Received: by mail.netbsd.org (Postfix, from userid 605)
	id 010C784D55; Sat, 18 Aug 2018 09:11:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id E44CD84D54
	for <pkgsrc-changes@NetBSD.org>; Sat, 18 Aug 2018 09:11:12 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id 9ipDPMypgRlQ for <pkgsrc-changes@netbsd.org>;
	Sat, 18 Aug 2018 09:11:10 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 05CA984CD0
	for <pkgsrc-changes@NetBSD.org>; Sat, 18 Aug 2018 09:11:10 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 56CAEFBEC; Sat, 18 Aug 2018 09:11:00 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1534583460174980"
MIME-Version: 1.0
Date: Sat, 18 Aug 2018 09:11:00 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2018Q2] pkgsrc/www/apache24
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20180818091100.56CAEFBEC@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1534583460174980
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Sat Aug 18 09:11:00 UTC 2018

Modified Files:
	pkgsrc/www/apache24 [pkgsrc-2018Q2]: Makefile distinfo
	pkgsrc/www/apache24/patches [pkgsrc-2018Q2]: patch-aa

Log Message:
Pullup ticket #5802 - requested by taca
www/apache24: security fix

Revisions pulled up:
- www/apache24/Makefile                                         1.69-1.70
- www/apache24/distinfo                                         1.36
- www/apache24/patches/patch-aa                                 1.2

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Wed Jul  4 13:40:45 UTC 2018

   Modified Files:
   	pkgsrc/www/apache24: Makefile

   Log Message:
   *: Move SUBST_STAGE from post-patch to pre-configure

   Performing substitutions during post-patch breaks tools such as mkpatches,
   making it very difficult to regenerate correct patches after making changes,
   and often leading to substituted string replacements being committed.

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Thu Jul 19 08:53:58 UTC 2018

   Modified Files:
   	pkgsrc/www/apache24: Makefile distinfo
   	pkgsrc/www/apache24/patches: patch-aa

   Log Message:
   apache24: updated to 2.4.34

   Apache 2.4.34
   *) SECURITY: CVE-2018-8011 (cve.mitre.org)
      mod_md: DoS via Coredumps on specially crafted requests
   *) SECURITY: CVE-2018-1333 (cve.mitre.org)
      mod_http2: DoS for HTTP/2 connections by specially crafted requests
   *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
      document translations.
   *) event: avoid possible race conditions with modules on the child pool.
   *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
      ProxyPassReverseCookiePath directive could fail to update correctly
      'domain=' or 'path=' in the 'Set-Cookie' header.
   *) mod_ratelimit: fix behavior when proxing content.
   *) core: Re-allow '_' (underscore) in hostnames.
   *) mod_authz_core: If several parameters are used in a AuthzProviderAlias
      directive, if these parameters are not enclosed in quotation mark, only
      the first one is handled. The other ones are silently ignored.
      Add a message to warn about such a spurious configuration.
   *) mod_md: improvements and bugfixes
      - MDNotifyCmd now takes additional parameter that are passed on to the called command.
      - ACME challenges have better checks for interference with other modules
      - ACME challenges are only handled for domains managed by the module, allowing
        other ACME clients to operate for other domains in the server.
      - better libressl integration
   *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
   *) logging: Some early logging-related startup messages could be lost
      when using syslog for the global ErrorLog.
   *) mod_cache: Handle case of an invalid Expires header value RFC compliant
      like the case of an Expires time in the past: allow to overwrite the
      non-caching decision using CacheStoreExpired and respect Cache-Control
      "max-age" and "s-maxage".
   *) mod_xml2enc: Fix forwarding of error metadata/responses.
   *) mod_proxy_http: Fix response header thrown away after the previous one
      was considered too large and truncated.
   *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
      of functions to consume the end of line when the buffer is exhausted.
   *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
      allow maximum HTTP response header size to be increased past 8192
      bytes.
   *) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
      of a certificate chain.
   *) http: Fix small memory leak per request when handling persistent
      connections.
   *) mod_proxy_html: Fix variable interpolation and memory allocation failure
      in ProxyHTMLURLMap.
   *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
   *) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
      zero out what had been initialized as the connection-level port.
   *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
   *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
      Hot spare members are used as drop-in replacements for unusable workers
      in the same load balancer set. This differs from hot standbys which are
      only used when all workers in a set are unusable.
   *) suexec: Add --enable-suexec-capabilites support on Linux, to use
      setuid/setgid capability bits rather than a setuid root binary.
   *) suexec: Add support for logging to syslog as an alternative to
      logging to a file; use --without-suexec-logfile --with-suexec-syslog.
   *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
      which broke some rare but previously-working configs.
   *) core, log: improve sanity checks for the ErrorLog's syslog config, and
      explicitly allow only lowercase 'syslog' settings.
   *) mod_http2: accurate reporting of h2 data input/output per request via
      mod_logio. Fixes an issue where output sizes where counted n-times on
      reused slave connections.
   *) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
   *) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
   *) mod_proxy: Do not restrict the maximum pool size for backend connections
      any longer by the maximum number of threads per process and use a better
      default if mod_http2 is loaded.
   *) mod_slotmem_shm: Add generation number to shm filename to fix races
      with graceful restarts.
   *) core: Preserve the original HTTP request method in the '%<m' LogFormat
      when an path-based ErrorDocument is used.
   *) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
      HTTP/2 requests.
   *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
      regression introduced in 2.4.30.
   *) mod_md: Fix compilation with OpenSSL before version 1.0.2.
   *) mod_dumpio: do nothing below log level TRACE7.
   *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
   *) core: On ECBDIC platforms, some errors related to oversized headers
      may be misreported or be logged as ASCII escapes.
   *) mod_ssl: Fix cmake-based build.
   *) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
      section containers.


