diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2019-01-29 13:58:59 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2019-01-29 13:58:59 +0000 |
commit | a084e9e7d636a39f8b19ede83750dc93c5529a00 (patch) | |
tree | 9b0b796bb8588f29f8013ad3a84b6ec0e801fd75 | |
parent | 4ccbb0bf6274819cc8782b5f4b00557f13f10700 (diff) | |
download | pkgsrc-a084e9e7d636a39f8b19ede83750dc93c5529a00.tar.gz |
Pullup ticket #5903 - requested by taca
www/apache24: security fix
Revisions pulled up:
- www/apache24/Makefile 1.76
- www/apache24/distinfo 1.39
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Jan 23 12:04:18 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile distinfo
Log Message:
apache24: updated to 2.4.38
Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play.
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
-rw-r--r-- | www/apache24/Makefile | 9 | ||||
-rw-r--r-- | www/apache24/distinfo | 10 |
2 files changed, 9 insertions, 10 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index 578b0c20041..20d6508993b 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,13 +1,12 @@ -# $NetBSD: Makefile,v 1.75 2018/12/13 19:52:25 adam Exp $ +# $NetBSD: Makefile,v 1.75.2.1 2019/01/29 13:58:59 bsiegert Exp $ # # When updating this package, make sure that no strings like # "PR 12345" are in the commit message. Upstream likes # to reference their own PRs this way, but this ends up # in NetBSD GNATS. -DISTNAME= httpd-2.4.37 +DISTNAME= httpd-2.4.38 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} MASTER_SITES+= http://archive.apache.org/dist/httpd/ @@ -82,7 +81,7 @@ PKG_GROUPS_VARS= APACHE_GROUP PKG_USERS_VARS= APACHE_USER PKG_SYSCONFVAR= apache -PKG_SYSCONFSUBDIR?= httpd +PKG_SYSCONFSUBDIR= httpd EGDIR= ${PREFIX}/share/examples/httpd SBINDIR= ${PREFIX}/sbin CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf @@ -172,7 +171,7 @@ INSTALL_TARGET= install-conf install INSTALL_MAKE_FLAGS+= sysconfdir="${EGDIR}" post-install: - ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build + ${LN} -sf ${PREFIX}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build ${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/bin diff --git a/www/apache24/distinfo b/www/apache24/distinfo index 1d157d968b7..d75eace0eec 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.38 2018/10/24 10:08:00 adam Exp $ +$NetBSD: distinfo,v 1.38.2.1 2019/01/29 13:58:59 bsiegert Exp $ -SHA1 (httpd-2.4.37.tar.bz2) = 4a38471de821288b0300148016f2b03dfee8adf2 -RMD160 (httpd-2.4.37.tar.bz2) = 2f81b55c14f3bc3b2e46a9b841c798071983deb5 -SHA512 (httpd-2.4.37.tar.bz2) = e802915801bbe885a65dada04b0116d145b293fabfff734dddb61a79ca1c6d65326f51155d1b864b093c3ec00d0bdfdf1401ab55677bae1ea3da1d199d7bcad4 -Size (httpd-2.4.37.tar.bz2) = 7031632 bytes +SHA1 (httpd-2.4.38.tar.bz2) = 810de74ea3ee59ff3205f2a46436fc1dcce4e4ab +RMD160 (httpd-2.4.38.tar.bz2) = 192484b6c8714246a562dd187ea1bfce01e17014 +SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448 +Size (httpd-2.4.38.tar.bz2) = 7035030 bytes SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d |