9 files changed, 20 insertions, 232 deletions

diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 5d761935f31..b4a507e6073 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.47 2009/07/14 12:23:39 tron Exp $
+# $NetBSD: Makefile,v 1.48 2009/08/06 07:07:23 tron Exp $
 
-DISTNAME=	httpd-2.2.11
-PKGREVISION=	6
+DISTNAME=	httpd-2.2.12
 PKGNAME=	${DISTNAME:S/httpd/apache/}
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
diff --git a/www/apache22/PLIST b/www/apache22/PLIST
index 156be975af4..98591f33757 100644
--- a/www/apache22/PLIST
+++ b/www/apache22/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.12 2009/06/14 22:00:18 joerg Exp $
+@comment $NetBSD: PLIST,v 1.13 2009/08/06 07:07:23 tron Exp $
 ${PLIST.suexec}sbin/suexec
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
@@ -534,6 +534,7 @@ share/httpd/manual/howto/public_html.html
 share/httpd/manual/howto/public_html.html.en
 share/httpd/manual/howto/public_html.html.ja.utf8
 share/httpd/manual/howto/public_html.html.ko.euc-kr
+share/httpd/manual/howto/public_html.html.tr.utf8
 share/httpd/manual/howto/ssi.html
 share/httpd/manual/howto/ssi.html.en
 share/httpd/manual/howto/ssi.html.ja.utf8
@@ -612,6 +613,7 @@ share/httpd/manual/misc/password_encryptions.html.en
 share/httpd/manual/misc/perf-tuning.html
 share/httpd/manual/misc/perf-tuning.html.en
 share/httpd/manual/misc/perf-tuning.html.ko.euc-kr
+share/httpd/manual/misc/perf-tuning.html.tr.utf8
 share/httpd/manual/misc/relevant_standards.html
 share/httpd/manual/misc/relevant_standards.html.en
 share/httpd/manual/misc/relevant_standards.html.ko.euc-kr
@@ -1000,6 +1002,7 @@ share/httpd/manual/programs/apachectl.html.tr.utf8
 share/httpd/manual/programs/apxs.html
 share/httpd/manual/programs/apxs.html.en
 share/httpd/manual/programs/apxs.html.ko.euc-kr
+share/httpd/manual/programs/apxs.html.tr.utf8
 share/httpd/manual/programs/configure.html
 share/httpd/manual/programs/configure.html.en
 share/httpd/manual/programs/configure.html.ko.euc-kr
@@ -1007,23 +1010,29 @@ share/httpd/manual/programs/configure.html.tr.utf8
 share/httpd/manual/programs/dbmmanage.html
 share/httpd/manual/programs/dbmmanage.html.en
 share/httpd/manual/programs/dbmmanage.html.ko.euc-kr
+share/httpd/manual/programs/dbmmanage.html.tr.utf8
 share/httpd/manual/programs/htcacheclean.html
 share/httpd/manual/programs/htcacheclean.html.en
 share/httpd/manual/programs/htcacheclean.html.ko.euc-kr
+share/httpd/manual/programs/htcacheclean.html.tr.utf8
 share/httpd/manual/programs/htdbm.html
 share/httpd/manual/programs/htdbm.html.en
+share/httpd/manual/programs/htdbm.html.tr.utf8
 share/httpd/manual/programs/htdigest.html
 share/httpd/manual/programs/htdigest.html.en
 share/httpd/manual/programs/htdigest.html.ko.euc-kr
+share/httpd/manual/programs/htdigest.html.tr.utf8
 share/httpd/manual/programs/htpasswd.html
 share/httpd/manual/programs/htpasswd.html.en
 share/httpd/manual/programs/htpasswd.html.ko.euc-kr
+share/httpd/manual/programs/htpasswd.html.tr.utf8
 share/httpd/manual/programs/httpd.html
 share/httpd/manual/programs/httpd.html.en
 share/httpd/manual/programs/httpd.html.ko.euc-kr
 share/httpd/manual/programs/httpd.html.tr.utf8
 share/httpd/manual/programs/httxt2dbm.html
 share/httpd/manual/programs/httxt2dbm.html.en
+share/httpd/manual/programs/httxt2dbm.html.tr.utf8
 share/httpd/manual/programs/index.html
 share/httpd/manual/programs/index.html.en
 share/httpd/manual/programs/index.html.es
@@ -1033,15 +1042,19 @@ share/httpd/manual/programs/index.html.tr.utf8
 share/httpd/manual/programs/logresolve.html
 share/httpd/manual/programs/logresolve.html.en
 share/httpd/manual/programs/logresolve.html.ko.euc-kr
+share/httpd/manual/programs/logresolve.html.tr.utf8
 share/httpd/manual/programs/other.html
 share/httpd/manual/programs/other.html.en
 share/httpd/manual/programs/other.html.ko.euc-kr
