[pkgsrc/trunk]: pkgsrc/www/apache22 Changes with Apache 2.2.34

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/apache22 Changes with Apache 2.2.34
From: adam <adam%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 07:30:14 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2b16812c3833
branches:  trunk
changeset: 365245:2b16812c3833
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed Jul 12 07:00:40 2017 +0000

description:
Changes with Apache 2.2.34

  *) Allow single-char field names inadvertantly disallowed in 2.2.32.

Changes with Apache 2.2.33 (not released)

  *) SECURITY: CVE-2017-7668 (cve.mitre.org)
     The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
     bug in token list parsing, which allows ap_find_token() to search past
     the end of its input string. By maliciously crafting a sequence of
     request headers, an attacker may be able to cause a segmentation fault,
     or to force ap_find_token() to return an incorrect value.

  *) SECURITY: CVE-2017-3169 (cve.mitre.org)
     mod_ssl may dereference a NULL pointer when third-party modules call
     ap_hook_process_connection() during an HTTP request to an HTTPS port.

  *) SECURITY: CVE-2017-3167 (cve.mitre.org)
     Use of the ap_get_basic_auth_pw() by third-party modules outside of the
     authentication phase may lead to authentication requirements being
     bypassed.

  *) SECURITY: CVE-2017-7679 (cve.mitre.org)
     mod_mime can read one byte past the end of a buffer when sending a
     malicious Content-Type response header.

  *) Fix HttpProtocolOptions to inherit from global to VirtualHost scope.

diffstat:

 www/apache22/Makefile |   4 ++--
 www/apache22/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r a138ddc265b8 -r 2b16812c3833 www/apache22/Makefile
--- a/www/apache22/Makefile     Wed Jul 12 01:56:13 2017 +0000
+++ b/www/apache22/Makefile     Wed Jul 12 07:00:40 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.112 2017/01/19 18:52:28 agc Exp $
+# $NetBSD: Makefile,v 1.113 2017/07/12 07:00:40 adam Exp $
 
-DISTNAME=      httpd-2.2.32
+DISTNAME=      httpd-2.2.34
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}
diff -r a138ddc265b8 -r 2b16812c3833 www/apache22/distinfo
--- a/www/apache22/distinfo     Wed Jul 12 01:56:13 2017 +0000
+++ b/www/apache22/distinfo     Wed Jul 12 07:00:40 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.66 2017/01/16 14:34:42 adam Exp $
+$NetBSD: distinfo,v 1.67 2017/07/12 07:00:40 adam Exp $
 
-SHA1 (httpd-2.2.32.tar.bz2) = 36dc7f2ac97627192dcff0a121408b897f91b121
-RMD160 (httpd-2.2.32.tar.bz2) = 88789518915babeaa8dbf0e8130b6d630bebb6c3
-SHA512 (httpd-2.2.32.tar.bz2) = b1802579f4fc950705ddcf0a24f502ffadbd91d5693fdd3b290ac7ca40122f8fa48132ad1055afae9b841dd55e8bb343239be07ca431b0f60ea081f5c2fad2c3
-Size (httpd-2.2.32.tar.bz2) = 5777509 bytes
+SHA1 (httpd-2.2.34.tar.bz2) = 829206394e238af0b800fc78d19c74ee466ecb23
+RMD160 (httpd-2.2.34.tar.bz2) = 7e913d60ac02c815edac6ab0614f5dc40618c073
+SHA512 (httpd-2.2.34.tar.bz2) = e6dac5865a48533c025fe17523ee74d68c3a23f9512c9441b78a140e33cfb6835573eb049b0ad424eb5c5ca78a1915778c54e8a409da95fbdd3890cb99e08240
+Size (httpd-2.2.34.tar.bz2) = 5779739 bytes
 SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
 SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
 SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/verifast Import verifast-17.06 as devel/verifast.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Added devel/verifast version 17.06
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/verifast Import verifast-17.06 as devel/verifast.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Added devel/verifast version 17.06
Indexes:

Home | Main Index | Thread Index | Old Index