Update "apache" package to version 2.2.24. Changes since 2.2.23:

- SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>] - SECURITY: CVE-2012-4558 (cve.mitre.org) XSS in mod_proxy_balancer manager interface. [Jim Jagielski, Niels Heinen <heinenn google com>] - mod_rewrite: Stop merging RewriteBase down to subdirectories unless new option 'RewriteOptions MergeBase' is configured. Merging RewriteBase was unconditionally turned on in 2.2.23. Bug Report 53963. [Eric Covener] - mod_ssl: Send the error message for speaking http to an https port using HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when using SNI. Bug Report 50823. [Stefan Fritsch] - mod_ssl: log revoked certificates at level INFO instead of DEBUG. Bug Report 52162. [Stefan Fritsch] - mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416. [Rainer Jung] - mod_dir: Add support for the value 'disabled' in FallbackResource. [Vincent Deffontaines] - mod_ldap: Fix regression in handling "server unavailable" errors on Windows. Bug Report 54140. [Eric Covener] - mod_ssl: fix a regression with the string rendering of the "UID" RDN introduced in 2.2.15. Bug Report 54510. [Kaspar Brand] - ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output to more accurately report the negotiated protocol. Bug Report 53916. [Nicolás Pernas Maradei <nico emutex com>, Kaspar Brand] - mod_cache: Explicitly allow cache implementations to cache a 206 Partial Response if they so choose to do so. Previously an attempt to cache a 206 was arbitrarily allowed if the response contained an Expires or Cache-Control header, and arbitrarily denied if both headers were missing. Currently the disk and memory cache providers do not cache 206 Partial Responses. [Graham Leggett] - core: Remove unintentional APR dependency introduced with Apache 2.2.22. [Eric Covener] - core: Use a TLS 1.0 close_notify alert for internal dummy connection if the chosen listener is configured for https. [Joe Orton] - mod_ssl: Add new directive SSLCompression to disable TLS-level compression. Bug Report 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
2013-03-03 20:05:03 +00:00 · 2013-03-03 20:05:03 +00:00 · bd18add136
commit bd18add136
parent d820555e2c
3 changed files with 8 additions and 8 deletions
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.86 2013/02/06 23:21:07 jperkin Exp $
+# $NetBSD: Makefile,v 1.87 2013/03/03 20:05:03 tron Exp $

-DISTNAME=	httpd-2.2.23
+DISTNAME=	httpd-2.2.24

 PKGNAME=	${DISTNAME:S/httpd/apache/}
-PKGREVISION=	4
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/} \
 		http://archive.apache.org/dist/httpd/ \
--- a/www/apache22/PLIST
+++ b/www/apache22/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.21 2012/09/16 03:33:10 taca Exp $
+@comment $NetBSD: PLIST,v 1.22 2013/03/03 20:05:03 tron Exp $
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
 include/httpd/ap_config_auto.h
@ -741,6 +741,7 @@ share/httpd/manual/mod/mod_authz_groupfile.html.ja.utf8
 share/httpd/manual/mod/mod_authz_groupfile.html.ko.euc-kr
 share/httpd/manual/mod/mod_authz_host.html
 share/httpd/manual/mod/mod_authz_host.html.en
+share/httpd/manual/mod/mod_authz_host.html.fr
 share/httpd/manual/mod/mod_authz_host.html.ja.utf8
 share/httpd/manual/mod/mod_authz_host.html.ko.euc-kr
 share/httpd/manual/mod/mod_authz_owner.html
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.53 2012/12/23 21:32:42 spz Exp $
+$NetBSD: distinfo,v 1.54 2013/03/03 20:05:03 tron Exp $

-SHA1 (httpd-2.2.23.tar.bz2) = 2776145201068045d4ed83157a0e2e1c28c4c453
-RMD160 (httpd-2.2.23.tar.bz2) = 16b15876d8296a2733d4d28a8a78362d0677792d
-Size (httpd-2.2.23.tar.bz2) = 5485205 bytes
+SHA1 (httpd-2.2.24.tar.bz2) = f73bce14832ec40c1aae68f4f8c367cab2266241
+RMD160 (httpd-2.2.24.tar.bz2) = 4c31b23615236c407779a23cbfcc8e05ba011224
+Size (httpd-2.2.24.tar.bz2) = 5490439 bytes
 SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad