Received: by mail.netbsd.org (Postfix, from userid 605) id 4C46184D68; Thu, 5 Sep 2019 10:21:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C679C84D67 for ; Thu, 5 Sep 2019 10:21:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id RIJvT75zkAJ9 for ; Thu, 5 Sep 2019 10:21:28 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id D4F0384D58 for ; Thu, 5 Sep 2019 10:21:28 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id CDB29FBF4; Thu, 5 Sep 2019 10:21:28 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1567678888161560" MIME-Version: 1.0 Date: Thu, 5 Sep 2019 10:21:28 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2019Q2] pkgsrc/www/apache24 To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20190905102128.CDB29FBF4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1567678888161560 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Thu Sep 5 10:21:28 UTC 2019 Modified Files: pkgsrc/www/apache24 [pkgsrc-2019Q2]: Makefile PLIST distinfo pkgsrc/www/apache24/patches [pkgsrc-2019Q2]: patch-ai Log Message: Pullup ticket #6037 - requested by taca www/apache24: SunOS build fix, security fix Revisions pulled up: - www/apache24/Makefile 1.82,1.84 - www/apache24/PLIST 1.31 - www/apache24/distinfo 1.41 - www/apache24/patches/patch-ai 1.2 --- Module Name: pkgsrc Committed By: ryoon Date: Mon Jul 1 04:08:55 UTC 2019 Modified Files: pkgsrc/www/apache24: Makefile Log Message: Recursive revbump from boost-1.70.0 --- Module Name: pkgsrc Committed By: jperkin Date: Mon Jul 22 10:34:22 UTC 2019 Modified Files: pkgsrc/www/apache24: Makefile Log Message: apache24: Extend SunOS C99 compilers list to gcc-5. Should fix PR#54385 from Hiroshi Hakoyama. --- Module Name: pkgsrc Committed By: wiz Date: Sun Aug 11 13:25:21 UTC 2019 Modified Files: pkgsrc/www/apache24: Makefile buildlink3.mk Log Message: Bump PKGREVISIONs for perl 5.30.0 --- Module Name: pkgsrc Committed By: adam Date: Thu Aug 15 08:03:39 UTC 2019 Modified Files: pkgsrc/www/apache24: Makefile PLIST distinfo pkgsrc/www/apache24/patches: patch-ai Log Message: apache24: updated to 2.4.41 Changes with Apache 2.4.41 *) SECURITY: CVE-2019-10081 (cve.mitre.org) mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. *) SECURITY: CVE-2019-9517 (cve.mitre.org) mod_http2: a malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. *) SECURITY: CVE-2019-10098 (cve.mitre.org) rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break characters. *) SECURITY: CVE-2019-10092 (cve.mitre.org) Remove HTML-escaped URLs from canned error responses to prevent misleading text/links being displayed via crafted links. *) SECURITY: CVE-2019-10097 (cve.mitre.org) mod_remoteip: Fix stack buffer overflow and NULL pointer deference when reading the PROXY protocol header. *) SECURITY: CVE-2019-10082 (cve.mitre.org) mod_http2: Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. *) mod_proxy_balancer: Improve balancer-manager protection against XSS/XSRF attacks from trusted users. *) mod_session: Introduce