From 918f5782d54417508c1661fc5cebbd7f1be44bd1 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 2 Sep 2011 12:38:19 +0000
Subject: [PATCH] main/apache2: security upgrade to 2.2.20 (CVE-2011-3192)

(cherry picked from commit 14d8b3ce0d0c7c58bf88f7497905e44f222409a7
and 169b985e5d05eba2054661b09fa9d1c5c32bc102)
(cherry picked from commit 5fb412b0ce117306582023c2852bb72d612ff5d5)

Conflicts:

	main/apache2/APKBUILD
---
 main/apache2/03-add-mpm-to-build-system.patch | 25 ++++++++++
 main/apache2/APKBUILD                         | 46 +++++++++----------
 2 files changed, 48 insertions(+), 23 deletions(-)
 create mode 100644 main/apache2/03-add-mpm-to-build-system.patch

diff --git a/main/apache2/03-add-mpm-to-build-system.patch b/main/apache2/03-add-mpm-to-build-system.patch
new file mode 100644
index 00000000000..974c50eb46a
--- /dev/null
+++ b/main/apache2/03-add-mpm-to-build-system.patch
@@ -0,0 +1,25 @@
+Add the new MPM to the build system as an alternative to the other MPMs,
+and mark it as experimental.
+
+Index: apache2.2/server/mpm/config.m4
+===================================================================
+--- apache2.2.orig/server/mpm/config.m4	2007-01-29 21:30:26.000000000 +0100
++++ apache2.2/server/mpm/config.m4	2007-01-29 21:30:35.000000000 +0100
+@@ -1,7 +1,7 @@
+ AC_MSG_CHECKING(which MPM to use)
+ AC_ARG_WITH(mpm,
+ APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use.
+-                          MPM={beos|event|worker|prefork|mpmt_os2|winnt}),[
++                          MPM={beos|event|worker|prefork|mpmt_os2|winnt|itk}),[
+   APACHE_MPM=$withval
+ ],[
+   if test "x$APACHE_MPM" = "x"; then
+@@ -23,7 +23,7 @@
+ 
+ ap_mpm_is_experimental ()
+ {
+-    if test "$apache_cv_mpm" = "event" ; then
++    if test "$apache_cv_mpm" = "event" -o "$apache_cv_mpm" = "itk" ; then
+         return 0
+     else
+         return 1
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 8b5708d2dc4..3e33e8dc6a2 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -1,27 +1,30 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apache2
-pkgver=2.2.17
-pkgrel=1
+pkgver=2.2.20
+pkgrel=0
 pkgdesc="A high performance Unix-based HTTP server"
 url="http://httpd.apache.org/"
 license="APACHE"
 depends=""
 pkgusers="apache"
 pkggroups="apache"
-makedepends="openssl-dev zlib-dev apr-util-dev apr-dev pcre-dev
+makedepends="openssl-dev zlib-dev apr-util-dev apr-dev pcre-dev sed
 	autoconf automake"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-utils $pkgname-ssl
 	$pkgname-ldap"
+# see http://lists.err.no/pipermail/mpm-itk/2011-August/000432.html for
+# the 03-add-mpm-to-build-system.patch
 source="http://archive.apache.org/dist/httpd/httpd-$pkgver.tar.bz2
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/02-rename-prefork-to-itk.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/03-add-mpm-to-build-system.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/04-correct-output-makefile-location.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/05-add-copyright.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/06-hook-just-after-merging-perdir-config.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/07-base-functionality.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/08-max-clients-per-vhost.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/09-capabilities.patch
-	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.11-02/10-nice.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/02-rename-prefork-to-itk.patch
+	03-add-mpm-to-build-system.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/04-correct-output-makefile-location.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/05-add-copyright.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/06-hook-just-after-merging-perdir-config.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/07-base-functionality.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/08-max-clients-per-vhost.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/09-capabilities.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/10-nice.patch
+	http://mpm-itk.sesse.net/apache2.2-mpm-itk-2.2.17-01/11-fix-htaccess-reads-for-persistent-connections.patch
 	apache2.confd
 	apache2.logrotate
 	apache2.initd
@@ -46,15 +49,11 @@ prepare() {
 		server/mpm/experimental/itk/ || return 1
 	mv server/mpm/experimental/itk/prefork.c \
 		server/mpm/experimental/itk/itk.c || return 1
-	patch -Np1 -i "$srcdir/02-rename-prefork-to-itk.patch" || return 1
-	patch -Np1 -i "$srcdir/03-add-mpm-to-build-system.patch" || return 1
-	patch -Np1 -i "$srcdir/04-correct-output-makefile-location.patch" || return 1
-	patch -Np1 -i "$srcdir/05-add-copyright.patch" || return 1
-	patch -Np1 -i "$srcdir/06-hook-just-after-merging-perdir-config.patch" || return 1
-	patch -Np1 -i "$srcdir/07-base-functionality.patch" || return 1
-	patch -Np1 -i "$srcdir/08-max-clients-per-vhost.patch" || return 1
-	patch -Np1 -i "$srcdir/09-capabilities.patch" || return 1
-	patch -Np1 -i "$srcdir/10-nice.patch" || return 1
+	for i in $source; do
+		case $i in
+		*.patch) msg ${i##*/}; patch -p1 -i "$srcdir"/${i##*/} || return 1;;
+		esac
+	done
 	autoconf || return 1
 }
 
@@ -175,9 +174,9 @@ ldap() {
 	install -m644 -D  "$srcdir"/ldap.conf "$subpkgdir"/etc/apache2/conf.d/ldap.conf
 }
 
-md5sums="16eadc59ea6b38af33874d300973202e  httpd-2.2.17.tar.bz2
+md5sums="1ac251431c8c4285f6b085c1d156bb56  httpd-2.2.20.tar.bz2
 db42cfcc18ae1c32aaaff2347e35b79d  02-rename-prefork-to-itk.patch
-131408ad4dc7b18547b4e062e7e495ab  03-add-mpm-to-build-system.patch
+72817bd3eddc56fd886ca4739c536261  03-add-mpm-to-build-system.patch
 ee488f391054d528547c3a372faa2aa7  04-correct-output-makefile-location.patch
 b202944761b2f0516196488b12504236  05-add-copyright.patch
 78fa15f8ca3a284b7d71f942e24e47fb  06-hook-just-after-merging-perdir-config.patch
@@ -185,6 +184,7 @@ d33e39350e987721d50e6fb8e164ab6b  07-base-functionality.patch
 9f7a8935f9cabc7b46d0052906634cef  08-max-clients-per-vhost.patch
 1b28e3363e1b0d05b738a21e7ddd264f  09-capabilities.patch
 d9667fcd2ffecc63e446edd4d6666731  10-nice.patch
+1e5b222edcfbf99a3edc56fcb2074fbe  11-fix-htaccess-reads-for-persistent-connections.patch
 e322b5211e49511cac6e40c86af1b1da  apache2.confd
 75fe4138b98fcffd01b8c8c077b944f3  apache2.logrotate
 0261136ff734c3ae8dcf878a46ed5830  apache2.initd