Update "apache2" package to version 2.0.53. Changes since version 2.0.52:

- Fix --with-apr=/usr and/or --with-apr-util=/usr.  Problem report 29740.
  [Max Bowsher <maxb ukf.net>]
- mod_proxy: Fix ProxyRemoteMatch directive.  Problem report 33170.
  [Rici Lake <rici ricilake.net>]
- mod_proxy: Respect errors reported by pre_connection hooks.
  [Jeff Trawick]
- --with-module can now take more than one module to be statically
  linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
  If the <modtype>-subdirectory doesn't exist it will be created and
  populated with a standard Makefile.in.  [Erik Abele]
- Fix the RPM spec file so that an RPM build now works. An RPM
  build now requires system installations of APR and APR-util.
  Remove some arbitrary moving around of binaries - the RPM now
  maps to the ASF build of httpd.
  [Graham Leggett]
- mod_dumpio, an I/O logging/dumping module, added to the
  modules/expermimental subdirectory.  [Jim Jagielski]
- mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
  library handles special characters.  Problem report 24437.
  [Jess Holle]
- Win32 MPM: Correct typo in debugging output.  [William Rowe]
- conf: Remove AddDefaultCharset from the default configuration because
  setting a site-wide default does more harm than good.
  Problem report 23421. [Roy Fielding]
- Add charset to example CGI scripts.  [Roy Fielding]
- mod_ssl: fail quickly if SSL connection is aborted rather than
  making many doomed ap_pass_brigade calls.
  Problem report 32699.  [Joe Orton]
- Remove compiled-in upper limit on LimitRequestFieldSize.
  [Bill Stoddard]
- Start keeping track of time-taken-to-process-request again for
  mod_status if ExtendedStatus is enabled. [Jim Jagielski]
- mod_proxy: Handle client-aborted connections correctly.
  Problem report 32443.  [Janne Hietamäki, Joe Orton]
- Fix handling of files >2Gb on all platforms (or builds) where
  apr_off_t is larger than apr_size_t.
  Problem report 28898.  [Joe Orton]
- mod_include: Fix bug which could truncate variable expansions
  of N*64 characters by one byte.  Problem report 32985.  [Joe Orton]
- Correct handling of certain bucket types in ap_save_brigade, fixing
  possible segfaults in mod_cgi with #include virtual.
  Problem report 31247.  [Joe Orton]
- Allow for the use of --with-module=foo:bar where the ./modules/foo
  directory is local only. Assumes, of course, that the required
  files are in ./modules/foo, but makes it easier to statically
  build/log "external" modules.  [Jim Jagielski]
- Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
  ldap authorization only modules have access to the util_ldap
  user cache without having to require ldap authentication as well.
  Problem report 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]
- mod_auth_ldap: Added the directive "Requires ldap-attribute" that
  allows the module to only authorize a user if the attribute value
  specified matches the value of the user object. Problem report 31913
  [Ryan Morgan <rmorgan pobox.com>]
- SECURITY: CAN-2004-0942 (cve.mitre.org)
  Fix for memory consumption DoS in handling of MIME folded request
  headers.  [Joe Orton]
- SECURITY: CAN-2004-0885 (cve.mitre.org)
  mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
  bypassed during an SSL renegotiation.  Problem report 31505.
  [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
- mod_ssl: Fail at startup rather than segfault at runtime if a
  client cert is configured with an encrypted private key.
  Problem report 24030.  [Joe Orton]
- apxs: fix handling of -Wc/-Wl and "-o mod_foo.so".
  Problem report 31448 [Joe Orton]
- mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
  [Jeff Trawick]
- mod_cache: CacheDisable will only disable the URLs it was meant to
  disable, not all caching. Problem report 31128.
  [Edward Rudd <eddie omegaware.com>, Paul Querna]
- mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
  cache responses.  [Justin Erenkrantz]
- mod_rewrite: Handle per-location rules when r->filename is unset.
  Previously this would segfault or simply not match as expected,
  depending on the platform.  [Jeff Trawick]
- mod_rewrite: Fix 0 bytes write into random memory position.
  Problem report 31036. [André Malo]
- mod_disk_cache: Do not store aborted content.  Problem report 21492.
  [Rüdiger Plüm <r.pluem t-online.de>]
- mod_disk_cache: Correctly store cached content type.
  Problem report 30278.
  [Rüdiger Plüm <r.pluem t-online.de>]
- mod_ldap: prevent the possiblity of an infinite loop in the LDAP
  statistics display. Problem report 29216. [Graham Leggett]
- mod_ldap: fix a bogus error message to tell the user which file
  is causing a potential problem with the LDAP shared memory cache.
  Problem report 31431 [Graham Leggett]
- mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
- Fix the re-linking issue when purging elements from the LDAP cache
  Problem report 24801.  [Jess Holle <jessh ptc.com>]
- mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]
- Fix Expires handling in mod_cache.  [Justin Erenkrantz]
- Alter mod_expires to run at a different filter priority to allow
  proper Expires storage by mod_cache.  [Justin Erenkrantz]

