- Upgrade to 2.2.13.

PR:		ports/137651
Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

9 files changed, 8 insertions, 263 deletions

diff --git a/www/apache22/Makefile b/www/apache22/Makefile
index 1f497dbef6ed..b6e8907c2b86 100644
--- a/www/apache22/Makefile
+++ b/www/apache22/Makefile
@@ -8,8 +8,7 @@
 #
 
 PORTNAME=	apache
-PORTVERSION=	2.2.11
-PORTREVISION?=	7
+PORTVERSION=	2.2.13
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
diff --git a/www/apache22/distinfo b/www/apache22/distinfo
index e9d832f28930..04da973cb49b 100644
--- a/www/apache22/distinfo
+++ b/www/apache22/distinfo
@@ -1,3 +1,3 @@
-MD5 (apache22/httpd-2.2.11.tar.bz2) = 3e98bcb14a7122c274d62419566431bb
-SHA256 (apache22/httpd-2.2.11.tar.bz2) = 5ce34825c5b84d1808605a22f8d16d44c6f91882a538bb98a3affed8f5dff6fe
-SIZE (apache22/httpd-2.2.11.tar.bz2) = 5230130
+MD5 (apache22/httpd-2.2.13.tar.bz2) = 8d8d904e7342125825ec70f03c5745ef
+SHA256 (apache22/httpd-2.2.13.tar.bz2) = 24a812e010d936a3114141bad56461fcaa1089aa720bd16355feb3516ab8d6d6
+SIZE (apache22/httpd-2.2.13.tar.bz2) = 5300199
diff --git a/www/apache22/files/patch-apr-fix-apr_xml-expat-attack b/www/apache22/files/patch-apr-fix-apr_xml-expat-attack
deleted file mode 100644
index 2040f082ea2d..000000000000
--- a/www/apache22/files/patch-apr-fix-apr_xml-expat-attack
+++ /dev/null
@@ -1,51 +0,0 @@
-Taken from
-  http://svn.apache.org/viewvc/apr/apr/trunk/xml/apr_xml.c?r1=757729&r2=781403&view=patch
-
---- srclib/apr-util/xml/apr_xml.c	2009/03/24 11:12:27	757729
-+++ srclib/apr-util/xml/apr_xml.c	2009/06/03 14:26:19	781403
-@@ -347,6 +347,25 @@
-     return APR_SUCCESS;
- }
- 
-+#if XML_MAJOR_VERSION > 1
-+/* Stop the parser if an entity declaration is hit. */
-+static void entity_declaration(void *userData, const XML_Char *entityName,
-+                               int is_parameter_entity, const XML_Char *value,
-+                               int value_length, const XML_Char *base,
-+                               const XML_Char *systemId, const XML_Char *publicId,
-+                               const XML_Char *notationName)
-+{
-+    apr_xml_parser *parser = userData;
-+
-+    XML_StopParser(parser->xp, XML_FALSE);
-+}
-+#else
-+/* A noop default_handler. */
-+static void default_handler(void *userData, const XML_Char *s, int len)
-+{
-+}
-+#endif
-+
- APU_DECLARE(apr_xml_parser *) apr_xml_parser_create(apr_pool_t *pool)
- {
-     apr_xml_parser *parser = apr_pcalloc(pool, sizeof(*parser));
-@@ -372,6 +391,19 @@
-     XML_SetElementHandler(parser->xp, start_handler, end_handler);
-     XML_SetCharacterDataHandler(parser->xp, cdata_handler);
- 
-+    /* Prevent the "billion laughs" attack against expat by disabling
-+     * internal entity expansion.  With 2.x, forcibly stop the parser
-+     * if an entity is declared - this is safer and a more obvious
-+     * failure mode.  With older versions, installing a noop
-+     * DefaultHandler means that internal entities will be expanded as
-+     * the empty string, which is also sufficient to prevent the
-+     * attack. */
-+#if XML_MAJOR_VERSION > 1
-+    XML_SetEntityDeclHandler(parser->xp, entity_declaration);
-+#else
-+    XML_SetDefaultHandler(parser->xp, default_handler);
-+#endif
-+
-     return parser;
- }
- 
diff --git a/www/apache22/files/patch-apr-fix-brigade_vprintf_overflow b/www/apache22/files/patch-apr-fix-brigade_vprintf_overflow
deleted file mode 100644
index 7ac97674b0c7..000000000000
--- a/www/apache22/files/patch-apr-fix-brigade_vprintf_overflow
+++ /dev/null
@@ -1,18 +0,0 @@
-Equal to the fix in the apr-util itself:
-  http://svn.apache.org/viewvc/apr/apr/trunk/buckets/apr_brigade.c?r1=768417&r2=768416&pathrev=768417&view=patch
-
-See discuission about original vulnerability at
-  http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
-
---- srclib/apr-util/buckets/apr_brigade.c.orig	2009-06-06 12:32:12.000000000 +0400
-+++ srclib/apr-util/buckets/apr_brigade.c	2009-06-06 12:35:30.000000000 +0400
-@@ -689,9 +689,6 @@
-       return -1;
-     }
- 
--    /* tack on null terminator to remaining string */
