[pkgsrc/trunk]: pkgsrc/www/apache24 apache24: updated to 2.4.51

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a29ff28bf422
branches:  trunk
changeset: 459483:a29ff28bf422
user:      adam <adam%pkgsrc.org@localhost>
date:      Thu Oct 07 19:05:24 2021 +0000

description:
apache24: updated to 2.4.51

Changes with Apache 2.4.51

*) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
   Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
   fix of CVE-2021-41773) (cve.mitre.org)
   It was found that the fix for CVE-2021-41773 in Apache HTTP
   Server 2.4.50 was insufficient.  An attacker could use a path
   traversal attack to map URLs to files outside the directories
   configured by Alias-like directives.
   If files outside of these directories are not protected by the
   usual default configuration "require all denied", these requests
   can succeed. If CGI scripts are also enabled for these aliased
   pathes, this could allow for remote code execution.
   This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
   earlier versions.

*) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
   unused AP_NORMALIZE_DROP_PARAMETERS flag.

diffstat:

 www/apache24/Makefile |  4 ++--
 www/apache24/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (33 lines):

diff -r 16400f51364c -r a29ff28bf422 www/apache24/Makefile
--- a/www/apache24/Makefile     Thu Oct 07 15:54:23 2021 +0000
+++ b/www/apache24/Makefile     Thu Oct 07 19:05:24 2021 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.104 2021/10/05 19:22:08 adam Exp $
+# $NetBSD: Makefile,v 1.105 2021/10/07 19:05:24 adam Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
 
-DISTNAME=      httpd-2.4.50
+DISTNAME=      httpd-2.4.51
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}
diff -r 16400f51364c -r a29ff28bf422 www/apache24/distinfo
--- a/www/apache24/distinfo     Thu Oct 07 15:54:23 2021 +0000
+++ b/www/apache24/distinfo     Thu Oct 07 19:05:24 2021 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.48 2021/10/07 15:07:04 nia Exp $
+$NetBSD: distinfo,v 1.49 2021/10/07 19:05:24 adam Exp $
 
-RMD160 (httpd-2.4.50.tar.bz2) = 5f93e67fccb703318115b921d670d12ec81ad3c8
-SHA512 (httpd-2.4.50.tar.bz2) = b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158
-Size (httpd-2.4.50.tar.bz2) = 7653174 bytes
+RMD160 (httpd-2.4.51.tar.bz2) = 339cf2df89613855dc44affe6296ba1b1652db14
+SHA512 (httpd-2.4.51.tar.bz2) = 9fb07c4b176f5c0485a143e2b1bb1085345ca9120b959974f68c37a8911a57894d2cb488b1b42fdf3102860b99e890204f5e9fa7ae3828b481119c563812cc66
+Size (httpd-2.4.51.tar.bz2) = 7653609 bytes
 SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d