pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache24 apache24: updated to 2.4.38
details: https://anonhg.NetBSD.org/pkgsrc/rev/ac09d062b91c
branches: trunk
changeset: 390557:ac09d062b91c
user: adam <adam%pkgsrc.org@localhost>
date: Wed Jan 23 12:04:18 2019 +0000
description:
apache24: updated to 2.4.38
Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play.
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
diffstat:
www/apache24/Makefile | 9 ++++-----
www/apache24/distinfo | 10 +++++-----
2 files changed, 9 insertions(+), 10 deletions(-)
diffs (55 lines):
diff -r eb1cdfa2f902 -r ac09d062b91c www/apache24/Makefile
--- a/www/apache24/Makefile Wed Jan 23 11:53:44 2019 +0000
+++ b/www/apache24/Makefile Wed Jan 23 12:04:18 2019 +0000
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.75 2018/12/13 19:52:25 adam Exp $
+# $NetBSD: Makefile,v 1.76 2019/01/23 12:04:18 adam Exp $
#
# When updating this package, make sure that no strings like
# "PR 12345" are in the commit message. Upstream likes
# to reference their own PRs this way, but this ends up
# in NetBSD GNATS.
-DISTNAME= httpd-2.4.37
+DISTNAME= httpd-2.4.38
PKGNAME= ${DISTNAME:S/httpd/apache/}
-PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/}
MASTER_SITES+= http://archive.apache.org/dist/httpd/
@@ -82,7 +81,7 @@
PKG_USERS_VARS= APACHE_USER
PKG_SYSCONFVAR= apache
-PKG_SYSCONFSUBDIR?= httpd
+PKG_SYSCONFSUBDIR= httpd
EGDIR= ${PREFIX}/share/examples/httpd
SBINDIR= ${PREFIX}/sbin
CONF_FILES+= ${EGDIR}/httpd.conf ${PKG_SYSCONFDIR}/httpd.conf
@@ -172,7 +171,7 @@
INSTALL_MAKE_FLAGS+= sysconfdir="${EGDIR}"
post-install:
- ${LN} -sf ${LOCALBASE}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
+ ${LN} -sf ${PREFIX}/libexec/apr/libtool ${DESTDIR}${PREFIX}/share/httpd/build
${LN} -sf ${SBINDIR}/envvars-std ${DESTDIR}${SBINDIR}/envvars
${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${DESTDIR}${PREFIX}/bin
diff -r eb1cdfa2f902 -r ac09d062b91c www/apache24/distinfo
--- a/www/apache24/distinfo Wed Jan 23 11:53:44 2019 +0000
+++ b/www/apache24/distinfo Wed Jan 23 12:04:18 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.38 2018/10/24 10:08:00 adam Exp $
+$NetBSD: distinfo,v 1.39 2019/01/23 12:04:18 adam Exp $
-SHA1 (httpd-2.4.37.tar.bz2) = 4a38471de821288b0300148016f2b03dfee8adf2
-RMD160 (httpd-2.4.37.tar.bz2) = 2f81b55c14f3bc3b2e46a9b841c798071983deb5
-SHA512 (httpd-2.4.37.tar.bz2) = e802915801bbe885a65dada04b0116d145b293fabfff734dddb61a79ca1c6d65326f51155d1b864b093c3ec00d0bdfdf1401ab55677bae1ea3da1d199d7bcad4
-Size (httpd-2.4.37.tar.bz2) = 7031632 bytes
+SHA1 (httpd-2.4.38.tar.bz2) = 810de74ea3ee59ff3205f2a46436fc1dcce4e4ab
+RMD160 (httpd-2.4.38.tar.bz2) = 192484b6c8714246a562dd187ea1bfce01e17014
+SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448
+Size (httpd-2.4.38.tar.bz2) = 7035030 bytes
SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
Home |
Main Index |
Thread Index |
Old Index