PR 14518. [michael teitler , Jan Kratochvil ] - mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. [André Malo] - mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton] - Trigger an error when a LoadModule directive attempts to load a module which is built-in. This is a common error when switching from a DSO build to a static build. [Jeff Trawick, Geoffrey Young] - Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. [Will Slater ] - Fix memory leak in the cache handling of mod_rewrite. PR 27862. [chunyan sheng , André Malo] - mod_rewrite no longer confuses the RewriteMap caches if different maps defined in different virtual hosts use the same map name. PR 26462. [André Malo] - mod_setenvif: Remove "support" for Remote_User variable which never worked at all. PR 25725. [André Malo] - mod_usertrack: Escape the cookie name before pasting into the regexp. [André Malo] - Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. [Jeff Trawick] - SECURITY: CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. [Mark Cox] - Fix a bunch of cases where the return code of the regex compiler was not checked properly. This affects mod_usertrack and core. PR 28218. [André Malo] - No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. [Jim Jagielski, Rasmus Lerdorf] - COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. [Jim Jagielski] --- Module Name: pkgsrc Committed By: abs Date: Fri Oct 29 13:48:31 UTC 2004 Modified Files: pkgsrc/www/apache: Makefile distinfo pkgsrc/www/apache/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-am patch-ao Removed Files: pkgsrc/www/apache/patches: patch-al Log Message: Update apache to 1.3.33 The main security vulnerabilities addressed in 1.3.33 are: * CAN-2004-0940 (cve.mitre.org) Fix potential buffer overflow with escaped characters in SSI tag string. * CAN-2004-0492 (cve.mitre.org) Reject responses from a remote server if sent an invalid (negative) Content-Length. New features * Win32: Improve error reporting after a failed attempt to spawn a piped log process or rewrite map process. * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It controls how UseCanonicalName Off determines the port value if the client doesn't provide one in the Host header. If defined during compilation, UseCanonicalName Off will use the physical port number to generate the canonical name. If not defined, it tries the current Port value followed by the default port for the current scheme. The following bugs were found in Apache 1.3.31 (or earlier) and have been fixed in Apache 1.3.33: * mod_rewrite: Fix query string handling for proxied URLs. PR 14518. * mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. * mod_digest: Fix nonce string calculation since 1.3.31 which would force re-authentication for every connection if AuthDigestRealmSeed was not configured. PR 30920. * Fix trivial bug in mod_log_forensic that caused the child to seg fault when certain invalid requests were fired at it with forensic logging is enabled. PR 29313. * No longer breaks mod_dav, frontpage and others. Repair a patch in 1.3.31 which prevented discarding the request body for requests that will be keptalive but are not currently keptalive. PR 29237. --- Module Name: pkgsrc Committed By: salo Date: Mon Nov 15 19:13:41 UTC 2004 Modified Files: pkgsrc/www/apache/patches: patch-ai Log Message: Revert rev 1.9, do not expand @@INSTALL@@, it's done in post-patch. (hi abs!) --- Module Name: pkgsrc Committed By: tron Date: Tue Nov 16 08:23:45 UTC 2004 Modified Files: pkgsrc/www/apache: distinfo Log Message: Regen after "patch-ai" was changed. (hi salo!) @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.8 2004/10/29 13:48:31 abs Exp $ d3 3 a5 3 --- htdocs/index.html.fr.orig 2001-06-27 09:38:39.000000000 +0100 +++ htdocs/index.html.fr @@@@ -36,12 +36,28 @@@@ site et ne peut intervenir sur sa config @ 1.6 log @Update apache to 1.3.20. Relevant changes from version 1.3.19 include: NetBSD Packages Collection (pkgsrc) changes: * Modify French page in same way as the English page. Translation provided by Remi Zara in private e-mail. * Use EAPI patches from mod_ssl-2.8.4-1.3.20. * Unify repeated SED replacement info for config.layout, apache.sh, DEINSTALL, and INSTALL into one location, FILES_SUBST. * Modify patch to apxs to use 0:0 instead of root:wheel, as some non-NetBSD systems don't have a wheel group. The general bug fixes: * Eliminate a potential segfault if an invalid floating point value is passed to the ap_snprintf() function, on platforms supporting isnan() and isinf(). * Fix a possible segfault at startup in the detection of a default ServerName or IP string when no ServerName was specified. * Fixed mod_proxy to retain empty headers, as allowed by RFC2068. * Properly resolve the location of ndbm on Linux and some glibc2 builds, where ndbm.h is in the nonstandard db1/ subdir. The main new features include: * Enhanced rotatelogs to allow a UTC offset to be specified, and the format logfile names with human-readable date/time stamps. * Added the NOESCAPE (NS) flag to RewriteRule, to disable *all* normal URI escaping. Note incautious use can give unexpected results or introduce security risks. * Added the '\' character to RewriteRule to allow escaping of special characters. Allows embedding of both the '$' and '%' characters in the results, so 'foo\$1' translates to 'foo$1' rather than 'foo\'. * Added the -V flag to suexec, to display the compile-time settings with which it was built. (Only valid for root or the HTTPD_USER username.) * Introduced EBCDIC conversion configuration options, controlling the conversion based on MIME type or file suffix. @ text @d3 4 a6 4 --- htdocs/index.html.fr.orig Tue May 1 06:31:10 2001 +++ htdocs/index.html.fr Sat Jun 9 01:48:28 2001 @@@@ -36,12 +36,27 @@@@
d8 1 a8 1

