Update "apache22" package to version 2.2.25. Changes since 2.2.24:

- SECURITY: CVE-2013-1862 (cve.mitre.org)
  mod_rewrite: Ensure that client data written to the RewriteLog is
  escaped to prevent terminal escape sequences from entering the
  log file.  [Eric Covener, Jeff Trawick, Joe Orton]
- core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
  strings.  The default limit for ap_pregsub() can be adjusted at compile
   time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]
- core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
  on Linux kernel versions 3.x and above.  Bug#55121.  [Bradley Heilbrun
  <apache heilbrun.org>]
- mod_setenvif: Log error on substitution overflow.
  [Stefan Fritsch]
- mod_ssl/proxy: enable the SNI extension for backend TLS connections
  [Kaspar Brand]
- mod_proxy: Use the the same hostname for SNI as for the HTTP request when
  forwarding to SSL backends. Bug#53134.
  [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
- mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
  in the error log to debug level.  [William Rowe]
- mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
  with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698.
  [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
- mod_proxy_balancer: Added balancer parameter failontimeout to allow server
  admin to configure an IO timeout as an error in the balancer.
  [Daniel Ruggeri]
- mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
  password.  [Daniel Ruggeri]
- htdigest: Fix buffer overflow when reading digest password file
  with very long lines. Bug#54893. [Rainer Jung]
- mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
  the source href (sent as part of the request body as XML) pointing to a
  URI that is not configured for DAV will trigger a segfault. [Ben Reser
  <ben reser.org>]
- mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611
  [Timothy Wood <tjw omnigroup.com>]
- mod_dav: Make sure that when we prepare an If URL for Etag comparison,
  we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>]
- mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
  result in a 412 Precondition Failed for a COPY operation. PR54610
  [Timothy Wood <tjw omnigroup.com>]
- mod_dav: When a PROPPATCH attempts to remove a non-existent dead
  property on a resource for which there is no dead property in the same
  namespace httpd segfaults. Bug#52559 [Diego Santa Cruz
  <diego.santaCruz spinetix.com>]
- mod_dav: Do not fail PROPPATCH when prop namespace is not known.
  Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
- mod_dav: Do not segfault on PROPFIND with a zero length DBM.
  Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]

3 files changed, 6 insertions, 42 deletions

diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 5aff47d7715..4237f876ba8 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.91 2013/07/12 10:45:04 jperkin Exp $
+# $NetBSD: Makefile,v 1.92 2013/07/15 18:15:49 tron Exp $
 
-DISTNAME=	httpd-2.2.24
+DISTNAME=	httpd-2.2.25
 PKGNAME=	${DISTNAME:S/httpd/apache/}
-PKGREVISION=	4
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
 		http://archive.apache.org/dist/httpd/ \
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index 6cf33a55cd9..7fbea9f3261 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.56 2013/07/05 15:36:25 manu Exp $
+$NetBSD: distinfo,v 1.57 2013/07/15 18:15:49 tron Exp $
 
-SHA1 (httpd-2.2.24.tar.bz2) = f73bce14832ec40c1aae68f4f8c367cab2266241
-RMD160 (httpd-2.2.24.tar.bz2) = 4c31b23615236c407779a23cbfcc8e05ba011224
-Size (httpd-2.2.24.tar.bz2) = 5490439 bytes
+SHA1 (httpd-2.2.25.tar.bz2) = e34222d1a8de38825397a1c70949bcc5836a1236
+RMD160 (httpd-2.2.25.tar.bz2) = 8a7745a5f6acb84adaac5cbd94f0e842c3cd7edc
+Size (httpd-2.2.25.tar.bz2) = 5524905 bytes
 SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -15,7 +15,6 @@ SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
 SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa
 SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
-SHA1 (patch-modules_mappers_mod_rewrite.c) = a1cee8c7c97936e15a1596a54ddc1839a5b1038d
 SHA1 (patch-modules_proxy_mod_proxy_connect.c) = 6d5ed1e075bc3d727c4940078a3a8b2abeb4b324
 SHA1 (patch-modules_ssl_ssl__engine__kernel.c) = fd6f425d18231f0daca9fc2553638891a7241a4a
 SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
diff --git a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c b/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
deleted file mode 100644
index 37488a99703..00000000000
--- a/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-modules_mappers_mod_rewrite.c,v 1.3 2013/05/30 22:58:15 tron Exp $
-
-Fix for security vulnerability reported in CVE-2013-1862. Patch taken
-from here:
-
-http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
-
---- modules/mappers/mod_rewrite.c.orig	2013-02-18 21:31:42.000000000 +0000
-+++ modules/mappers/mod_rewrite.c	2013-05-30 23:50:27.000000000 +0100
-@@ -500,11 +500,11 @@
- 
-     logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
-                                     "(%d) %s%s%s%s" APR_EOL_STR,
--                           rhost ? rhost : "UNKNOWN-HOST",
--                           rname ? rname : "-",
--                           r->user ? (*r->user ? r->user : "\"\"") : "-",
-+                           rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
-+                           rname ? ap_escape_logitem(r->pool, rname) : "-",
-+                           r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
-                            current_logtime(r),
--                           ap_get_server_name(r),
-+                           ap_escape_logitem(r->pool, ap_get_server_name(r)),
-                            (void *)(r->server),
-                            (void *)r,
-                            r->main ? "subreq" : "initial",
-@@ -514,7 +514,7 @@
-                            perdir ? "[perdir " : "",
-                            perdir ? perdir : "",
-                            perdir ? "] ": "",
--                           text);
-+                           ap_escape_logitem(r->pool, text));
- 
-     nbytes = strlen(logline);
-     apr_file_write(conf->rewritelogfp, logline, &nbytes);