head 1.11;
access;
symbols
pkgsrc-2014Q1:1.10.0.16
pkgsrc-2014Q1-base:1.10
pkgsrc-2013Q4:1.10.0.14
pkgsrc-2013Q4-base:1.10
pkgsrc-2013Q3:1.10.0.12
pkgsrc-2013Q3-base:1.10
pkgsrc-2013Q2:1.10.0.10
pkgsrc-2013Q2-base:1.10
pkgsrc-2013Q1:1.10.0.8
pkgsrc-2013Q1-base:1.10
pkgsrc-2012Q4:1.10.0.6
pkgsrc-2012Q4-base:1.10
pkgsrc-2012Q3:1.10.0.4
pkgsrc-2012Q3-base:1.10
pkgsrc-2012Q2:1.10.0.2
pkgsrc-2012Q2-base:1.10
pkgsrc-2012Q1:1.9.0.38
pkgsrc-2012Q1-base:1.9
pkgsrc-2011Q4:1.9.0.36
pkgsrc-2011Q4-base:1.9
pkgsrc-2011Q3:1.9.0.34
pkgsrc-2011Q3-base:1.9
pkgsrc-2011Q2:1.9.0.32
pkgsrc-2011Q2-base:1.9
pkgsrc-2011Q1:1.9.0.30
pkgsrc-2011Q1-base:1.9
pkgsrc-2010Q4:1.9.0.28
pkgsrc-2010Q4-base:1.9
pkgsrc-2010Q3:1.9.0.26
pkgsrc-2010Q3-base:1.9
pkgsrc-2010Q2:1.9.0.24
pkgsrc-2010Q2-base:1.9
pkgsrc-2010Q1:1.9.0.22
pkgsrc-2010Q1-base:1.9
pkgsrc-2009Q4:1.9.0.20
pkgsrc-2009Q4-base:1.9
pkgsrc-2009Q3:1.9.0.18
pkgsrc-2009Q3-base:1.9
pkgsrc-2009Q2:1.9.0.16
pkgsrc-2009Q2-base:1.9
pkgsrc-2009Q1:1.9.0.14
pkgsrc-2009Q1-base:1.9
pkgsrc-2008Q4:1.9.0.12
pkgsrc-2008Q4-base:1.9
pkgsrc-2008Q3:1.9.0.10
pkgsrc-2008Q3-base:1.9
cube-native-xorg:1.9.0.8
cube-native-xorg-base:1.9
pkgsrc-2008Q2:1.9.0.6
pkgsrc-2008Q2-base:1.9
cwrapper:1.9.0.4
pkgsrc-2008Q1:1.9.0.2
pkgsrc-2008Q1-base:1.9
pkgsrc-2007Q4:1.8.0.16
pkgsrc-2007Q4-base:1.8
pkgsrc-2007Q3:1.8.0.14
pkgsrc-2007Q3-base:1.8
pkgsrc-2007Q2:1.8.0.12
pkgsrc-2007Q2-base:1.8
pkgsrc-2007Q1:1.8.0.10
pkgsrc-2007Q1-base:1.8
pkgsrc-2006Q4:1.8.0.8
pkgsrc-2006Q4-base:1.8
pkgsrc-2006Q3:1.8.0.6
pkgsrc-2006Q3-base:1.8
pkgsrc-2006Q2:1.8.0.4
pkgsrc-2006Q2-base:1.8
pkgsrc-2006Q1:1.8.0.2
pkgsrc-2006Q1-base:1.8
pkgsrc-2005Q4:1.6.0.4
pkgsrc-2005Q4-base:1.6
pkgsrc-2005Q3:1.6.0.2
pkgsrc-2005Q3-base:1.6
pkgsrc-2005Q2:1.5.0.6
pkgsrc-2005Q2-base:1.5
pkgsrc-2005Q1:1.5.0.4
pkgsrc-2005Q1-base:1.5
pkgsrc-2004Q4:1.5.0.2
pkgsrc-2004Q4-base:1.5
pkgsrc-2004Q3:1.4.0.16
pkgsrc-2004Q3-base:1.4
pkgsrc-2004Q2:1.4.0.14
pkgsrc-2004Q2-base:1.4
pkgsrc-2004Q1:1.4.0.12
pkgsrc-2004Q1-base:1.4
pkgsrc-2003Q4:1.4.0.10
pkgsrc-2003Q4-base:1.4
netbsd-1-6-1:1.4.0.6
netbsd-1-6-1-base:1.4
netbsd-1-6:1.4.0.8
netbsd-1-6-RELEASE-base:1.4
pkgviews:1.4.0.4
pkgviews-base:1.4
buildlink2:1.4.0.2
buildlink2-base:1.4
netbsd-1-5-PATCH003:1.4
netbsd-1-4-PATCH002:1.2
comdex-fall-1999:1.1
netbsd-1-4-PATCH001:1.1
netbsd-1-4-RELEASE:1.1;
