Updated apache to 2.0.40

  *  SECURITY: [CAN-2002-0661] Close a very significant security hole that
     applies only to the Win32, OS2 and Netware platforms.  Unix was not
     affected, Cygwin may be affected.  Certain URIs will bypass security
     and allow users to invoke or access any file depending on the system
     configuration.  Without upgrading, a single .conf change will close
     the vulnerability.  Add the following directive in the global server
     httpd.conf context before any other Alias or Redirect directives;
         RedirectMatch 400 "\\\.\."
     Reported by Auriemma Luigi <bugtest@sitoverde.com>.
     [Brad Nicholes]

  *  SECURITY:  Close a path-revealing exposure in multiview type
     map negotiation (such as the default error documents) where the
     module would report the full path of the typemapped .var file when
     multiple documents or no documents could be served based on the mime
     negotiation.  Reported by Auriemma Luigi <bugtest@sitoverde.com>.
     [CAN-2002-0654]  [William Rowe]

  *  SECURITY:  Close a path-revealing exposure in cgi/cgid when we
     fail to invoke a script.  The modules would report "couldn't create
     child process /path-to-script/script.pl" revealing the full path
     of the script.  Reported by Jim Race <jrace@qualys.com>.
     [CAN-2002-0654]  [Bill Stoddard]

  *  More bug fixes (see the CHANGES file)

7 files changed, 110 insertions, 59 deletions

diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 90916d9a928..a702a7f87d8 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2002/08/25 21:51:53 jlam Exp $
+# $NetBSD: Makefile,v 1.12 2002/08/29 14:12:27 martti Exp $
 
