pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2019Q2] pkgsrc/www/apache24



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Sep  5 10:21:28 UTC 2019

Modified Files:
        pkgsrc/www/apache24 [pkgsrc-2019Q2]: Makefile PLIST distinfo
        pkgsrc/www/apache24/patches [pkgsrc-2019Q2]: patch-ai

Log Message:
Pullup ticket #6037 - requested by taca
www/apache24: SunOS build fix, security fix

Revisions pulled up:
- www/apache24/Makefile                                         1.82,1.84
- www/apache24/PLIST                                            1.31
- www/apache24/distinfo                                         1.41
- www/apache24/patches/patch-ai                                 1.2

---
   Module Name: pkgsrc
   Committed By:        ryoon
   Date:                Mon Jul  1 04:08:55 UTC 2019

   Modified Files:

        pkgsrc/www/apache24: Makefile

   Log Message:
   Recursive revbump from boost-1.70.0

---
   Module Name: pkgsrc
   Committed By:        jperkin
   Date:                Mon Jul 22 10:34:22 UTC 2019

   Modified Files:
        pkgsrc/www/apache24: Makefile

   Log Message:
   apache24: Extend SunOS C99 compilers list to gcc-5.

   Should fix PR#54385 from Hiroshi Hakoyama.

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sun Aug 11 13:25:21 UTC 2019

   Modified Files:

        pkgsrc/www/apache24: Makefile buildlink3.mk

   Log Message:
   Bump PKGREVISIONs for perl 5.30.0

---
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Thu Aug 15 08:03:39 UTC 2019

   Modified Files:
        pkgsrc/www/apache24: Makefile PLIST distinfo
        pkgsrc/www/apache24/patches: patch-ai

   Log Message:
   apache24: updated to 2.4.41

   Changes with Apache 2.4.41

     *) SECURITY: CVE-2019-10081 (cve.mitre.org)
        mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
        could lead to an overwrite of memory in the pushing request's pool,
        leading to crashes. The memory copied is that of the configured push
        link header values, not data supplied by the client.

     *) SECURITY: CVE-2019-9517 (cve.mitre.org)
        mod_http2: a malicious client could perform a DoS attack by flooding
        a connection with requests and basically never reading responses
        on the TCP connection. Depending on h2 worker dimensioning, it was
        possible to block those with relatively few connections.

     *) SECURITY: CVE-2019-10098 (cve.mitre.org)
        rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
        matches and substitutions with encoded line break characters.

     *) SECURITY: CVE-2019-10092 (cve.mitre.org)
        Remove HTML-escaped URLs from canned error responses to prevent misleading
        text/links being displayed via crafted links.

     *) SECURITY: CVE-2019-10097 (cve.mitre.org)
        mod_remoteip: Fix stack buffer overflow and NULL pointer deference
        when reading the PROXY protocol header.

     *) SECURITY: CVE-2019-10082 (cve.mitre.org)
        mod_http2: Using fuzzed network input, the http/2 session
        handling could be made to read memory after being freed,
        during connection shutdown.

     *) mod_proxy_balancer: Improve balancer-manager protection against
        XSS/XSRF attacks from trusted users.

     *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
        configure the session/cookie expiry's update interval.

     *) modules/filters: Fix broken compilation when using old GCC (<4.2.x).

     *) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile
        configured for a domain managed by mod_md.


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.80.2.1 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.30 -r1.30.2.1 pkgsrc/www/apache24/PLIST
cvs rdiff -u -r1.40 -r1.40.2.1 pkgsrc/www/apache24/distinfo
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.60.1 pkgsrc/www/apache24/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/apache24/Makefile
diff -u pkgsrc/www/apache24/Makefile:1.80 pkgsrc/www/apache24/Makefile:1.80.2.1
--- pkgsrc/www/apache24/Makefile:1.80   Fri Jun  7 11:26:20 2019
+++ pkgsrc/www/apache24/Makefile        Thu Sep  5 10:21:28 2019
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.80 2019/06/07 11:26:20 tm Exp $
+# $NetBSD: Makefile,v 1.80.2.1 2019/09/05 10:21:28 bsiegert Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
 
-DISTNAME=      httpd-2.4.39
+DISTNAME=      httpd-2.4.41
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
-PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}
 MASTER_SITES+= http://archive.apache.org/dist/httpd/
@@ -37,7 +36,7 @@ CONFIGURE_ENV+=               ac_cv_path_RSYNC=/nonex
 .include "../../mk/compiler.mk"
 
 CFLAGS.SunOS+= -D__EXTENSIONS__
-.if !empty(CC_VERSION:Mgcc-[6-9]*) || !empty(PKGSRC_COMPILER:Mclang)
+.if !empty(CC_VERSION:Mgcc-[5-9]*) || !empty(PKGSRC_COMPILER:Mclang)
 CFLAGS.SunOS+= -D_XOPEN_SOURCE=600
 .else
 CFLAGS.SunOS+= -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1
@@ -62,7 +61,7 @@ APACHE_MODULES?=      ${DFLT_APACHE_MODULES}
 
 # LDAP support
 PLIST_VARS+=           ldap
-.if exists(${LOCALBASE}/lib/apr-util-1/apr_ldap.la)
+.if exists(${PREFIX}/lib/apr-util-1/apr_ldap.la)
 DFLT_APACHE_MODULES+=  ldap authnz_ldap
 PLIST.ldap=            yes
 .endif
@@ -122,8 +121,7 @@ SUBST_FILES.paths=  config.layout Makefil
 SUBST_VARS.paths=      PREFIX
 SUBST_VARS.paths+=     VARBASE
 SUBST_SED.paths+=      -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g"
-SUBST_VARS.paths+=     PAX
-SUBST_SED.paths+=      -e "s|@LOCALBASE@|${PREFIX}|g"
+SUBST_VARS.paths+=     PAX PREFIX
 