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.68.2.1 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.35 -r1.35.4.1 pkgsrc/www/apache24/distinfo
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.52.1 pkgsrc/www/apache24/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1534583460174980
Content-Disposition: inline
Content-Length: 5519
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/apache24/Makefile
diff -u pkgsrc/www/apache24/Makefile:1.68 pkgsrc/www/apache24/Makefile:1.68.2.1
--- pkgsrc/www/apache24/Makefile:1.68	Sun Apr 29 21:32:07 2018
+++ pkgsrc/www/apache24/Makefile	Sat Aug 18 09:10:59 2018
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.68 2018/04/29 21:32:07 adam Exp $
+# $NetBSD: Makefile,v 1.68.2.1 2018/08/18 09:10:59 bsiegert Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
 
-DISTNAME=	httpd-2.4.33
+DISTNAME=	httpd-2.4.34
 PKGNAME=	${DISTNAME:S/httpd/apache/}
-PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/}
 MASTER_SITES+=	http://archive.apache.org/dist/httpd/
@@ -109,7 +108,7 @@ FIX_MAN_PERMS+=		man8/apachectl.8 man1/a
 
 # Fix paths in the apache manpages.
 SUBST_CLASSES+=		man
-SUBST_STAGE.man=	post-patch
+SUBST_STAGE.man=	pre-configure
 SUBST_MESSAGE.man=	Fixing paths in man pages.
 SUBST_FILES.man=	docs/man/*.1 docs/man/*.8
 SUBST_SED.man=		-e 's,/usr/local/etc/apache,${PKG_SYSCONFDIR},'
@@ -156,7 +155,7 @@ SUBST_SED.abs_srcdir=		-e 's|^\(abs_srcd
 
 REPLACE_PERL=		docs/cgi-examples/printenv
 
-.  include "../../devel/zlib/buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
 CONFIGURE_ARGS+=	--with-ssl=${BUILDLINK_PREFIX.openssl}
 CONFIGURE_ARGS+=	--with-z=${BUILDLINK_PREFIX.zlib}
 

Index: pkgsrc/www/apache24/distinfo
diff -u pkgsrc/www/apache24/distinfo:1.35 pkgsrc/www/apache24/distinfo:1.35.4.1
--- pkgsrc/www/apache24/distinfo:1.35	Mon Mar 26 09:30:23 2018
+++ pkgsrc/www/apache24/distinfo	Sat Aug 18 09:10:59 2018
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.35 2018/03/26 09:30:23 adam Exp $
+$NetBSD: distinfo,v 1.35.4.1 2018/08/18 09:10:59 bsiegert Exp $
 
-SHA1 (httpd-2.4.33.tar.bz2) = 9e56042515793a6992adc4b9f3a0345a0cb98176
-RMD160 (httpd-2.4.33.tar.bz2) = 5c8758954913c09549a01e40a7a5e59b54705f8e
-SHA512 (httpd-2.4.33.tar.bz2) = e74b2b3346d67be45a8bc8a7cbb8eabf5c403a5cfe5797a976f94a539529843fbcdf03b9ca0548816b2cf37f4ce0eb301f8d5af25b1270fdf8dd9f5bf0585269
-Size (httpd-2.4.33.tar.bz2) = 6934765 bytes
-SHA1 (patch-aa) = 2d92b1340aaae40289421f164346348c6d7fe839
+SHA1 (httpd-2.4.34.tar.bz2) = 94d6e274273903ed153479c7701fa03761abf93d
+RMD160 (httpd-2.4.34.tar.bz2) = 80470d5ad344eba9b0260a9ff901c4a78def0abd
+SHA512 (httpd-2.4.34.tar.bz2) = 2bc09213f08a4722e305929fbac5f5060c7a8444704494894bb9b61f17e4d20bb6e3d663bb93fc5b2030b04a43fb12373d260cc291422b210b299725aaf3b5c8
+Size (httpd-2.4.34.tar.bz2) = 6942969 bytes
+SHA1 (patch-aa) = 6ccbed6de555365298d5cb4bb1dc7d4aa62ed450
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
 SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157

