pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache24 apache24: updated to 2.4.38

branches:  trunk
changeset: 318306:77c97d44dcff
user:      adam <>
date:      Wed Jan 23 12:04:18 2019 +0000

apache24: updated to 2.4.38

Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (
   mod_session: mod_session_cookie does not respect expiry time allowing
   sessions to be reused.
*) SECURITY: CVE-2018-17189 (
   mod_http2: fixes a DoS attack vector. By sending slow request bodies
   to resources not consuming them, httpd cleanup code occupies a server
   thread unnecessarily. This was changed to an immediate stream reset
   which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (
   mod_ssl: Fix infinite loop triggered by a client-initiated
   renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
   AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
   have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
   in the expression does NOT match. In this case val is NULL
   and we should just set the value for the environment variable
   like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
   multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
   this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
   passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
   afterwards. Otherwise errors are reported when other SSL using modules
   are in play.
*) mod_ssl: Fix the error code returned in an error path of
   'ssl_io_filter_handshake()'. This messes-up error handling performed
   in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
   authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
   redirects, subsequent ProxyPassReverse statements, whether they are
   relative or absolute, may fail.
*) mod_lua: Now marked as a stable module


 www/apache24/Makefile |   9 ++++-----
 www/apache24/distinfo |  10 +++++-----
 2 files changed, 9 insertions(+), 10 deletions(-)

diffs (55 lines):

diff -r 8a780fcc7600 -r 77c97d44dcff www/apache24/Makefile
--- a/www/apache24/Makefile     Wed Jan 23 11:53:44 2019 +0000
+++ b/www/apache24/Makefile     Wed Jan 23 12:04:18 2019 +0000
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.75 2018/12/13 19:52:25 adam Exp $
+# $NetBSD: Makefile,v 1.76 2019/01/23 12:04:18 adam Exp $
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
-DISTNAME=      httpd-2.4.37
+DISTNAME=      httpd-2.4.38
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
@@ -82,7 +81,7 @@
 PKG_SYSCONFVAR=                apache
 EGDIR=                 ${PREFIX}/share/examples/httpd
 SBINDIR=               ${PREFIX}/sbin
 CONF_FILES+=           ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf
@@ -172,7 +171,7 @@
 INSTALL_MAKE_FLAGS+=   sysconfdir="${EGDIR}"
-       ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
+       ${LN} -sf ${PREFIX}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
        ${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars
        ${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/bin
diff -r 8a780fcc7600 -r 77c97d44dcff www/apache24/distinfo
--- a/www/apache24/distinfo     Wed Jan 23 11:53:44 2019 +0000
+++ b/www/apache24/distinfo     Wed Jan 23 12:04:18 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.38 2018/10/24 10:08:00 adam Exp $
+$NetBSD: distinfo,v 1.39 2019/01/23 12:04:18 adam Exp $
-SHA1 (httpd-2.4.37.tar.bz2) = 4a38471de821288b0300148016f2b03dfee8adf2
-RMD160 (httpd-2.4.37.tar.bz2) = 2f81b55c14f3bc3b2e46a9b841c798071983deb5
-SHA512 (httpd-2.4.37.tar.bz2) = e802915801bbe885a65dada04b0116d145b293fabfff734dddb61a79ca1c6d65326f51155d1b864b093c3ec00d0bdfdf1401ab55677bae1ea3da1d199d7bcad4
-Size (httpd-2.4.37.tar.bz2) = 7031632 bytes
+SHA1 (httpd-2.4.38.tar.bz2) = 810de74ea3ee59ff3205f2a46436fc1dcce4e4ab
+RMD160 (httpd-2.4.38.tar.bz2) = 192484b6c8714246a562dd187ea1bfce01e17014
+SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448
+Size (httpd-2.4.38.tar.bz2) = 7035030 bytes
 SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d

Home | Main Index | Thread Index | Old Index