head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.54
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.52
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.50
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.48
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.46
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.44
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.42
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.40
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.38
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.36
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.34
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.32
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.30
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.28
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.26
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.24
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.22
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.20
	pkgsrc-2006Q1-base:1.2
	pkgsrc-2005Q4:1.2.0.18
	pkgsrc-2005Q4-base:1.2
	pkgsrc-2005Q3:1.2.0.16
	pkgsrc-2005Q3-base:1.2
	pkgsrc-2005Q2:1.2.0.14
	pkgsrc-2005Q2-base:1.2
	pkgsrc-2005Q1:1.2.0.12
	pkgsrc-2005Q1-base:1.2
	pkgsrc-2004Q4:1.2.0.10
	pkgsrc-2004Q4-base:1.2
	pkgsrc-2004Q3:1.2.0.8
	pkgsrc-2004Q3-base:1.2
	pkgsrc-2004Q2:1.2.0.6
	pkgsrc-2004Q2-base:1.2
	pkgsrc-2004Q1:1.2.0.4
	pkgsrc-2004Q1-base:1.2
	pkgsrc-2003Q4:1.2.0.2
	pkgsrc-2003Q4-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2003.11.02.09.35.12;	author cube;	state dead;
branches;
next	1.1;

1.1
date	2003.10.29.10.45.26;	author cube;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update apache6 to 1.3.29 + ipv6 patch.

Major changes since 1.3.28:

  Security vulnerabilities

     * CAN-2003-0542 (cve.mitre.org)
       Fix buffer overflows in mod_alias and mod_rewrite which occurred if
       one configured a regular expression with more than 9 captures.

  Bugs fixed

   The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
   and have been fixed in Apache 1.3.29:

     * Within ap_bclose(), ap_pclosesocket() is now called
     * consistently
       for sockets and ap_pclosef() for files.  Also, closesocket()
       is used consistenly to close socket fd's.  The previous
       confusion between socket and file fd's would cause problems
       with some applications now that we proactively close fd's to
       prevent leakage.

     * Fixed mod_usertrack to not get false positive matches on the
       user-tracking cookie's name.

     * Prevent creation of subprocess Zombies when using CGI wrappers
       such as suEXEC and cgiwrap.
@
text
@$NetBSD: patch-ap,v 1.1 2003/10/29 10:45:26 cube Exp $

--- src/modules/standard/mod_rewrite.h.orig	2003-05-19 04:35:31.000000000 +0200
+++ src/modules/standard/mod_rewrite.h
@@@@ -253,8 +253,6 @@@@
 
 #define MAX_ENV_FLAGS 15
 
-#define MAX_NMATCH    10
-
 /* default maximum number of internal redirects */
 #define REWRITE_REDIRECT_LIMIT 10
 
@@@@ -368,7 +366,7 @@@@ typedef struct cache {
 typedef struct backrefinfo {
     char *source;
     int nsub;
-    regmatch_t regmatch[10];
+    regmatch_t regmatch[AP_MAX_REG_MATCH];
 } backrefinfo;
 
 
@


1.1
log
@Import security fix from 1.3.29 distribution for a buffer overflow in
mod_rewrite and mod_alias, referenced CAN-2003-0542. Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@