La documentation Apache est incluse dans cette d12 7 a18 1 +documentation SSL.

d22 3 a24 3 +

Des informations sur le syst\xe8me d'exploitation multi-plateforme NetBSD +peuvent être trouv\xe9es sur +la homepage du projet NetBSD.

d26 9 a34 14 -
+

Le webmaster de ce site peut librement utiliser les images ci-dessous sur un +site web utilisant les logiciels Apache et NetBSD. Merci d'avoir choisi +Apache sur +NetBSD !

+ + d36 2 a37 2 @ 1.5 log @Update build to work with mod_ssl-2.6.6-1.3.12 to keep in sync with ap-ssl. EAPI didn't change so no need to change Apache's version number. Also standardize package builds to have Apache listen on ports 80/443 regardless of UID of user that builds the package, and make MAINTAINER point to me. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.4 2000/09/06 05:52:49 jlam Exp $ d3 22 a24 8 --- conf/httpd.conf-dist.orig Sat Nov 27 23:46:36 1999 +++ conf/httpd.conf-dist Sat Nov 27 23:46:36 1999 @@@@ -199,7 +199,16 @@@@ # the order below without expert advice. # # Example: -# LoadModule foo_module libexec/mod_foo.so +# LoadModule foo_module lib/httpd/mod_foo.so d26 8 a33 8 + +### Uncomment the following if you wish to use SSL and you need RSAREF: ### +#LoadFile !librsaref.so +LoadFile !libcrypto.so +LoadFile !libssl.so +LoadModule ssl_module lib/httpd/mod_ssl.so +AddModule mod_ssl.c + d35 2 a36 2 # # ExtendedStatus controls whether Apache will generate "full" status @ 1.4 log @Don't specify version numbers of the libraries to load for SSL support -- version numbers change, and it doesn't work correctly on a.out anyway. Closes pkg/10309. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.3 1999/11/27 22:52:09 rh Exp $ @ 1.3 log @defuzz @ text @d1 1 a1 1 $NetBSD$ d14 3 a16 3 +#LoadFile !librsaref.so.2 +LoadFile !libcrypto.so.1 +LoadFile !libssl.so.1 @ 1.2 log @Fix libcrypto and libssl version numbers. The whole LoadFile bogosity will be fixed at OpenSSL 0.9.3's update. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.1 1998/12/03 17:23:54 tv Exp $ d3 4 a6 4 --- conf/httpd.conf-dist.orig Thu Dec 3 11:05:29 1998 +++ conf/httpd.conf-dist Thu Dec 3 11:07:26 1998 @@@@ -18,7 +18,16 @@@@ # binary. d21 2 a22 2 # ServerType is either inetd, or standalone. @ 1.1 log @Update Apache and mod_ssl using new build layout (see post to tech-pkg for details). No security fixes in Apache 1.3.3, so immediate upgrade from 1.3.2 is not necessary. @ text @d1 1 a1 1 $NetBSD$ d15 2 a16 2 +LoadFile !libcrypto.so.0 +LoadFile !libssl.so.0 @