main/apache2: security upgrade to 2.2.22 (CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3368)

low: mod_log_config crash CVE-2012-0021
low: scoreboard parent DoS CVE-2012-0031
moderate: error responses can expose cookies CVE-2012-0053
moderate: mod_proxy reverse proxy exposure CVE-2011-3368

This release also include the previosly patched:
low: mod_setenvif .htaccess privilege escalation CVE-2011-3607
moderate: mod_proxy reverse proxy exposure CVE-2011-4317

fixes #982

1 files changed, 0 insertions, 32 deletions

diff --git a/main/apache2/CVE-2011-3607.patch b/main/apache2/CVE-2011-3607.patch
deleted file mode 100644
index 3ccbfbc48..000000000
--- a/main/apache2/CVE-2011-3607.patch
+++ /dev/null
@@ -1,32 +0,0 @@
---- 2.2.x/server/util.c	2012/01/04 19:42:04	1227279
-+++ 2.2.x/server/util.c	2012/01/04 19:45:22	1227280
-@@ -82,6 +82,8 @@
- #define IS_SLASH(s) (s == '/')
- #endif
- 
-+/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */
-+#define UTIL_SIZE_MAX (~((apr_size_t)0))
- 
- /*
-  * Examine a field value (such as a media-/content-type) string and return
-@@ -366,7 +368,7 @@
-     char *dest, *dst;
-     char c;
-     size_t no;
--    int len;
-+    apr_size_t len;
- 
-     if (!source)
-         return NULL;
-@@ -391,6 +393,11 @@
-             len++;
-         }
-         else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
-+            if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) {
-+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
-+                             "integer overflow or out of memory condition." );
-+                return NULL;
-+            }
-             len += pmatch[no].rm_eo - pmatch[no].rm_so;
-         }
-