From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Dec 9 23:50:03 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FEB9106566C for ; Wed, 9 Dec 2009 23:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E7B328FC18 for ; Wed, 9 Dec 2009 23:50:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nB9No2Xh097217 for ; Wed, 9 Dec 2009 23:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nB9No2XZ097216; Wed, 9 Dec 2009 23:50:02 GMT (envelope-from gnats) Date: Wed, 9 Dec 2009 23:50:02 GMT Message-Id: <200912092350.nB9No2XZ097216@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: ports/47672: commit references a PR X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2009 23:50:03 -0000 The following reply was made to PR ports/47672; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/47672: commit references a PR Date: Wed, 9 Dec 2009 23:48:14 +0000 (UTC) pgollucci 2009-12-09 23:48:01 UTC FreeBSD ports repository Modified files: www/apache22 Makefile distinfo Log: - Update to 2.2.14 - With hat apache@ Note: The 3 CVE's are a no-op for the FreeBSD port -- date: 2009/08/25 05:33:03; author: kuriyama; state: Exp; lines: +0 -0 (Forced commit) - 2.2.13 (acutally 2.2.12) includes fixes for several CVEs. [1] but in our ports tree, APR related ones (CVE-2009-0023, CVE-2009-1955, CVE-2009-1956) were already backported in 2.2.11_5. References: http://www.apache.org/dist/httpd/CHANGES_2.2.12 [1] Changes: --------- *) SECURITY: CVE-2009-2699 (cve.mitre.org) Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support (Event Port backend) which could trigger hangs in the prefork and event MPMs on that platform. PR 47645. [Jeff Trawick] *) SECURITY: CVE-2009-3095 (cve.mitre.org) mod_proxy_ftp: sanity check authn credentials. [Stefan Fritsch , Joe Orton] *) SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. [Stefan Fritsch , Joe Orton] *) mod_proxy_scgi: Backport from trunk. [André Malo] *) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL has been defined at a very high level. PR 45946. [Eric Covener] *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett] *) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries usage() in synch with the manual and the implementation (0 and -1 both disable the cache). [Eric Covener] *) mod_ssl: The error message when SSLCertificateFile is missing should at least give the name or position of the problematic virtual host definition. [Stefan Fritsch sf sfritsch.de] *) htdbm: Fix possible buffer overflow if dbm database has very long values. PR 30586 [Dan Poirier] *) Add support for HTTP PUT to ab. [Jeff Barnes ] *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute type. PR 45107. [Michael Ströder , Peter Sylvester ] *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore defined session identifiers encoded in the URL when caching. [Ruediger Pluem] *) mod_mem_cache: fix seg fault under load due to pool concurrency problem PR: 47672 [Dan Poirier ] *) mod_autoindex: Correctly create an empty cell if the description for a file is missing. PR 47682 [Peter Poeml ] Revision Changes Path 1.244 +1 -1 ports/www/apache22/Makefile 1.78 +3 -3 ports/www/apache22/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"