Log message:
Pullup ticket #3526 - requested by taca
www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.68-1.70
- www/apache22/distinfo                                         1.40-1.42
- www/apache22/patches/patch-CVE-2011-3192                      deleted
- www/apache22/patches/patch-lock.c                             1.1
- www/apache22/patches/patch-repos.c                            1.1

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Aug 31 12:52:45 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Removed Files:
   	pkgsrc/www/apache22/patches: patch-CVE-2011-3192

   Log message:
   Update "apache22" package to version 2.2.20. Changes since version \ 
2.2.19:
   - mod_authnz_ldap: If the LDAP server returns constraint violation,
     don't treat this as an error but as "auth denied". [Stefan Fritsch]
   - mod_filter: Fix FilterProvider conditions of type "resp=" (response
     headers) for CGI. [Joe Orton, Rainer Jung]
   - mod_reqtimeout: Fix a timed out connection going into the keep-alive
     state after a timeout when discarding a request body. Bug 51103.
     [Stefan Fritsch]
   - core: Do the hook sorting earlier so that the hooks are properly sorted
     for the pre_config hook and during parsing the config. [Stefan Fritsch]

---
   Module Name:	pkgsrc
   Committed By:	sborrill
   Date:		Mon Sep 12 17:18:46 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-lock.c patch-repos.c

   Log message:
   Atomically create files when using DAV to stop files being deleted on error

   From:
   https://issues.apache.org/bugzilla/show_bug.cgi?id=39815

   Bump PKGREVISION.

   OK tron@

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Sep 14 07:10:21 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo

   Log message:
   Update apahce22 package to 2.2.21.

   Quote from release announce:

      The Apache Software Foundation and the Apache HTTP Server Project are
      pleased to announce the release of version 2.2.21 of the Apache HTTP
      Server ("Apache").  This version of Apache is principally a security
      and bug fix release:

        * SECURITY: CVE-2011-3348 (cve.mitre.org)
          mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
          unrecognized HTTP methods from marking ajp: balancer members
          in an error state, avoiding denial of service.

        * SECURITY: CVE-2011-3192 (cve.mitre.org)
          core: Further fixes to the handling of byte-range requests to use
          less memory, to avoid denial of service. This patch includes fixes
          to the patch introduced in release 2.2.20 for protocol compliance,
          as well as the MaxRanges directive.

      Note the further advisories on the state of CVE-2011-3192 will no longer
      be broadcast, but will be kept up to date at;

        http://httpd.apache.org/security/CVE-2011-3192.txt

      We consider this release to be the best version of Apache available, and
      encourage users of all prior versions to upgrade.

Log message:
Pullup ticket #3514 - requested by tron
www/apache22 security update

Revisions pulled up:
- www/apache22/Makefile                                         1.67
- www/apache22/distinfo                                         1.39
- www/apache22/patches/patch-CVE-2011-3192                      1.1

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Mon Aug 29 22:07:05 UTC 2011

   Modified Files:
   	pkgsrc/www/apache22: Makefile distinfo
   Added Files:
   	pkgsrc/www/apache22/patches: patch-CVE-2011-3192

   Log message:
   Add patch for security vulnerability reported in CVE-2011-3192 taken
   from Apache SVN repository.