diff options
author | Jochen Neumeister <joneum@FreeBSD.org> | 2019-01-23 14:40:53 +0000 |
---|---|---|
committer | Jochen Neumeister <joneum@FreeBSD.org> | 2019-01-23 14:40:53 +0000 |
commit | 18620bc87bfa99fdb4be391675251fbad7740533 (patch) | |
tree | d9f612b0f8c0ce6707bc7e0ab5e7a1212bc51748 /www | |
parent | Add entry for www/apache24 (diff) |
Update to 2.4.38
Changelog:
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
*) mod_session: Always decode session attributes early. [Hank Ibell]
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
*) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]
MFH: 2019Q1
Security: eb888ce5-1f19-11e9-be05-4c72b94353b5
Sponsored by: Netzkommune GmbH
Notes
Notes:
svn path=/head/; revision=491041
Diffstat (limited to 'www')
-rw-r--r-- | www/apache24/Makefile | 2 | ||||
-rw-r--r-- | www/apache24/distinfo | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/www/apache24/Makefile b/www/apache24/Makefile index cc9f6b9aefff..031b7cfb4317 100644 --- a/www/apache24/Makefile +++ b/www/apache24/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.37 +PORTVERSION= 2.4.38 CATEGORIES= www ipv6 MASTER_SITES= APACHE_HTTPD DISTNAME= httpd-${PORTVERSION} diff --git a/www/apache24/distinfo b/www/apache24/distinfo index 35b9b9493fc5..3d6e36cf9484 100644 --- a/www/apache24/distinfo +++ b/www/apache24/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1540301506 -SHA256 (apache24/httpd-2.4.37.tar.bz2) = 3498dc5c6772fac2eb7307dc7963122ffe243b5e806e0be4fb51974ff759d726 -SIZE (apache24/httpd-2.4.37.tar.bz2) = 7031632 +TIMESTAMP = 1548149918 +SHA256 (apache24/httpd-2.4.38.tar.bz2) = 7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a +SIZE (apache24/httpd-2.4.38.tar.bz2) = 7035030 |