 DISTNAME=		httpd-${APACHE_VERSION}
 PKGNAME=		apache-${APACHE_VERSION}
-APACHE_VERSION=		2.0.39
-PKGREVISION=		1
+APACHE_VERSION=		2.0.40
 CATEGORIES=		www
 MASTER_SITES=		http://httpd.apache.org/dist/httpd/ \
 			http://httpd.apache.org/dist/httpd/old/ \
diff --git a/www/apache2/PLIST b/www/apache2/PLIST
index 10492b1dc88..cd2cf09c804 100644
--- a/www/apache2/PLIST
+++ b/www/apache2/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2002/08/25 21:51:53 jlam Exp $
+@comment $NetBSD: PLIST,v 1.7 2002/08/29 14:12:28 martti Exp $
 bin/apr-config
 bin/apu-config
 etc/rc.d/apache
@@ -9,6 +9,7 @@ include/httpd/ap_config_layout.h
 include/httpd/ap_listen.h
 include/httpd/ap_mmn.h
 include/httpd/ap_mpm.h
+include/httpd/ap_regkey.h
 include/httpd/ap_release.h
 include/httpd/apr.h
 include/httpd/apr_allocator.h
@@ -38,9 +39,11 @@ include/httpd/apr_mmap.h
 include/httpd/apr_network_io.h
 include/httpd/apr_optional.h
 include/httpd/apr_optional_hooks.h
+include/httpd/apr_poll.h
 include/httpd/apr_pools.h
 include/httpd/apr_portable.h
 include/httpd/apr_proc_mutex.h
+include/httpd/apr_reslist.h
 include/httpd/apr_ring.h
 include/httpd/apr_rmm.h
 include/httpd/apr_sdbm.h
@@ -49,6 +52,7 @@ include/httpd/apr_shm.h
 include/httpd/apr_signal.h
 include/httpd/apr_strings.h
 include/httpd/apr_strmatch.h
+include/httpd/apr_support.h
 include/httpd/apr_tables.h
 include/httpd/apr_thread_cond.h
 include/httpd/apr_thread_mutex.h
@@ -117,6 +121,16 @@ lib/libaprutil.la
 lib/libaprutil.so
 lib/libaprutil.so.0
 lib/libaprutil.so.0.0
+man/man1/dbmmanage.1
+man/man1/htdigest.1
+man/man1/htpasswd.1
+man/man8/ab.8
+man/man8/apachectl.8
+man/man8/apxs.8
+man/man8/httpd.8
+man/man8/logresolve.8
+man/man8/rotatelogs.8
+man/man8/suexec.8
 sbin/ab
 sbin/apachectl
 sbin/apxs
@@ -424,11 +438,16 @@ share/httpd/icons/world2.png
 share/httpd/manual/LICENSE
 share/httpd/manual/bind.html.en
 share/httpd/manual/bind.html.ja.jis
+share/httpd/manual/bind.xml
+share/httpd/manual/bind.xml.ja
 share/httpd/manual/cgi_path.html.en
 share/httpd/manual/cgi_path.html.ja.jis
 share/httpd/manual/configuring.html.en
 share/httpd/manual/configuring.html.ja.jis
-share/httpd/manual/content-negotiation.html
+share/httpd/manual/configuring.xml
+share/httpd/manual/configuring.xml.ja
+share/httpd/manual/content-negotiation.html.en
+share/httpd/manual/content-negotiation.html.ja.jis
 share/httpd/manual/custom-error.html.en
 share/httpd/manual/custom-error.html.ja.jis
 share/httpd/manual/developer/API.html
@@ -440,20 +459,26 @@ share/httpd/manual/developer/header.html
 share/httpd/manual/developer/hooks.html
 share/httpd/manual/developer/index.html
 share/httpd/manual/developer/layeredio.html
-share/httpd/manual/developer/modules.html
+share/httpd/manual/developer/modules.html.en
+share/httpd/manual/developer/modules.html.ja.jis
 share/httpd/manual/developer/request.html
 share/httpd/manual/dns-caveats.html
-share/httpd/manual/dso.html
+share/httpd/manual/dso.html.en
+share/httpd/manual/dso.html.ja.jis
 share/httpd/manual/dso.html.ko.euc-kr
 share/httpd/manual/ebcdic.html
 share/httpd/manual/env.html.en
 share/httpd/manual/env.html.ja.jis
+share/httpd/manual/env.xml
 share/httpd/manual/faq/index.html
 share/httpd/manual/filter.html.en
 share/httpd/manual/filter.html.ja.jis
+share/httpd/manual/filter.xml
 share/httpd/manual/footer.html
+share/httpd/manual/glossary.html
 share/httpd/manual/handler.html.en
 share/httpd/manual/handler.html.ja.jis
+share/httpd/manual/handler.xml
 share/httpd/manual/header.html
 share/httpd/manual/howto/auth.html.en
 share/httpd/manual/howto/auth.html.ja.jis
@@ -461,6 +486,7 @@ share/httpd/manual/howto/cgi.html.en
 share/httpd/manual/howto/cgi.html.ja.jis
 share/httpd/manual/howto/footer.html
 share/httpd/manual/howto/header.html
+share/httpd/manual/howto/htaccess.html
 share/httpd/manual/howto/ssi.html.en
 share/httpd/manual/howto/ssi.html.ja.jis
 share/httpd/manual/images/apache_header.gif
@@ -490,7 +516,9 @@ share/httpd/manual/install.html.ja.jis
 share/httpd/manual/install.html.ko.euc-kr
 share/httpd/manual/invoking.html.en
 share/httpd/manual/invoking.html.ja.jis
-share/httpd/manual/logs.html
+share/httpd/manual/logs.html.en
+share/httpd/manual/logs.html.ja.jis
+share/httpd/manual/logs.xml
 share/httpd/manual/misc/custom_errordocs.html
 share/httpd/manual/misc/descriptors.html
 share/httpd/manual/misc/fin_wait_2.html
@@ -502,19 +530,26 @@ share/httpd/manual/misc/perf-tuning.html
 share/httpd/manual/misc/rewriteguide.html
 share/httpd/manual/misc/security_tips.html
 share/httpd/manual/misc/tutorials.html
-share/httpd/manual/mod/allmodules.html.en
 share/httpd/manual/mod/allmodules.xml
+share/httpd/manual/mod/allmodules.xml.ja
 share/httpd/manual/mod/core.html.en
 share/httpd/manual/mod/core.xml
-share/httpd/manual/mod/directive-dict.html
+share/httpd/manual/mod/directive-dict.html.en
+share/httpd/manual/mod/directive-dict.html.ja.jis
 share/httpd/manual/mod/directives.html.en
+share/httpd/manual/mod/directives.html.ja.jis
 share/httpd/manual/mod/directives.xml
+share/httpd/manual/mod/directives.xml.ja
 share/httpd/manual/mod/footer.html
 share/httpd/manual/mod/header.html
 share/httpd/manual/mod/index.html.en
+share/httpd/manual/mod/index.html.ja.jis
