Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_155488868826990"
MIME-Version: 1.0
Date: Wed, 10 Apr 2019 09:31:28 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2019Q1] pkgsrc/www/apache24
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
Message-Id: <20190410093128.0EAF3FB16@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_155488868826990
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Wed Apr 10 09:31:27 UTC 2019

Modified Files:
	pkgsrc/www/apache24 [pkgsrc-2019Q1]: Makefile PLIST distinfo

Log Message:
Pullup ticket #5930 - requested by taca
www/apache24: security fix

Revisions pulled up:
- www/apache24/Makefile                                         1.77
- www/apache24/PLIST                                            1.28
- www/apache24/distinfo                                         1.40

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Apr  2 07:25:38 UTC 2019

   Modified Files:
   	pkgsrc/www/apache24: Makefile PLIST distinfo

   Log Message:
   apache24: updated to 2.4.39

   Changes with Apache 2.4.39

   *) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
      connection is recycled/reused to avoid a possible crash with some SSLProxy
      configurations in <Location> or <Proxy> context.

   *) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.

   *) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host

   *) mod_socache_redis: Support for Redis as socache storage provider.

   *) core: new configuration option 'MergeSlashes on|off' that controls handling of
      multiple, consecutive slash ('/') characters in the path component of the request URL.

   *) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
      in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.

   *) mod_http2: new configuration directive: `H2Padding numbits` to control
      padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
      controlling the range of padding bytes added to a frame. The actual number
      added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
      frames equally. The default continues to be 0, e.g. no padding.

   *) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
      has no more need for it. Optional functions are still declared but no longer implemented.
      While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching
      versions of both modules.

   *) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
      resolve bug 63170. The proxy module does now a single h2 request on the (reused)
      connection and returns.

   *) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
      to trigger immediate shutdown of backend connections. This is now always signalled
      by mod_http2 when the the session is being released.
      proxy_http2 now only sends a PING frame to the backend when there is not already one
      in flight.

   *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
      loop when encountering certain errors on the backend connection.

   *) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per
      Location/Directory, e.g. disabling PUSH for a specific set of resources.

   *) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
      terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.

   *) http: Fix possible empty response with mod_ratelimit for HEAD requests.

   *) mod_cache_socache: Avoid reallocations and be safe with outgoing data
      lifetime.

   *) MPMs unix: bind the bucket number of each child to its slot number, for a
      more efficient per bucket maintenance.

   *) mod_auth_digest: Fix a race condition. Authentication with valid
      credentials could be refused in case of concurrent accesses from
      different users.

   *) mod_http2: enable re-use of slave connections again. Fixed slave connection
      keepalives counter.

   *) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.

   *) mod_proxy_wstunnel: Fix websocket proxy over UDS.

   *) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
      configuration (SSLFIPS on) and not active by default in OpenSSL.


To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.76.2.1 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.27 -r1.27.4.1 pkgsrc/www/apache24/PLIST
cvs rdiff -u -r1.39 -r1.39.2.1 pkgsrc/www/apache24/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_155488868826990
Content-Disposition: inline
Content-Length: 2675
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/apache24/Makefile
diff -u pkgsrc/www/apache24/Makefile:1.76 pkgsrc/www/apache24/Makefile:1.76.2.1
--- pkgsrc/www/apache24/Makefile:1.76	Wed Jan 23 12:04:18 2019
+++ pkgsrc/www/apache24/Makefile	Wed Apr 10 09:31:27 2019
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.76 2019/01/23 12:04:18 adam Exp $
+# $NetBSD: Makefile,v 1.76.2.1 2019/04/10 09:31:27 bsiegert Exp $
 #
 # When updating this package, make sure that no strings like
 # "PR 12345" are in the commit message. Upstream likes
 # to reference their own PRs this way, but this ends up
 # in NetBSD GNATS.
 
-DISTNAME=	httpd-2.4.38
+DISTNAME=	httpd-2.4.39
 PKGNAME=	${DISTNAME:S/httpd/apache/}
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE:=httpd/}

Index: pkgsrc/www/apache24/PLIST
diff -u pkgsrc/www/apache24/PLIST:1.27 pkgsrc/www/apache24/PLIST:1.27.4.1
--- pkgsrc/www/apache24/PLIST:1.27	Wed Oct 24 10:08:00 2018
+++ pkgsrc/www/apache24/PLIST	Wed Apr 10 09:31:27 2019
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.27 2018/10/24 10:08:00 adam Exp $
+@comment $NetBSD: PLIST,v 1.27.4.1 2019/04/10 09:31:27 bsiegert Exp $
 bin/ab
 bin/apxs
 bin/dbmmanage
@@ -170,6 +170,7 @@ lib/httpd/mod_slotmem_plain.so
 lib/httpd/mod_slotmem_shm.so
 lib/httpd/mod_socache_dbm.so
 lib/httpd/mod_socache_memcache.so
+lib/httpd/mod_socache_redis.so
 lib/httpd/mod_socache_shmcb.so
 lib/httpd/mod_speling.so
 lib/httpd/mod_ssl.so

Index: pkgsrc/www/apache24/distinfo
diff -u pkgsrc/www/apache24/distinfo:1.39 pkgsrc/www/apache24/distinfo:1.39.2.1
--- pkgsrc/www/apache24/distinfo:1.39	Wed Jan 23 12:04:18 2019
+++ pkgsrc/www/apache24/distinfo	Wed Apr 10 09:31:27 2019
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.39 2019/01/23 12:04:18 adam Exp $
+$NetBSD: distinfo,v 1.39.2.1 2019/04/10 09:31:27 bsiegert Exp $
 
-SHA1 (httpd-2.4.38.tar.bz2) = 810de74ea3ee59ff3205f2a46436fc1dcce4e4ab
-RMD160 (httpd-2.4.38.tar.bz2) = 192484b6c8714246a562dd187ea1bfce01e17014
-SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448
-Size (httpd-2.4.38.tar.bz2) = 7035030 bytes
+SHA1 (httpd-2.4.39.tar.bz2) = 75695bb7bb589c308755bf496de8b34522133865
+RMD160 (httpd-2.4.39.tar.bz2) = 4ab6b73efdb326bd34e352ac34fd337f3fb5f60e
+SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7
+Size (httpd-2.4.39.tar.bz2) = 7030539 bytes
 SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d


--_----------=_155488868826990--