CVS commit: pkgsrc/www/apache22

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/apache22
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Sun, 16 Sep 2012 03:33:10 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Sep 16 03:33:10 UTC 2012

Modified Files:
        pkgsrc/www/apache22: Makefile PLIST distinfo
Added Files:
        pkgsrc/www/apache22/patches: patch-docs_man_apxs.8
Removed Files:
        pkgsrc/www/apache22/patches: patch-af patch-support_envvars-std.in

Log Message:
Update apache22 to 2.2.23.

Changes with Apache 2.2.23

  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
     envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
     current working directory to be searched for DSOs. [Stefan Fritsch]

  *) SECURITY: CVE-2012-2687 (cve.mitre.org)
     mod_negotiation: Escape filenames in variant list to prevent a
     possible XSS for a site where untrusted users can upload files to
     a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]

  *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
     [Paul Wouters <pwouters redhat.com>, Joe Orton]

  *) mod_ldap: Treat the "server unavailable" condition as a transient
     error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]

  *) core: Add filesystem paths to access denied / access failed messages.
     [Eric Covener]

  *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
     is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]

  *) core: Prevent "httpd -k restart" from killing server in presence of
     config error. [Joe Orton]

  *) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
     control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
     adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
     [Kaspar Brand, William Rowe]

  *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
     PR 53104. [Greg Ames]

  *) Unix MPMs: Fix small memory leak in parent process if connect()
     failed when waking up children.  [Joe Orton]

  *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
     [Peter Pramberger <peter pramberger.at>, Jim Jagielski]

  *) Added SSLProxyMachineCertificateChainFile directive so the proxy client
     can select the proper client certificate when using a chain and the
     remote server only lists the root CA as allowed.

  *) mpm_event, mpm_worker: Remain active amidst prevalent child process
     resource shortages.  [Jeff Trawick]

  *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]

  *) mod_rewrite: Fix the RewriteEngine directive to work within a
     location. Previously, once RewriteEngine was switched on globally,
     it was impossible to switch off. [Graham Leggett]

  *) mod_proxy_balancer: Restore balancing after a failed worker has
     recovered when using lbmethod_bybusyness.  PR 48735.  [Jeff Trawick]

  *) mod_dumpio: Properly handle errors from subsequent input filters.
     PR 52914. [Stefan Fritsch]

  *) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
     process resource shortages.  [Jeff Trawick]

  *) mpm_prefork: Reduce spawn rate after a child process exits due to
     unexpected poll or accept failure.  [Jeff Trawick]

  *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
     from logging bogus data in case of errors. [Stefan Fritsch]

  *) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
     response is a 206 Partial Content. This stops a reverse proxied partial
     response from becoming cached, and then being served in subsequent
     responses. PR 49113. [Graham Leggett]

  *) configure: Fix usage with external apr and apu in non-default paths
     and recent gcc versions >= 4.6. [Jean-Frederic Clere]

  *) core: Fix building against PCRE 8.30 by switching from the obsolete
     pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]

  *) mod_proxy: Add the forcerecovery balancer parameter that determines if
     recovery for balancer workers is enforced. [Ruediger Pluem]


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/apache22/PLIST
cvs rdiff -u -r1.51 -r1.52 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.6 -r0 pkgsrc/www/apache22/patches/patch-af
cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache22/patches/patch-docs_man_apxs.8
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/www/apache22/patches/patch-support_envvars-std.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/security/bitstir
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/security/bitstir
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index