Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id 833CB63B11D for ; Sun, 28 Mar 2010 13:02:35 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 0) id 2AAA063B18B; Sun, 28 Mar 2010 13:02:35 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 0A52063B127 for ; Sun, 28 Mar 2010 13:02:33 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id E6D3B175DF; Sun, 28 Mar 2010 13:02:33 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain Date: Sun, 28 Mar 2010 13:02:33 +0000 From: Matthias Scheler Subject: CVS commit: [pkgsrc-2009Q4] pkgsrc/www/apache22 To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20100328130233.E6D3B175DF@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: list Module Name: pkgsrc Committed By: tron Date: Sun Mar 28 13:02:33 UTC 2010 Modified Files: pkgsrc/www/apache22 [pkgsrc-2009Q4]: Makefile PLIST distinfo Removed Files: pkgsrc/www/apache22/patches [pkgsrc-2009Q4]: patch-aq patch-as patch-au Log Message: Pullup ticket #3068 - requested by taca apache22: security update Revisions pulled up: - www/apache22/Makefile 1.56 - www/apache22/PLIST 1.16 - www/apache22/distinfo 1.30-1.31 - www/apache22/patches/patch-aq delete - www/apache22/patches/patch-as delete - www/apache22/patches/patch-au delete --- Module Name: pkgsrc Committed By: taca Date: Fri Mar 5 00:22:59 UTC 2010 Modified Files: pkgsrc/www/apache22: distinfo Removed Files: pkgsrc/www/apache22/patches: patch-aq patch-as patch-au Log Message: Remove CVE-2007-3304 related patches. CVE-2007-3304 was fixed in Apache 2.2.6 and these patches are noop. --- Module Name: pkgsrc Committed By: taca Date: Tue Mar 9 02:30:15 UTC 2010 Modified Files: pkgsrc/www/apache22: Makefile PLIST distinfo Log Message: Update apache22 package to 2.2.15. For full changes information please refer: http://www.apache.org/dist/httpd/Announcement2.2.html. Here is security related changes from ChangeLog (http://www.apache.org/dist/httpd/CHANGES_2.2.15). Changes with Apache 2.2.15 *) SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Forcibly disable keepalive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l. [Joe Orton, Ruediger Pluem, Hartmut Keil ] *) SECURITY: CVE-2010-0408 (cve.mitre.org) mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola ] *) SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [Brett Gervasoni , Jeff Trawick] To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.54.2.1 pkgsrc/www/apache22/Makefile cvs rdiff -u -r1.15 -r1.15.2.1 pkgsrc/www/apache22/PLIST cvs rdiff -u -r1.29 -r1.29.2.1 pkgsrc/www/apache22/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache22/patches/patch-aq \ pkgsrc/www/apache22/patches/patch-as pkgsrc/www/apache22/patches/patch-au Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.