 share/httpd/manual/mod/index.xml
+share/httpd/manual/mod/index.xml.ja
 share/httpd/manual/mod/mod_access.html.en
+share/httpd/manual/mod/mod_access.html.ja.jis
 share/httpd/manual/mod/mod_access.xml
+share/httpd/manual/mod/mod_access.xml.ja
 share/httpd/manual/mod/mod_actions.html.en
 share/httpd/manual/mod/mod_actions.xml
 share/httpd/manual/mod/mod_alias.html.en
@@ -522,7 +557,9 @@ share/httpd/manual/mod/mod_alias.xml
 share/httpd/manual/mod/mod_asis.html.en
 share/httpd/manual/mod/mod_asis.xml
 share/httpd/manual/mod/mod_auth.html.en
+share/httpd/manual/mod/mod_auth.html.ja.jis
 share/httpd/manual/mod/mod_auth.xml
+share/httpd/manual/mod/mod_auth.xml.ja
 share/httpd/manual/mod/mod_auth_anon.html.en
 share/httpd/manual/mod/mod_auth_anon.xml
 share/httpd/manual/mod/mod_auth_dbm.html.en
@@ -530,7 +567,9 @@ share/httpd/manual/mod/mod_auth_dbm.xml
 share/httpd/manual/mod/mod_auth_digest.html.en
 share/httpd/manual/mod/mod_auth_digest.xml
 share/httpd/manual/mod/mod_autoindex.html.en
+share/httpd/manual/mod/mod_autoindex.html.ja.jis
 share/httpd/manual/mod/mod_autoindex.xml
+share/httpd/manual/mod/mod_autoindex.xml.ja
 share/httpd/manual/mod/mod_cache.html.en
 share/httpd/manual/mod/mod_cache.xml
 share/httpd/manual/mod/mod_cern_meta.html.en
@@ -546,11 +585,19 @@ share/httpd/manual/mod/mod_dav.html.ja.jis
 share/httpd/manual/mod/mod_dav.xml
 share/httpd/manual/mod/mod_dav.xml.ja
 share/httpd/manual/mod/mod_deflate.html.en
+share/httpd/manual/mod/mod_deflate.html.ja.jis
 share/httpd/manual/mod/mod_deflate.xml
+share/httpd/manual/mod/mod_deflate.xml.ja
 share/httpd/manual/mod/mod_dir.html.en
+share/httpd/manual/mod/mod_dir.html.ja.jis
 share/httpd/manual/mod/mod_dir.xml
+share/httpd/manual/mod/mod_dir.xml.ja
+share/httpd/manual/mod/mod_echo.html.en
+share/httpd/manual/mod/mod_echo.xml
 share/httpd/manual/mod/mod_env.html.en
+share/httpd/manual/mod/mod_env.html.ja.jis
 share/httpd/manual/mod/mod_env.xml
+share/httpd/manual/mod/mod_env.xml.ja
 share/httpd/manual/mod/mod_example.html.en
 share/httpd/manual/mod/mod_example.xml
 share/httpd/manual/mod/mod_expires.html.en
@@ -584,7 +631,9 @@ share/httpd/manual/mod/mod_rewrite.xml
 share/httpd/manual/mod/mod_setenvif.html.en
 share/httpd/manual/mod/mod_setenvif.xml
 share/httpd/manual/mod/mod_so.html.en
+share/httpd/manual/mod/mod_so.html.ja.jis
 share/httpd/manual/mod/mod_so.xml
+share/httpd/manual/mod/mod_so.xml.ja
 share/httpd/manual/mod/mod_speling.html.en
 share/httpd/manual/mod/mod_speling.xml
 share/httpd/manual/mod/mod_ssl.html.en
@@ -605,9 +654,12 @@ share/httpd/manual/mod/mod_usertrack.html.en
 share/httpd/manual/mod/mod_usertrack.xml
 share/httpd/manual/mod/mod_vhost_alias.html.en
 share/httpd/manual/mod/mod_vhost_alias.xml
-share/httpd/manual/mod/module-dict.html
+share/httpd/manual/mod/module-dict.html.en
+share/httpd/manual/mod/module-dict.html.ja.jis
 share/httpd/manual/mod/mpm_common.html.en
+share/httpd/manual/mod/mpm_common.html.ja.jis
 share/httpd/manual/mod/mpm_common.xml
+share/httpd/manual/mod/mpm_common.xml.ja
 share/httpd/manual/mod/mpm_netware.html.en
 share/httpd/manual/mod/mpm_netware.xml
 share/httpd/manual/mod/mpm_winnt.html.en
@@ -658,7 +710,8 @@ share/httpd/manual/sections.html.en
 share/httpd/manual/sections.html.ja.jis
 share/httpd/manual/server-wide.html.en
 share/httpd/manual/server-wide.html.ja.jis
-share/httpd/manual/sitemap.html
+share/httpd/manual/sitemap.html.en
+share/httpd/manual/sitemap.html.ja.jis
 share/httpd/manual/ssl/footer.html
 share/httpd/manual/ssl/header.html
 share/httpd/manual/ssl/index.html.en
@@ -676,16 +729,17 @@ share/httpd/manual/ssl/ssl_intro_fig3.gif
 share/httpd/manual/ssl/ssl_overview_fig1.gif
 share/httpd/manual/ssl/ssl_template.imgdot-1x1-000000.gif
 share/httpd/manual/ssl/ssl_template.imgdot-1x1-transp.gif
-share/httpd/manual/stopping.html
-share/httpd/manual/style/Makefile
-share/httpd/manual/style/build.sh
-share/httpd/manual/style/build.xml
+share/httpd/manual/stopping.html.en
+share/httpd/manual/stopping.html.ja.jis
+share/httpd/manual/style/common.dtd
 share/httpd/manual/style/common.xsl
+share/httpd/manual/style/de.xml
 share/httpd/manual/style/en.xml
 share/httpd/manual/style/ja.xml
 share/httpd/manual/style/manual.css
 share/httpd/manual/style/manual.en.xsl
 share/httpd/manual/style/manual.ja.xsl
+share/httpd/manual/style/manualpage.dtd
 share/httpd/manual/style/modulesynopsis.dtd
 share/httpd/manual/style/sv.xml
 share/httpd/manual/suexec.html.en
@@ -694,7 +748,9 @@ share/httpd/manual/upgrading.html.en
 share/httpd/manual/upgrading.html.fr
 share/httpd/manual/upgrading.html.ja.jis
 share/httpd/manual/upgrading.html.ko.euc-kr
-share/httpd/manual/urlmapping.html
+share/httpd/manual/upgrading.xml
+share/httpd/manual/urlmapping.html.en
+share/httpd/manual/urlmapping.html.ja.jis
 share/httpd/manual/vhosts/details.html
 share/httpd/manual/vhosts/examples.html
 share/httpd/manual/vhosts/fd-limits.html.en
diff --git a/www/apache2/distinfo b/www/apache2/distinfo
index 275fd049f14..7e7c862e636 100644
--- a/www/apache2/distinfo
+++ b/www/apache2/distinfo
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.9 2002/08/25 21:51:54 jlam Exp $
+$NetBSD: distinfo,v 1.10 2002/08/29 14:12:28 martti Exp $
 
-SHA1 (httpd-2.0.39.tar.gz) = 3f04dbffc081a34dbfc9aeab6738f320285db292
-Size (httpd-2.0.39.tar.gz) = 4413542 bytes
-SHA1 (patch-aa) = 6f39606469ced7555f0ce3e927da0a4dec5f80bd
+SHA1 (httpd-2.0.40.tar.gz) = 19be578519538f7455f6241d2e13cecd408e3ecf
+Size (httpd-2.0.40.tar.gz) = 4676089 bytes
+SHA1 (patch-aa) = 9d74b4ddeab96761f1bb3a7d39a5ab9001e3ea84
 SHA1 (patch-ad) = e4a0c729ce5fbf43855ea080946052ef025334f1
 SHA1 (patch-ag) = 3d68e475caef0555097a9756533034686e81d474
 SHA1 (patch-ah) = f655dbabb32884a20e77f4791fa762e6c0e6cf74
 SHA1 (patch-ak) = f11a86b1235d5c595fa381bbb474db4fe8448215
-SHA1 (patch-al) = 0dcba1455b4fa3fc40fbd488813608b7e2350309
+SHA1 (patch-al) = 29cc52616c50b7ec998339cca386112a8f1611cc
 SHA1 (patch-am) = ff60a7b69ad949363ebec194141e9b95cb796426
-SHA1 (patch-an) = 0ec78dc92d743db7fbbdb0f60d6f12f6d0dc3e90
-SHA1 (patch-ao) = 551922e4ebc89144c4f6c39bef8ad6657ce695f8
+SHA1 (patch-an) = c596758ee0c9327be8d748c95921903dba4dc971
+SHA1 (patch-ao) = 8e26a8d43f578071e4ec1b2c2f442e9753667f02
diff --git a/www/apache2/patches/patch-aa b/www/apache2/patches/patch-aa
index f6dd727f42a..13d59af98ad 100644
--- a/www/apache2/patches/patch-aa
+++ b/www/apache2/patches/patch-aa
@@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.6 2002/08/25 21:51:55 jlam Exp $
+$NetBSD: patch-aa,v 1.7 2002/08/29 14:12:29 martti Exp $
 
