--- - branch: pkgsrc-2011Q2 date: Wed Sep 14 18:03:18 UTC 2011 files: - new: 1.66.2.2 old: 1.66.2.1 path: pkgsrc/www/apache22/Makefile pathrev: pkgsrc/www/apache22/Makefile@1.66.2.2 type: modified - new: 1.38.2.2 old: 1.38.2.1 path: pkgsrc/www/apache22/distinfo pathrev: pkgsrc/www/apache22/distinfo@1.38.2.2 type: modified - new: '0' old: 1.1.2.2 path: pkgsrc/www/apache22/patches/patch-CVE-2011-3192 pathrev: pkgsrc/www/apache22/patches/patch-CVE-2011-3192@0 type: deleted - new: 1.1.2.2 old: '0' path: pkgsrc/www/apache22/patches/patch-lock.c pathrev: pkgsrc/www/apache22/patches/patch-lock.c@1.1.2.2 type: added - new: 1.1.2.2 old: '0' path: pkgsrc/www/apache22/patches/patch-repos.c pathrev: pkgsrc/www/apache22/patches/patch-repos.c@1.1.2.2 type: added id: 20110914T180318Z.1b9f5f455c5922b2cb36933502f871544299fc9b log: "Pullup ticket #3526 - requested by taca\nwww/apache22: security update\n\nRevisions pulled up:\n- www/apache22/Makefile 1.68-1.70\n- www/apache22/distinfo 1.40-1.42\n- www/apache22/patches/patch-CVE-2011-3192 \ deleted\n- www/apache22/patches/patch-lock.c 1.1\n- www/apache22/patches/patch-repos.c 1.1\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttron\n Date:\t\tWed Aug 31 12:52:45 UTC 2011\n\n \ Modified Files:\n \tpkgsrc/www/apache22: Makefile distinfo\n Removed Files:\n \ \tpkgsrc/www/apache22/patches: patch-CVE-2011-3192\n\n Log Message:\n Update \"apache22\" package to version 2.2.20. Changes since version 2.2.19:\n - mod_authnz_ldap: If the LDAP server returns constraint violation,\n don't treat this as an error but as \"auth denied\". [Stefan Fritsch]\n - mod_filter: Fix FilterProvider conditions of type \"resp=\" (response\n headers) for CGI. [Joe Orton, Rainer Jung]\n - mod_reqtimeout: Fix a timed out connection going into the keep-alive\n \ state after a timeout when discarding a request body. Bug 51103.\n [Stefan Fritsch]\n - core: Do the hook sorting earlier so that the hooks are properly sorted\n for the pre_config hook and during parsing the config. [Stefan Fritsch]\n\n---\n \ Module Name:\tpkgsrc\n Committed By:\tsborrill\n Date:\t\tMon Sep 12 17:18:46 UTC 2011\n\n Modified Files:\n \tpkgsrc/www/apache22: Makefile distinfo\n \ Added Files:\n \tpkgsrc/www/apache22/patches: patch-lock.c patch-repos.c\n\n \ Log Message:\n Atomically create files when using DAV to stop files being deleted on error\n\n From:\n https://issues.apache.org/bugzilla/show_bug.cgi?id=39815\n\n \ Bump PKGREVISION.\n\n OK tron@\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tWed Sep 14 07:10:21 UTC 2011\n\n Modified Files:\n \tpkgsrc/www/apache22: Makefile distinfo\n\n Log Message:\n Update apahce22 package to 2.2.21.\n\n \ Quote from release announce:\n\n The Apache Software Foundation and the Apache HTTP Server Project are\n pleased to announce the release of version 2.2.21 of the Apache HTTP\n Server (\"Apache\"). This version of Apache is principally a security\n and bug fix release:\n\n * SECURITY: CVE-2011-3348 (cve.mitre.org)\n mod_proxy_ajp when combined with mod_proxy_balancer: Prevents\n unrecognized HTTP methods from marking ajp: balancer members\n \ in an error state, avoiding denial of service.\n\n * SECURITY: CVE-2011-3192 (cve.mitre.org)\n core: Further fixes to the handling of byte-range requests to use\n less memory, to avoid denial of service. This patch includes fixes\n to the patch introduced in release 2.2.20 for protocol compliance,\n as well as the MaxRanges directive.\n\n Note the further advisories on the state of CVE-2011-3192 will no longer\n be broadcast, but will be kept up to date at;\n\n http://httpd.apache.org/security/CVE-2011-3192.txt\n\n \ We consider this release to be the best version of Apache available, and\n \ encourage users of all prior versions to upgrade.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2011Q2] pkgsrc/www/apache22' unixtime: '1316023398' user: tron