--    *(vd.vbuff.curpos) = '\0';
--
-     /* write out what remains in the buffer */
-     return apr_brigade_write(b, flush, ctx, buf, vd.vbuff.curpos - buf);
- }
diff --git a/www/apache22/files/patch-apr-fix-strmatch-underflow b/www/apache22/files/patch-apr-fix-strmatch-underflow
deleted file mode 100644
index c1e252355927..000000000000
--- a/www/apache22/files/patch-apr-fix-strmatch-underflow
+++ /dev/null
@@ -1,21 +0,0 @@
-Fix underflow in apr_strmatch_precompile,
-  http://svn.apache.org/viewvc/apr/apr/trunk/strmatch/apr_strmatch.c?r1=757729&r2=779878&view=patch
-
---- srclib/apr-util/strmatch/apr_strmatch.c	2009/03/24 11:12:27	757729
-+++ srclib/apr-util/strmatch/apr_strmatch.c	2009/05/29 07:47:52	779878
-@@ -103,13 +103,13 @@
-     if (case_sensitive) {
-         pattern->compare = match_boyer_moore_horspool;
-         for (i = 0; i < pattern->length - 1; i++) {
--            shift[(int)s[i]] = pattern->length - i - 1;
-+            shift[(unsigned char)s[i]] = pattern->length - i - 1;
-         }
-     }
-     else {
-         pattern->compare = match_boyer_moore_horspool_nocase;
-         for (i = 0; i < pattern->length - 1; i++) {
--            shift[apr_tolower(s[i])] = pattern->length - i - 1;
-+            shift[(unsigned char)apr_tolower(s[i])] = pattern->length - i - 1;
-         }
-     }
-     pattern->context = shift;
diff --git a/www/apache22/files/patch-libtool22 b/www/apache22/files/patch-libtool22
deleted file mode 100644
index 079843239e13..000000000000
--- a/www/apache22/files/patch-libtool22
+++ /dev/null
@@ -1,122 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 025_libtool_2.x_fixes.dpatch by  <jsw@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Update build system to work with libtool 2.x
-## DP:
-## DP: This corresponds to upstream revisions:
-## DP:   733052
-## DP:   742752
-## DP:   748902
-## DP:   757363
-diff --git a/buildconf b/buildconf
-index bc0e9fd..11554ed 100755
---- srclib/apr/buildconf
-+++ srclib/apr/buildconf
-@@ -35,17 +35,20 @@ fi
- # Note: APR supplies its own config.guess and config.sub -- we do not
- #       rely on libtool's versions
- #
--echo "Copying libtool helper files ..."
-+echo "buildconf: copying libtool helper files using $libtoolize"
- 
- # Remove any libtool files so one can switch between libtool 1.3
- # and libtool 1.4 by simply rerunning the buildconf script.
--(cd build ; rm -f ltconfig ltmain.sh libtool.m4)
--
--$libtoolize --copy --automake
--
--if [ -f libtool.m4 ]; then 
--   ltfile=`pwd`/libtool.m4
--else
-+(cd build ; rm -f ltconfig ltmain.sh libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4)
-+
-+lt_pversion=`$libtoolize --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
-+lt_version=`echo $lt_pversion|sed -e 's/\([a-z]*\)$/.\1/'`
-+IFS=.; set $lt_version; IFS=' '
-+if test "$1" = "1"; then
-+  $libtoolize --copy --automake
-+  if [ -f libtool.m4 ]; then 
-+    ltfile=`pwd`/libtool.m4
-+  else
-    ltfindcmd="`sed -n \"/=[^\\\`]/p;/libtool_m4=/{s/.*=/echo /p;q;}\" \
-                    < $libtoolize`"
-    ltfile=${LIBTOOL_M4-`eval "$ltfindcmd"`}
-@@ -54,21 +57,21 @@ else
-      ltpath=`dirname $libtoolize`
-      ltfile=`cd $ltpath/../share/aclocal ; pwd`/libtool.m4
-    fi
--fi
--  
--if [ ! -f $ltfile ]; then
-+  fi
-+  if [ ! -f $ltfile ]; then
-     echo "$ltfile not found"
-     exit 1
-+  fi
-+  # Do we need this anymore?
-+  echo "buildconf: Using libtool.m4 at ${ltfile}."
-+  cat $ltfile | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4
- fi
--
--echo "buildconf: Using libtool.m4 at ${ltfile}."
--
--cat $ltfile | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4
--
--# libtool.m4 from 1.6 requires ltsugar.m4
--if [ -f ltsugar.m4 ]; then
--   rm -f build/ltsugar.m4
--   mv ltsugar.m4 build/ltsugar.m4
-+if test "$1" = "2"; then
-+  $libtoolize --copy
-+  # Wouldn't it just be better to define top_builddir??
-+  mv build/libtool.m4 build/libtool.m4.$$
-+  cat build/libtool.m4.$$ | sed -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' > build/libtool.m4
-+  rm build/libtool.m4.$$
- fi
- 
- # Clean up any leftovers