---- Makefile.in.orig	Sat Jun 15 18:41:03 2002
-+++ Makefile.in	Wed Jun 19 07:39:04 2002
+--- Makefile.in.orig	Thu Jul 25 17:47:12 2002
++++ Makefile.in	Mon Aug 12 15:01:27 2002
 @@ -14,7 +14,7 @@
  PROGRAMS        = $(PROGRAM_NAME)
  TARGETS         = $(PROGRAMS) $(shared_build) $(other_targets)
@@ -11,22 +11,22 @@ $NetBSD: patch-aa,v 1.6 2002/08/25 21:51:55 jlam Exp $
  	install-other install-cgi install-include install-suexec install-man \
  	install-build
  
-@@ -68,6 +68,7 @@
- 					< $$i; \
- 			fi \
- 		) > $(DESTDIR)$(sysconfdir)/$$i; \
+@@ -71,6 +71,7 @@
+ 	    				< $$i; \
+ 	    		fi \
+ 	    	) > $(DESTDIR)$(sysconfdir)/$$i; \
 +		if false; then \
- 		chmod 0644 $(DESTDIR)$(sysconfdir)/$$i; \
- 		file=`echo $$i|sed s/-std//`; \
- 		if [ "$$file" = "httpd.conf" ]; then \
-@@ -76,12 +77,15 @@
- 		if test "$$file" != "$$i" && test ! -f $(DESTDIR)$(sysconfdir)/$$file; then \
- 			$(INSTALL_DATA) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$file; \
- 		fi; \
-+		fi; \
+ 	    	chmod 0644 $(DESTDIR)$(sysconfdir)/$$i; \
+ 	    	file=`echo $$i|sed s/-std//`; \
+ 	    	if [ "$$file" = "httpd.conf" ]; then \
+@@ -79,12 +80,15 @@
+ 	    	if test "$$file" != "$$i" && test ! -f $(DESTDIR)$(sysconfdir)/$$file; then \
+ 	    		$(INSTALL_DATA) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$file; \
+ 	    	fi; \
++	    	fi; \
+ 	    done ; \
  	done ; \
- 	done
- 	@if test -f "$(builddir)/envvars-std"; then \
+ 	if test -f "$(builddir)/envvars-std"; then \
  	    cp -p envvars-std $(DESTDIR)$(sbindir); \
 +	    if false; then \
  	    if test ! -f $(DESTDIR)$(sbindir)/envvars; then \
diff --git a/www/apache2/patches/patch-al b/www/apache2/patches/patch-al
index 3e16dd083af..655bbb13867 100644
--- a/www/apache2/patches/patch-al
+++ b/www/apache2/patches/patch-al
@@ -1,8 +1,8 @@
-$NetBSD: patch-al,v 1.1 2002/04/13 21:35:54 jlam Exp $
+$NetBSD: patch-al,v 1.2 2002/08/29 14:12:29 martti Exp $
 
