diff options
| author | adam <adam@pkgsrc.org> | 2017-10-06 06:22:05 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2017-10-06 06:22:05 +0000 |
| commit | 450ea8f99c577f639b483be7022b7125fd8c3413 (patch) | |
| tree | fb5b359633d746f17104a73f65bbf8d702cd2015 /www/apache24 | |
| parent | e10118b29c4bb316ce713871bb9eeb9da0dd1235 (diff) | |
| download | pkgsrc-450ea8f99c577f639b483be7022b7125fd8c3413.tar.gz | |
apache24: update to 2.4.28
Changes with Apache 2.4.28
*) SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. <Limit[Except]> must now be used in the
main configuration file (httpd.conf) to register HTTP methods before the
.htaccess files.
*) event: Avoid possible blocking in the listener thread when shutting down
connections.
*) mod_speling: Don't embed referer data in a link in error page.
*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
length in a password file.
*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
's' (second) and 'hr' (hour!) time suffixes.
*) mod_http2: Fix for stalling when more than 32KB are written to a
suspended stream.
*) build: allow configuration without APR sources.
*) mod_ssl, ab: Fix compatibility with LibreSSL.
*) core/log: Support use of optional "tag" in syslog entries.
*) mod_proxy: Fix ProxyAddHeaders merging.
*) core: Disallow multiple Listen on the same IP:port when listener buckets
are configured (ListenCoresBucketsRatio > 0), consistently with the single
bucket case (default), thus avoiding the leak of the corresponding socket
descriptors on graceful restart.
*) event: Avoid listener periodic wake ups by using the pollset wake-ability
when available.
*) mod_proxy_wstunnel: Fix detection of unresponded request which could have
led to spurious HTTP 502 error messages sent on upgrade connections.
Diffstat (limited to 'www/apache24')
| -rw-r--r-- | www/apache24/Makefile | 5 | ||||
| -rw-r--r-- | www/apache24/distinfo | 11 | ||||
| -rw-r--r-- | www/apache24/patches/patch-server_core.c | 20 |
3 files changed, 7 insertions, 29 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index ca253c56c62..e7165a76210 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,13 +1,12 @@ -# $NetBSD: Makefile,v 1.61 2017/09/18 13:24:05 wiz Exp $ +# $NetBSD: Makefile,v 1.62 2017/10/06 06:22:05 adam Exp $ # # When updating this package, make sure that no strings like # "PR 12345" are in the commit message. Upstream likes # to reference their own PRs this way, but this ends up # in NetBSD GNATS. -DISTNAME= httpd-2.4.27 +DISTNAME= httpd-2.4.28 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} MASTER_SITES+= http://archive.apache.org/dist/httpd/ diff --git a/www/apache24/distinfo b/www/apache24/distinfo index de96e8839e1..e2fa6d78fb8 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.32 2017/09/18 13:34:51 wiz Exp $ +$NetBSD: distinfo,v 1.33 2017/10/06 06:22:05 adam Exp $ -SHA1 (httpd-2.4.27.tar.bz2) = 699e4e917e8fb5fd7d0ce7e009f8256ed02ec6fc -RMD160 (httpd-2.4.27.tar.bz2) = 46f601f58de77eb11fa4c7ea35fa0858d2f4d289 -SHA512 (httpd-2.4.27.tar.bz2) = 7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c -Size (httpd-2.4.27.tar.bz2) = 6527394 bytes +SHA1 (httpd-2.4.28.tar.bz2) = 0b37522b808dcee72e1d56d656b0def530b820a2 +RMD160 (httpd-2.4.28.tar.bz2) = b242f9b671a5b1cc58e3897d3bb6c278d4125e47 +SHA512 (httpd-2.4.28.tar.bz2) = 8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a +Size (httpd-2.4.28.tar.bz2) = 6553163 bytes SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d @@ -15,4 +15,3 @@ SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911 SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777 SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96 -SHA1 (patch-server_core.c) = 52dbf840b22c4ad48ede200c3fe5ae889d2fe509 diff --git a/www/apache24/patches/patch-server_core.c b/www/apache24/patches/patch-server_core.c deleted file mode 100644 index d348d423da8..00000000000 --- a/www/apache24/patches/patch-server_core.c +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-server_core.c,v 1.2 2017/09/18 13:34:51 wiz Exp $ - -Fix security problem using upstream patch. -http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch - ---- server/core.c.orig 2016-12-05 14:34:29.000000000 +0000 -+++ server/core.c -@@ -2262,6 +2262,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_ - /* method has not been registered yet, but resource restriction - * is always checked before method handling, so register it. - */ -+ if (cmd->pool == cmd->temp_pool) { -+ /* In .htaccess, we can't globally register new methods. */ -+ return apr_psprintf(cmd->pool, "Could not register method '%s' " -+ "for %s from .htaccess configuration", -+ method, cmd->cmd->name); -+ } - methnum = ap_method_register(cmd->pool, - apr_pstrdup(cmd->pool, method)); - } |