Index: pkgsrc/www/apache24/patches/patch-aa
diff -u pkgsrc/www/apache24/patches/patch-aa:1.1.1.1 pkgsrc/www/apache24/patches/patch-aa:1.1.1.1.52.1
--- pkgsrc/www/apache24/patches/patch-aa:1.1.1.1	Fri Apr 13 18:50:49 2012
+++ pkgsrc/www/apache24/patches/patch-aa	Sat Aug 18 09:11:00 2018
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.1.1.1 2012/04/13 18:50:49 ryoon Exp $
+$NetBSD: patch-aa,v 1.1.1.1.52.1 2018/08/18 09:11:00 bsiegert Exp $
 
---- Makefile.in.orig	2012-01-22 23:30:14.000000000 +0000
+--- Makefile.in.orig	2018-05-30 19:09:00.000000000 +0000
 +++ Makefile.in
 @@ -4,7 +4,7 @@ CLEAN_SUBDIRS = test
  
@@ -31,7 +31,7 @@ $NetBSD: patch-aa,v 1.1.1.1 2012/04/13 1
  	@cd $(top_srcdir)/docs/conf; \
  	for i in mime.types magic; do \
  	    if test ! -f $(DESTDIR)$(sysconfdir)/$$i; then \
-@@ -78,7 +78,8 @@ install-conf:
+@@ -108,7 +108,8 @@ install-conf:
  	    				-e 's#@@SSLPort@@#$(SSLPORT)#g' \
  	    				< $$i; \
  	    		fi \
@@ -41,7 +41,7 @@ $NetBSD: patch-aa,v 1.1.1.1 2012/04/13 1
  	    	chmod 0644 $(DESTDIR)$(sysconfdir)/original/$$i; \
  	    	file=$$i; \
  	    	if [ "$$i" = "httpd.conf" ]; then \
-@@ -88,13 +89,16 @@ install-conf:
+@@ -118,13 +119,16 @@ install-conf:
  	    		$(INSTALL_DATA) $(DESTDIR)$(sysconfdir)/original/$$i $(DESTDIR)$(sysconfdir)/$$file; \
  	    	fi; \
  	    	fi; \
@@ -58,7 +58,7 @@ $NetBSD: patch-aa,v 1.1.1.1 2012/04/13 1
  	fi
  
  # Create a sanitized config_vars.mk
-@@ -112,7 +116,7 @@ install-build: build/config_vars.out
+@@ -142,7 +146,7 @@ install-build: build/config_vars.out
  		  $(top_srcdir)/build/instdso.sh; do \
  	 $(INSTALL_PROGRAM) $$f $(DESTDIR)$(installbuilddir); \
  	done
@@ -67,7 +67,7 @@ $NetBSD: patch-aa,v 1.1.1.1 2012/04/13 1
  	@rm build/config_vars.out
  
  htdocs-srcdir = $(top_srcdir)/docs/docroot
-@@ -137,48 +141,28 @@ dox:
+@@ -167,48 +171,28 @@ dox:
  	doxygen $(top_srcdir)/docs/doxygen.conf
  
  install-htdocs:
@@ -125,7 +125,7 @@ $NetBSD: patch-aa,v 1.1.1.1 2012/04/13 1
  
  install-other:
  	@test -d $(DESTDIR)$(logfiledir) || $(MKINSTALLDIRS) $(DESTDIR)$(logfiledir)
-@@ -227,14 +211,10 @@ install-man:
+@@ -260,14 +244,10 @@ install-man:
  	@test -d $(DESTDIR)$(mandir)/man1 || $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/man1
  	@test -d $(DESTDIR)$(mandir)/man8 || $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/man8
  	@test -d $(DESTDIR)$(manualdir)   || $(MKINSTALLDIRS) $(DESTDIR)$(manualdir)
@@ -142,5 +142,5 @@ $NetBSD: patch-aa,v 1.1.1.1 2012/04/13 1
 +	cd $(top_srcdir)/docs/manual && \
 +	@PAX@ -rwppm . $(DESTDIR)$(manualdir)
  
- install-suexec:
- 	@if test -f $(builddir)/support/suexec; then \
+ install-suexec: install-suexec-binary install-suexec-$(INSTALL_SUEXEC)
+ 


--_----------=_1534583460174980--