Accepting request 281475 from home:elvigia:branches:Apache

- remove obsolete patches 
* httpd-2.4.10-check_null_pointer_dereference.patch
* httpd-event-deadlock.patch
* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch

- Apache 2.4.11 
  *) SECURITY: CVE-2014-3583 (cve.mitre.org)
     mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with 
     response headers' size above 8K.  [Yann Ylavic, Jeff Trawick]
  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
     mod_cache: Avoid a crash when Content-Type has an empty value.
     PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]
  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]
  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
  *) mod_ssl: New directive SSLSessionTickets (On|Off).
     The directive controls the use of TLS session tickets (RFC 5077),
     default value is "On" (unchanged behavior).
     Session ticket creation uses a random key created during web
     server startup and recreated during restarts. No other key
     recreation mechanism is available currently. Therefore using session
     tickets without restarting the web server with an appropriate frequency

OBS-URL: https://build.opensuse.org/request/show/281475
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=429

apache2.spec

@@ -92,8 +92,8 @@ BuildRequires:  expat-devel
 # "Server:" header
 %define VENDOR SUSE
 %define platform_string	Linux/%VENDOR
-%define realver 2.4.10
-Version:        2.4.10
+%define realver 2.4.11
+Version:        2.4.11
 Release:        0
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        httpd-%{realver}.tar.bz2
@@ -157,19 +157,12 @@ Patch67:        httpd-2.2.0-apxs-a2enmod.dif
 Patch68:        httpd-2.x.x-logresolve.patch
 Patch69:        httpd-2.2.x-bnc690734.patch
 Patch70:        apache2-implicit-pointer-decl.patch
-Patch71:        httpd-event-deadlock.patch
 # PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
 #Patch108:       apache2-mod_ssl_npn.patch
 #Provides:       apache2(mod_ssl+npn)
 # PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
 Patch109:       httpd-2.4.3-mod_systemd.patch
 Patch111:       httpd-visibility.patch
-# PATCH-FIX-UPSTREAM bnc#899836 kstreitova@suse.com -- avoid a crash when Content-Type has an empty value
-Patch112:       httpd-2.4.10-check_null_pointer_dereference.patch
-# PATCH-FIX-UPSTREAM bnc#909715 kstreitova@suse.com -- Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments.
-Patch113:       httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
-# PATCH-FIX-UPSTREAM bnc#871310 kstreitova@suse.com -- Fix the flaw in the way mod_headers handled chunked requests. 
-Patch114:       httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
 Url:            http://httpd.apache.org/
 Icon:           Apache.xpm
 Summary:        The Apache Web Server Version 2.4
@@ -345,13 +338,9 @@ to administrators of web servers in general.
 %patch68 -p1
 #%patch69
 %patch70 -p1
-%patch71 -p1
 #%patch108 -p1
 %patch109 -p1
 %patch111 -p1
-%patch112 -p1
-%patch113 -p1
-%patch114 -p1
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 # install READMEs
 a=$(basename %{S:22})