Update to Apache HTTPD 2.2.26, released today. This release mostly rolls in patches we had already applied.
Change log: http://mirror.reverse.net/pub/apache//httpd/CHANGES_2.2.26 ok? Index: Makefile =================================================================== RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.40 diff -u -p -r1.40 Makefile --- Makefile 17 Oct 2013 14:05:41 -0000 1.40 +++ Makefile 18 Nov 2013 16:13:56 -0000 @@ -2,10 +2,9 @@ COMMENT= apache HTTP server -V= 2.2.25 +V= 2.2.26 PKGNAME= apache-httpd-${V} DISTNAME= httpd-${V} -REVISION= 2 CATEGORIES= www net Index: distinfo =================================================================== RCS file: /cvs/ports/www/apache-httpd/distinfo,v retrieving revision 1.14 diff -u -p -r1.14 distinfo --- distinfo 12 Jul 2013 13:21:25 -0000 1.14 +++ distinfo 18 Nov 2013 16:16:20 -0000 @@ -1,2 +1,2 @@ -SHA256 (httpd-2.2.25.tar.gz) = tkG0US8oCqpWjqsJCrUv3qholPnvIvOEgRpFcvxAW/M= -SIZE (httpd-2.2.25.tar.gz) = 7445734 +SHA256 (httpd-2.2.26.tar.gz) = n80DKNdViHqAOZIA2D1Iekxy/zAEgrDJNzdRt6bUoeg= +SIZE (httpd-2.2.26.tar.gz) = 7212848 Index: patches/patch-docs_man_htpasswd_1 =================================================================== RCS file: /cvs/ports/www/apache-httpd/patches/patch-docs_man_htpasswd_1,v retrieving revision 1.4 diff -u -p -r1.4 patch-docs_man_htpasswd_1 --- patches/patch-docs_man_htpasswd_1 1 Sep 2011 13:40:09 -0000 1.4 +++ patches/patch-docs_man_htpasswd_1 18 Nov 2013 16:19:13 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-docs_man_htpasswd_1,v 1.4 2011/09/01 13:40:09 giovanni Exp $ ---- docs/man/htpasswd.1.orig Sun Jun 19 13:45:57 2011 -+++ docs/man/htpasswd.1 Wed Aug 31 11:56:48 2011 +--- docs/man/htpasswd.1.orig Sat Jul 6 23:58:04 2013 ++++ docs/man/htpasswd.1 Mon Nov 18 17:18:53 2013 @@ -19,36 +19,36 @@ .el .ne 3 .IP "\\$1" \\$2 .. --.TH "HTPASSWD" 1 "2011-06-19" "Apache HTTP Server" "htpasswd" -+.TH "HTPASSWD2" 1 "2011-06-19" "Apache HTTP Server" "htpasswd" +-.TH "HTPASSWD" 1 "2013-07-06" "Apache HTTP Server" "htpasswd" ++.TH "HTPASSWD2" 1 "2013-07-06" "Apache HTTP Server" "htpasswd2" .SH NAME -htpasswd \- Manage user files for basic authentication Index: patches/patch-modules_dav_fs_repos_c =================================================================== RCS file: patches/patch-modules_dav_fs_repos_c diff -N patches/patch-modules_dav_fs_repos_c --- patches/patch-modules_dav_fs_repos_c 17 Oct 2013 14:05:41 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,62 +0,0 @@ -$OpenBSD: patch-modules_dav_fs_repos_c,v 1.1 2013/10/17 14:05:41 stsp Exp $ -https://issues.apache.org/bugzilla/show_bug.cgi?id=55397 -http://svn.apache.org/viewvc?view=revision&revision=1529559 -http://svn.apache.org/viewvc?view=revision&revision=1531505 ---- modules/dav/fs/repos.c.orig Thu Oct 17 12:08:37 2013 -+++ modules/dav/fs/repos.c Thu Oct 17 12:09:41 2013 -@@ -1406,6 +1406,18 @@ static dav_error * dav_fs_remove_resource(dav_resource - return dav_fs_deleteset(info->pool, resource); - } - -+/* Take an unescaped path component and escape it and append it onto a -+ * dav_buffer for a URI */ -+static apr_size_t dav_fs_append_uri(apr_pool_t *p, dav_buffer *pbuf, -+ const char *path, apr_size_t pad) -+{ -+ const char *epath = ap_escape_uri(p, path); -+ apr_size_t epath_len = strlen(epath); -+ -+ dav_buffer_place_mem(p, pbuf, epath, epath_len + 1, pad); -+ return epath_len; -+} -+ - /* ### move this to dav_util? */ - /* Walk recursively down through directories, * - * including lock-null resources as we go. */ -@@ -1460,6 +1472,7 @@ static dav_error * dav_fs_walker(dav_fs_walker_context - } - while ((apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp)) == APR_SUCCESS) { - apr_size_t len; -+ apr_size_t escaped_len; - apr_status_t status; - - len = strlen(dirent.name); -@@ -1499,7 +1512,7 @@ static dav_error * dav_fs_walker(dav_fs_walker_context - - /* copy the file to the URI, too. NOTE: we will pad an extra byte - for the trailing slash later. */ -- dav_buffer_place_mem(pool, &fsctx->uri_buf, dirent.name, len + 1, 1); -+ escaped_len = dav_fs_append_uri(pool, &fsctx->uri_buf, dirent.name, 1); - - /* if there is a secondary path, then do that, too */ - if (fsctx->path2.buf != NULL) { -@@ -1532,7 +1545,7 @@ static dav_error * dav_fs_walker(dav_fs_walker_context - fsctx->path2.cur_len += len; - - /* adjust URI length to incorporate subdir and a slash */ -- fsctx->uri_buf.cur_len += len + 1; -+ fsctx->uri_buf.cur_len += escaped_len + 1; - fsctx->uri_buf.buf[fsctx->uri_buf.cur_len - 1] = '/'; - fsctx->uri_buf.buf[fsctx->uri_buf.cur_len] = '\0'; - -@@ -1598,8 +1611,8 @@ static dav_error * dav_fs_walker(dav_fs_walker_context - */ - dav_buffer_place_mem(pool, &fsctx->path1, - fsctx->locknull_buf.buf + offset, len + 1, 0); -- dav_buffer_place_mem(pool, &fsctx->uri_buf, -- fsctx->locknull_buf.buf + offset, len + 1, 0); -+ dav_fs_append_uri(pool, &fsctx->uri_buf, -+ fsctx->locknull_buf.buf + offset, 0); - if (fsctx->path2.buf != NULL) { - dav_buffer_place_mem(pool, &fsctx->path2, - fsctx->locknull_buf.buf + offset, Index: patches/patch-modules_dav_main_mod_dav_c =================================================================== RCS file: patches/patch-modules_dav_main_mod_dav_c diff -N patches/patch-modules_dav_main_mod_dav_c --- patches/patch-modules_dav_main_mod_dav_c 17 Oct 2013 14:05:42 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,89 +0,0 @@ -$OpenBSD: patch-modules_dav_main_mod_dav_c,v 1.2 2013/10/17 14:05:42 stsp Exp $ -https://issues.apache.org/bugzilla/show_bug.cgi?id=55304 -https://issues.apache.org/bugzilla/show_bug.cgi?id=55306 -https://issues.apache.org/bugzilla/show_bug.cgi?id=55397 -http://svn.apache.org/viewvc?view=revision&revision=1515569 -http://svn.apache.org/viewvc?view=revision&revision=1528718 -http://svn.apache.org/viewvc?view=revision&revision=1529559 ---- modules/dav/main/mod_dav.c.orig Thu Jun 27 18:54:14 2013 -+++ modules/dav/main/mod_dav.c Thu Oct 17 12:05:34 2013 -@@ -400,11 +400,9 @@ static int dav_error_response_tag(request_rec *r, - */ - static const char *dav_xml_escape_uri(apr_pool_t *p, const char *uri) - { -- const char *e_uri = ap_escape_uri(p, uri); -- - /* check the easy case... */ -- if (ap_strchr_c(e_uri, '&') == NULL) -- return e_uri; -+ if (ap_strchr_c(uri, '&') == NULL) -+ return uri; - - /* there was a '&', so more work is needed... sigh. */ - -@@ -412,7 +410,7 @@ static const char *dav_xml_escape_uri(apr_pool_t *p, c - * Note: this is a teeny bit of overkill since we know there are no - * '<' or '>' characters, but who cares. - */ -- return apr_xml_quote_string(p, e_uri, 0); -+ return apr_xml_quote_string(p, uri, 0); - } - - -@@ -616,7 +614,8 @@ static int dav_handle_err(request_rec *r, dav_error *e - return DONE; - } - --/* handy function for return values of methods that (may) create things */ -+/* handy function for return values of methods that (may) create things. -+ * locn if provided is assumed to be escaped. */ - static int dav_created(request_rec *r, const char *locn, const char *what, - int replaced) - { -@@ -624,8 +623,6 @@ static int dav_created(request_rec *r, const char *loc - - if (locn == NULL) { - locn = r->unparsed_uri; -- } else { -- locn = ap_escape_uri(r->pool, locn); - } - - /* did the target resource already exist? */ -@@ -2724,7 +2721,7 @@ static int dav_method_copymove(request_rec *r, int is_ - * The multistatus responses will contain the information about any - * resource that fails the validation. - * -- * We check the parent resource, too, since this is a MOVE. Moving the -+ * We check the parent resource, too, if this is a MOVE. Moving the - * resource effectively removes it from the parent collection, so we - * must ensure that we have met the appropriate conditions. - * -@@ -2733,7 +2730,9 @@ static int dav_method_copymove(request_rec *r, int is_ - */ - if ((err = dav_validate_request(r, resource, depth, NULL, - &multi_response, -- DAV_VALIDATE_PARENT -+ (is_move ? DAV_VALIDATE_PARENT -+ : DAV_VALIDATE_RESOURCE -+ | DAV_VALIDATE_NO_MODIFY) - | DAV_VALIDATE_USE_424, - NULL)) != NULL) { - err = dav_push_error(r->pool, err->status, 0, -@@ -2970,7 +2969,7 @@ static int dav_method_copymove(request_rec *r, int is_ - } - - /* return an appropriate response (HTTP_CREATED or HTTP_NO_CONTENT) */ -- return dav_created(r, lookup.rnew->uri, "Destination", -+ return dav_created(r, lookup.rnew->unparsed_uri, "Destination", - resnew_state == DAV_RESOURCE_EXISTS); - } - -@@ -4560,7 +4559,7 @@ static int dav_method_bind(request_rec *r) - - /* return an appropriate response (HTTP_CREATED) */ - /* ### spec doesn't say what happens when destination was replaced */ -- return dav_created(r, lookup.rnew->uri, "Binding", 0); -+ return dav_created(r, lookup.rnew->unparsed_uri, "Binding", 0); - } - - Index: patches/patch-modules_dav_main_mod_dav_h =================================================================== RCS file: patches/patch-modules_dav_main_mod_dav_h diff -N patches/patch-modules_dav_main_mod_dav_h --- patches/patch-modules_dav_main_mod_dav_h 17 Oct 2013 14:05:42 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -$OpenBSD: patch-modules_dav_main_mod_dav_h,v 1.2 2013/10/17 14:05:42 stsp Exp $ -https://issues.apache.org/bugzilla/show_bug.cgi?id=55306 -https://issues.apache.org/bugzilla/show_bug.cgi?id=55397 -http://svn.apache.org/viewvc?view=revision&revision=1528718 -http://svn.apache.org/viewvc?view=revision&revision=1529559 ---- modules/dav/main/mod_dav.h.orig Sun Mar 20 19:58:27 2011 -+++ modules/dav/main/mod_dav.h Thu Oct 17 12:05:47 2013 -@@ -370,7 +370,7 @@ typedef struct dav_resource { - * REGULAR and WORKSPACE resources, - * and is always 1 for WORKING */ - -- const char *uri; /* the URI for this resource */ -+ const char *uri; /* the escaped URI for this resource */ - - dav_resource_private *info; /* the provider's private info */ - -@@ -1281,6 +1281,9 @@ DAV_DECLARE(dav_error *) dav_validate_request(request_ - the 424 DAV:response */ - #define DAV_VALIDATE_USE_424 0x0080 /* return 424 status, not 207 */ - #define DAV_VALIDATE_IS_PARENT 0x0100 /* for internal use */ -+#define DAV_VALIDATE_NO_MODIFY 0x0200 /* resource is not being modified -+ so allow even if lock token -+ is not provided */ - - /* Lock-null related public lock functions */ - DAV_DECLARE(int) dav_get_resource_state(request_rec *r, Index: patches/patch-modules_dav_main_util_c =================================================================== RCS file: patches/patch-modules_dav_main_util_c diff -N patches/patch-modules_dav_main_util_c --- patches/patch-modules_dav_main_util_c 9 Oct 2013 12:54:17 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,24 +0,0 @@ -$OpenBSD: patch-modules_dav_main_util_c,v 1.3 2013/10/09 12:54:17 stsp Exp $ -https://issues.apache.org/bugzilla/show_bug.cgi?id=55306 -http://svn.apache.org/viewvc?view=revision&revision=1528718 ---- modules/dav/main/util.c.orig Fri Jun 28 00:35:39 2013 -+++ modules/dav/main/util.c Wed Oct 9 14:24:32 2013 -@@ -929,13 +929,16 @@ static dav_error * dav_validate_resource_state(apr_poo - /* - ** For methods other than LOCK: - ** -- ** If we have no locks, then <seen_locktoken> can be set to true -- -+ ** If we have no locks or if the resource is not being modified -+ ** (per RFC 4918 the lock token is not required on resources -+ ** we are not changing), then <seen_locktoken> can be set to true -- - ** pretending that we've already met the requirement of seeing one - ** of the resource's locks in the If: header. - ** - ** Otherwise, it must be cleared and we'll look for one. - */ -- seen_locktoken = (lock_list == NULL); -+ seen_locktoken = (lock_list == NULL -+ || flags & DAV_VALIDATE_NO_MODIFY); - } - - /* Index: patches/patch-modules_ssl_ssl_engine_io_c =================================================================== RCS file: patches/patch-modules_ssl_ssl_engine_io_c diff -N patches/patch-modules_ssl_ssl_engine_io_c --- patches/patch-modules_ssl_ssl_engine_io_c 12 Jul 2013 13:21:25 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,13 +0,0 @@ -$OpenBSD: patch-modules_ssl_ssl_engine_io_c,v 1.1 2013/07/12 13:21:25 stsp Exp $ ---- modules/ssl/ssl_engine_io.c.orig Fri Jul 12 03:24:16 2013 -+++ modules/ssl/ssl_engine_io.c Fri Jul 12 03:25:04 2013 -@@ -1079,7 +1079,9 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *fil - * IPv4 and IPv6 addresses are not permitted".) - */ - if (hostname_note && -+#ifndef OPENSSL_NO_SSL2 - sc->proxy->protocol != SSL_PROTOCOL_SSLV2 && -+#endif - sc->proxy->protocol != SSL_PROTOCOL_SSLV3 && - apr_ipsubnet_create(&ip, hostname_note, NULL, - c->pool) != APR_SUCCESS) {