pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q2]: pkgsrc/www/apache22 Pullup ticket #5520 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3e8fbb2f3cd3
branches: pkgsrc-2017Q2
changeset: 408652:3e8fbb2f3cd3
user: spz <spz%pkgsrc.org@localhost>
date: Sun Jul 23 16:35:18 2017 +0000
description:
Pullup ticket #5520 - requested by taca
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.113
- www/apache22/distinfo 1.67
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 12 07:00:40 UTC 2017
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Log Message:
Changes with Apache 2.2.34
*) Allow single-char field names inadvertantly disallowed in 2.2.32.
Changes with Apache 2.2.33 (not released)
*) SECURITY: CVE-2017-7668 (cve.mitre.org)
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.
*) SECURITY: CVE-2017-3169 (cve.mitre.org)
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
*) SECURITY: CVE-2017-3167 (cve.mitre.org)
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.
*) SECURITY: CVE-2017-7679 (cve.mitre.org)
mod_mime can read one byte past the end of a buffer when sending a
malicious Content-Type response header.
*) Fix HttpProtocolOptions to inherit from global to VirtualHost scope.
To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/apache22/distinfo
diffstat:
www/apache22/Makefile | 4 ++--
www/apache22/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (30 lines):
diff -r 4eb5cac30c5b -r 3e8fbb2f3cd3 www/apache22/Makefile
--- a/www/apache22/Makefile Sun Jul 16 08:36:39 2017 +0000
+++ b/www/apache22/Makefile Sun Jul 23 16:35:18 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.112 2017/01/19 18:52:28 agc Exp $
+# $NetBSD: Makefile,v 1.112.4.1 2017/07/23 16:35:18 spz Exp $
-DISTNAME= httpd-2.2.32
+DISTNAME= httpd-2.2.34
PKGNAME= ${DISTNAME:S/httpd/apache/}
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/}
diff -r 4eb5cac30c5b -r 3e8fbb2f3cd3 www/apache22/distinfo
--- a/www/apache22/distinfo Sun Jul 16 08:36:39 2017 +0000
+++ b/www/apache22/distinfo Sun Jul 23 16:35:18 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.66 2017/01/16 14:34:42 adam Exp $
+$NetBSD: distinfo,v 1.66.4.1 2017/07/23 16:35:18 spz Exp $
-SHA1 (httpd-2.2.32.tar.bz2) = 36dc7f2ac97627192dcff0a121408b897f91b121
-RMD160 (httpd-2.2.32.tar.bz2) = 88789518915babeaa8dbf0e8130b6d630bebb6c3
-SHA512 (httpd-2.2.32.tar.bz2) = b1802579f4fc950705ddcf0a24f502ffadbd91d5693fdd3b290ac7ca40122f8fa48132ad1055afae9b841dd55e8bb343239be07ca431b0f60ea081f5c2fad2c3
-Size (httpd-2.2.32.tar.bz2) = 5777509 bytes
+SHA1 (httpd-2.2.34.tar.bz2) = 829206394e238af0b800fc78d19c74ee466ecb23
+RMD160 (httpd-2.2.34.tar.bz2) = 7e913d60ac02c815edac6ab0614f5dc40618c073
+SHA512 (httpd-2.2.34.tar.bz2) = e6dac5865a48533c025fe17523ee74d68c3a23f9512c9441b78a140e33cfb6835573eb049b0ad424eb5c5ca78a1915778c54e8a409da95fbdd3890cb99e08240
+Size (httpd-2.2.34.tar.bz2) = 5779739 bytes
SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
Home |
Main Index |
Thread Index |
Old Index