Pullup ticket 2184 - requested by tron

security update for apache2

- pkgsrc/devel/apr0/Makefile				1.3
- pkgsrc/devel/apr0/distinfo				1.2
- pkgsrc/www/apache2/Makefile				1.118
- pkgsrc/www/apache2/Makefile.commom			1.22
- pkgsrc/www/apache2/PLIST				1.35
- pkgsrc/www/apache2/distinfo				1.51
- pkgsrc/www/apache2/patches/patch-ap			removed
- pkgsrc/www/apache2/patches/patch-aq			removed

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Fri Sep  7 23:11:41 UTC 2007

   Modified Files:
	   pkgsrc/devel/apr0: Makefile distinfo
	   pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo

   Log Message:
   Update "apr" package to version 0.9.16.2.0.61 and "apache2" package
   to version 2.0.61.

   This update is a bug and security fix release. The following security
   problem hasn't been fixed in "pkgsrc" before:
   - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when
     parsing date-related headers.
---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Fri Sep  7 23:28:23 UTC 2007

   Removed Files:
	   pkgsrc/www/apache2/patches: patch-ap patch-aq

   Log Message:
   Remove obsolete patch files.

8 files changed, 17 insertions, 151 deletions

diff --git a/devel/apr0/Makefile b/devel/apr0/Makefile
index 6a5efb81906..b147d04a596 100644
--- a/devel/apr0/Makefile
+++ b/devel/apr0/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2007/02/11 16:05:51 tv Exp $
+# $NetBSD: Makefile,v 1.2.4.1 2007/09/08 09:54:45 ghen Exp $
 
 .include "../../www/apache2/Makefile.common"
 
 PKGNAME=	apr-${APR_VERSION}.${APACHE_VERSION}
-PKGREVISION=	3
 CATEGORIES=	devel
 
 HOMEPAGE=	http://apr.apache.org/
diff --git a/devel/apr0/distinfo b/devel/apr0/distinfo
index 5f38a206808..d06ebd0bf13 100644
--- a/devel/apr0/distinfo
+++ b/devel/apr0/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1.1.1 2007/01/24 19:31:24 epg Exp $
+$NetBSD: distinfo,v 1.1.1.1.4.1 2007/09/08 09:54:45 ghen Exp $
 
-SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
-RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
-Size (httpd-2.0.59.tar.bz2) = 4743549 bytes
+SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
+RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
+Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
 SHA1 (patch-aa) = c84bdb6bcb14bf6bc7ea0d8f13334dd8c3ef2ef9
 SHA1 (patch-an) = 76d9ac0cdddec7c0f41535baee63bf0aa26ed596
 SHA1 (patch-ao) = e35630af53a78fce9aa5347a81cb1bcf8fb3058e
diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 68114f91909..6a106902bd2 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.114 2007/06/28 01:49:04 lkundrak Exp $
+# $NetBSD: Makefile,v 1.114.2.1 2007/09/08 09:54:45 ghen Exp $
 
 .include "Makefile.common"
 
 PKGNAME=	apache-${APACHE_VERSION}
-PKGREVISION=	6
 CATEGORIES=	www
 
 HOMEPAGE=	http://httpd.apache.org/
diff --git a/www/apache2/Makefile.common b/www/apache2/Makefile.common
index 276709391f7..0e4c3c94130 100644
--- a/www/apache2/Makefile.common
+++ b/www/apache2/Makefile.common
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile.common,v 1.21 2006/07/28 10:38:36 tron Exp $
+# $NetBSD: Makefile.common,v 1.21.8.1 2007/09/08 09:54:45 ghen Exp $
 
