pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/54385 CVS commit: [pkgsrc-2019Q2] pkgsrc/www/apache24



The following reply was made to PR pkg/54385; it has been noted by GNATS.

From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/54385 CVS commit: [pkgsrc-2019Q2] pkgsrc/www/apache24
Date: Thu, 5 Sep 2019 10:21:28 +0000

 Module Name:	pkgsrc
 Committed By:	bsiegert
 Date:		Thu Sep  5 10:21:28 UTC 2019
 
 Modified Files:
 	pkgsrc/www/apache24 [pkgsrc-2019Q2]: Makefile PLIST distinfo
 	pkgsrc/www/apache24/patches [pkgsrc-2019Q2]: patch-ai
 
 Log Message:
 Pullup ticket #6037 - requested by taca
 www/apache24: SunOS build fix, security fix
 
 Revisions pulled up:
 - www/apache24/Makefile                                         1.82,1.84
 - www/apache24/PLIST                                            1.31
 - www/apache24/distinfo                                         1.41
 - www/apache24/patches/patch-ai                                 1.2
 
 ---
    Module Name:	pkgsrc
    Committed By:	ryoon
    Date:		Mon Jul  1 04:08:55 UTC 2019
 
    Modified Files:
 
    	pkgsrc/www/apache24: Makefile
 
    Log Message:
    Recursive revbump from boost-1.70.0
 
 ---
    Module Name:	pkgsrc
    Committed By:	jperkin
    Date:		Mon Jul 22 10:34:22 UTC 2019
 
    Modified Files:
    	pkgsrc/www/apache24: Makefile
 
    Log Message:
    apache24: Extend SunOS C99 compilers list to gcc-5.
 
    Should fix PR#54385 from Hiroshi Hakoyama.
 
 ---
    Module Name:	pkgsrc
    Committed By:	wiz
    Date:		Sun Aug 11 13:25:21 UTC 2019
 
    Modified Files:
 
    	pkgsrc/www/apache24: Makefile buildlink3.mk
 
    Log Message:
    Bump PKGREVISIONs for perl 5.30.0
 
 ---
    Module Name:	pkgsrc
    Committed By:	adam
    Date:		Thu Aug 15 08:03:39 UTC 2019
 
    Modified Files:
    	pkgsrc/www/apache24: Makefile PLIST distinfo
    	pkgsrc/www/apache24/patches: patch-ai
 
    Log Message:
    apache24: updated to 2.4.41
 
    Changes with Apache 2.4.41
 
      *) SECURITY: CVE-2019-10081 (cve.mitre.org)
         mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
         could lead to an overwrite of memory in the pushing request's pool,
         leading to crashes. The memory copied is that of the configured push
         link header values, not data supplied by the client.
 
      *) SECURITY: CVE-2019-9517 (cve.mitre.org)
         mod_http2: a malicious client could perform a DoS attack by flooding
         a connection with requests and basically never reading responses
         on the TCP connection. Depending on h2 worker dimensioning, it was
         possible to block those with relatively few connections.
 
      *) SECURITY: CVE-2019-10098 (cve.mitre.org)
         rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
         matches and substitutions with encoded line break characters.
 
      *) SECURITY: CVE-2019-10092 (cve.mitre.org)
         Remove HTML-escaped URLs from canned error responses to prevent misleading
         text/links being displayed via crafted links.
 
      *) SECURITY: CVE-2019-10097 (cve.mitre.org)
         mod_remoteip: Fix stack buffer overflow and NULL pointer deference
         when reading the PROXY protocol header.
 
      *) SECURITY: CVE-2019-10082 (cve.mitre.org)
         mod_http2: Using fuzzed network input, the http/2 session
         handling could be made to read memory after being freed,
         during connection shutdown.
 
      *) mod_proxy_balancer: Improve balancer-manager protection against
         XSS/XSRF attacks from trusted users.
 
      *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
         configure the session/cookie expiry's update interval.
 
      *) modules/filters: Fix broken compilation when using old GCC (<4.2.x).
 
      *) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile
         configured for a domain managed by mod_md.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.80 -r1.80.2.1 pkgsrc/www/apache24/Makefile
 cvs rdiff -u -r1.30 -r1.30.2.1 pkgsrc/www/apache24/PLIST
 cvs rdiff -u -r1.40 -r1.40.2.1 pkgsrc/www/apache24/distinfo
 cvs rdiff -u -r1.1.1.1 -r1.1.1.1.60.1 pkgsrc/www/apache24/patches/patch-ai
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index