+share/httpd/manual/programs/other.html.tr.utf8
 share/httpd/manual/programs/rotatelogs.html
 share/httpd/manual/programs/rotatelogs.html.en
 share/httpd/manual/programs/rotatelogs.html.ko.euc-kr
+share/httpd/manual/programs/rotatelogs.html.tr.utf8
 share/httpd/manual/programs/suexec.html
 share/httpd/manual/programs/suexec.html.en
 share/httpd/manual/programs/suexec.html.ko.euc-kr
+share/httpd/manual/programs/suexec.html.tr.utf8
 share/httpd/manual/rewrite/index.html
 share/httpd/manual/rewrite/index.html.en
 share/httpd/manual/rewrite/index.html.tr.utf8
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index 29c87d4790d..bbf200f170e 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,16 +1,13 @@
-$NetBSD: distinfo,v 1.21 2009/07/14 12:23:39 tron Exp $
+$NetBSD: distinfo,v 1.22 2009/08/06 07:07:23 tron Exp $
 
-SHA1 (httpd-2.2.11.tar.bz2) = 7af256d53b79342f82222bd7b86eedbd9ac21d9a
-RMD160 (httpd-2.2.11.tar.bz2) = b2012af716a459f666e0e41eb04808bd0f7fc28d
-Size (httpd-2.2.11.tar.bz2) = 5230130 bytes
+SHA1 (httpd-2.2.12.tar.bz2) = 76e243a5b7dc9896e83bdfac1aa98bbfdc85aeae
+RMD160 (httpd-2.2.12.tar.bz2) = 4c8e781e5e60a7a332383a798fe0ddc1adffc914
+Size (httpd-2.2.12.tar.bz2) = 5140433 bytes
 SHA1 (patch-aa) = 40f5f687a1217b8d6684dc610d3d4c430f635cbf
-SHA1 (patch-ab) = d5391ca1af9d817d35cb472b0feb05b86a95e560
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
 SHA1 (patch-ad) = 088d6ff0e7a8acfe70b4f85a6ce58d42c935fd13
 SHA1 (patch-ae) = 86b307d6eefef232b6223afc3f69e64be40bd913
-SHA1 (patch-af) = cf7cc7d09e0379830d1ce0be4be74c8f2bbb1719
 SHA1 (patch-ag) = 78dcb023f524ef65928b529320932c9664ec0d01
-SHA1 (patch-ah) = 5fc2a3fad42fa67669c219123b8c27e138927452
 SHA1 (patch-ai) = 4ebc3bd580a298973928eb6d13d2ce745eac0312
 SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9210e328cbf674c68f1
 SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
@@ -19,6 +16,3 @@ SHA1 (patch-as) = 7880eae75b702563bff8bca833ca81fb3dc4444c
 SHA1 (patch-au) = d4c623bb953ac45cb4c8d95fc1d3c2788452d9a1
 SHA1 (patch-av) = faf8fe2c72c7830daa407907b8161b56300afeaf
 SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
-SHA1 (patch-ba) = ab9984391fcdda9c9793009290d95de8ec2a1371
-SHA1 (patch-bc) = f980d98f1b0ee277d995e3be0f5e55622ebc3931
-SHA1 (patch-bd) = 66f882a4d8c884e5422e025ed175a17412b02fd4
diff --git a/www/apache22/patches/patch-ab b/www/apache22/patches/patch-ab
deleted file mode 100644
index 0d3d420696c..00000000000
--- a/www/apache22/patches/patch-ab
+++ /dev/null
@@ -1,40 +0,0 @@
-$NetBSD: patch-ab,v 1.10 2009/05/22 09:46:06 tron Exp $
-
-Patch for CVE-2009-1191 taken from the Apache SVN repository:
-http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?view=markup&pathrev=768506
-
---- modules/proxy/mod_proxy_ajp.c	2008/11/15 14:25:54	714273
-+++ modules/proxy/mod_proxy_ajp.c	2009/04/25 09:58:52	768506
-@@ -307,21 +307,17 @@
-                          "proxy: read zero bytes, expecting"
-                          " %" APR_OFF_T_FMT " bytes",
-                          content_length);
--            status = ajp_send_data_msg(conn->sock, msg, 0);
--            if (status != APR_SUCCESS) {
--                /* We had a failure: Close connection to backend */
--                conn->close++;
--                ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
--                            "proxy: send failed to %pI (%s)",
--                            conn->worker->cp->addr,
--                            conn->worker->hostname);
--                return HTTP_INTERNAL_SERVER_ERROR;
--            }
--            else {
--                /* Client send zero bytes with C-L > 0
--                 */
--                return HTTP_BAD_REQUEST;
--            }
-+            /*
-+             * We can only get here if the client closed the connection
-+             * to us without sending the body.
