pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/apache24
Module Name: pkgsrc
Committed By: taca
Date: Tue Dec 20 21:06:35 UTC 2016
Modified Files:
pkgsrc/www/apache24: Makefile distinfo
Removed Files:
pkgsrc/www/apache24/patches: patch-CVE-2016-8740-2.4.23
patch-server_util__script.c
Log Message:
Update apache24 to 2.4.25 (Apache HTTPD 2.4.25). 2.4.24 was not released.
This release fixes several security problems, some of them are already
handled in pkgsrc. Please refer CHANGES file in detail.
*) SECURITY: CVE-2016-8740 (cve.mitre.org)
mod_http2: Mitigate DoS memory exhaustion via endless
CONTINUATION frames.
[Naveen Tiwari <naveen.tiwari%asu.edu@localhost> and CDF/SEFCOM at Arizona State
University, Stefan Eissing]
*) SECURITY: CVE-2016-5387 (cve.mitre.org)
core: Mitigate [f]cgi "httpoxy" issues.
[Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
*) SECURITY: CVE-2016-2161 (cve.mitre.org)
mod_auth_digest: Prevent segfaults during client entry allocation when
the shared memory space is exhausted.
[Maksim Malyutin <m.malyutin dsec.ru>, Eric Covener, Jacob Champion]
*) SECURITY: CVE-2016-0736 (cve.mitre.org)
mod_session_crypto: Authenticate the session data/cookie with a
MAC (SipHash) to prevent deciphering or tampering with a padding
oracle attack. [Yann Ylavic, Colm MacCarthaigh]
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/www/apache24/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache24/patches/patch-CVE-2016-8740-2.4.23 \
pkgsrc/www/apache24/patches/patch-server_util__script.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/apache24/Makefile
diff -u pkgsrc/www/apache24/Makefile:1.50 pkgsrc/www/apache24/Makefile:1.51
--- pkgsrc/www/apache24/Makefile:1.50 Sun Dec 11 23:52:55 2016
+++ pkgsrc/www/apache24/Makefile Tue Dec 20 21:06:34 2016
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.50 2016/12/11 23:52:55 taca Exp $
+# $NetBSD: Makefile,v 1.51 2016/12/20 21:06:34 taca Exp $
#
# When updating this package, make sure that no strings like
# "PR 12345" are in the commit message. Upstream likes
# to reference their own PRs this way, but this ends up
# in NetBSD GNATS.
-DISTNAME= httpd-2.4.23
+DISTNAME= httpd-2.4.25
PKGNAME= ${DISTNAME:S/httpd/apache/}
-PKGREVISION= 4
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
http://archive.apache.org/dist/httpd/ \
Index: pkgsrc/www/apache24/distinfo
diff -u pkgsrc/www/apache24/distinfo:1.27 pkgsrc/www/apache24/distinfo:1.28
--- pkgsrc/www/apache24/distinfo:1.27 Sun Dec 11 23:52:55 2016
+++ pkgsrc/www/apache24/distinfo Tue Dec 20 21:06:34 2016
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.27 2016/12/11 23:52:55 taca Exp $
+$NetBSD: distinfo,v 1.28 2016/12/20 21:06:34 taca Exp $
-SHA1 (httpd-2.4.23.tar.bz2) = 5101be34ac4a509b245adb70a56690a84fcc4e7f
-RMD160 (httpd-2.4.23.tar.bz2) = 01a485281ededaaf932c9478ad078879a63254bc
-SHA512 (httpd-2.4.23.tar.bz2) = c520de5be748c0a785ef0dc77102749eb4f47e224968b8d4bed2ae644faa0964623a0e960b64486a0888446790d050b52a6ae34fe61717fab95b37384b4825b1
-Size (httpd-2.4.23.tar.bz2) = 6351875 bytes
-SHA1 (patch-CVE-2016-8740-2.4.23) = 286afd11a07f4bb1acb0ca9b89086c79930ca562
+SHA1 (httpd-2.4.25.tar.bz2) = bd6d138c31c109297da2346c6e7b93b9283993d2
+RMD160 (httpd-2.4.25.tar.bz2) = 6dd0e159f8ff4bb0112476bbee038bd855057c10
+SHA512 (httpd-2.4.25.tar.bz2) = 6ba4ce1dcef71416cf1c0de2468c002767b5637a75744daf5beb0edd045749a751b3826c4132f594c48e4b33ca8e1b25ebfb63ac4c8b759ca066a89d3261fb22
+Size (httpd-2.4.25.tar.bz2) = 6398218 bytes
SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
@@ -16,4 +15,3 @@ SHA1 (patch-al) = 02d9ade5aac4270182063d
SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777
SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df
SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96
-SHA1 (patch-server_util__script.c) = e106f9d7157a5eaf34ef9b1fb445d517c7712aa2
Home |
Main Index |
Thread Index |
Old Index