Pullup ticket #5930 - requested by taca www/apache24: security fix Revisions pulled up: - www/apache24/Makefile 1.77 - www/apache24/PLIST 1.28 - www/apache24/distinfo 1.40 --- Module Name: pkgsrc Committed By: adam Date: Tue Apr 2 07:25:38 UTC 2019 Modified Files: pkgsrc/www/apache24: Makefile PLIST distinfo Log Message: apache24: updated to 2.4.39 Changes with Apache 2.4.39 *) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend connection is recycled/reused to avoid a possible crash with some SSLProxy configurations in <Location> or <Proxy> context. *) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure. *) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host *) mod_socache_redis: Support for Redis as socache storage provider. *) core: new configuration option 'MergeSlashes on|off' that controls handling of multiple, consecutive slash ('/') characters in the path component of the request URL. *) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED. *) mod_http2: new configuration directive: `H2Padding numbits` to control padding of HTTP/2 payload frames. 'numbits' is a number from 0-8, controlling the range of padding bytes added to a frame. The actual number added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE frames equally. The default continues to be 0, e.g. no padding. *) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2 has no more need for it. Optional functions are still declared but no longer implemented. While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching versions of both modules. *) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which resolve bug 63170. The proxy module does now a single h2 request on the (reused) connection and returns. *) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status to trigger immediate shutdown of backend connections. This is now always signalled by mod_http2 when the the session is being released. proxy_http2 now only sends a PING frame to the backend when there is not already one in flight. *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite loop when encountering certain errors on the backend connection. *) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per Location/Directory, e.g. disabling PUSH for a specific set of resources. *) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to terminate improperly and cause a HTTP/2 PROTOCOL_ERROR. *) http: Fix possible empty response with mod_ratelimit for HEAD requests. *) mod_cache_socache: Avoid reallocations and be safe with outgoing data lifetime. *) MPMs unix: bind the bucket number of each child to its slot number, for a more efficient per bucket maintenance. *) mod_auth_digest: Fix a race condition. Authentication with valid credentials could be refused in case of concurrent accesses from different users. *) mod_http2: enable re-use of slave connections again. Fixed slave connection keepalives counter. *) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts. *) mod_proxy_wstunnel: Fix websocket proxy over UDS. *) mod_ssl: Don't unset FIPS mode on restart unless it's forced by configuration (SSLFIPS on) and not active by default in OpenSSL.diff -r1.76 -r1.76.2.1 pkgsrc/www/apache24/Makefile
(bsiegert)
@@ -1,21 +1,21 @@ | @@ -1,21 +1,21 @@ | |||
1 | # $NetBSD: Makefile,v 1.76 2019/01/23 12:04:18 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.76.2.1 2019/04/10 09:31:27 bsiegert Exp $ | |
2 | # | 2 | # | |
3 | # When updating this package, make sure that no strings like | 3 | # When updating this package, make sure that no strings like | |
4 | # "PR 12345" are in the commit message. Upstream likes | 4 | # "PR 12345" are in the commit message. Upstream likes | |
5 | # to reference their own PRs this way, but this ends up | 5 | # to reference their own PRs this way, but this ends up | |
6 | # in NetBSD GNATS. | 6 | # in NetBSD GNATS. | |
7 | 7 | |||
8 | DISTNAME= httpd-2.4.38 | 8 | DISTNAME= httpd-2.4.39 | |
9 | PKGNAME= ${DISTNAME:S/httpd/apache/} | 9 | PKGNAME= ${DISTNAME:S/httpd/apache/} | |
10 | CATEGORIES= www | 10 | CATEGORIES= www | |
11 | MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} | 11 | MASTER_SITES= ${MASTER_SITE_APACHE:=httpd/} | |
12 | MASTER_SITES+= http://archive.apache.org/dist/httpd/ | 12 | MASTER_SITES+= http://archive.apache.org/dist/httpd/ | |
13 | MASTER_SITES+= http://archive.eu.apache.org/dist/httpd/ | 13 | MASTER_SITES+= http://archive.eu.apache.org/dist/httpd/ | |
14 | EXTRACT_SUFX= .tar.bz2 | 14 | EXTRACT_SUFX= .tar.bz2 | |
15 | 15 | |||
16 | MAINTAINER= ryoon@NetBSD.org | 16 | MAINTAINER= ryoon@NetBSD.org | |
17 | HOMEPAGE= http://httpd.apache.org/ | 17 | HOMEPAGE= http://httpd.apache.org/ | |
18 | COMMENT= Apache HTTP (Web) server, version 2.4 | 18 | COMMENT= Apache HTTP (Web) server, version 2.4 | |
19 | LICENSE= apache-2.0 | 19 | LICENSE= apache-2.0 | |
20 | 20 | |||
21 | BUILD_DEFS+= IPV6_READY | 21 | BUILD_DEFS+= IPV6_READY |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.27 2018/10/24 10:08:00 adam Exp $ | 1 | @comment $NetBSD: PLIST,v 1.27.4.1 2019/04/10 09:31:27 bsiegert Exp $ | |
