Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id A4C3563F1B4 for ; Fri, 8 Mar 2013 18:36:48 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 7F75714A3B5; Fri, 8 Mar 2013 18:36:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8BE4314A202 for ; Fri, 8 Mar 2013 18:36:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id q3YxZngIHYZ0 for ; Fri, 8 Mar 2013 18:36:43 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 94A1614A1E1 for ; Fri, 8 Mar 2013 18:36:43 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 0CEB3175DD; Fri, 8 Mar 2013 18:36:42 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 8 Mar 2013 18:36:42 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2012Q4] pkgsrc/www/apache22 To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20130308183643.0CEB3175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: spz Date: Fri Mar 8 18:36:42 UTC 2013 Modified Files: pkgsrc/www/apache22 [pkgsrc-2012Q4]: Makefile PLIST distinfo Log Message: Pullup ticket #4088 - requested by tron www/apache22: security update Revisions pulled up: - www/apache22/Makefile 1.87 - www/apache22/PLIST 1.22 - www/apache22/distinfo 1.54 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sun Mar 3 20:05:04 UTC 2013 Modified Files: pkgsrc/www/apache22: Makefile PLIST distinfo Log Message: Update "apache" package to version 2.2.24. Changes since 2.2.23: - SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. [Jim Jagielski, Stefan Fritsch, Niels Heinen ] - SECURITY: CVE-2012-4558 (cve.mitre.org) XSS in mod_proxy_balancer manager interface. [Jim Jagielski, Niels Heinen ] - mod_rewrite: Stop merging RewriteBase down to subdirectories unless new option 'RewriteOptions MergeBase' is configured. Merging RewriteBase was unconditionally turned on in 2.2.23. Bug Report 53963. [Eric Covener] - mod_ssl: Send the error message for speaking http to an https port using HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when using SNI. Bug Report 50823. [Stefan Fritsch] - mod_ssl: log revoked certificates at level INFO instead of DEBUG. Bug Report 52162. [Stefan Fritsch] - mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416. [Rainer Jung] - mod_dir: Add support for the value 'disabled' in FallbackResource. [Vincent Deffontaines] - mod_ldap: Fix regression in handling "server unavailable" errors on Windows. Bug Report 54140. [Eric Covener] - mod_ssl: fix a regression with the string rendering of the "UID" RDN introduced in 2.2.15. Bug Report 54510. [Kaspar Brand] - ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output to more accurately report the negotiated protocol. Bug Report 53916. [Nicol=E1s Pernas Maradei , Kaspar Brand] - mod_cache: Explicitly allow cache implementations to cache a 206 Partial Response if they so choose to do so. Previously an attempt to cache a 206 was arbitrarily allowed if the response contained an Expires or Cache-Control header, and arbitrarily denied if both headers were missing. Currently the disk and memory cache providers do not cache 206 Partial Responses. [Graham Leggett] - core: Remove unintentional APR dependency introduced with Apache 2.2.22. [Eric Covener] - core: Use a TLS 1.0 close_notify alert for internal dummy connection if the chosen listener is configured for https. [Joe Orton] - mod_ssl: Add new directive SSLCompression to disable TLS-level compression. Bug Report 53219. [Bj=F6rn Jacke , Stefan Fri= tsch] To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.87 pkgsrc/www/apache22/Makefile cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/apache22/PLIST cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/distinfo To generate a diff of this commit: cvs rdiff -u -r1.85 -r1.85.2.1 pkgsrc/www/apache22/Makefile cvs rdiff -u -r1.21 -r1.21.4.1 pkgsrc/www/apache22/PLIST cvs rdiff -u -r1.53 -r1.53.2.1 pkgsrc/www/apache22/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.