locks; strict;
comment @# @;
1.11
date 2014.06.10.15.22.18; author joerg; state dead;
branches;
next 1.10;
commitid djgMkPoOrhNxnZDx;
1.10
date 2012.05.29.20.23.12; author joerg; state Exp;
branches;
next 1.9;
1.9
date 2008.02.23.05.16.34; author obache; state Exp;
branches;
next 1.8;
1.8
date 2006.01.09.13.40.34; author joerg; state Exp;
branches;
next 1.7;
1.7
date 2006.01.09.00.51.03; author joerg; state Exp;
branches;
next 1.6;
1.6
date 2005.08.22.16.19.00; author reed; state Exp;
branches;
next 1.5;
1.5
date 2004.10.29.13.48.31; author abs; state dead;
branches;
next 1.4;
1.4
date 2002.02.28.05.45.33; author jlam; state Exp;
branches
1.4.16.1;
next 1.3;
1.3
date 2000.09.12.14.17.33; author jlam; state dead;
branches;
next 1.2;
1.2
date 99.11.27.22.52.09; author rh; state Exp;
branches;
next 1.1;
1.1
date 98.12.05.00.00.09; author tv; state Exp;
branches;
next ;
1.4.16.1
date 2004.12.01.00.25.56; author salo; state dead;
branches;
next ;
desc
@@
1.11
log
@Retire Apache 1.3 and 2.0.
@
text
@$NetBSD: patch-al,v 1.10 2012/05/29 20:23:12 joerg Exp $
--- src/Configure.orig 2008-02-23 04:22:55.000000000 +0000
+++ src/Configure
@@@@ -466,6 +466,14 @@@@ case "$PLAT" in
DBM_LIB=""
DB_LIB=""
;;
+ *-dragonfly*)
+ OS="DragonFly"
+ DEF_WANTHSREGEX=no
+ CFLAGS="$CFLAGS -funsigned-char"
+ LIBS="$LIBS -lcrypt"
+ DBM_LIB=""
+ DB_LIB=""
+ ;;
*-openbsd*)
OS='OpenBSD'
DBM_LIB=""
@@@@ -1111,15 +1119,19 @@@@ if [ "x$using_shlib" = "x1" ] ; then
esac
LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
;;
+ *-dragonfly*)
+ LD_SHLIB="gcc"
+ CFLAGS_SHLIB="-fPIC -DPIC"
+ LDFLAGS_SHLIB="-shared"
+ LDFLAGS_SHLIB_EXPORT="-Wl,-E"
+ LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
+ SHLIB_SUFFIX_DEPTH=2
+ ;;
*-netbsd*)
+ LD_SHLIB="cc"
CFLAGS_SHLIB="-fPIC -DPIC"
- if echo __ELF__ | ${CC} -E - | grep -q __ELF__; then
- LDFLAGS_SHLIB="-Bshareable"
- LDFLAGS_SHLIB_EXPORT=""
- else
- LDFLAGS_SHLIB="-shared"
- LDFLAGS_SHLIB_EXPORT="-Wl,-E"
- fi
+ LDFLAGS_SHLIB="-shared"
+ LDFLAGS_SHLIB_EXPORT="-Wl,-E"
LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
SHLIB_SUFFIX_DEPTH=2
;;
@
1.10
log
@Link with CC like other platforms. Fixes module build with Clang.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.9 2008/02/23 05:16:34 obache Exp $
@
1.9
log
@Update apache to 1.3.41.