-+             * Now the connection is in the wrong state on the backend.
-+             * Sending an empty data msg doesn't help either as it does
-+             * not move this connection to the correct state on the backend
-+             * for later resusage by the next request again.
-+             * Close it to clean things up.
-+             */
-+            conn->close++;
-+            return HTTP_BAD_REQUEST;
-         }
-     }
- 
diff --git a/www/apache22/patches/patch-af b/www/apache22/patches/patch-af
deleted file mode 100644
index faff767dc3a..00000000000
--- a/www/apache22/patches/patch-af
+++ /dev/null
@@ -1,35 +0,0 @@
-$NetBSD: patch-af,v 1.1 2009/07/14 12:23:40 tron Exp $
-
-Fix for CVE-2009-1891 taken from here:
-
-http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core_filters.c?r1=421103&r2=791454&pathrev=791454
-
---- server/core_filters.c.orig	2006-07-12 04:38:44.000000000 +0100
-+++ server/core_filters.c	2009-07-14 13:01:09.000000000 +0100
-@@ -542,6 +542,12 @@
-     apr_read_type_e eblock = APR_NONBLOCK_READ;
-     apr_pool_t *input_pool = b->p;
- 
-+    /* Fail quickly if the connection has already been aborted. */
-+    if (c->aborted) {
-+        apr_brigade_cleanup(b);
-+        return APR_ECONNABORTED;
-+    }
-+
-     if (ctx == NULL) {
-         ctx = apr_pcalloc(c->pool, sizeof(*ctx));
-         net->out_ctx = ctx;
-@@ -909,12 +915,9 @@
-             /* No need to check for SUCCESS, we did that above. */
-             if (!APR_STATUS_IS_EAGAIN(rv)) {
-                 c->aborted = 1;
-+                return APR_ECONNABORTED;
-             }
- 
--            /* The client has aborted, but the request was successful. We
--             * will report success, and leave it to the access and error
--             * logs to note that the connection was aborted.
--             */
-             return APR_SUCCESS;
-         }
- 
diff --git a/www/apache22/patches/patch-ah b/www/apache22/patches/patch-ah
deleted file mode 100644
index f42450e7da1..00000000000
--- a/www/apache22/patches/patch-ah
+++ /dev/null
@@ -1,44 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2009/07/14 12:23:40 tron Exp $
-
-Fix for CVE-2009-1890 taken from here:
-
-http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587
-
---- modules/proxy/mod_proxy_http.c.orig	2008-11-11 20:04:34.000000000 +0000
-+++ modules/proxy/mod_proxy_http.c	2009-07-14 13:03:49.000000000 +0100
-@@ -422,10 +422,16 @@
-     apr_off_t bytes_streamed = 0;
- 
-     if (old_cl_val) {
-+        char *endstr;
-+
-         add_cl(p, bucket_alloc, header_brigade, old_cl_val);
--        if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL,
--                                                 0))) {
--            return HTTP_INTERNAL_SERVER_ERROR;
-+        status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10);
-+        
-+        if (status || *endstr || endstr == old_cl_val || cl_val < 0) {
-+            ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
-+                          "proxy: could not parse request Content-Length (%s)",
-+                          old_cl_val);
-+            return HTTP_BAD_REQUEST;
-         }
-     }
-     terminate_headers(bucket_alloc, header_brigade);
-@@ -453,8 +459,13 @@
-          *
-          * Prevents HTTP Response Splitting.
