Update "apache22" package to version 2.2.10. Changes since 2.2.9:

- SECURITY: CVE-2008-2939 (cve.mitre.org)
  mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
  the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
- Allow for smax to be 0 for balancer members so that all idle
  connections are able to be dropped should they exceed ttl.
  Apache Bug #43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
  Jim Jagielski]
- mod_proxy_http: Don't trigger a retry by the client if a failure to
  read the response line was the result of a timeout.
  [Adam Woodworth <mirkperl gmail.com>]
- Support chroot on Unix-family platforms
  Apache Bug #43596 [Dimitar Pashev <mitko banksoft-bg.com>]
- mod_ssl: implement dynamic mutex callbacks for the benefit of
  OpenSSL.  [Sander Temme]
- mod_proxy_balancer: Add 'bybusyness' load balance method.
  [Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski]
- mod_authn_alias: Detect during startup when AuthDigestProvider
  is configured to use an incompatible provider via AuthnProviderAlias.
  Apache Bug #45196 [Eric Covener]
- mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be
  used as a session path separator/delim  Apache Bug #45158. [Jim Jagielski]
- mod_charset_lite: Avoid dropping error responses by handling meta buckets
  correctly. Apache Bug #45687 [Dan Poirier <poirier pobox.com>]
- mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
  avoid reusing pooled connections if the client connection is an initial
  connection. Apache Bug #37770. [Ruediger Pluem]
- mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
  Apache Bug #44799 [Christian Wenz <christian wenz.org>]
- mod_ssl: Rewrite shmcb to avoid memory alignment issues.
  Apache Bug #42101. [Geoff Thorpe]
- mod_proxy: Add connectiontimeout parameter for proxy workers in order to
  be able to set the timeout for connecting to the backend separately.
  Apache Bug #45445. [Ruediger Pluem, rahul <rahul sun.com>]
- mod_dav_fs: Retrieve minimal system information about directory
  entries when walking a DAV fs, resolving a performance degradation on
  Windows.  Apache Bug #45464.  [Joe Orton, Jeff Trawick]
- mod_cgid: Pass along empty command line arguments from an ISINDEX
  query that has consecutive '+' characters in the QUERY_STRING,
  matching the behavior of mod_cgi.
  [Eric Covener]
- mod_headers: Prevent Header edit from processing only the first header
  of possibly multiple headers with the same name and deleting the
  remaining ones. Apache Bug #45333.  [Ruediger Pluem]
- mod_proxy_balancer: Move nonce field in the balancer manager page inside
  the html form where it belongs. Apache Bug #45578. [Ruediger Pluem]
- mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
  known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
  [Ruediger Pluem]
- mod_rewrite: Preserve the query string when [proxy,noescape].
  Apache Bug #45247. [Tom Donovan]

pkgsrc related note:
The security fix for CVE-2008-2939 has already been integrated as patch
before this update.

1 files changed, 2 insertions, 3 deletions

diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 3097010d76c..894283b8d0c 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2008/10/12 12:22:25 tron Exp $
+# $NetBSD: Makefile,v 1.35 2008/11/01 19:49:38 tron Exp $
 
-DISTNAME=	httpd-2.2.9
+DISTNAME=	httpd-2.2.10
 PKGNAME=	${DISTNAME:S/httpd/apache/}
-PKGREVISION=	5
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
 		${MASTER_SITE_APACHE:=httpd/old/}