pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2016Q4] pkgsrc/www/apache22
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Feb 3 11:26:04 UTC 2017
Modified Files:
pkgsrc/www/apache22 [pkgsrc-2016Q4]: Makefile distinfo
Removed Files:
pkgsrc/www/apache22/patches [pkgsrc-2016Q4]: patch-include_ap_mmn.h
patch-modules_proxy_mod_proxy.c patch-modules_proxy_mod_proxy.h
patch-modules_proxy_proxy_util.c patch-server_util__script.c
Log Message:
Pullup ticket #5204 - requested by sevan
www/apache2: security fix
Revisions pulled up:
- www/apache22/Makefile 1.111
- www/apache22/distinfo 1.66
- www/apache22/patches/patch-include_ap_mmn.h deleted
- www/apache22/patches/patch-modules_proxy_mod_proxy.c deleted
- www/apache22/patches/patch-modules_proxy_mod_proxy.h deleted
- www/apache22/patches/patch-modules_proxy_proxy_util.c deleted
- www/apache22/patches/patch-server_util__script.c deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Jan 16 14:34:42 UTC 2017
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-include_ap_mmn.h
patch-modules_proxy_mod_proxy.c patch-modules_proxy_mod_proxy.h
patch-modules_proxy_proxy_util.c patch-server_util__script.c
Log Message:
Changes with Apache 2.2.32
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies.
*) Validate HTTP response header grammar defined by RFC7230, resulting
in a 500 error in the event that invalid response header contents are
detected when serving the response, to avoid response splitting and cache
pollution by malicious clients, upstream servers or faulty modules.
*) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.
*) core: Avoid a possible truncation of the faulty header included in the
HTML response when LimitRequestFieldSize is reached.
*) core: Enforce LimitRequestFieldSize after multiple headers with the same
name have been merged.
*) core: Drop Content-Length header and message-body from HTTP 204 responses.
*) core: Permit unencoded ';' characters to appear in proxy requests and
Location: response headers. Corresponds to modern browser behavior.
*) core: ap_rgetline_core now pulls from r->proto_input_filters.
*) core: Correctly parse an IPv6 literal host specification in an absolute
URL in the request line.
*) core: New directive RegisterHttpMethod for registering non-standard
HTTP methods.
*) core: Limit to ten the number of tolerated empty lines between request.
*) core: reject NULLs in request line or request headers.
*) mod_proxy: Use the correct server name for SNI in case the backend
SSL connection itself is established via a proxy server.
*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives.
*) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3.
*) mod_proxy: Correctly consider error response codes by the backend when
processing failonstatus.
*) mod_proxy: Play/restore the TLS-SNI on new backend connections which
had to be issued because the remote closed the previous/reusable one
during idle (keep-alive) time.
*) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
*) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to
use a different scoreboard slot then the original one.
*) mod_proxy: Fix a race condition that caused a failed worker to be retried
before the retry period is over.
*) mod_proxy: don't recyle backend announced "Connection: close" connections
to avoid reusing it should the close be effective after some new request
is ready to be sent.
*) mod_mem_cache: Fix concurrent removal of stale entries which could lead
to a crash.
*) mime.types: add common extension "m4a" for MPEG 4 Audio.
*) mod_substitute: Allow to configure the patterns merge order with the new
SubstituteInheritBefore on|off directive.
*) mod_mem_cache: Don't cache incomplete responses when the client
connection is aborted before the body is fully read.
*) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
*) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.110.4.1 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.65 -r1.65.4.1 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache22/patches/patch-include_ap_mmn.h \
pkgsrc/www/apache22/patches/patch-modules_proxy_mod_proxy.h \
pkgsrc/www/apache22/patches/patch-modules_proxy_proxy_util.c \
pkgsrc/www/apache22/patches/patch-server_util__script.c
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/apache22/patches/patch-modules_proxy_mod_proxy.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/apache22/Makefile
diff -u pkgsrc/www/apache22/Makefile:1.110 pkgsrc/www/apache22/Makefile:1.110.4.1
--- pkgsrc/www/apache22/Makefile:1.110 Fri Jul 29 11:10:24 2016
+++ pkgsrc/www/apache22/Makefile Fri Feb 3 11:26:04 2017
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.110 2016/07/29 11:10:24 wiz Exp $
+# $NetBSD: Makefile,v 1.110.4.1 2017/02/03 11:26:04 bsiegert Exp $
-DISTNAME= httpd-2.2.31
+DISTNAME= httpd-2.2.32
PKGNAME= ${DISTNAME:S/httpd/apache/}
-PKGREVISION= 4
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} \
http://archive.apache.org/dist/httpd/ \
Index: pkgsrc/www/apache22/distinfo
diff -u pkgsrc/www/apache22/distinfo:1.65 pkgsrc/www/apache22/distinfo:1.65.4.1
--- pkgsrc/www/apache22/distinfo:1.65 Fri Jul 29 11:10:24 2016
+++ pkgsrc/www/apache22/distinfo Fri Feb 3 11:26:04 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.65 2016/07/29 11:10:24 wiz Exp $
+$NetBSD: distinfo,v 1.65.4.1 2017/02/03 11:26:04 bsiegert Exp $
-SHA1 (httpd-2.2.31.tar.bz2) = e3b55387112206307ba76526820a2627472f3787
-RMD160 (httpd-2.2.31.tar.bz2) = 5b073f5f556c74e19eba8e40faa5c5fa308e018a
-SHA512 (httpd-2.2.31.tar.bz2) = 5aa47d4b76f692bbd8b309135ff99152df98cf69b505b9daf3f13f7f2a31443eaf4995161adfbc47a133b4d0e091fda2d95fc6b87a956f0ada18d7466ee28e74
-Size (httpd-2.2.31.tar.bz2) = 5610489 bytes
+SHA1 (httpd-2.2.32.tar.bz2) = 36dc7f2ac97627192dcff0a121408b897f91b121
+RMD160 (httpd-2.2.32.tar.bz2) = 88789518915babeaa8dbf0e8130b6d630bebb6c3
+SHA512 (httpd-2.2.32.tar.bz2) = b1802579f4fc950705ddcf0a24f502ffadbd91d5693fdd3b290ac7ca40122f8fa48132ad1055afae9b841dd55e8bb343239be07ca431b0f60ea081f5c2fad2c3
+Size (httpd-2.2.32.tar.bz2) = 5777509 bytes
SHA1 (patch-aa) = e0bfdf6bc9cb034bea46a390a12a5508e363c9a7
SHA1 (patch-ab) = 365cc3b0ac2d9d68ccb94f5699fe168a1c9b0150
SHA1 (patch-ac) = 515043b5c215d49fe8f6d3191b502c978e2a2dad
@@ -15,11 +15,6 @@ SHA1 (patch-al) = 56b9f5c2f6fd01fe5067f9
SHA1 (patch-am) = ab4a2f7e5a1a3064e908b61157e7fd349c0b0c08
SHA1 (patch-aw) = ca53d67beeb2c2c4d9adb04d3d79e24a8c427fd4
SHA1 (patch-docs_man_apxs.8) = 70797ea73ae6379492971bec1106a8427ae7fdaa
-SHA1 (patch-include_ap_mmn.h) = 2fec04379f38ecc90debc69faafe38932099e5e1
SHA1 (patch-lock.c) = 770ca03f1cb4421879bd5baa5a7c30cc91acb6e1
-SHA1 (patch-modules_proxy_mod_proxy.c) = 67d8d441c546a46aa729ed82673da4883f73dec8
-SHA1 (patch-modules_proxy_mod_proxy.h) = a4453d85f6a3cf43df44f4e491aee07aaff44905
SHA1 (patch-modules_proxy_mod_proxy_connect.c) = b2b5d0242a92c7bf20b14c16d8cd3abae42f3746
-SHA1 (patch-modules_proxy_proxy_util.c) = 1368694ef3141c3a1e9a1ddd73664bbb33465271
SHA1 (patch-repos.c) = 0e0361b91d4b0fe6c7c55a12fdfd2e6aacc710e1
-SHA1 (patch-server_util__script.c) = 770f773ba278ec774f1f5a812fa9956fad9cc3f8
Home |
Main Index |
Thread Index |
Old Index