From d1581dfc38634d9ce5d209612ae2fe74cd2b8d83bb7b47f4fc181690e19b5972 Mon Sep 17 00:00:00 2001
From: Peter Poeml <poeml@cmdline.net>
Date: Thu, 21 Oct 2010 14:13:55 +0000
Subject: [PATCH] Starting httpd for testing doesn't work in my local build
 environment (can't create listen port). But I hope it'll be fine in the
 "real" build service build environment, as it used to be.

- update to 2.2.17:
  SECURITY: CVE-2010-1623 (cve.mitre.org)
     Fix a denial of service attack against apr_brigade_split_line().
     [Actual fix is in the libapr 1.3 line, which we don't use // poeml]
  SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
     Fix two buffer over-read flaws in the bundled copy of expat which could
     cause applications to crash while parsing specially-crafted XML documents.
     [We build with system expat library // poeml]
  prefork MPM: Run cleanups for final request when process exits gracefully
     to work around a flaw in apr-util.  PR 43857
  core:
   - check symlink ownership if both FollowSymlinks and
     SymlinksIfOwnerMatch are set
   - fix origin checking in SymlinksIfOwnerMatch PR 36783
   - (re)-introduce -T commandline option to suppress documentroot
     check at startup.  PR 41887
  vhost:
   - A purely-numeric Host: header should not be treated as a port.  PR 44979
  rotatelogs:
   - Fix possible buffer overflow if admin configures a
     mongo log file path.
  Proxy balancer: support setting error status according to HTTP response
     code from a backend.  PR 48939.
  mod_authnz_ldap:
   - If AuthLDAPCharsetConfig is set, also convert the
     password to UTF-8. PR 45318.
  mod_dir, mod_negotiation:
   - Pass the output filter information to newly created sub requests; as these
     are later on used as true requests with an internal redirect. This allows
     for mod_cache et.al. to trap the results of the redirect.  PR 17629, 43939
  mod_headers:
   - Enable multi-match-and-replace edit option PR 46594
  mod_log_config:
   - Make ${cookie}C correctly match whole cookie names
     instead of substrings. PR 28037.
  mod_reqtimeout:
   - Do not wrongly enforce timeouts for mod_proxy's backend
     connections and other protocol handlers (like mod_ftp). Enforce the
     timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
     close time from 30 to 2 seconds.
  mod_ssl:
   - Do not do overlapping memcpy. PR 45444

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=326
---
 apache2.changes      | 46 ++++++++++++++++++++++++++++++++++++++++++++
 apache2.spec         |  8 ++++----
 httpd-2.2.16.tar.bz2 |  3 ---
 httpd-2.2.17.tar.bz2 |  3 +++
 4 files changed, 53 insertions(+), 7 deletions(-)
 delete mode 100644 httpd-2.2.16.tar.bz2
 create mode 100644 httpd-2.2.17.tar.bz2

diff --git a/apache2.changes b/apache2.changes
index 3105dce..e4e297d 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Tue Oct 19 17:16:16 UTC 2010 - poeml@cmdline.net
+
+- update to 2.2.17:
+  SECURITY: CVE-2010-1623 (cve.mitre.org)
+     Fix a denial of service attack against apr_brigade_split_line().
+     [Actual fix is in the libapr 1.3 line, which we don't use // poeml]
+  SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
+     Fix two buffer over-read flaws in the bundled copy of expat which could
+     cause applications to crash while parsing specially-crafted XML documents.
+     [We build with system expat library // poeml]
+  prefork MPM: Run cleanups for final request when process exits gracefully
+     to work around a flaw in apr-util.  PR 43857
+  core: 
+   - check symlink ownership if both FollowSymlinks and
+     SymlinksIfOwnerMatch are set
+   - fix origin checking in SymlinksIfOwnerMatch PR 36783
+   - (re)-introduce -T commandline option to suppress documentroot
+     check at startup.  PR 41887 
+  vhost: 
+   - A purely-numeric Host: header should not be treated as a port.  PR 44979 
+  rotatelogs: 
+   - Fix possible buffer overflow if admin configures a
+     mongo log file path.
+  Proxy balancer: support setting error status according to HTTP response
+     code from a backend.  PR 48939.
+  mod_authnz_ldap: 
+   - If AuthLDAPCharsetConfig is set, also convert the
+     password to UTF-8. PR 45318.
+  mod_dir, mod_negotiation: 
+   - Pass the output filter information to newly created sub requests; as these
+     are later on used as true requests with an internal redirect. This allows
+     for mod_cache et.al. to trap the results of the redirect.  PR 17629, 43939
+  mod_headers: 
+   - Enable multi-match-and-replace edit option PR 46594
+  mod_log_config: 
+   - Make ${cookie}C correctly match whole cookie names
+     instead of substrings. PR 28037.
+  mod_reqtimeout: 
+   - Do not wrongly enforce timeouts for mod_proxy's backend
+     connections and other protocol handlers (like mod_ftp). Enforce the
+     timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
+     close time from 30 to 2 seconds.
+  mod_ssl: 
+   - Do not do overlapping memcpy. PR 45444 
+
 -------------------------------------------------------------------
 Tue Oct  5 18:25:39 UTC 2010 - cristian.rodriguez@opensuse.org
 
diff --git a/apache2.spec b/apache2.spec
index 28908dc..6af0f30 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package apache2 (Version 2.2.16)
+# spec file for package apache2 (Version 2.2.11)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -67,9 +67,9 @@ BuildRequires:  expat-devel
 %define platform_string	Linux/%VENDOR
 License:        ASLv..
 Group:          Productivity/Networking/Web/Servers
-%define realver 2.2.16
-Version:        2.2.16
-Release:        2
+%define realver 2.2.17
+Version:        2.2.17
+Release:        1
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
 # Add file to take mtime from it in prep section
diff --git a/httpd-2.2.16.tar.bz2 b/httpd-2.2.16.tar.bz2
deleted file mode 100644
index fb3033a..0000000
--- a/httpd-2.2.16.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52
-size 4775545
diff --git a/httpd-2.2.17.tar.bz2 b/httpd-2.2.17.tar.bz2
new file mode 100644
index 0000000..494bfc2
--- /dev/null
+++ b/httpd-2.2.17.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
+size 4951247