[pkgsrc/trunk]: pkgsrc/www/apache2 Update apache package to 2.0.63.

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/43f52b6c254e
branches:  trunk
changeset: 537943:43f52b6c254e
user:      taca <taca%pkgsrc.org@localhost>
date:      Mon Jan 21 14:37:22 2008 +0000

description:
Update apache package to 2.0.63.


Changes with Apache 2.0.63

  *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
     to /Device/Nul as the server is starting up, mirroring unix MPM's.
     PR: 43534  [Tom Donovan <Tom.Donovan acm.org>, William Rowe]

  *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
     by recreating the bucket allocator each time the trans pool is cleared.
     PR: 11427 #16 (follow-on)  [Tom Donovan <Tom.Donovan acm.org>]

Changes with Apache 2.0.62 (not released)

  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
     mod_status: Ensure refresh parameter is numeric to prevent
     a possible XSS attack caused by redirecting to other URLs.
     Reported by SecurityReason.  [Mark Cox, Joe Orton]

  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
     mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
     [Joe Orton]

  *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
     to identify a default, or specific servers or paths which list their
     contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]

  *) log.c: Ensure Win32 resurrects its lost robust logger processes.
     [William Rowe]

  *) mpm_winnt: Eliminate wait_for_many_objects.  Allows the clean
     shutdown of the server when the MaxClients is higher then 257,
     in a more responsive manner [Mladen Turk, William Rowe]

  *) Add explicit charset to the output of various modules to work around
     possible cross-site scripting flaws affecting web browsers that do not
     derive the response character set as required by  RFC2616.  One of these
     reported by SecurityReason [Joe Orton]

  *) http_protocol: Escape request method in 405 error reporting.
     This has no security impact since the browser cannot be tricked
     into sending arbitrary method strings.  [Jeff Trawick]

  *) http_protocol: Escape request method in 413 error reporting.
     Determined to be not generally exploitable, but a flaw in any case.
     PR 44014 [Victor Stinner <victor.stinner inl.fr>]

diffstat:

 www/apache2/Makefile |  3 +--
 www/apache2/distinfo |  8 ++++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diffs (30 lines):

diff -r ba1170e7151f -r 43f52b6c254e www/apache2/Makefile
--- a/www/apache2/Makefile      Mon Jan 21 14:33:46 2008 +0000
+++ b/www/apache2/Makefile      Mon Jan 21 14:37:22 2008 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.120 2008/01/18 05:09:47 tnn Exp $
+# $NetBSD: Makefile,v 1.121 2008/01/21 14:37:22 taca Exp $
 
 .include "Makefile.common"
 
 PKGNAME=       apache-${APACHE_VERSION}
-PKGREVISION=   2
 CATEGORIES=    www
 
 HOMEPAGE=      http://httpd.apache.org/
diff -r ba1170e7151f -r 43f52b6c254e www/apache2/distinfo
--- a/www/apache2/distinfo      Mon Jan 21 14:33:46 2008 +0000
+++ b/www/apache2/distinfo      Mon Jan 21 14:37:22 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.51 2007/09/07 23:11:40 tron Exp $
+$NetBSD: distinfo,v 1.52 2008/01/21 14:37:22 taca Exp $
 
-SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
-RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
-Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
+SHA1 (httpd-2.0.63.tar.bz2) = 20e2b64944e38e96491af788a37cb709d2c5b755
+RMD160 (httpd-2.0.63.tar.bz2) = f6a7de59860f627ac40b245fcf742fb07e1b4870
+Size (httpd-2.0.63.tar.bz2) = 4587670 bytes
 SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23
 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad