- update to 2.2.26

- add new directory for modules (APACHEETCDIR/modules.d)

  New modules can be registered here with a simple
  file that contains the LoadModule directives.
  Additonal Maintaines can write instructions to the
  conf file and keep pkg-message short.
  As bonus the config file can be installed like every
  other config file with a .sample extention so modules
  are not disabled during pkg upgrades.

  Module config files should begin with three digits
  followed by '_' e.g. 100_php5.conf.
  The load order can be controlled via the three digits.

  Please wait some time before adopting the new directory
  so users have time to update and adjust axisting configs

Changes with Apache 2.2.26

  *) mod_dav: dav_resource->uri treated as unencoded. This was an
     unnecessary ABI changed introduced in 2.2.25  PR 55397.  [Ben Reser]

  *) mod_dav: Do not validate locks against parent collection of COPY
     source URI.  PR 55304.  [Ben Reser]

  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]

  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
     OpenSSL 1.0.0b3.  [Vipul Gupta vipul.gupta sun.com, Sander Temme,
     Stefan Fritsch]

  *) mod_ssl: Change default for SSLCompression to off, as compression
     causes security issues in most setups. (The so called "CRIME" attack).
     [Stefan Fritsch]

  *) mod_ssl: Fix compilation error when OpenSSL does not contain
     support for SSLv2. Problem was introduced in 2.2.25. PR 55194.
     [Rainer Jung, Kaspar Brand]

  *) mod_dav: Fix double encoding of URIs in XML and Location header (caused
     by unintential ABI change in 2.2.25).  PR 55397.  [Ben Reser]

1 files changed, 0 insertions, 50 deletions

diff --git a/www/apache22/files/patch-bug-55306 b/www/apache22/files/patch-bug-55306
deleted file mode 100644
index 22ec8f55b105..000000000000
--- a/www/apache22/files/patch-bug-55306
+++ /dev/null
@@ -1,50 +0,0 @@
-PR: ports/183685
-[1] http://svn.apache.org/viewvc?view=revision&revision=1528718
-[2] https://issues.apache.org/bugzilla/show_bug.cgi?id=55306
-===========================================================================
---- modules/dav/main/mod_dav.c.orig	2013-06-27 18:54:14.000000000 +0200
-+++ modules/dav/main/mod_dav.c	2013-11-05 16:31:51.000000000 +0100
-@@ -2733,7 +2733,9 @@
-      */
-     if ((err = dav_validate_request(r, resource, depth, NULL,
-                                     &multi_response,
--                                    DAV_VALIDATE_PARENT
-+                                    (is_move ? DAV_VALIDATE_PARENT
-+                                         :DAV_VALIDATE_RESOURCE
-+                                          |DAV_VALIDATE_NO_MODIFY)
-                                     | DAV_VALIDATE_USE_424,
-                                     NULL)) != NULL) {
-         err = dav_push_error(r->pool, err->status, 0,
---- modules/dav/main/mod_dav.h.orig	2013/10/03 05:06:08	1528717
-+++ modules/dav/main/mod_dav.h	2013/10/03 05:29:35	1528718
-@@ -1297,6 +1297,9 @@
-                                            the 424 DAV:response */
- #define DAV_VALIDATE_USE_424    0x0080  /* return 424 status, not 207 */
- #define DAV_VALIDATE_IS_PARENT  0x0100  /* for internal use */
-+#define DAV_VALIDATE_NO_MODIFY  0x0200  /* resource is not being modified
-+                                           so allow even if lock token
-+                                           is not provided */
- 
- /* Lock-null related public lock functions */
- DAV_DECLARE(int) dav_get_resource_state(request_rec *r,
---- modules/dav/main/util.c.orig	2013/10/03 05:06:08	1528717
-+++ modules/dav/main/util.c	2013/10/03 05:29:35	1528718
-@@ -954,13 +954,16 @@
-         /*
-         ** For methods other than LOCK:
-         **
--        ** If we have no locks, then <seen_locktoken> can be set to true --
-+        ** If we have no locks or if the resource is not being modified
-+        ** (per RFC 4918 the lock token is not required on resources
-+        ** we are not changing), then <seen_locktoken> can be set to true --
-         ** pretending that we've already met the requirement of seeing one
-         ** of the resource's locks in the If: header.
-         **
-         ** Otherwise, it must be cleared and we'll look for one.
-         */
--        seen_locktoken = (lock_list == NULL);
-+        seen_locktoken = (lock_list == NULL
-+                          || flags & DAV_VALIDATE_NO_MODIFY);
-     }
- 
-     /*