svn commit: r491081 - branches/2019Q1/www/apache24
Jochen Neumeister
joneum at FreeBSD.org
Thu Jan 24 06:38:11 UTC 2019
Author: joneum
Date: Thu Jan 24 06:38:09 2019
New Revision: 491081
URL: https://svnweb.freebsd.org/changeset/ports/491081
Log:
MFH: r491041
Update to 2.4.38
Changelog:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
*) mod_session: Always decode session attributes early. [Hank Ibell]
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu at netbsd.org>, Luca Toscano]
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
*) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]
Security: eb888ce5-1f19-11e9-be05-4c72b94353b5
Sponsored by: Netzkommune GmbH
Approved by: ports-secteam (miwi)
Modified:
branches/2019Q1/www/apache24/Makefile
branches/2019Q1/www/apache24/distinfo
Directory Properties:
branches/2019Q1/ (props changed)
Modified: branches/2019Q1/www/apache24/Makefile
==============================================================================
--- branches/2019Q1/www/apache24/Makefile Thu Jan 24 05:09:48 2019 (r491080)
+++ branches/2019Q1/www/apache24/Makefile Thu Jan 24 06:38:09 2019 (r491081)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= apache24
-PORTVERSION= 2.4.37
+PORTVERSION= 2.4.38
CATEGORIES= www ipv6
MASTER_SITES= APACHE_HTTPD
DISTNAME= httpd-${PORTVERSION}
Modified: branches/2019Q1/www/apache24/distinfo
==============================================================================
--- branches/2019Q1/www/apache24/distinfo Thu Jan 24 05:09:48 2019 (r491080)
+++ branches/2019Q1/www/apache24/distinfo Thu Jan 24 06:38:09 2019 (r491081)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1540301506
-SHA256 (apache24/httpd-2.4.37.tar.bz2) = 3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726
-SIZE (apache24/httpd-2.4.37.tar.bz2) = 7031632
+TIMESTAMP = 1548149918
+SHA256 (apache24/httpd-2.4.38.tar.bz2) = 7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a
+SIZE (apache24/httpd-2.4.38.tar.bz2) = 7035030
More information about the svn-ports-all
mailing list