SessionExpiryUpdateInterval which allows to configure the session/cookie expiry's update interval. *) modules/filters: Fix broken compilation when using old GCC (<4.2.x). *) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile configured for a domain managed by mod_md. To generate a diff of this commit: cvs rdiff -u -r1.80 -r1.80.2.1 pkgsrc/www/apache24/Makefile cvs rdiff -u -r1.30 -r1.30.2.1 pkgsrc/www/apache24/PLIST cvs rdiff -u -r1.40 -r1.40.2.1 pkgsrc/www/apache24/distinfo cvs rdiff -u -r1.1.1.1 -r1.1.1.1.60.1 pkgsrc/www/apache24/patches/patch-ai Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1567678888161560 Content-Disposition: inline Content-Length: 5606 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/apache24/Makefile diff -u pkgsrc/www/apache24/Makefile:1.80 pkgsrc/www/apache24/Makefile:1.80.2.1 --- pkgsrc/www/apache24/Makefile:1.80 Fri Jun 7 11:26:20 2019 +++ pkgsrc/www/apache24/Makefile Thu Sep 5 10:21:28 2019 @@ -1,13 +1,12 @@ -# $NetBSD: Makefile,v 1.80 2019/06/07 11:26:20 tm Exp $ +# $NetBSD: Makefile,v 1.80.2.1 2019/09/05 10:21:28 bsiegert Exp $ # # When updating this package, make sure that no strings like # "PR 12345" are in the commit message. Upstream likes # to reference their own PRs this way, but this ends up # in NetBSD GNATS. -DISTNAME= httpd-2.4.39 +DISTNAME= httpd-2.4.41 PKGNAME= ${DISTNAME:S/httpd/apache/} -PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} MASTER_SITES+= http://archive.apache.org/dist/httpd/ @@ -37,7 +36,7 @@ CONFIGURE_ENV+= ac_cv_path_RSYNC=/nonex .include "../../mk/compiler.mk" CFLAGS.SunOS+= -D__EXTENSIONS__ -.if !empty(CC_VERSION:Mgcc-[6-9]*) || !empty(PKGSRC_COMPILER:Mclang) +.if !empty(CC_VERSION:Mgcc-[5-9]*) || !empty(PKGSRC_COMPILER:Mclang) CFLAGS.SunOS+= -D_XOPEN_SOURCE=600 .else CFLAGS.SunOS+= -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 @@ -62,7 +61,7 @@ APACHE_MODULES?= ${DFLT_APACHE_MODULES} # LDAP support PLIST_VARS+= ldap -.if exists(${LOCALBASE}/lib/apr-util-1/apr_ldap.la) +.if exists(${PREFIX}/lib/apr-util-1/apr_ldap.la) DFLT_APACHE_MODULES+= ldap authnz_ldap PLIST.ldap= yes .endif @@ -122,8 +121,7 @@ SUBST_FILES.paths= config.layout Makefil SUBST_VARS.paths= PREFIX SUBST_VARS.paths+= VARBASE SUBST_SED.paths+= -e "s|@SYSCONFDIR@|${PKG_SYSCONFDIR}|g" -SUBST_VARS.paths+= PAX -SUBST_SED.paths+= -e "s|@LOCALBASE@|${PREFIX}|g" +SUBST_VARS.paths+= PAX PREFIX SUBST_CLASSES+= apr-lt SUBST_STAGE.apr-lt= post-configure Index: pkgsrc/www/apache24/PLIST diff -u pkgsrc/www/apache24/PLIST:1.30 pkgsrc/www/apache24/PLIST:1.30.2.1 --- pkgsrc/www/apache24/PLIST:1.30 Fri Jun 7 11:26:20 2019 +++ pkgsrc/www/apache24/PLIST Thu Sep 5 10:21:28 2019 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.30 2019/06/07 11:26:20 tm Exp $ +@comment $NetBSD: PLIST,v 1.30.2.1 2019/09/05 10:21:28 bsiegert Exp $ bin/ab bin/apxs bin/dbmmanage @@ -1218,6 +1218,8 @@ share/httpd/manual/mod/mod_socache_dc.ht share/httpd/manual/mod/mod_socache_memcache.html share/httpd/manual/mod/mod_socache_memcache.html.en