pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/apache22



Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Jul 12 07:00:40 UTC 2017

Modified Files:
        pkgsrc/www/apache22: Makefile distinfo

Log Message:
Changes with Apache 2.2.34

  *) Allow single-char field names inadvertantly disallowed in 2.2.32.

Changes with Apache 2.2.33 (not released)

  *) SECURITY: CVE-2017-7668 (cve.mitre.org)
     The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
     bug in token list parsing, which allows ap_find_token() to search past
     the end of its input string. By maliciously crafting a sequence of
     request headers, an attacker may be able to cause a segmentation fault,
     or to force ap_find_token() to return an incorrect value.

  *) SECURITY: CVE-2017-3169 (cve.mitre.org)
     mod_ssl may dereference a NULL pointer when third-party modules call
     ap_hook_process_connection() during an HTTP request to an HTTPS port.

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.

  *) SECURITY: CVE-2017-7679 (cve.mitre.org)
     mod_mime can read one byte past the end of a buffer when sending a
     malicious Content-Type response header.

  *) Fix HttpProtocolOptions to inherit from global to VirtualHost scope.


To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/apache22/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/apache22/Makefile
diff -u pkgsrc/www/apache22/Makefile:1.112 pkgsrc/www/apache22/Makefile:1.113
--- pkgsrc/www/apache22/Makefile:1.112  Thu Jan 19 18:52:28 2017
+++ pkgsrc/www/apache22/Makefile        Wed Jul 12 07:00:40 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.112 2017/01/19 18:52:28 agc Exp $
+# $NetBSD: Makefile,v 1.113 2017/07/12 07:00:40 adam Exp $
 
-DISTNAME=      httpd-2.2.32
+DISTNAME=      httpd-2.2.34
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}

Index: pkgsrc/www/apache22/distinfo
diff -u pkgsrc/www/apache22/distinfo:1.66 pkgsrc/www/apache22/distinfo:1.67
--- pkgsrc/www/apache22/distinfo:1.66   Mon Jan 16 14:34:42 2017
+++ pkgsrc/www/apache22/distinfo        Wed Jul 12 07:00:40 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.66 2017/01/16 14:34:42 adam Exp $
+$NetBSD: distinfo,v 1.67 2017/07/12 07:00:40 adam Exp $
 
-SHA1 (httpd-2.2.32.tar.bz2) = 36dc7f2ac97627192dcff0a121408b897f91b121
-RMD160 (httpd-2.2.32.tar.bz2) = 88789518915babeaa8dbf0e8130b6d630bebb6c3
-SHA512 (httpd-2.2.32.tar.bz2) = b1802579f4fc950705ddcf0a24f502ffadbd91d5693fdd3b290ac7ca40122f8fa48132ad1055afae9b841dd55e8bb343239be07ca431b0f60ea081f5c2fad2c3
-Size (httpd-2.2.32.tar.bz2) = 5777509 bytes
+SHA1 (httpd-2.2.34.tar.bz2) = 829206394e238af0b800fc78d19c74ee466ecb23
+RMD160 (httpd-2.2.34.tar.bz2) = 7e913d60ac02c815edac6ab0614f5dc40618c073
+SHA512 (httpd-2.2.34.tar.bz2) = e6dac5865a48533c025fe17523ee74d68c3a23f9512c9441b78a140e33cfb6835573eb049b0ad424eb5c5ca78a1915778c54e8a409da95fbdd3890cb99e08240
+Size (httpd-2.2.34.tar.bz2) = 5779739 bytes
 SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad



Home | Main Index | Thread Index | Old Index