3 files changed, 14 insertions, 59 deletions

diff --git a/www/apache2/patches/patch-aa b/www/apache2/patches/patch-aa
index fe3d4c22985..3d370f171b6 100644
--- a/www/apache2/patches/patch-aa
+++ b/www/apache2/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
+$NetBSD: patch-aa,v 1.14 2005/02/09 14:57:52 tron Exp $
 
---- Makefile.in.orig	2004-08-26 09:01:18.000000000 -0400
-+++ Makefile.in
-@@ -4,7 +4,7 @@ CLEAN_SUBDIRS = test
+--- Makefile.in.orig	2004-11-24 19:31:09.000000000 +0000
++++ Makefile.in	2005-02-09 13:55:40.000000000 +0000
+@@ -4,7 +4,7 @@
  
  PROGRAM_NAME         = $(progname)
  PROGRAM_SOURCES      = modules.c
@@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
  PROGRAM_DEPENDENCIES = \
    $(BUILTIN_LIBS) \
    $(MPM_LIB) \
-@@ -14,7 +14,7 @@ PROGRAM_DEPENDENCIES = \
+@@ -14,7 +14,7 @@
  PROGRAMS        = $(PROGRAM_NAME)
  TARGETS         = $(PROGRAMS) $(shared_build) $(other_targets)
  PHONY_TARGETS   = $(srcdir)/buildmark.c
@@ -20,7 +20,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
  	install-other install-cgi install-include install-suexec install-man \
  	install-build
  
-@@ -71,6 +71,7 @@ install-conf:
+@@ -71,6 +71,7 @@
  	    				< $$i; \
  	    		fi \
  	    	) > $(DESTDIR)$(sysconfdir)/$$i; \
@@ -28,7 +28,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
  	    	chmod 0644 $(DESTDIR)$(sysconfdir)/$$i; \
  	    	file=`echo $$i|sed s/-std//`; \
  	    	if [ "$$file" = "httpd.conf" ]; then \
-@@ -79,13 +80,16 @@ install-conf:
+@@ -79,13 +80,16 @@
  	    	if test "$$file" != "$$i" && test ! -f $(DESTDIR)$(sysconfdir)/$$file; then \
  	    		$(INSTALL_DATA) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$file; \
  	    	fi; \
@@ -45,7 +45,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
  	fi
  
  install-build:
-@@ -93,8 +97,6 @@ install-build:
+@@ -93,8 +97,6 @@
  	@test -d $(DESTDIR)$(installbuilddir) || $(MKINSTALLDIRS) $(DESTDIR)$(installbuilddir) 
  	@cp $(top_srcdir)/build/*.mk $(DESTDIR)$(installbuilddir); \
  	cp build/*.mk $(DESTDIR)$(installbuilddir); \
@@ -54,7 +54,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
  	cp $(top_srcdir)/build/instdso.sh $(DESTDIR)$(installbuilddir); \
  	cp $(top_builddir)/config.nice $(DESTDIR)$(installbuilddir);
  