share/httpd/manual/mod/mod_socache_memcache.html.fr.utf8 +share/httpd/manual/mod/mod_socache_redis.html +share/httpd/manual/mod/mod_socache_redis.html.en share/httpd/manual/mod/mod_socache_shmcb.html share/httpd/manual/mod/mod_socache_shmcb.html.en share/httpd/manual/mod/mod_socache_shmcb.html.fr.utf8 @@ -1302,6 +1304,7 @@ share/httpd/manual/mod/mpmt_os2.html.en share/httpd/manual/mod/mpmt_os2.html.fr.utf8 share/httpd/manual/mod/overrides.html share/httpd/manual/mod/overrides.html.en +share/httpd/manual/mod/overrides.html.fr.utf8 share/httpd/manual/mod/prefork.html share/httpd/manual/mod/prefork.html.de share/httpd/manual/mod/prefork.html.en Index: pkgsrc/www/apache24/distinfo diff -u pkgsrc/www/apache24/distinfo:1.40 pkgsrc/www/apache24/distinfo:1.40.2.1 --- pkgsrc/www/apache24/distinfo:1.40 Tue Apr 2 07:25:38 2019 +++ pkgsrc/www/apache24/distinfo Thu Sep 5 10:21:28 2019 @@ -1,16 +1,16 @@ -$NetBSD: distinfo,v 1.40 2019/04/02 07:25:38 adam Exp $ +$NetBSD: distinfo,v 1.40.2.1 2019/09/05 10:21:28 bsiegert Exp $ -SHA1 (httpd-2.4.39.tar.bz2) = 75695bb7bb589c308755bf496de8b34522133865 -RMD160 (httpd-2.4.39.tar.bz2) = 4ab6b73efdb326bd34e352ac34fd337f3fb5f60e -SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7 -Size (httpd-2.4.39.tar.bz2) = 7030539 bytes +SHA1 (httpd-2.4.41.tar.bz2) = b46a02237f03384fa50ddbde9be62092dc23e684 +RMD160 (httpd-2.4.41.tar.bz2) = ed572c262222034a699ab55f12eaebbe070cecb7 +SHA512 (httpd-2.4.41.tar.bz2) = 350cc7dcd2c439e0590338fa6da3f44df44f9bb885c381e91f91b14c2f48597f6f0bbac0ea118a8a67eaa70ae7edbb769beace368643ed73f6daee44c307b335 +Size (httpd-2.4.41.tar.bz2) = 7072373 bytes SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9 SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157 SHA1 (patch-ae) = 5bd3bf54e792bf8a2916d7e1b49b1702b02c6903 SHA1 (patch-ag) = 50c7f0fab1cb90ac573f1c47f2d37f9c2a6247e1 -SHA1 (patch-ai) = 867ac81fd14b1bd6af048ec57390d915956e9568 +SHA1 (patch-ai) = d3870e46e41adc97c3fce86f9ffd224502ad6b0c SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911 SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777 SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df Index: pkgsrc/www/apache24/patches/patch-ai diff -u pkgsrc/www/apache24/patches/patch-ai:1.1.1.1 pkgsrc/www/apache24/patches/patch-ai:1.1.1.1.60.1 --- pkgsrc/www/apache24/patches/patch-ai:1.1.1.1 Fri Apr 13 18:50:49 2012 +++ pkgsrc/www/apache24/patches/patch-ai Thu Sep 5 10:21:28 2019 @@ -1,4 +1,4 @@ -$NetBSD: patch-ai,v 1.1.1.1 2012/04/13 18:50:49 ryoon Exp $ +$NetBSD: patch-ai,v 1.1.1.1.60.1 2019/09/05 10:21:28 bsiegert Exp $ --- support/apxs.in.orig 2010-06-22 17:12:44.000000000 +0000 +++ support/apxs.in @@ -10,7 +10,7 @@ $NetBSD: patch-ai,v 1.1.1.1 2012/04/13 1 -chomp($libtool); +my $libtool = $ENV{'APR_LIBTOOL'}; +unless ($libtool) { -+ $libtool = `@LOCALBASE@/bin/apr-1-config --installbuilddir`; ++ $libtool = `@PREFIX@/bin/apr-1-config --installbuilddir`; + chomp($libtool); + $libtool = "$libtool/libtool"; +} --_----------=_1567678888161560--