CVS commit: [pkgsrc-2012Q4] pkgsrc/www/apache22

["S.P.Zeidler" <spz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   spz
Date:           Fri Mar  8 18:36:42 UTC 2013

Modified Files:
        pkgsrc/www/apache22 [pkgsrc-2012Q4]: Makefile PLIST distinfo

Log Message:
Pullup ticket #4088 - requested by tron
www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.87
- www/apache22/PLIST                                            1.22
- www/apache22/distinfo                                         1.54

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        tron
   Date:                Sun Mar  3 20:05:04 UTC 2013

   Modified Files:
        pkgsrc/www/apache22: Makefile PLIST distinfo

   Log Message:
   Update "apache" package to version 2.2.24. Changes since 2.2.23:
   - SECURITY: CVE-2012-3499 (cve.mitre.org)
     Various XSS flaws due to unescaped hostnames and URIs HTML output in
     mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
     [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
   - SECURITY: CVE-2012-4558 (cve.mitre.org)
     XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
     Niels Heinen <heinenn google com>]
   - mod_rewrite: Stop merging RewriteBase down to subdirectories
     unless new option 'RewriteOptions MergeBase' is configured.
     Merging RewriteBase was unconditionally turned on in 2.2.23.
     Bug Report 53963. [Eric Covener]
   - mod_ssl: Send the error message for speaking http to an https port using
     HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
     using SNI. Bug Report 50823. [Stefan Fritsch]
   - mod_ssl: log revoked certificates at level INFO
     instead of DEBUG. Bug Report 52162. [Stefan Fritsch]
   - mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416.
     [Rainer Jung]
   - mod_dir: Add support for the value 'disabled' in FallbackResource.
     [Vincent Deffontaines]
   - mod_ldap: Fix regression in handling "server unavailable" errors on
     Windows.  Bug Report 54140.  [Eric Covener]
   - mod_ssl: fix a regression with the string rendering of the "UID" RDN
     introduced in 2.2.15. Bug Report 54510. [Kaspar Brand]
   - ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
     to more accurately report the negotiated protocol. Bug Report 53916.
     [Nicol=E1s Pernas Maradei <nico emutex com>, Kaspar Brand]
   - mod_cache: Explicitly allow cache implementations to cache a 206 Partial
     Response if they so choose to do so. Previously an attempt to cache a 206
     was arbitrarily allowed if the response contained an Expires or
     Cache-Control header, and arbitrarily denied if both headers were missing.
     Currently the disk and memory cache providers do not cache 206 Partial
     Responses. [Graham Leggett]
   - core: Remove unintentional APR dependency introduced with
     Apache 2.2.22. [Eric Covener]
   - core: Use a TLS 1.0 close_notify alert for internal dummy connection if
     the chosen listener is configured for https. [Joe Orton]
   - mod_ssl: Add new directive SSLCompression to disable TLS-level
     compression. Bug Report 53219. [Bj=F6rn Jacke <bjoern j3e de>, Stefan Fri=
   tsch]

   To generate a diff of this commit:
   cvs rdiff -u -r1.86 -r1.87 pkgsrc/www/apache22/Makefile
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/apache22/PLIST
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.85.2.1 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.21 -r1.21.4.1 pkgsrc/www/apache22/PLIST
cvs rdiff -u -r1.53 -r1.53.2.1 pkgsrc/www/apache22/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.