CVS commit: pkgsrc/www/apache24

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Jul  3 15:22:22 UTC 2024

Modified Files:
        pkgsrc/www/apache24: Makefile distinfo

Log Message:
www/apache24: update to 2.4.61

Apache HTTP Server 2.4.61 contains one security fix.

Fixed in Apache HTTP Server 2.4.61

important: Apache HTTP Server: source code disclosure with handlers configured via AddType (CVE-2024-39884)

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of
the legacy content-type based configuration of handlers.  "AddType" and
similar configuration, under some circumstances where files are requested
indirectly, result in source code disclosure of local content.  For example,
PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.61, which fixes this issue.

Reported to security team       2024-07-01
Update 2.4.61 released          2024-07-03
Affects                         2.4.60


To generate a diff of this commit:
cvs rdiff -u -r1.127 -r1.128 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.63 -r1.64 pkgsrc/www/apache24/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/apache24/Makefile
diff -u pkgsrc/www/apache24/Makefile:1.127 pkgsrc/www/apache24/Makefile:1.128
--- pkgsrc/www/apache24/Makefile:1.127  Tue Jul  2 10:31:58 2024
+++ pkgsrc/www/apache24/Makefile        Wed Jul  3 15:22:22 2024
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.127 2024/07/02 10:31:58 adam Exp $
+# $NetBSD: Makefile,v 1.128 2024/07/03 15:22:22 taca Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
 
-DISTNAME=      httpd-2.4.60
+DISTNAME=      httpd-2.4.61
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}

Index: pkgsrc/www/apache24/distinfo
diff -u pkgsrc/www/apache24/distinfo:1.63 pkgsrc/www/apache24/distinfo:1.64
--- pkgsrc/www/apache24/distinfo:1.63   Tue Jul  2 10:31:58 2024
+++ pkgsrc/www/apache24/distinfo        Wed Jul  3 15:22:22 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.63 2024/07/02 10:31:58 adam Exp $
+$NetBSD: distinfo,v 1.64 2024/07/03 15:22:22 taca Exp $
 
-BLAKE2s (httpd-2.4.60.tar.bz2) = 9a3693c6068cf9cade40d896a18c885787b4e2a149e34e9ff71b05d653925fc3
-SHA512 (httpd-2.4.60.tar.bz2) = c1591389f76699beaa5d32b019729e25f1ed5b828311c82b52f1a4edd5d28b73e697958df384d7628b314521a831dbb0af418bc37cdf031cfe133e53c195d8ad
-Size (httpd-2.4.60.tar.bz2) = 7508704 bytes
+BLAKE2s (httpd-2.4.61.tar.bz2) = 8d15edef65d66f6fef14f0629d39c2ff2576cad96483532b0513861ec8284a31
+SHA512 (httpd-2.4.61.tar.bz2) = 00656220ecc2b80788f539536553f0a3a57602fb981be22e63af87d0f98ffe5da3056e722ce52ae8cf9c2111ad1922b3aaea1fd7d69d0ed76795199203d593ff
+Size (httpd-2.4.61.tar.bz2) = 7512908 bytes
 SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157