pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache24 apache24: update to 2.4.28
details: https://anonhg.NetBSD.org/pkgsrc/rev/53e067994642
branches: trunk
changeset: 369825:53e067994642
user: adam <adam%pkgsrc.org@localhost>
date: Fri Oct 06 06:22:05 2017 +0000
description:
apache24: update to 2.4.28
Changes with Apache 2.4.28
*) SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. <Limit[Except]> must now be used in the
main configuration file (httpd.conf) to register HTTP methods before the
.htaccess files.
*) event: Avoid possible blocking in the listener thread when shutting down
connections.
*) mod_speling: Don't embed referer data in a link in error page.
*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
length in a password file.
*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
's' (second) and 'hr' (hour!) time suffixes.
*) mod_http2: Fix for stalling when more than 32KB are written to a
suspended stream.
*) build: allow configuration without APR sources.
*) mod_ssl, ab: Fix compatibility with LibreSSL.
*) core/log: Support use of optional "tag" in syslog entries.
*) mod_proxy: Fix ProxyAddHeaders merging.
*) core: Disallow multiple Listen on the same IP:port when listener buckets
are configured (ListenCoresBucketsRatio > 0), consistently with the single
bucket case (default), thus avoiding the leak of the corresponding socket
descriptors on graceful restart.
*) event: Avoid listener periodic wake ups by using the pollset wake-ability
when available.
*) mod_proxy_wstunnel: Fix detection of unresponded request which could have
led to spurious HTTP 502 error messages sent on upgrade connections.
diffstat:
www/apache24/Makefile | 5 ++---
www/apache24/distinfo | 11 +++++------
www/apache24/patches/patch-server_core.c | 20 --------------------
3 files changed, 7 insertions(+), 29 deletions(-)
diffs (66 lines):
diff -r cc8ffb129777 -r 53e067994642 www/apache24/Makefile
--- a/www/apache24/Makefile Fri Oct 06 06:15:00 2017 +0000
+++ b/www/apache24/Makefile Fri Oct 06 06:22:05 2017 +0000
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.61 2017/09/18 13:24:05 wiz Exp $
+# $NetBSD: Makefile,v 1.62 2017/10/06 06:22:05 adam Exp $
#
# When updating this package, make sure that no strings like
# "PR 12345" are in the commit message. Upstream likes
# to reference their own PRs this way, but this ends up
# in NetBSD GNATS.
-DISTNAME= httpd-2.4.27
+DISTNAME= httpd-2.4.28
PKGNAME= ${DISTNAME:S/httpd/apache/}
-PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/}
MASTER_SITES+= http://archive.apache.org/dist/httpd/
diff -r cc8ffb129777 -r 53e067994642 www/apache24/distinfo
--- a/www/apache24/distinfo Fri Oct 06 06:15:00 2017 +0000
+++ b/www/apache24/distinfo Fri Oct 06 06:22:05 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.32 2017/09/18 13:34:51 wiz Exp $
+$NetBSD: distinfo,v 1.33 2017/10/06 06:22:05 adam Exp $
-SHA1 (httpd-2.4.27.tar.bz2) = 699e4e917e8fb5fd7d0ce7e009f8256ed02ec6fc
-RMD160 (httpd-2.4.27.tar.bz2) = 46f601f58de77eb11fa4c7ea35fa0858d2f4d289
-SHA512 (httpd-2.4.27.tar.bz2) = 7e7e8070715b74cb6890096a74e194f4c6a49c14bda685b1ad832e84312f1ac4316ea03a430e679502bfd8e1853aefa544ee002a20d0f7e994b9a590c74bc42c
-Size (httpd-2.4.27.tar.bz2) = 6527394 bytes
+SHA1 (httpd-2.4.28.tar.bz2) = 0b37522b808dcee72e1d56d656b0def530b820a2
+RMD160 (httpd-2.4.28.tar.bz2) = b242f9b671a5b1cc58e3897d3bb6c278d4125e47
+SHA512 (httpd-2.4.28.tar.bz2) = 8de8e32b87e6de220e492e74db9df0882fae11c3b9732f3d3316da048c04767ac4429c0433c36f87d8705263e3376f97a7e1f66a9d7a518632a67b6fe617590a
+Size (httpd-2.4.28.tar.bz2) = 6553163 bytes
SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
@@ -15,4 +15,3 @@
SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777
SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df
SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96
-SHA1 (patch-server_core.c) = 52dbf840b22c4ad48ede200c3fe5ae889d2fe509
diff -r cc8ffb129777 -r 53e067994642 www/apache24/patches/patch-server_core.c
--- a/www/apache24/patches/patch-server_core.c Fri Oct 06 06:15:00 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-server_core.c,v 1.2 2017/09/18 13:34:51 wiz Exp $
-
-Fix security problem using upstream patch.
-http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
-
---- server/core.c.orig 2016-12-05 14:34:29.000000000 +0000
-+++ server/core.c
-@@ -2262,6 +2262,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_
- /* method has not been registered yet, but resource restriction
- * is always checked before method handling, so register it.
- */
-+ if (cmd->pool == cmd->temp_pool) {
-+ /* In .htaccess, we can't globally register new methods. */
-+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
-+ "for %s from .htaccess configuration",
-+ method, cmd->cmd->name);
-+ }
- methnum = ap_method_register(cmd->pool,
- apr_pstrdup(cmd->pool, method));
- }
Home |
Main Index |
Thread Index |
Old Index