CVS commit: [pkgsrc-2012Q2] pkgsrc/www/apache22

["Matthias Scheler" <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Thu Sep 27 11:06:02 UTC 2012

Modified Files:
        pkgsrc/www/apache22 [pkgsrc-2012Q2]: Makefile PLIST distinfo
Added Files:
        pkgsrc/www/apache22/patches [pkgsrc-2012Q2]: patch-docs_man_apxs.8
Removed Files:
        pkgsrc/www/apache22/patches [pkgsrc-2012Q2]: patch-af
            patch-support_envvars-std.in

Log Message:
Pullup ticket #3922 - requested by taca
www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.81
- www/apache22/PLIST                                            1.21
- www/apache22/distinfo                                         1.52
- www/apache22/patches/patch-af                                 deleted
- www/apache22/patches/patch-docs_man_apxs.8                    1.1
- www/apache22/patches/patch-support_envvars-std.in             deleted

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Sep 16 03:33:10 UTC 2012

   Modified Files:
        pkgsrc/www/apache22: Makefile PLIST distinfo
   Added Files:
        pkgsrc/www/apache22/patches: patch-docs_man_apxs.8
   Removed Files:
        pkgsrc/www/apache22/patches: patch-af patch-support_envvars-std.in

   Log Message:
   Update apache22 to 2.2.23.

   Changes with Apache 2.2.23

     *) SECURITY: CVE-2012-0883 (cve.mitre.org)
        envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
        current working directory to be searched for DSOs. [Stefan Fritsch]

     *) SECURITY: CVE-2012-2687 (cve.mitre.org)
        mod_negotiation: Escape filenames in variant list to prevent a
        possible XSS for a site where untrusted users can upload files to
        a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]

     *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
        [Paul Wouters <pwouters redhat.com>, Joe Orton]

     *) mod_ldap: Treat the "server unavailable" condition as a transient
        error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]

     *) core: Add filesystem paths to access denied / access failed messages.
        [Eric Covener]

     *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
        is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]

     *) core: Prevent "httpd -k restart" from killing server in presence of
        config error. [Joe Orton]

     *) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
        control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
        adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
        [Kaspar Brand, William Rowe]

     *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
        PR 53104. [Greg Ames]

     *) Unix MPMs: Fix small memory leak in parent process if connect()
        failed when waking up children.  [Joe Orton]

     *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
        [Peter Pramberger <peter pramberger.at>, Jim Jagielski]

     *) Added SSLProxyMachineCertificateChainFile directive so the proxy client
        can select the proper client certificate when using a chain and the
        remote server only lists the root CA as allowed.

     *) mpm_event, mpm_worker: Remain active amidst prevalent child process
        resource shortages.  [Jeff Trawick]

     *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]

     *) mod_rewrite: Fix the RewriteEngine directive to work within a
        location. Previously, once RewriteEngine was switched on globally,
        it was impossible to switch off. [Graham Leggett]

     *) mod_proxy_balancer: Restore balancing after a failed worker has
        recovered when using lbmethod_bybusyness.  PR 48735.  [Jeff Trawick]

     *) mod_dumpio: Properly handle errors from subsequent input filters.
        PR 52914. [Stefan Fritsch]

     *) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
        process resource shortages.  [Jeff Trawick]

     *) mpm_prefork: Reduce spawn rate after a child process exits due to
        unexpected poll or accept failure.  [Jeff Trawick]

     *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and 
mod_cgid
        from logging bogus data in case of errors. [Stefan Fritsch]

     *) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
        response is a 206 Partial Content. This stops a reverse proxied partial
        response from becoming cached, and then being served in subsequent
        responses. PR 49113. [Graham Leggett]

     *) configure: Fix usage with external apr and apu in non-default paths
        and recent gcc versions >= 4.6. [Jean-Frederic Clere]

     *) core: Fix building against PCRE 8.30 by switching from the obsolete
        pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]

     *) mod_proxy: Add the forcerecovery balancer parameter that determines if
        recovery for balancer workers is enforced. [Ruediger Pluem]


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.80.2.1 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.20 -r1.20.4.1 pkgsrc/www/apache22/PLIST
cvs rdiff -u -r1.51 -r1.51.2.1 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.6 -r0 pkgsrc/www/apache22/patches/patch-af
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/www/apache22/patches/patch-docs_man_apxs.8
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/www/apache22/patches/patch-support_envvars-std.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.