 DISTNAME=		httpd-${APACHE_VERSION}
 EXTRACT_SUFX=		.tar.bz2
 # When updating this version be sure to update the checksum and remove
 # any PKGREVISION for devel/apr also.
-APACHE_VERSION=		2.0.59
-APR_VERSION=		0.9.12
+APACHE_VERSION=		2.0.61
+APR_VERSION=		0.9.16
 MASTER_SITES=		${MASTER_SITE_APACHE:=httpd/} \
 			${MASTER_SITE_APACHE:=httpd/old/} \
 			http://www.NetBSD.org/images/logos/
-MAINTAINER=		tron@NetBSD.org
+MAINTAINER=		pkgsrc-users@NetBSD.org
diff --git a/www/apache2/PLIST b/www/apache2/PLIST
index 32664e21255..f6acb2e04c0 100644
--- a/www/apache2/PLIST
+++ b/www/apache2/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.34 2006/07/28 13:35:37 tron Exp $
+@comment $NetBSD: PLIST,v 1.34.8.1 2007/09/08 09:54:46 ghen Exp $
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
 include/httpd/ap_config_auto.h
@@ -154,6 +154,7 @@ share/httpd/htdocs/index.html.var
 share/httpd/htdocs/index.html.zh-cn.gb2312
 share/httpd/htdocs/index.html.zh-tw.big5
 share/httpd/icons/README
+share/httpd/icons/README.html
 share/httpd/icons/a.gif
 share/httpd/icons/a.png
 share/httpd/icons/alert.black.gif
@@ -281,7 +282,6 @@ share/httpd/icons/screw2.gif
 share/httpd/icons/screw2.png
 share/httpd/icons/script.gif
 share/httpd/icons/script.png
-share/httpd/icons/small/README.txt
 share/httpd/icons/small/back.gif
 share/httpd/icons/small/back.png
 share/httpd/icons/small/binary.gif
@@ -721,6 +721,7 @@ share/httpd/manual/mod/mod_logio.html.ja.euc-jp
 share/httpd/manual/mod/mod_logio.html.ko.euc-kr
 share/httpd/manual/mod/mod_mem_cache.html
 share/httpd/manual/mod/mod_mem_cache.html.en
+share/httpd/manual/mod/mod_mem_cache.html.ja.euc-jp
 share/httpd/manual/mod/mod_mem_cache.html.ko.euc-kr
 share/httpd/manual/mod/mod_mime.html
 share/httpd/manual/mod/mod_mime.html.en
diff --git a/www/apache2/distinfo b/www/apache2/distinfo
index db7f2a34ac8..8ccc17d88d8 100644
--- a/www/apache2/distinfo
+++ b/www/apache2/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.50 2007/06/28 01:49:04 lkundrak Exp $
+$NetBSD: distinfo,v 1.50.2.1 2007/09/08 09:54:46 ghen Exp $
 
