pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q2]: pkgsrc/www/apache22 Pullup ticket #5520 - requested b...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/3e8fbb2f3cd3
branches:  pkgsrc-2017Q2
changeset: 408652:3e8fbb2f3cd3
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun Jul 23 16:35:18 2017 +0000

description:
Pullup ticket #5520 - requested by taca
www/apache22: security update

Revisions pulled up:
- www/apache22/Makefile                                         1.113
- www/apache22/distinfo                                         1.67

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Wed Jul 12 07:00:40 UTC 2017

   Modified Files:
        pkgsrc/www/apache22: Makefile distinfo

   Log Message:
   Changes with Apache 2.2.34

     *) Allow single-char field names inadvertantly disallowed in 2.2.32.

   Changes with Apache 2.2.33 (not released)

     *) SECURITY: CVE-2017-7668 (cve.mitre.org)
        The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
        bug in token list parsing, which allows ap_find_token() to search past
        the end of its input string. By maliciously crafting a sequence of
        request headers, an attacker may be able to cause a segmentation fault,
        or to force ap_find_token() to return an incorrect value.

     *) SECURITY: CVE-2017-3169 (cve.mitre.org)
        mod_ssl may dereference a NULL pointer when third-party modules call
        ap_hook_process_connection() during an HTTP request to an HTTPS port.

     *) SECURITY: CVE-2017-3167 (cve.mitre.org)
        Use of the ap_get_basic_auth_pw() by third-party modules outside of the
        authentication phase may lead to authentication requirements being
        bypassed.

     *) SECURITY: CVE-2017-7679 (cve.mitre.org)
        mod_mime can read one byte past the end of a buffer when sending a
        malicious Content-Type response header.

     *) Fix HttpProtocolOptions to inherit from global to VirtualHost scope.


   To generate a diff of this commit:
   cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/apache22/Makefile
   cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/apache22/distinfo

diffstat:

 www/apache22/Makefile |   4 ++--
 www/apache22/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 4eb5cac30c5b -r 3e8fbb2f3cd3 www/apache22/Makefile
--- a/www/apache22/Makefile     Sun Jul 16 08:36:39 2017 +0000
+++ b/www/apache22/Makefile     Sun Jul 23 16:35:18 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.112 2017/01/19 18:52:28 agc Exp $
+# $NetBSD: Makefile,v 1.112.4.1 2017/07/23 16:35:18 spz Exp $
 
-DISTNAME=      httpd-2.2.32
+DISTNAME=      httpd-2.2.34
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}
diff -r 4eb5cac30c5b -r 3e8fbb2f3cd3 www/apache22/distinfo
--- a/www/apache22/distinfo     Sun Jul 16 08:36:39 2017 +0000
+++ b/www/apache22/distinfo     Sun Jul 23 16:35:18 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.66 2017/01/16 14:34:42 adam Exp $
+$NetBSD: distinfo,v 1.66.4.1 2017/07/23 16:35:18 spz Exp $
 
-SHA1 (httpd-2.2.32.tar.bz2) = 36dc7f2ac97627192dcff0a121408b897f91b121
-RMD160 (httpd-2.2.32.tar.bz2) = 88789518915babeaa8dbf0e8130b6d630bebb6c3
-SHA512 (httpd-2.2.32.tar.bz2) = b1802579f4fc950705ddcf0a24f502ffadbd91d5693fdd3b290ac7ca40122f8fa48132ad1055afae9b841dd55e8bb343239be07ca431b0f60ea081f5c2fad2c3
-Size (httpd-2.2.32.tar.bz2) = 5777509 bytes
+SHA1 (httpd-2.2.34.tar.bz2) = 829206394e238af0b800fc78d19c74ee466ecb23
+RMD160 (httpd-2.2.34.tar.bz2) = 7e913d60ac02c815edac6ab0614f5dc40618c073
+SHA512 (httpd-2.2.34.tar.bz2) = e6dac5865a48533c025fe17523ee74d68c3a23f9512c9441b78a140e33cfb6835573eb049b0ad424eb5c5ca78a1915778c54e8a409da95fbdd3890cb99e08240
+Size (httpd-2.2.34.tar.bz2) = 5779739 bytes
 SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad



Home | Main Index | Thread Index | Old Index