ports/160743: [patch] www/apache22: update to 2.2.21

Jason Helfman jhelfman at experts-exchange.com
Wed Sep 14 21:20:08 UTC 2011 

>Number:         160743
>Category:       ports
>Synopsis:       [patch] www/apache22: update to 2.2.21
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 14 21:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Jason Helfman
>Release:        FreeBSD 8.2-RELEASE i386
>Organization:
Experts Exchange, LLC.
>Environment:
System: FreeBSD eggman.experts-exchange.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
Update to 2.2.21
Builds cleanly in Tinderbox

Addresses:
     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.

>How-To-Repeat:
	
>Fix:

Index: www/apache22/Makefile
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/apache22/Makefile,v
retrieving revision 1.292
diff -u -r1.292 Makefile
--- www/apache22/Makefile	12 Sep 2011 23:17:32 -0000	1.292
+++ www/apache22/Makefile	14 Sep 2011 20:55:17 -0000
@@ -8,8 +8,7 @@
 #
 
 PORTNAME=	apache
-PORTVERSION=	2.2.20
-PORTREVISION=	1
+PORTVERSION=	2.2.21
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
Index: www/apache22/distinfo
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/apache22/distinfo,v
retrieving revision 1.85
diff -u -r1.85 distinfo
--- www/apache22/distinfo	2 Sep 2011 06:18:02 -0000	1.85
+++ www/apache22/distinfo	14 Sep 2011 20:55:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.20.tar.bz2) = 1ee914855249b09d9cd2e20e98a0ab02f15c270fe277d4a5c9b62975479fc81e
-SIZE (apache22/httpd-2.2.20.tar.bz2) = 5174611
+SHA256 (apache22/httpd-2.2.21.tar.bz2) = 18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
+SIZE (apache22/httpd-2.2.21.tar.bz2) = 5324905
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list