---- include/httpd.h.orig	Fri Mar 29 03:17:19 2002
-+++ include/httpd.h
-@@ -146,9 +146,9 @@
+--- include/httpd.h.orig	Mon Jul  1 19:49:53 2002
++++ include/httpd.h	Mon Aug 12 15:02:08 2002
+@@ -147,9 +147,9 @@
  /* The name of the log files */
  #ifndef DEFAULT_ERRORLOG
  #if defined(OS2) || defined(WIN32)
@@ -14,7 +14,7 @@ $NetBSD: patch-al,v 1.1 2002/04/13 21:35:54 jlam Exp $
  #endif
  #endif /* DEFAULT_ERRORLOG */
  
-@@ -164,7 +164,7 @@
+@@ -165,7 +165,7 @@
  
  /* The name of the server config file */
  #ifndef SERVER_CONFIG_FILE
@@ -23,7 +23,7 @@ $NetBSD: patch-al,v 1.1 2002/04/13 21:35:54 jlam Exp $
  #endif
  
  /* Whether we should enable rfc1413 identity checking */
-@@ -255,7 +255,7 @@
+@@ -256,7 +256,7 @@
  
  /** The name of the MIME types file */
  #ifndef AP_TYPES_CONFIG_FILE
diff --git a/www/apache2/patches/patch-an b/www/apache2/patches/patch-an
index 560177b1d27..264c3633679 100644
--- a/www/apache2/patches/patch-an
+++ b/www/apache2/patches/patch-an
@@ -1,10 +1,8 @@
-$NetBSD: patch-an,v 1.3 2002/08/25 21:51:57 jlam Exp $
+$NetBSD: patch-an,v 1.4 2002/08/29 14:12:29 martti Exp $
 
---with-randomdev=foo does not work.
-
---- srclib/apr/configure.in-	Wed Jun 19 08:23:52 2002
-+++ srclib/apr/configure.in	Wed Jun 19 08:32:09 2002
-@@ -1561,8 +1561,8 @@
+--- srclib/apr/configure.in.orig	Mon Aug  5 11:28:24 2002
++++ srclib/apr/configure.in	Mon Aug 12 15:02:37 2002
+@@ -1590,8 +1590,8 @@
      fi
    elif test "$apr_devrandom" != "no"; then
      if test -r "$apr_devrandom"; then
diff --git a/www/apache2/patches/patch-ao b/www/apache2/patches/patch-ao
index 51a179fba15..9db1c6a53e0 100644
--- a/www/apache2/patches/patch-ao
+++ b/www/apache2/patches/patch-ao
@@ -1,10 +1,8 @@
-$NetBSD: patch-ao,v 1.3 2002/08/25 21:51:57 jlam Exp $
+$NetBSD: patch-ao,v 1.4 2002/08/29 14:12:29 martti Exp $
 
---with-randomdev=foo does not work.
-
---- srclib/apr/configure-	Wed Jun 19 08:23:54 2002
-+++ srclib/apr/configure	Wed Jun 19 08:34:18 2002
-@@ -25347,11 +25347,11 @@
+--- srclib/apr/configure.orig	Fri Aug  9 19:47:46 2002
++++ srclib/apr/configure	Mon Aug 12 15:02:57 2002
+@@ -25353,11 +25353,11 @@
    elif test "$apr_devrandom" != "no"; then
      if test -r "$apr_devrandom"; then
        cat >>confdefs.h <<\_ACEOF