-          */
--        if (bytes_streamed > cl_val)
--             continue;
-+        if (bytes_streamed > cl_val) {
-+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-+                          "proxy: read more bytes of request body than expected "
-+                          "(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")",
-+                          bytes_streamed, cl_val);
-+            return HTTP_INTERNAL_SERVER_ERROR;
-+        }
- 
-         if (header_brigade) {
-             /* we never sent the header brigade, so go ahead and
diff --git a/www/apache22/patches/patch-ba b/www/apache22/patches/patch-ba
deleted file mode 100644
index a6c93923735..00000000000
--- a/www/apache22/patches/patch-ba
+++ /dev/null
@@ -1,42 +0,0 @@
-$NetBSD: patch-ba,v 1.2 2009/06/11 20:30:59 tron Exp $
-
-Patch for CVE-2009-1195 taken from:
-
-http://svn.apache.org/viewvc?view=rev&revision=773881
-http://svn.apache.org/viewvc?view=rev&revision=779472
-
---- include/http_core.h.orig	2008-02-26 19:47:51.000000000 +0000
-+++ include/http_core.h	2009-06-11 20:53:26.000000000 +0100
-@@ -65,7 +65,7 @@
- #define OPT_NONE 0
- /** Indexes directive */
- #define OPT_INDEXES 1
--/**  Includes directive */
-+/** SSI is enabled without exec= permission  */
- #define OPT_INCLUDES 2
- /**  FollowSymLinks directive */
- #define OPT_SYM_LINKS 4
-@@ -80,9 +80,22 @@
- /** MultiViews directive */
- #define OPT_MULTI 128
- /**  All directives */
--#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
-+#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)
- /** @} */
- 
-+#ifdef CORE_PRIVATE
-+/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
-+ * internally replaced by OPT_INC_WITH_EXEC.  The internal semantics
-+ * of the two SSI-related bits are hence:
-+ *
-+ *  OPT_INCLUDES => "enable SSI, without exec= permission"
-+ *  OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
-+ *
-+ * The set of options exposed via ap_allow_options() retains the
-+ * semantics of OPT_INCNOEXEC by flipping the bit. */
-+#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
-+#endif
-+
- /**
-  * @defgroup get_remote_host Remote Host Resolution 
-  * @ingroup APACHE_CORE_HTTPD
diff --git a/www/apache22/patches/patch-bc b/www/apache22/patches/patch-bc
deleted file mode 100644
index 4936c08682a..00000000000
--- a/www/apache22/patches/patch-bc
+++ /dev/null
@@ -1,35 +0,0 @@
-$NetBSD: patch-bc,v 1.2 2009/06/11 20:30:59 tron Exp $
-
-Patch for CVE-2009-1195 taken from:
-
-http://svn.apache.org/viewvc?view=rev&revision=773881
-
---- server/config.c.orig	2008-12-02 22:28:21.000000000 +0000
-+++ server/config.c	2009-06-04 09:44:24.000000000 +0100
-@@ -1510,7 +1510,7 @@
-     parms.temp_pool = ptemp;
-     parms.server = s;
-     parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
--    parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
-+    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
- 
-     parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
-                                             &arr_parms, NULL,
-@@ -1617,7 +1617,7 @@
-     parms.temp_pool = ptemp;
-     parms.server = s;
-     parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
--    parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
-+    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
- 
-     rv = ap_pcfg_openfile(&cfp, p, fname);
-     if (rv != APR_SUCCESS) {
-@@ -1755,7 +1755,7 @@
-     parms.temp_pool = ptemp;
-     parms.server = s;
-     parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
--    parms.override_opts = OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER | OPT_MULTI;
-+    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
-     parms.limited = -1;
- 
-     errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults);
diff --git a/www/apache22/patches/patch-bd b/www/apache22/patches/patch-bd
deleted file mode 100644
index ebfe0e1ee67..00000000000
--- a/www/apache22/patches/patch-bd
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-bd,v 1.2 2009/06/11 20:30:59 tron Exp $
-
-Patch for CVE-2009-1195 taken from:
-
-http://svn.apache.org/viewvc?view=rev&revision=773881
-http://svn.apache.org/viewvc?view=rev&revision=779472
-
---- server/core.c.orig	2009-06-11 20:51:15.000000000 +0100
-+++ server/core.c	2009-06-11 21:01:04.000000000 +0100
-@@ -659,7 +659,11 @@
-     core_dir_config *conf =
-       (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
- 
--    return conf->opts;
-+    /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is
-+     * inverted, such that the exposed semantics match that of
-+     * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
-+     * permitted. */
-+    return conf->opts ^ OPT_INC_WITH_EXEC;
- }
- 
- AP_DECLARE(int) ap_allow_overrides(request_rec *r)