ports/160743: [patch] www/apache22: update to 2.2.21
Jason Helfman
jhelfman at experts-exchange.com
Wed Sep 14 21:20:08 UTC 2011
>Number: 160743
>Category: ports
>Synopsis: [patch] www/apache22: update to 2.2.21
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 14 21:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Jason Helfman
>Release: FreeBSD 8.2-RELEASE i386
>Organization:
Experts Exchange, LLC.
>Environment:
System: FreeBSD eggman.experts-exchange.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Update to 2.2.21
Builds cleanly in Tinderbox
Addresses:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
unrecognized HTTP methods from marking ajp: balancer members
in an error state, avoiding denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use
less memory, to avoid denial of service. This patch includes fixes
to the patch introduced in release 2.2.20 for protocol compliance,
as well as the MaxRanges directive.
>How-To-Repeat:
>Fix:
Index: www/apache22/Makefile
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/apache22/Makefile,v
retrieving revision 1.292
diff -u -r1.292 Makefile
--- www/apache22/Makefile 12 Sep 2011 23:17:32 -0000 1.292
+++ www/apache22/Makefile 14 Sep 2011 20:55:17 -0000
@@ -8,8 +8,7 @@
#
PORTNAME= apache
-PORTVERSION= 2.2.20
-PORTREVISION= 1
+PORTVERSION= 2.2.21
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
DISTNAME= httpd-${PORTVERSION}
Index: www/apache22/distinfo
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/apache22/distinfo,v
retrieving revision 1.85
diff -u -r1.85 distinfo
--- www/apache22/distinfo 2 Sep 2011 06:18:02 -0000 1.85
+++ www/apache22/distinfo 14 Sep 2011 20:55:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.20.tar.bz2) = 1ee914855249b09d9cd2e20e98a0ab02f15c270fe277d4a5c9b62975479fc81e
-SIZE (apache22/httpd-2.2.20.tar.bz2) = 5174611
+SHA256 (apache22/httpd-2.2.21.tar.bz2) = 18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
+SIZE (apache22/httpd-2.2.21.tar.bz2) = 5324905
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list