-SHA1 (httpd-2.0.59.tar.bz2) = 908209cd6e52f700d2a841a25de36e44d469c376
-RMD160 (httpd-2.0.59.tar.bz2) = 78b802354e338798a6978ece8b3568be97542174
-Size (httpd-2.0.59.tar.bz2) = 4743549 bytes
+SHA1 (httpd-2.0.61.tar.bz2) = 665017829022d287ffe3cec749e2b5b61252d7b4
+RMD160 (httpd-2.0.61.tar.bz2) = a2c2c90976a967112a9129b9716d880d71261882
+Size (httpd-2.0.61.tar.bz2) = 4580339 bytes
 SHA1 (patch-aa) = bff1ef591f5361e7169ff9005dcf86437b9dac23
 SHA1 (patch-ab) = 387892276efd49fd081a187c1123de26fb6486ba
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -13,5 +13,3 @@ SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
 SHA1 (patch-al) = 9af7b6c56177d971e135f0a00b3ab9ded5d1b6dd
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-ao) = c629a7563d0e555922526e26b266251144a14ff6
-SHA1 (patch-ap) = 3f9dbd6dbbadb54f5255dfdb15decc6cc7e8eccc
-SHA1 (patch-aq) = d1e0243b28c9e224746fa5cac1321f55c5c0927e
diff --git a/www/apache2/patches/patch-ap b/www/apache2/patches/patch-ap
deleted file mode 100644
index 7d42ccc770c..00000000000
--- a/www/apache2/patches/patch-ap
+++ /dev/null
@@ -1,44 +0,0 @@
-$NetBSD: patch-ap,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
-
-Fix for CVE-2006-5752 XSS in mod_status with ExtendedStatus on.
-
---- modules/generators/mod_status.c.orig	2006-07-12 09:40:55.000000000 +0200
-+++ modules/generators/mod_status.c
-@@ -269,7 +269,7 @@ static int status_handler(request_rec *r
-     if (r->method_number != M_GET)
-         return DECLINED;
- 
--    ap_set_content_type(r, "text/html");
-+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
- 
-     /*
-      * Simple table-driven form data set parser that lets you alter the header
-@@ -298,7 +298,7 @@ static int status_handler(request_rec *r
-                     no_table_report = 1;
-                     break;
-                 case STAT_OPT_AUTO:
--                    ap_set_content_type(r, "text/plain");
-+                    ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
-                     short_report = 1;
-                     break;
-                 }
-@@ -664,7 +664,8 @@ static int status_handler(request_rec *r
-                                ap_escape_html(r->pool,
-                                               ws_record->client),
-                                ap_escape_html(r->pool,
--                                              ws_record->request),
-+                                              ap_escape_logitem(r->pool,
-+                                                                ws_record->request)),
-                                ap_escape_html(r->pool,
-                                               ws_record->vhost));
-                 }
-@@ -753,7 +754,8 @@ static int status_handler(request_rec *r
-                                    ap_escape_html(r->pool,
-                                                   ws_record->vhost),
-                                    ap_escape_html(r->pool,
--                                                  ws_record->request));
-+                                                  ap_escape_logitem(r->pool, 
-+                                                                    ws_record->request)));
-                 } /* no_table_report */
-             } /* for (j...) */
-         } /* for (i...) */
diff --git a/www/apache2/patches/patch-aq b/www/apache2/patches/patch-aq
deleted file mode 100644
index 243e6873394..00000000000
--- a/www/apache2/patches/patch-aq
+++ /dev/null
@@ -1,87 +0,0 @@
-$NetBSD: patch-aq,v 1.3 2007/06/28 01:49:04 lkundrak Exp $
-
-Fix for CVE-2007-1863 remote crash when mod_cache enabled.
-
---- modules/experimental/cache_util.c.orig	2006-07-12 09:40:55.000000000 +0200
-+++ modules/experimental/cache_util.c
-@@ -186,10 +186,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-     age = ap_cache_current_age(info, age_c, r->request_time);
- 
-     /* extract s-maxage */
--    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) {
-+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)
-+        && val != NULL) {
-         smaxage = apr_atoi64(val);
-     }
--    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)) {
-+    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "s-maxage", &val)
-+             && val != NULL) {
-         smaxage = apr_atoi64(val);
-     }
-     else {
-@@ -197,7 +199,8 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-     }
- 
-     /* extract max-age from request */
--    if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) {
-+    if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)
-+        && val != NULL) {
-         maxage_req = apr_atoi64(val);
-     }
-     else {
-@@ -205,10 +208,12 @@ CACHE_DECLARE(int) ap_cache_check_freshn
-     }
- 
-     /* extract max-age from response */
--    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) {
-+    if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)
-+        && val != NULL) {
-         maxage_cresp = apr_atoi64(val);
-     }
--    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)) {
-+    else if (cc_ceresp && ap_cache_liststr(r->pool, cc_ceresp, "max-age", &val)
-+             && val != NULL) {
-         maxage_cresp = apr_atoi64(val);
-     }
-     else
-@@ -231,14 +236,28 @@ CACHE_DECLARE(int) ap_cache_check_freshn
- 
-     /* extract max-stale */
-     if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) {
--        maxstale = apr_atoi64(val);
-+        if(val != NULL) {
-+            maxstale = apr_atoi64(val);
-+        }
-+        else {
-+            /*
-+             * If no value is assigned to max-stale, then the client is willing
-+             * to accept a stale response of any age (RFC2616 14.9.3). We will
-+             * set it to one year in this case as this situation is somewhat
-+             * similar to a "never expires" Expires header (RFC2616 14.21)
-+             * which is set to a date one year from the time the response is
-+             * sent in this case.
-+             */
-+            maxstale = APR_INT64_C(86400*365);
-+        }
-     }
-     else {
-         maxstale = 0;
-     }
- 
-     /* extract min-fresh */
--    if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) {
-+    if (cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)
-+        && val != NULL) {
-         minfresh = apr_atoi64(val);
-     }
-     else {
-@@ -384,6 +403,9 @@ CACHE_DECLARE(int) ap_cache_liststr(apr_
-                                                   next - val_start);
-                         }
-                     }
-+                    else {
-+                        *val = NULL;
-+                    }
-                 }
-                 return 1;
-             }