Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 278FF63BBA9
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed, 14 Sep 2011 18:03:25 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id ED8E814A106; Wed, 14 Sep 2011 18:03:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id D991D14A0FA
	for <pkgsrc-changes@NetBSD.org>; Wed, 14 Sep 2011 18:03:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id ULIxNd-R9nLP for <pkgsrc-changes@NetBSD.org>;
	Wed, 14 Sep 2011 18:03:19 +0000 (UTC)
Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd])
	by mail.netbsd.org (Postfix) with ESMTP id 15A4F14A0F5
	for <pkgsrc-changes@NetBSD.org>; Wed, 14 Sep 2011 18:03:19 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id F0DD5175DD; Wed, 14 Sep 2011 18:03:18 +0000 (UTC)
MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
Date: Wed, 14 Sep 2011 18:03:18 +0000
From: "Matthias Scheler" <tron@netbsd.org>
Subject: CVS commit: [pkgsrc-2011Q2] pkgsrc/www/apache22
To: pkgsrc-changes@NetBSD.org
Reply-To: tron@netbsd.org
X-Mailer: log_accum
Message-Id: <20110914180318.F0DD5175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	tron
Date:		Wed Sep 14 18:03:18 UTC 2011

Modified Files:
	pkgsrc/www/apache22 [pkgsrc-2011Q2]: Makefile distinfo
Added Files:
	pkgsrc/www/apache22/patches [pkgsrc-2011Q2]: patch-lock.c patch-repos.c
Removed Files:
	pkgsrc/www/apache22/patches [pkgsrc-2011Q2]: patch-CVE-2011-3192

Log Message:
Pullup ticket #3526 - requested by taca
www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.68-1.70
- www/apache22/distinfo                                         1.40-1.42
- www/apache22/patches/patch-CVE-2011-3192                      deleted
- www/apache22/patches/patch-lock.c                             1.1
- www/apache22/patches/patch-repos.c                            1.1

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Aug 31 12:52:45 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Removed Files:
   	pkgsrc/www/apache22/patches: patch-CVE-2011-3192

   Log Message:
   Update "apache22" package to version 2.2.20. Changes since version 2.2.19:
   - mod_authnz_ldap: If the LDAP server returns constraint violation,
     don't treat this as an error but as "auth denied". [Stefan Fritsch]
   - mod_filter: Fix FilterProvider conditions of type "resp=" (response
     headers) for CGI. [Joe Orton, Rainer Jung]
   - mod_reqtimeout: Fix a timed out connection going into the keep-alive
     state after a timeout when discarding a request body. Bug 51103.
     [Stefan Fritsch]
   - core: Do the hook sorting earlier so that the hooks are properly sorted
     for the pre_config hook and during parsing the config. [Stefan Fritsch]

---
   Module Name:	pkgsrc
   Committed By:	sborrill
   Date:		Mon Sep 12 17:18:46 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-lock.c patch-repos.c

   Log Message:
   Atomically create files when using DAV to stop files being deleted on error

   From:
   https://issues.apache.org/bugzilla/show_bug.cgi?id=39815

   Bump PKGREVISION.

   OK tron@

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Sep 14 07:10:21 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo

   Log Message:
   Update apahce22 package to 2.2.21.

   Quote from release announce:

      The Apache Software Foundation and the Apache HTTP Server Project are
      pleased to announce the release of version 2.2.21 of the Apache HTTP
      Server ("Apache").  This version of Apache is principally a security
      and bug fix release:

        * SECURITY: CVE-2011-3348 (cve.mitre.org)
          mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
          unrecognized HTTP methods from marking ajp: balancer members
          in an error state, avoiding denial of service.

        * SECURITY: CVE-2011-3192 (cve.mitre.org)
          core: Further fixes to the handling of byte-range requests to use
          less memory, to avoid denial of service. This patch includes fixes
          to the patch introduced in release 2.2.20 for protocol compliance,
          as well as the MaxRanges directive.

      Note the further advisories on the state of CVE-2011-3192 will no longer
      be broadcast, but will be kept up to date at;

        http://httpd.apache.org/security/CVE-2011-3192.txt

      We consider this release to be the best version of Apache available, and
      encourage users of all prior versions to upgrade.


To generate a diff of this commit:
cvs rdiff -u -r1.66.2.1 -r1.66.2.2 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.38.2.1 -r1.38.2.2 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.1.2.2 -r0 pkgsrc/www/apache22/patches/patch-CVE-2011-3192
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/www/apache22/patches/patch-lock.c \
    pkgsrc/www/apache22/patches/patch-repos.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.