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.8 2006/01/09 13:40:34 joerg Exp $
d20 1
a20 1
@@@@ -1111,6 +1119,14 @@@@ if [ "x$using_shlib" = "x1" ] ; then
d33 1
d35 12
a46 1
if echo __ELF__ | ${CC} -E - | grep -q __ELF__; then
@
1.8
log
@In patch-al, DragonFly has to be spelled in lower case.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.7 2006/01/09 00:51:03 joerg Exp $
d3 3
a5 3
--- src/Configure.orig 2005-08-22 08:43:51.000000000 -0700
+++ src/Configure 2005-08-22 08:46:05.000000000 -0700
@@@@ -465,6 +465,14 @@@@ case "$PLAT" in
d20 1
a20 1
@@@@ -1110,6 +1118,14 @@@@ if [ "x$using_shlib" = "x1" ] ; then
@
1.7
log
@Fix httpd linkage on DragonFly: -Wl,-E is needed, otherwise ap-php
can't use ap_block_alarms. Bump revision.
Problem noticed by Justin Sherrill on DragonFly's bugs list.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.6 2005/08/22 16:19:00 reed Exp $
d9 1
a9 1
+ *-DragonFly*)
@
1.6
log
@Add DragonFly support.
(An httpd service was only briefly tested.)
@
text
@d1 1
a1 1
$NetBSD$
d5 1
a5 1
@@@@ -465,6 +465,14 @@@@
d20 15
@
1.5
log
@Update apache to 1.3.33
The main security vulnerabilities addressed in 1.3.33 are:
* CAN-2004-0940 (cve.mitre.org)
Fix potential buffer overflow with escaped characters in SSI tag string.
* CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid
(negative) Content-Length.
New features
* Win32: Improve error reporting after a failed attempt to
spawn a piped log process or rewrite map process.
* Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It
controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined
during compilation, UseCanonicalName Off will use the physical
port number to generate the canonical name. If not defined, it
tries the current Port value followed by the default port for
the current scheme.
The following bugs were found in Apache 1.3.31 (or earlier) and
have been fixed in Apache 1.3.33:
* mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
* mod_rewrite: Fix 0 bytes write into random memory position. PR 31036.
* mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920.
* Fix trivial bug in mod_log_forensic that caused the child to
seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
* No longer breaks mod_dav, frontpage and others. Repair a
patch in 1.3.31 which prevented discarding the request body
for requests that will be keptalive but are not currently
keptalive. PR 29237.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.4 2002/02/28 05:45:33 jlam Exp $
d3 17
a19 17
--- htdocs/manual/mod/index.html.en.orig Thu Feb 28 00:09:28 2002
+++ htdocs/manual/mod/index.html.en
@@@@ -219,12 +219,12 @@@@
mod_speling Apache 1.3 and
up
+ Automatically correct minor typos in URLs
+
mod_ssl Apache 1.3 with mod_ssl
applied
Apache SSL interface to OpenSSL
-
- Automatically correct minor typos in URLs
mod_status Apache 1.1 and
up
@
1.4
log
@Update www/apache to 1.3.23nb1. Changes from version 1.3.23 include using
the EAPI patches from modssl-2.8.7-1.3.23. Also, link against the MM
Shared Memory library (devel/libmm) to provide shared memory support in
Apache/EAPI. For example, this allows mod_ssl to use a high-performance
RAM-based session cache instead of a disk-based one.
@
text
@d1 1
a1 1
$NetBSD$
@
1.4.16.1
log
@Pullup ticket 141 - requested by David Brownlee
security fix for apache
Module Name: pkgsrc
Committed By: tron
Date: Mon Oct 25 08:44:16 UTC 2004
Modified Files:
pkgsrc/www/apache: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/apache/patches: patch-ap
Log Message:
Update "apache" package to version 1.3.32. Changes since version 1.3.31:
- mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
[michael teitler ,
Jan Kratochvil ]
- mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036. [André Malo]
- mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton]
- Trigger an error when a LoadModule directive attempts to
load a module which is built-in. This is a common error when
switching from a DSO build to a static build.
[Jeff Trawick, Geoffrey Young]
- Fix trivial bug in mod_log_forensic that caused the child
to seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
[Will Slater ]
- Fix memory leak in the cache handling of mod_rewrite. PR 27862.
