File _patchinfo of Package patchinfo

<patchinfo incident="50">
  <packager>draht</packager>
  <category>security</category>
  <rating>moderate</rating>
  <summary>update for apache2</summary>
  <description>- ignore case when checking against SNI server names. [bnc#798733]
  httpd-2.2.x-bnc798733-SNI_ignorecase.diff
- better cleanup of busy count after recovering from failure
  [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff
- httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff:
  backend timeouts should not affect the entire worker. [bnc#788121]
- httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif:
  Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH
  handling. [bnc#757710]
- httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff
  Escape filename for the case that uploads are allowed with untrusted
  user's control over filenames and mod_negotiation enabled on the
  same directory. CVE-2012-2687 [bnc#777260]
- httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to
  reflect the upstream changes. This will prevent the "Invalid URI in
  request OPTIONS *" messages in the error log. [bnc#722545]

- /etc/init.d/apache2: new argument "check-reload". Exits 1 if
  httpd2 runs on deleted binaries such as after package update,
  else 0. This is used by equally modified /etc/logrotate.d/apache2,
  which uses "/etc/init.d/apache2 check-reload" in its prerotate
  script.
  These changes prevent httpd2 from being (gracefully) reloaded
  by logrotate, executed by cron, if new binaries have been
  installed. Instead, a warning is printed on stdout and is being
  logged to the syslogs. If this happens, apache's logs are NOT
  rotated, and the running processes are left untouched. This
  limits the maximum damage of log rotation to unrotated logs.
  "/etc/init.d/apache2 restart" (or "rcapache2 restart") must be
  executed manually in such a case. [bnc#728876]</description>
</patchinfo>