 SUBST_CLASSES+=                apr-lt
 SUBST_STAGE.apr-lt=    post-configure

Index: pkgsrc/www/apache24/PLIST
diff -u pkgsrc/www/apache24/PLIST:1.30 pkgsrc/www/apache24/PLIST:1.30.2.1
--- pkgsrc/www/apache24/PLIST:1.30      Fri Jun  7 11:26:20 2019
+++ pkgsrc/www/apache24/PLIST   Thu Sep  5 10:21:28 2019
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.30 2019/06/07 11:26:20 tm Exp $
+@comment $NetBSD: PLIST,v 1.30.2.1 2019/09/05 10:21:28 bsiegert Exp $
 bin/ab
 bin/apxs
 bin/dbmmanage
@@ -1218,6 +1218,8 @@ share/httpd/manual/mod/mod_socache_dc.ht
 share/httpd/manual/mod/mod_socache_memcache.html
 share/httpd/manual/mod/mod_socache_memcache.html.en
 share/httpd/manual/mod/mod_socache_memcache.html.fr.utf8
+share/httpd/manual/mod/mod_socache_redis.html
+share/httpd/manual/mod/mod_socache_redis.html.en
 share/httpd/manual/mod/mod_socache_shmcb.html
 share/httpd/manual/mod/mod_socache_shmcb.html.en
 share/httpd/manual/mod/mod_socache_shmcb.html.fr.utf8
@@ -1302,6 +1304,7 @@ share/httpd/manual/mod/mpmt_os2.html.en
 share/httpd/manual/mod/mpmt_os2.html.fr.utf8
 share/httpd/manual/mod/overrides.html
 share/httpd/manual/mod/overrides.html.en
+share/httpd/manual/mod/overrides.html.fr.utf8
 share/httpd/manual/mod/prefork.html
 share/httpd/manual/mod/prefork.html.de
 share/httpd/manual/mod/prefork.html.en

Index: pkgsrc/www/apache24/distinfo
diff -u pkgsrc/www/apache24/distinfo:1.40 pkgsrc/www/apache24/distinfo:1.40.2.1
--- pkgsrc/www/apache24/distinfo:1.40   Tue Apr  2 07:25:38 2019
+++ pkgsrc/www/apache24/distinfo        Thu Sep  5 10:21:28 2019
@@ -1,16 +1,16 @@
-$NetBSD: distinfo,v 1.40 2019/04/02 07:25:38 adam Exp $
+$NetBSD: distinfo,v 1.40.2.1 2019/09/05 10:21:28 bsiegert Exp $
 
-SHA1 (httpd-2.4.39.tar.bz2) = 75695bb7bb589c308755bf496de8b34522133865
-RMD160 (httpd-2.4.39.tar.bz2) = 4ab6b73efdb326bd34e352ac34fd337f3fb5f60e
-SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7
-Size (httpd-2.4.39.tar.bz2) = 7030539 bytes
+SHA1 (httpd-2.4.41.tar.bz2) = b46a02237f03384fa50ddbde9be62092dc23e684
+RMD160 (httpd-2.4.41.tar.bz2) = ed572c262222034a699ab55f12eaebbe070cecb7
+SHA512 (httpd-2.4.41.tar.bz2) = 350cc7dcd2c439e0590338fa6da3f44df44f9bb885c381e91f91b14c2f48597f6f0bbac0ea118a8a67eaa70ae7edbb769beace368643ed73f6daee44c307b335
+Size (httpd-2.4.41.tar.bz2) = 7072373 bytes
 SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
 SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157
 SHA1 (patch-ae) = 5bd3bf54e792bf8a2916d7e1b49b1702b02c6903
 SHA1 (patch-ag) = 50c7f0fab1cb90ac573f1c47f2d37f9c2a6247e1
-SHA1 (patch-ai) = 867ac81fd14b1bd6af048ec57390d915956e9568
+SHA1 (patch-ai) = d3870e46e41adc97c3fce86f9ffd224502ad6b0c
 SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911
 SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777
 SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df

Index: pkgsrc/www/apache24/patches/patch-ai
diff -u pkgsrc/www/apache24/patches/patch-ai:1.1.1.1 pkgsrc/www/apache24/patches/patch-ai:1.1.1.1.60.1
--- pkgsrc/www/apache24/patches/patch-ai:1.1.1.1        Fri Apr 13 18:50:49 2012
+++ pkgsrc/www/apache24/patches/patch-ai        Thu Sep  5 10:21:28 2019
@@ -1,4 +1,4 @@
-$NetBSD: patch-ai,v 1.1.1.1 2012/04/13 18:50:49 ryoon Exp $
+$NetBSD: patch-ai,v 1.1.1.1.60.1 2019/09/05 10:21:28 bsiegert Exp $
 
 --- support/apxs.in.orig       2010-06-22 17:12:44.000000000 +0000
 +++ support/apxs.in
@@ -10,7 +10,7 @@ $NetBSD: patch-ai,v 1.1.1.1 2012/04/13 1
 -chomp($libtool);
 +my $libtool = $ENV{'APR_LIBTOOL'};
 +unless ($libtool) {
-+      $libtool = `@LOCALBASE@/bin/apr-1-config --installbuilddir`;
++      $libtool = `@PREFIX@/bin/apr-1-config --installbuilddir`;
 +      chomp($libtool);
 +      $libtool = "$libtool/libtool";
 +}



Home | Main Index | Thread Index | Old Index