CVS commit: pkgsrc/www/apache22

[Takahiro Kambe <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Mar  9 02:30:15 UTC 2010

Modified Files:
        pkgsrc/www/apache22: Makefile PLIST distinfo

Log Message:
Update apache22 package to 2.2.15.

For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.

Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).

Changes with Apache 2.2.15

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
     by rejecting any client-initiated renegotiations. Forcibly disable
     keepalive for the connection if there is any buffered data readable. Any
     configuration which requires renegotiation for per-directory/location
     access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

  *) SECURITY: CVE-2010-0408 (cve.mitre.org)
     mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
     when request headers indicate a request body is incoming; not a case of
     HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]

  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
     mod_isapi: Do not unload an isapi .dll module until the request
     processing is completed, avoiding orphaned callback pointers.
     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/apache22/PLIST
cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/apache22/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.