-@@ -108,7 +110,7 @@ dox::
+@@ -108,7 +110,7 @@
  	doxygen $(top_srcdir)/docs/doxygen.conf
  
  install-htdocs:
@@ -63,7 +63,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
             echo "[PRESERVING EXISTING HTDOCS SUBDIR: $(DESTDIR)$(htdocsdir)]"; \
          else \
  	    echo Installing HTML documents ; \
-@@ -118,7 +120,7 @@ install-htdocs:
+@@ -118,7 +120,7 @@
  	fi
  
  install-error:
@@ -72,7 +72,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
             echo "[PRESERVING EXISTING ERROR SUBDIR: $(DESTDIR)$(errordir)]"; \
          else \
  	    echo Installing error documents ; \
-@@ -128,7 +130,7 @@ install-error:
+@@ -128,7 +130,7 @@
  	fi
  
  install-icons:
@@ -81,7 +81,7 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
             echo "[PRESERVING EXISTING ICONS SUBDIR: $(DESTDIR)$(iconsdir)]"; \
          else \
  	    echo Installing icons ; \
-@@ -138,7 +140,7 @@ install-icons:
+@@ -138,7 +140,7 @@
  	fi
  
  install-cgi:
@@ -90,12 +90,12 @@ $NetBSD: patch-aa,v 1.13 2004/11/26 23:07:59 jlam Exp $
  	    echo "[PRESERVING EXISTING CGI SUBDIR: $(DESTDIR)$(cgidir)]"; \
  	else \
  	   echo Installing CGIs ; \
-@@ -191,8 +193,6 @@ install-man:
+@@ -191,8 +193,6 @@
  	@test -d $(DESTDIR)$(manualdir)   || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
  	@cp -p $(top_srcdir)/docs/man/*.1 $(DESTDIR)$(mandir)/man1
  	@cp -p $(top_srcdir)/docs/man/*.8 $(DESTDIR)$(mandir)/man8
 -	@(cd $(top_srcdir)/docs/manual && cp -rp * $(DESTDIR)$(manualdir))
--	@(cd $(DESTDIR)$(manualdir) && find . -name "CVS" -type d -print | xargs rm -rf 2>/dev/null ) || true
+-	@(cd $(DESTDIR)$(manualdir) && find . -name ".svn" -type d -print | xargs rm -rf 2>/dev/null ) || true
  
  install-suexec:
  	@if test -f $(builddir)/support/suexec; then \
diff --git a/www/apache2/patches/patch-as b/www/apache2/patches/patch-as
deleted file mode 100644
index 53066380121..00000000000
--- a/www/apache2/patches/patch-as
+++ /dev/null
@@ -1,26 +0,0 @@
-$NetBSD: patch-as,v 1.5 2004/12/18 08:42:12 adrianp Exp $
-
---- modules/ssl/ssl_engine_kernel.c.orig	2004-12-18 07:10:37.000000000 +0000
-+++ modules/ssl/ssl_engine_kernel.c	2004-12-18 07:13:50.000000000 +0000
-@@ -719,6 +719,21 @@
-                 X509_free(peercert);
-             }
-         }
-+
-+	/*
-+	 * Also check that SSLCipherSuite has been enforced as expected.
-+	 */
-+	if (cipher_list) {
-+	    cipher = SSL_get_current_cipher(ssl);
-+	    if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
-+	        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+	                      "SSL cipher suite not renegotiated: "
-+	                      "access to %s denied using cipher %s",
-+	                      r->filename,
-+	                      SSL_CIPHER_get_name(cipher));
-+	        return HTTP_FORBIDDEN;
-+	    }
-+	}
-     }
- 
-     /*
diff --git a/www/apache2/patches/patch-at b/www/apache2/patches/patch-at
deleted file mode 100644
index 60b9cf6179a..00000000000
--- a/www/apache2/patches/patch-at
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-at,v 1.1 2004/12/18 08:42:12 adrianp Exp $
-
---- modules/ssl/ssl_engine_init.c.orig	2004-12-18 07:15:01.000000000 +0000
-+++ modules/ssl/ssl_engine_init.c	2004-12-18 07:15:59.000000000 +0000
-@@ -439,6 +439,14 @@
-      * Configure additional context ingredients
-      */
-     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-+
-+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-+    /* 
-+     * Disallow a session from being resumed during a renegotiation,
-+     * so that an acceptable cipher suite can be negotiated.
-+     */
-+    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-+#endif
- }
- 
- static void ssl_init_ctx_session_cache(server_rec *s,