-diff --git a/configure.in b/configure.in
-index 46b4b32..2ac1439 100644
---- srclib/apr/configure.in
-+++ srclib/apr/configure.in
-@@ -9,6 +9,7 @@ AC_PREREQ(2.50)
- AC_INIT(build/apr_common.m4)
- AC_CONFIG_HEADER(include/arch/unix/apr_private.h)
- AC_CONFIG_AUX_DIR(build)
-+AC_CONFIG_MACRO_DIR(build)
- 
- dnl 
- dnl Include our own M4 macros along with those for libtool
-@@ -20,6 +21,10 @@ sinclude(build/apr_win32.m4)
- sinclude(build/apr_hints.m4)
- sinclude(build/libtool.m4)
- sinclude(build/ltsugar.m4)
-+sinclude(build/argz.m4)
-+sinclude(build/ltoptions.m4)
-+sinclude(build/ltversion.m4)
-+sinclude(build/lt~obsolete.m4)
- 
- dnl Hard-coded inclusion at the tail end of apr_private.h:
- AH_BOTTOM([
-@@ -117,6 +122,8 @@ dnl can only be used once within a configure script, so this prevents a
- dnl preload section from invoking the macro to get compiler info.
- AC_PROG_CC
- 
-+AC_PROG_SED
-+
- dnl Preload
- APR_PRELOAD
- 
-@@ -160,6 +167,11 @@ echo "performing libtool configuration..."
- AC_ARG_ENABLE(experimental-libtool,[  --enable-experimental-libtool Use experimental custom libtool],
-   [experimental_libtool=$enableval],[experimental_libtool=no])
- 
-+dnl Workarounds for busted Libtool 2.x when we don't call AC_PROG_LIBTOOL
-+if test "x$Xsed" = "x"; then
-+  Xsed="$SED -e 1s/^X//"
-+fi
-+
- case $host in
- *-os2*)
-     # Use a custom-made libtool replacement
diff --git a/www/apache22/files/patch-server__mpm__prefork__prefork.c b/www/apache22/files/patch-server__mpm__prefork__prefork.c
deleted file mode 100644
index 3e15b0291a93..000000000000
--- a/www/apache22/files/patch-server__mpm__prefork__prefork.c
+++ /dev/null
@@ -1,42 +0,0 @@
---- ./server/mpm/prefork/prefork.c.orig	2008-05-31 07:58:46.000000000 -0400
-+++ ./server/mpm/prefork/prefork.c	2009-06-11 20:10:12.151389121 -0400
-@@ -573,19 +573,27 @@
-                 apr_int32_t numdesc;
-                 const apr_pollfd_t *pdesc;
- 
--                /* timeout == -1 == wait forever */
--                status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc);
-+                /* check for termination first so we don't sleep for a while in
-+                 * poll if already signalled
-+                 */
-+                if (one_process && shutdown_pending) {
-+                    SAFE_ACCEPT(accept_mutex_off());
-+                    return;
-+                }
-+                else if (die_now) {
-+                    /* In graceful stop/restart; drop the mutex
-+                     * and terminate the child. */
-+                    SAFE_ACCEPT(accept_mutex_off());
-+                    clean_child_exit(0);
-+                }
-+                /* timeout == 10 seconds to avoid a hang at graceful restart/stop
-+                 * caused by the closing of sockets by the signal handler
-+                 */
-+                status = apr_pollset_poll(pollset, apr_time_from_sec(10), 
-+                                          &numdesc, &pdesc);
-                 if (status != APR_SUCCESS) {
--                    if (APR_STATUS_IS_EINTR(status)) {
--                        if (one_process && shutdown_pending) {
--                            return;
--                        }
--                        else if (die_now) {
--                            /* In graceful stop/restart; drop the mutex
--                             * and terminate the child. */
--                            SAFE_ACCEPT(accept_mutex_off());
--                            clean_child_exit(0);
--                        }
-+                    if (APR_STATUS_IS_TIMEUP(status) ||
-+                        APR_STATUS_IS_EINTR(status)) {
-                         continue;
-                     }
-                     /* Single Unix documents select as returning errnos
diff --git a/www/apache22/files/patch-srclib-apr-buildconf b/www/apache22/files/patch-srclib-apr-buildconf
index f8638d7f4634..6ec934abc448 100644
--- a/www/apache22/files/patch-srclib-apr-buildconf
+++ b/www/apache22/files/patch-srclib-apr-buildconf
@@ -4,12 +4,12 @@
  #
  build/buildcheck.sh || exit 1
  
