Pullup ticket #3922 - requested by taca

www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.81
- www/apache22/PLIST                                            1.21
- www/apache22/distinfo                                         1.52
- www/apache22/patches/patch-af                                 deleted
- www/apache22/patches/patch-docs_man_apxs.8                    1.1
- www/apache22/patches/patch-support_envvars-std.in             deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Sep 16 03:33:10 UTC 2012

   Modified Files:
   	pkgsrc/www/apache22: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-docs_man_apxs.8
   Removed Files:
   	pkgsrc/www/apache22/patches: patch-af patch-support_envvars-std.in

   Log Message:
   Update apache22 to 2.2.23.

   Changes with Apache 2.2.23

     *) SECURITY: CVE-2012-0883 (cve.mitre.org)
        envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
        current working directory to be searched for DSOs. [Stefan Fritsch]

     *) SECURITY: CVE-2012-2687 (cve.mitre.org)
        mod_negotiation: Escape filenames in variant list to prevent a
        possible XSS for a site where untrusted users can upload files to
        a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]

     *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
        [Paul Wouters <pwouters redhat.com>, Joe Orton]

     *) mod_ldap: Treat the "server unavailable" condition as a transient
        error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]

     *) core: Add filesystem paths to access denied / access failed messages.
        [Eric Covener]

     *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
        is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]

     *) core: Prevent "httpd -k restart" from killing server in presence of
        config error. [Joe Orton]

     *) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
        control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
        adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
        [Kaspar Brand, William Rowe]

     *) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
        PR 53104. [Greg Ames]

     *) Unix MPMs: Fix small memory leak in parent process if connect()
        failed when waking up children.  [Joe Orton]

     *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
        [Peter Pramberger <peter pramberger.at>, Jim Jagielski]

     *) Added SSLProxyMachineCertificateChainFile directive so the proxy client
        can select the proper client certificate when using a chain and the
        remote server only lists the root CA as allowed.

     *) mpm_event, mpm_worker: Remain active amidst prevalent child process
        resource shortages.  [Jeff Trawick]

     *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]

     *) mod_rewrite: Fix the RewriteEngine directive to work within a
        location. Previously, once RewriteEngine was switched on globally,
        it was impossible to switch off. [Graham Leggett]

     *) mod_proxy_balancer: Restore balancing after a failed worker has
        recovered when using lbmethod_bybusyness.  PR 48735.  [Jeff Trawick]

     *) mod_dumpio: Properly handle errors from subsequent input filters.
        PR 52914. [Stefan Fritsch]

     *) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
        process resource shortages.  [Jeff Trawick]

     *) mpm_prefork: Reduce spawn rate after a child process exits due to
        unexpected poll or accept failure.  [Jeff Trawick]

     *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
        from logging bogus data in case of errors. [Stefan Fritsch]

     *) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
        response is a 206 Partial Content. This stops a reverse proxied partial
        response from becoming cached, and then being served in subsequent
        responses. PR 49113. [Graham Leggett]

     *) configure: Fix usage with external apr and apu in non-default paths
        and recent gcc versions >= 4.6. [Jean-Frederic Clere]

     *) core: Fix building against PCRE 8.30 by switching from the obsolete
        pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]

     *) mod_proxy: Add the forcerecovery balancer parameter that determines if
        recovery for balancer workers is enforced. [Ruediger Pluem]

1 files changed, 8 insertions, 5 deletions

diff --git a/www/apache22/PLIST b/www/apache22/PLIST
index 75d4f406a2a..eac4bc419c3 100644
--- a/www/apache22/PLIST
+++ b/www/apache22/PLIST
@@ -1,5 +1,4 @@
-@comment $NetBSD: PLIST,v 1.20 2012/02/01 19:53:21 tron Exp $
-${PLIST.suexec}sbin/suexec
+@comment $NetBSD: PLIST,v 1.20.4.1 2012/09/27 11:06:01 tron Exp $
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
 include/httpd/ap_config_auto.h
@@ -127,17 +126,17 @@ ${PLIST.all-shared}lib/httpd/mod_version.so
 ${PLIST.all-shared}lib/httpd/mod_vhost_alias.so
 libexec/cgi-bin/printenv
 libexec/cgi-bin/test-cgi
-man/man1/ab.1
-man/man1/apxs.1
 man/man1/dbmmanage.1
 man/man1/htdbm.1
 man/man1/htdigest.1
 man/man1/htpasswd.1
 man/man1/httxt2dbm.1
-man/man1/logresolve.1
+man/man8/ab.8
 man/man8/apachectl.8
+man/man8/apxs.8
 man/man8/htcacheclean.8
 man/man8/httpd.8
+man/man8/logresolve.8
 man/man8/rotatelogs.8
 man/man8/suexec.8
 sbin/ab
@@ -156,6 +155,7 @@ sbin/httxt2dbm
 sbin/logresolve
 sbin/mkcert
 sbin/rotatelogs
+${PLIST.suexec}sbin/suexec
 share/examples/httpd/extra/httpd-autoindex.conf
 share/examples/httpd/extra/httpd-dav.conf
 share/examples/httpd/extra/httpd-default.conf
@@ -576,6 +576,7 @@ share/httpd/manual/images/mod_rewrite_fig1.png
 share/httpd/manual/images/mod_rewrite_fig2.gif
 share/httpd/manual/images/mod_rewrite_fig2.png
 share/httpd/manual/images/pixel.gif
+share/httpd/manual/images/rewrite_backreferences.png
 share/httpd/manual/images/rewrite_rule_flow.png
 share/httpd/manual/images/right.gif
 share/httpd/manual/images/ssl_intro_fig1.gif
@@ -1180,11 +1181,13 @@ share/httpd/manual/style/css/manual-print.css
 share/httpd/manual/style/css/manual-zip-100pc.css
 share/httpd/manual/style/css/manual-zip.css
 share/httpd/manual/style/css/manual.css
+share/httpd/manual/style/css/prettify.css
 share/httpd/manual/style/faq.dtd
 share/httpd/manual/style/lang.dtd
 share/httpd/manual/style/latex/atbeginend.sty
 share/httpd/manual/style/manualpage.dtd
 share/httpd/manual/style/modulesynopsis.dtd
+share/httpd/manual/style/scripts/prettify.js
 share/httpd/manual/style/sitemap.dtd
 share/httpd/manual/style/version.ent
 share/httpd/manual/suexec.html