Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 5C184708FE for ; Tue, 30 Jul 2013 20:17:55 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id BE41814A1D3; Tue, 30 Jul 2013 20:17:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 9E37E14A1D2 for ; Tue, 30 Jul 2013 20:17:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id ePOBH8nNRlh6 for ; Tue, 30 Jul 2013 20:17:50 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 2F07514A1CB for ; Tue, 30 Jul 2013 20:17:50 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 3002996; Tue, 30 Jul 2013 20:17:50 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Tue, 30 Jul 2013 20:17:50 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/www/apache24 To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20130730201750.3002996@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Tue Jul 30 20:17:50 UTC 2013 Modified Files: pkgsrc/www/apache24 [pkgsrc-2013Q2]: Makefile PLIST distinfo Removed Files: pkgsrc/www/apache24/patches [pkgsrc-2013Q2]: patch-support_htdbm.c patch-support_htdigest.c patch-support_htpasswd.c patch-support_passwd__common.c patch-support_passwd__common.h Log Message: Pullup ticket #4193 - requested by ryoon www/apache24: security update Revisions pulled up: - www/apache24/Makefile 1.21 via patch - www/apache24/PLIST 1.11 - www/apache24/distinfo 1.10 - www/apache24/patches/patch-support_htdbm.c deleted - www/apache24/patches/patch-support_htdigest.c deleted - www/apache24/patches/patch-support_htpasswd.c deleted - www/apache24/patches/patch-support_passwd__common.c deleted - www/apache24/patches/patch-support_passwd__common.h deleted --- Module Name: pkgsrc Committed By: ryoon Date: Tue Jul 30 12:51:29 UTC 2013 Modified Files: pkgsrc/www/apache24: Makefile PLIST distinfo Removed Files: pkgsrc/www/apache24/patches: patch-support_htdbm.c patch-support_htdigest.c patch-support_htpasswd.c patch-support_passwd__common.c patch-support_passwd__common.h Log Message: Update to 2.4.6 Changelog: Security buxfixes. SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed. And feature enhancement and bugfixes. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.18.2.1 pkgsrc/www/apache24/Makefile cvs rdiff -u -r1.10 -r1.10.2.1 pkgsrc/www/apache24/PLIST cvs rdiff -u -r1.9 -r1.9.2.1 pkgsrc/www/apache24/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache24/patches/patch-support_htdbm.c \ pkgsrc/www/apache24/patches/patch-support_htdigest.c \ pkgsrc/www/apache24/patches/patch-support_htpasswd.c \ pkgsrc/www/apache24/patches/patch-support_passwd__common.c \ pkgsrc/www/apache24/patches/patch-support_passwd__common.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.