--libtoolize=`build/PrintPath glibtoolize libtoolize15 libtoolize14 libtoolize`
+-libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize15 libtoolize14 libtoolize`
 +libtoolize="${LIBTOOLIZE}"
  if [ "x$libtoolize" = "x" ]; then
      echo "libtoolize not found in path"
      exit 1
-@@ -52,7 +52,7 @@
+@@ -60,7 +60,7 @@
     # Expecting the code above to be very portable, but just in case...
     if [ -z "$ltfile" -o ! -f "$ltfile" ]; then
       ltpath=`dirname $libtoolize`
@@ -18,7 +18,7 @@
     fi
  fi
    
-@@ -87,8 +87,11 @@
+@@ -95,8 +95,11 @@
  # Remove autoconf 2.5x's cache directory
  rm -rf autom4te*.cache
  
diff --git a/www/apache22/files/patch-srclib:apr:build:buildcheck.sh b/www/apache22/files/patch-srclib:apr:build:buildcheck.sh
index a6641eed7acb..04af0a0c30ce 100644
--- a/www/apache22/files/patch-srclib:apr:build:buildcheck.sh
+++ b/www/apache22/files/patch-srclib:apr:build:buildcheck.sh
@@ -20,7 +20,7 @@
  # output is multiline from 1.5 onwards
  
  # Require libtool 1.4 or newer
--libtool=`build/PrintPath glibtool libtool libtool15 libtool14`
+-libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
 +libtool=${LIBTOOL}
  lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
  if test -z "$lt_pversion"; then