CVS commit: [pkgsrc-2024Q2] pkgsrc/www/apache24

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Jul 11 17:44:57 UTC 2024

Modified Files:
        pkgsrc/www/apache24 [pkgsrc-2024Q2]: Makefile distinfo

Log Message:
Pullup ticket #6876 - requested by taca
www/apache24: security fix

Revisions pulled up:
- www/apache24/Makefile                                         1.128
- www/apache24/distinfo                                         1.64

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Jul  3 15:22:22 UTC 2024

   Modified Files:
        pkgsrc/www/apache24: Makefile distinfo

   Log Message:
   www/apache24: update to 2.4.61

   Apache HTTP Server 2.4.61 contains one security fix.

   Fixed in Apache HTTP Server 2.4.61

   important: Apache HTTP Server: source code disclosure with handlers configured via AddType (CVE-2024-39884)

   A regression in the core of Apache HTTP Server 2.4.60 ignores some use of
   the legacy content-type based configuration of handlers.  "AddType" and
   similar configuration, under some circumstances where files are requested
   indirectly, result in source code disclosure of local content.  For example,
   PHP scripts may be served instead of interpreted.

   Users are recommended to upgrade to version 2.4.61, which fixes this issue.

   Reported to security team    2024-07-01
   Update 2.4.61 released               2024-07-03
   Affects                              2.4.60


To generate a diff of this commit:
cvs rdiff -u -r1.126.2.1 -r1.126.2.2 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.62.2.1 -r1.62.2.2 pkgsrc/www/apache24/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/apache24/Makefile
diff -u pkgsrc/www/apache24/Makefile:1.126.2.1 pkgsrc/www/apache24/Makefile:1.126.2.2
--- pkgsrc/www/apache24/Makefile:1.126.2.1      Tue Jul  2 18:11:40 2024
+++ pkgsrc/www/apache24/Makefile        Thu Jul 11 17:44:57 2024
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.126.2.1 2024/07/02 18:11:40 bsiegert Exp $
+# $NetBSD: Makefile,v 1.126.2.2 2024/07/11 17:44:57 bsiegert Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
 
-DISTNAME=      httpd-2.4.60
+DISTNAME=      httpd-2.4.61
 PKGNAME=       ${DISTNAME:S/httpd/apache/}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_APACHE:=httpd/}

Index: pkgsrc/www/apache24/distinfo
diff -u pkgsrc/www/apache24/distinfo:1.62.2.1 pkgsrc/www/apache24/distinfo:1.62.2.2
--- pkgsrc/www/apache24/distinfo:1.62.2.1       Tue Jul  2 18:11:40 2024
+++ pkgsrc/www/apache24/distinfo        Thu Jul 11 17:44:57 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.62.2.1 2024/07/02 18:11:40 bsiegert Exp $
+$NetBSD: distinfo,v 1.62.2.2 2024/07/11 17:44:57 bsiegert Exp $
 
-BLAKE2s (httpd-2.4.60.tar.bz2) = 9a3693c6068cf9cade40d896a18c885787b4e2a149e34e9ff71b05d653925fc3
-SHA512 (httpd-2.4.60.tar.bz2) = c1591389f76699beaa5d32b019729e25f1ed5b828311c82b52f1a4edd5d28b73e697958df384d7628b314521a831dbb0af418bc37cdf031cfe133e53c195d8ad
-Size (httpd-2.4.60.tar.bz2) = 7508704 bytes
+BLAKE2s (httpd-2.4.61.tar.bz2) = 8d15edef65d66f6fef14f0629d39c2ff2576cad96483532b0513861ec8284a31
+SHA512 (httpd-2.4.61.tar.bz2) = 00656220ecc2b80788f539536553f0a3a57602fb981be22e63af87d0f98ffe5da3056e722ce52ae8cf9c2111ad1922b3aaea1fd7d69d0ed76795199203d593ff
+Size (httpd-2.4.61.tar.bz2) = 7512908 bytes
 SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157