head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.4
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.2
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.1.0.18
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.16
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.14
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.12
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.10
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.8
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.6
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.4
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.2
	pkgsrc-2009Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2011.09.21.14.59.32;	author obache;	state dead;
branches;
next	1.1;

1.1
date	2009.06.15.17.42.04;	author he;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update ap-perl to 1.31.
While here, fixes build with perl-5.14.

= 1.31 May 11, 2009

Fix static APACI build on Mac OS X. [Gozer]

Fix XSS vulnerability in Apache::Status reported by
Richard J. Brain, CVE-2009-0796
[Fred Moyer]

On Win32, mod_perl.h needs to include <malloc.h> before the perl
headers, at least when built with USE_ITHREADS
[Steve Hay]

Win32 needs PERL_SYS_INIT/PERL_SYS_TERM calls when built with
USE_ITHREADS [sic--that's different to USE_THREADS]. In fact,
they ought to be always called if they are defined
[Steve Hay]

Fix potential segfault when the environment contains
NULL values [Mike Schilli]

Fix static APACI build against newer apache-1.3.38+
[Gozer]

Fixed modules/regex.t test 4 on Win32
[Steve Hay]

Avoid possible segfault when PerlFreshRestart is On.
[Michael Rendell <michael@@cs.mun.ca>]

Prevent segfault when running with perl >= 5.9.3
[Steve Hay]

Fix shared libary extensions on Win32 to be .dll not .so
[Nikolay Ananiev <ananiev@@thegdb.com>]

Patch to mod_perl.dsp to remove /D _WINSOCK2API_ on Win32
for perl >= 5.8.6 [Steve Hay]

= 1.30 March 29, 2007

SECURITY: CVE-2007-1349 (cve.mitre.org)
fix unescaped variable interpolation in Apache::PerlRun
regular expression to prevent regex engine tampering.
reported by Alex Solovey
[Randal L. Schwartz <merlyn@@stonehenge.com>, Fred Moyer <fred@@redhotpenguin.com>]

sync Apache-SizeLimit with latest version from CPAN (0.91)
[Philip M. Gollucci, Philippe M. Chiasson]

Fix an Apache::(Registry|PerlRun) bug caused by special characters
in the url [kolya@@mail.ru]

Display a more verbose message if Apache.pm can't be loaded
[Geoffrey Young]

Fix incorrect win32 detection in Apache::SizeLimit reported by
Matt Phillips <mphillips@@virage.com> [Philippe M. Chiasson]

The print-a-scalar-reference feature is now deprecated and documented
as such [Stas]

fix "PerlSetVar Foo 0" so that $r->dir_config('Foo') returns 0, not undef
[Geoffrey Young]

for some reason .pm files during the modperl build see $ENV{PERL5LIB}
set in Makefile.PL, which is used for generating Makefiles, as
"PERL5LIB=/path:/another/path" instead of "/path:/another/path"
essentially rendering this env var useless. I'm not sure why, may be
MakeMaker kicks in somewhere. Trying to workaround by
s/PERL5LIB/PERL5LIB_ENV/, using anything that's not PERL5LIB. [Stas]

change $INC{$key} = undef; to delete $INC{$key}; in PerlFreshRestart
[Geoffrey Young]

Fix a bug in Makefile.PL for Win32 where it would, in
certain cases, pick up the wrong Perl include directory
[Steve Hay]
@
text
@$NetBSD: patch-ac,v 1.1 2009/06/15 17:42:04 he Exp $

This is revision 761081 from
http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?view=log&pathrev=761081
Fixes an XSS bug in Apache::Status, ref. CVE-2009-0796.

--- lib/Apache/Status.pm.orig	2005/05/23 01:08:52	177851
+++ lib/Apache/Status.pm	2009/04/01 21:57:52	761081
@@@@ -72,7 +72,7 @@@@
 	$r->print(symdump($r, $newQ->($r), $qs));
     }
     else {
-	my $uri = $r->uri;
+	my $uri = $r->location;
 	$r->print(
  	    map { qq[<a href="$uri?$_">$status{$_}</a><br>\n] } keys %status
         );
@@@@ -140,7 +140,7 @@@@
 sub status_inc {
     my($r,$q) = @@_;
     my(@@retval, $module, $v, $file);
-    my $uri = $r->uri;
+    my $uri = $r->location;
     push @@retval, "<table border=1>";
     push @@retval, 
     "<tr>", 
@@@@ -198,7 +198,7 @@@@
     my($r,$q) = @@_;
     my(@@retval);
     local $_;
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my $cache = __PACKAGE__->registry_cache;
     push @@retval, "<b>Click on package name to see its symbol table</b><p>\n";
     foreach (sort keys %$cache) {
@


1.1
log
@Update from version 1.29nb1 to 1.29nb2.

Pkgsrc changes:
 o Apply fix from svn repository to fix an XSS bug in Apache::Status,
   ref. CVE-2009-0796.
@
text
@d1 1
a1 1
$NetBSD$
@