[chunyan sheng , André Malo]
- mod_rewrite no longer confuses the RewriteMap caches if
different maps defined in different virtual hosts use the
same map name. PR 26462. [André Malo]
- mod_setenvif: Remove "support" for Remote_User variable which
never worked at all. PR 25725. [André Malo]
- mod_usertrack: Escape the cookie name before pasting into the
regexp. [André Malo]
- Win32: Improve error reporting after a failed attempt to spawn a
piped log process or rewrite map process. [Jeff Trawick]
- SECURITY: CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid (negative)
Content-Length. [Mark Cox]
- Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects mod_usertrack and
core. PR 28218. [André Malo]
- No longer breaks mod_dav, frontpage and others. Repair a patch
in 1.3.31 which prevented discarding the request body for requests
that will be keptalive but are not currently keptalive. PR 29237.
[Jim Jagielski, Rasmus Lerdorf]
- COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT.
It controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined during
compilation, UseCanonicalName Off will use the physical port number to
generate the canonical name. If not defined, it tries the current Port
value followed by the default port for the current scheme.
[Jim Jagielski]
---
Module Name: pkgsrc
Committed By: abs
Date: Fri Oct 29 13:48:31 UTC 2004
Modified Files:
pkgsrc/www/apache: Makefile distinfo
pkgsrc/www/apache/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-ah patch-ai patch-aj
patch-ak patch-am patch-ao
Removed Files:
pkgsrc/www/apache/patches: patch-al
Log Message:
Update apache to 1.3.33
The main security vulnerabilities addressed in 1.3.33 are:
* CAN-2004-0940 (cve.mitre.org)
Fix potential buffer overflow with escaped characters in SSI
tag string.
* CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid
(negative) Content-Length.
New features
* Win32: Improve error reporting after a failed attempt to
spawn a piped log process or rewrite map process.
* Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It
controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined
during compilation, UseCanonicalName Off will use the physical
port number to generate the canonical name. If not defined, it
tries the current Port value followed by the default port for
the current scheme.
The following bugs were found in Apache 1.3.31 (or earlier) and
have been fixed in Apache 1.3.33:
* mod_rewrite: Fix query string handling for proxied URLs.
PR 14518.
* mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036.
* mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920.
* Fix trivial bug in mod_log_forensic that caused the child to
seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
* No longer breaks mod_dav, frontpage and others. Repair a
patch in 1.3.31 which prevented discarding the request body
for requests that will be keptalive but are not currently
keptalive. PR 29237.
---
Module Name: pkgsrc
Committed By: salo
Date: Mon Nov 15 19:13:41 UTC 2004
Modified Files:
pkgsrc/www/apache/patches: patch-ai
Log Message:
Revert rev 1.9, do not expand @@INSTALL@@, it's done in post-patch.
(hi abs!)
---
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 16 08:23:45 UTC 2004
Modified Files:
pkgsrc/www/apache: distinfo
Log Message:
Regen after "patch-ai" was changed. (hi salo!)
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.4 2002/02/28 05:45:33 jlam Exp $
@
1.3
log
@Update build to work with mod_ssl-2.6.6-1.3.12 to keep in sync with ap-ssl.
EAPI didn't change so no need to change Apache's version number.
Also standardize package builds to have Apache listen on ports 80/443
regardless of UID of user that builds the package, and make MAINTAINER
point to me.
@
text
@d1 1
a1 1
$NetBSD: patch-al,v 1.2 1999/11/27 22:52:09 rh Exp $
d3 5
a7 5
--- src/os/unix/os.c.orig Sat Nov 27 23:46:39 1999
+++ src/os/unix/os.c Sat Nov 27 23:46:40 1999
@@@@ -126,7 +126,7 @@@@
#elif defined(HAVE_DYLD)
NSUnLinkModule(handle,FALSE);
d9 8
a16 4
-#else
+#elif 0
dlclose(handle);
#endif
d18 2
@
1.2
log
@defuzz
@
text
@d1 1
a1 1
$NetBSD$
@
1.1
log
@Work around Apache dlclose() bug, where shared objects may be dlclose()d
before their cleanup procedures are called. Fixes mod_perl vs. CGI
interaction bug.
@
text
@d3 4
a6 4
--- src/os/unix/os.c.orig Fri Dec 4 18:53:48 1998
+++ src/os/unix/os.c Fri Dec 4 18:54:00 1998
@@@@ -119,7 +119,7 @@@@
#elif defined(RHAPSODY)
@