2 | bin/ab | 2 | bin/ab | |
3 | bin/apxs | 3 | bin/apxs | |
4 | bin/dbmmanage | 4 | bin/dbmmanage | |
5 | bin/htdbm | 5 | bin/htdbm | |
6 | bin/htdigest | 6 | bin/htdigest | |
7 | bin/htpasswd | 7 | bin/htpasswd | |
8 | bin/httxt2dbm | 8 | bin/httxt2dbm | |
9 | bin/logresolve | 9 | bin/logresolve | |
10 | bin/mkcert | 10 | bin/mkcert | |
11 | include/httpd/ap_compat.h | 11 | include/httpd/ap_compat.h | |
12 | include/httpd/ap_config.h | 12 | include/httpd/ap_config.h | |
13 | include/httpd/ap_config_auto.h | 13 | include/httpd/ap_config_auto.h | |
14 | include/httpd/ap_config_layout.h | 14 | include/httpd/ap_config_layout.h | |
@@ -160,26 +160,27 @@ lib/httpd/mod_remoteip.so | @@ -160,26 +160,27 @@ lib/httpd/mod_remoteip.so | |||
160 | lib/httpd/mod_reqtimeout.so | 160 | lib/httpd/mod_reqtimeout.so | |
161 | lib/httpd/mod_request.so | 161 | lib/httpd/mod_request.so | |
162 | lib/httpd/mod_rewrite.so | 162 | lib/httpd/mod_rewrite.so | |
163 | lib/httpd/mod_sed.so | 163 | lib/httpd/mod_sed.so | |
164 | lib/httpd/mod_session.so | 164 | lib/httpd/mod_session.so | |
165 | lib/httpd/mod_session_cookie.so | 165 | lib/httpd/mod_session_cookie.so | |
166 | ${PLIST.ssl}lib/httpd/mod_session_crypto.so | 166 | ${PLIST.ssl}lib/httpd/mod_session_crypto.so | |
167 | lib/httpd/mod_session_dbd.so | 167 | lib/httpd/mod_session_dbd.so | |
168 | lib/httpd/mod_setenvif.so | 168 | lib/httpd/mod_setenvif.so | |
169 | lib/httpd/mod_slotmem_plain.so | 169 | lib/httpd/mod_slotmem_plain.so | |
170 | lib/httpd/mod_slotmem_shm.so | 170 | lib/httpd/mod_slotmem_shm.so | |
171 | lib/httpd/mod_socache_dbm.so | 171 | lib/httpd/mod_socache_dbm.so | |
172 | lib/httpd/mod_socache_memcache.so | 172 | lib/httpd/mod_socache_memcache.so | |
173 | lib/httpd/mod_socache_redis.so | |||
173 | lib/httpd/mod_socache_shmcb.so | 174 | lib/httpd/mod_socache_shmcb.so | |
174 | lib/httpd/mod_speling.so | 175 | lib/httpd/mod_speling.so | |
175 | lib/httpd/mod_ssl.so | 176 | lib/httpd/mod_ssl.so | |
176 | lib/httpd/mod_status.so | 177 | lib/httpd/mod_status.so | |
177 | lib/httpd/mod_substitute.so | 178 | lib/httpd/mod_substitute.so | |
178 | ${PLIST.suexec}lib/httpd/mod_suexec.so | 179 | ${PLIST.suexec}lib/httpd/mod_suexec.so | |
179 | lib/httpd/mod_unique_id.so | 180 | lib/httpd/mod_unique_id.so | |
180 | lib/httpd/mod_unixd.so | 181 | lib/httpd/mod_unixd.so | |
181 | lib/httpd/mod_userdir.so | 182 | lib/httpd/mod_userdir.so | |
182 | lib/httpd/mod_usertrack.so | 183 | lib/httpd/mod_usertrack.so | |
183 | lib/httpd/mod_version.so | 184 | lib/httpd/mod_version.so | |
184 | lib/httpd/mod_vhost_alias.so | 185 | lib/httpd/mod_vhost_alias.so | |
185 | lib/httpd/mod_watchdog.so | 186 | lib/httpd/mod_watchdog.so |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: distinfo,v 1.39 2019/01/23 12:04:18 adam Exp $ | 1 | $NetBSD: distinfo,v 1.39.2.1 2019/04/10 09:31:27 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (httpd-2.4.38.tar.bz2) = 810de74ea3ee59ff3205f2a46436fc1dcce4e4ab | 3 | SHA1 (httpd-2.4.39.tar.bz2) = 75695bb7bb589c308755bf496de8b34522133865 | |
4 | RMD160 (httpd-2.4.38.tar.bz2) = 192484b6c8714246a562dd187ea1bfce01e17014 | 4 | RMD160 (httpd-2.4.39.tar.bz2) = 4ab6b73efdb326bd34e352ac34fd337f3fb5f60e | |
5 | SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448 | 5 | SHA512 (httpd-2.4.39.tar.bz2) = 9742202040b3dc6344b301540f54b2d3f8e36898410d24206a7f8dcecb1bea7d7230fabc7256752724558af249facf64bffe2cf678b8f7cccb64076737abfda7 | |
6 | Size (httpd-2.4.38.tar.bz2) = 7035030 bytes | 6 | Size (httpd-2.4.39.tar.bz2) = 7030539 bytes | |
7 | SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9 | 7 | SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9 | |
8 | SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 | 8 | SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324 | |
9 | SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d | 9 | SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d | |
10 | SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157 | 10 | SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157 | |
11 | SHA1 (patch-ae) = 5bd3bf54e792bf8a2916d7e1b49b1702b02c6903 | 11 | SHA1 (patch-ae) = 5bd3bf54e792bf8a2916d7e1b49b1702b02c6903 | |
12 | SHA1 (patch-ag) = 50c7f0fab1cb90ac573f1c47f2d37f9c2a6247e1 | 12 | SHA1 (patch-ag) = 50c7f0fab1cb90ac573f1c47f2d37f9c2a6247e1 | |
13 | SHA1 (patch-ai) = 867ac81fd14b1bd6af048ec57390d915956e9568 | 13 | SHA1 (patch-ai) = 867ac81fd14b1bd6af048ec57390d915956e9568 | |
14 | SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911 | 14 | SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911 | |
15 | SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777 | 15 | SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777 | |
16 | SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df | 16 | SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df | |
17 | SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96 | 17 | SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96 |