Pullup ticket #3922 - requested by taca

www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.81
- www/apache22/PLIST                                            1.21
- www/apache22/distinfo                                         1.52
- www/apache22/patches/patch-af                                 deleted
- www/apache22/patches/patch-docs_man_apxs.8                    1.1
- www/apache22/patches/patch-support_envvars-std.in             deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Sep 16 03:33:10 UTC 2012

   Modified Files:
   	pkgsrc/www/apache22: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-docs_man_apxs.8
   Removed Files:
   	pkgsrc/www/apache22/patches: patch-af patch-support_envvars-std.in

   Log Message:
   Update apache22 to 2.2.23.

   Changes with Apache 2.2.23

     *) SECURITY: CVE-2012-0883 (cve.mitre.org)
        envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
        current working directory to be searched for DSOs. [Stefan Fritsch]

     *) SECURITY: CVE-2012-2687 (cve.mitre.org)
        mod_negotiation: Escape filenames in variant list to prevent a
        possible XSS for a site where untrusted users can upload files to
        a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]

     *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
        [Paul Wouters <pwouters redhat.com>, Joe Orton]

     *) mod_ldap: Treat the "server unavailable" condition as a transient
        error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]

     *) core: Add filesystem paths to access denied / access failed messages.
        [Eric Covener]

     *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
        is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]

     *) core: Prevent "httpd -k restart" from killing server in presence of
        config error. [Joe Orton]

     *) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
        control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
        adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
        [Kaspar Brand, William Rowe]

     *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
        PR 53104. [Greg Ames]

     *) Unix MPMs: Fix small memory leak in parent process if connect()
        failed when waking up children.  [Joe Orton]

     *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
        [Peter Pramberger <peter pramberger.at>, Jim Jagielski]

     *) Added SSLProxyMachineCertificateChainFile directive so the proxy client
        can select the proper client certificate when using a chain and the
        remote server only lists the root CA as allowed.

     *) mpm_event, mpm_worker: Remain active amidst prevalent child process
        resource shortages.  [Jeff Trawick]

     *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]

     *) mod_rewrite: Fix the RewriteEngine directive to work within a
        location. Previously, once RewriteEngine was switched on globally,
        it was impossible to switch off. [Graham Leggett]

     *) mod_proxy_balancer: Restore balancing after a failed worker has
        recovered when using lbmethod_bybusyness.  PR 48735.  [Jeff Trawick]

     *) mod_dumpio: Properly handle errors from subsequent input filters.
        PR 52914. [Stefan Fritsch]

     *) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
        process resource shortages.  [Jeff Trawick]

     *) mpm_prefork: Reduce spawn rate after a child process exits due to
        unexpected poll or accept failure.  [Jeff Trawick]

     *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
        from logging bogus data in case of errors. [Stefan Fritsch]

     *) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
        response is a 206 Partial Content. This stops a reverse proxied partial
        response from becoming cached, and then being served in subsequent
        responses. PR 49113. [Graham Leggett]

     *) configure: Fix usage with external apr and apu in non-default paths
        and recent gcc versions >= 4.6. [Jean-Frederic Clere]

     *) core: Fix building against PCRE 8.30 by switching from the obsolete
        pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]

     *) mod_proxy: Add the forcerecovery balancer parameter that determines if
        recovery for balancer workers is enforced. [Ruediger Pluem]

0 files changed, 0 insertions, 0 deletions