[BACK]Return to distinfo CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / www / apache24

File: [cvs.NetBSD.org] / pkgsrc / www / apache24 / distinfo (download)

Revision 1.38.2.1, Tue Jan 29 13:58:59 2019 UTC (8 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2018Q4
Changes since 1.38: +5 -5 lines

Pullup ticket #5903 - requested by taca
www/apache24: security fix

Revisions pulled up:
- www/apache24/Makefile                                         1.76
- www/apache24/distinfo                                         1.39

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Jan 23 12:04:18 UTC 2019

   Modified Files:
   	pkgsrc/www/apache24: Makefile distinfo

   Log Message:
   apache24: updated to 2.4.38

   Changes with Apache 2.4.38
   *) SECURITY: CVE-2018-17199 (cve.mitre.org)
      mod_session: mod_session_cookie does not respect expiry time allowing
      sessions to be reused.
   *) SECURITY: CVE-2018-17189 (cve.mitre.org)
      mod_http2: fixes a DoS attack vector. By sending slow request bodies
      to resources not consuming them, httpd cleanup code occupies a server
      thread unnecessarily. This was changed to an immediate stream reset
      which discards all stream state and incoming data.
   *) SECURITY: CVE-2019-0190 (cve.mitre.org)
      mod_ssl: Fix infinite loop triggered by a client-initiated
      renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
      later.
   *) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
   *) mod_negotiation: Treat LanguagePriority as case-insensitive to match
      AddLanguage behavior and HTTP specification.
   *) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
      have been fixed.
   *) mod_setenvif: We can have expressions that become true if a regex pattern
      in the expression does NOT match. In this case val is NULL
      and we should just set the value for the environment variable
      like in the pattern case.
   *) mod_session: Always decode session attributes early.
   *) core: Incorrect values for environment variables are substituted when
      multiple environment variables are specified in a directive.
   *) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
      this type of map is present in the configuration.
   *) mod_dav: Fix invalid Location header when a resource is created by
      passing an absolute URI on the request line
   *) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
   *) mod_ssl: clear *SSL errors before loading certificates and checking
      afterwards. Otherwise errors are reported when other SSL using modules
      are in play.
   *) mod_ssl: Fix the error code returned in an error path of
      'ssl_io_filter_handshake()'. This messes-up error handling performed
      in 'ssl_io_filter_error()'
   *) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
      authz provider so "Require ssl" works correctly in HTTP/2.
   *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
      redirects, subsequent ProxyPassReverse statements, whether they are
      relative or absolute, may fail.
   *) mod_lua: Now marked as a stable module

$NetBSD: distinfo,v 1.38.2.1 2019/01/29 13:58:59 bsiegert Exp $

SHA1 (httpd-2.4.38.tar.bz2) = 810de74ea3ee59ff3205f2a46436fc1dcce4e4ab
RMD160 (httpd-2.4.38.tar.bz2) = 192484b6c8714246a562dd187ea1bfce01e17014
SHA512 (httpd-2.4.38.tar.bz2) = 8bdc36fa2bd13fd83feee17fdce4a5316ed8f96c1ac32b636ba106572ba257815438c72068d2d0e900783a3fa25c90a5da34c3f83fc2c04a1dbdbf234f7ad448
Size (httpd-2.4.38.tar.bz2) = 7035030 bytes
SHA1 (patch-aa) = 9a66685f1d2e4710ab464beda98cbaad632aebf9
SHA1 (patch-ab) = a3edcc20b7654e0446c7d442cda1510b23e5d324
SHA1 (patch-ac) = 9f86d845df30316d22bce677a4b176f51007ba0d
SHA1 (patch-ad) = 4ba4a9c812951f533fa316e5dbf17eaab5494157
SHA1 (patch-ae) = 5bd3bf54e792bf8a2916d7e1b49b1702b02c6903
SHA1 (patch-ag) = 50c7f0fab1cb90ac573f1c47f2d37f9c2a6247e1
SHA1 (patch-ai) = 867ac81fd14b1bd6af048ec57390d915956e9568
SHA1 (patch-al) = 02d9ade5aac4270182063d5ad413970c832ee911
SHA1 (patch-am) = acdf7198ae8b4353cfc70c8015a0f09de036b777
SHA1 (patch-aw) = 43cd64df886853ef7b75b91ed20183f329fcc9df
SHA1 (patch-include_ap__config.h) = 1d056e2d4db80ec97aaf755b6dd6aff69ed2cd96