update to 2.2.22

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=358

apache2.changes

@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Sat Feb 18 16:24:35 UTC 2012 - poeml@cmdline.net
+
+- update to 2.2.22
+  *) SECURITY: CVE-2011-3368 (cve.mitre.org)
+     Reject requests where the request-URI does not match the HTTP
+     specification, preventing unexpected expansion of target URLs in
+     some reverse proxy configurations. 
+  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
+     Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
+     is enabled, could allow local users to gain privileges via a .htaccess
+     file.
+  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
+     Resolve additional cases of URL rewriting with ProxyPassMatch or
+     RewriteRule, where particular request-URIs could result in undesired
+     backend network exposure in some configurations.
+  *) SECURITY: CVE-2012-0021 (cve.mitre.org)
+     mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
+     string is in use and a client sends a nameless, valueless cookie, causing
+     a denial of service. The issue existed since version 2.2.17. PR 52256.
+  *) SECURITY: CVE-2012-0031 (cve.mitre.org)
+     Fix scoreboard issue which could allow an unprivileged child process 
+     could cause the parent to crash at shutdown rather than terminate 
+     cleanly. 
+  *) SECURITY: CVE-2012-0053 (cve.mitre.org)
+     Fix an issue in error responses that could expose "httpOnly" cookies
+     when no custom ErrorDocument is specified for status code 400.
+  *) mod_proxy_ajp: Try to prevent a single long request from marking a worker
+     in error.
+  *) config: Update the default mod_ssl configuration: Disable SSLv2, only
+     allow >= 128bit ciphers, add commented example for speed optimized cipher
+     list, limit MSIE workaround to MSIE <= 5.
+  *) core: Fix segfault in ap_send_interim_response(). PR 52315.
+  *) mod_log_config: Prevent segfault. PR 50861.
+  *) mod_win32: Invert logic for env var UTF-8 fixing.
+     Now we exclude a list of vars which we know for sure they dont hold UTF-8
+     chars; all other vars will be fixed. This has the benefit that now also
+     all vars from 3rd-party modules will be fixed. PR 13029 / 34985.
+  *) core: Fix hook sorting for Perl modules, a regression introduced in
+     2.2.21. PR: 45076.
+  *) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
+     A range of '0-' will now return 206 instead of 200. PR 51878.
+  *) Example configuration: Fix entry for MaxRanges (use "unlimited" instead
+     of "0"). 
+  *) mod_substitute: Fix buffer overrun. 
+
 -------------------------------------------------------------------
 Sat Feb 11 09:21:15 UTC 2012 - coolo@suse.com
 

apache2.spec

@@ -15,6 +15,8 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
+
 Name:           apache2
 BuildRequires:  automake
 BuildRequires:  db-devel
@@ -73,8 +75,8 @@ BuildRequires:  expat-devel
 # "Server:" header
 %define VENDOR SUSE
 %define platform_string	Linux/%VENDOR
-%define realver 2.2.21
-Version:        2.2.21
+%define realver 2.2.22
+Version:        2.2.22
 Release:        0
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2

httpd-2.2.21.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
-size 5324905

httpd-2.2.21.tar.bz2.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-iQIcBAABAgAGBQJOaiQfAAoJEFWTvKlgxUQtWu4P/j/xCzXtpb2h1H4gNQtakXjp
-KFhfccvzlOGFpkUjauQ0so5Jj+wVVAgiElr7L0+YvmtXoUyNjCgToqqJTqT/3fwG
-uxKDFfqB5ujbCstKbJ4yKhMy92aDjX1+uWWr8J/1WX//SOWY/uUl/GhJnhEFAB6p
-YExuqqrQfrZcAfC6ME35Gbam6+I8OfHVIeT0m6hLOw6UaHaPXdoRj0CAKNy4NFEf
-ckyw2ddlz83ivek9naGxVFg4v/jN8CoSw3zVfto1QaQ7P+FMA5CrYoCPiEI0A6KA
-534L8xcXf02mN6Y2lgl3C6PYQYcGO198Zmd9xU3RCXsfaFgaOrV4D/fD9TVq1hLK
-OSHPU3AOf7IdFiq99qo7EsXNYrxS0xurv67HaodKXvNNRg8D8TBxDNWO1NpbGp3A
-/zDLm3wxpV2qSOSaZbIbyH8PhX2i4UurSo6y2AVrLENUmV4/bD51qJlitCL23YOo
-5vnK99CnPsWHe36p/GyMMJW2d2fn2tUroLTo/ebCdICZlQJhhWYI7+GHNQNkhqMt
-hp5m8so9Goabs+cKtdxiyARR6+AsyLh+2aRc35dgHpa95Tn3SkuAJ1KTM3ecbzgj
-BxJbA0M3snO9RmNo2h88HELzaA5WaB0Z1kVgYW6gjYELnWRpu+iGMJxFpgXQ6guQ
-CUiByAFuIQukRlpIU/qx
-=AWI2
------END PGP SIGNATURE-----

httpd-2.2.22.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231
+size 5378934