From owner-freebsd-apache@freebsd.org Tue Dec 20 08:07:19 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 06250C8622B for ; Tue, 20 Dec 2016 08:07:19 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id E751E1EBD for ; Tue, 20 Dec 2016 08:07:18 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id E6B08C8622A; Tue, 20 Dec 2016 08:07:18 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6519C86229 for ; Tue, 20 Dec 2016 08:07:18 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.ysv.freebsd.org (portscout.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D97EA1EBC for ; Tue, 20 Dec 2016 08:07:18 +0000 (UTC) (envelope-from portscout@FreeBSD.org) Received: from portscout.ysv.freebsd.org ([127.0.1.123]) by portscout.ysv.freebsd.org (8.15.2/8.15.2) with ESMTP id uBK87I5P036161 for ; Tue, 20 Dec 2016 08:07:18 GMT (envelope-from portscout@FreeBSD.org) Received: (from portscout@localhost) by portscout.ysv.freebsd.org (8.15.2/8.15.2/Submit) id uBK87IS6036160; Tue, 20 Dec 2016 08:07:18 GMT (envelope-from portscout@FreeBSD.org) Message-Id: <201612200807.uBK87IS6036160@portscout.ysv.freebsd.org> X-Authentication-Warning: portscout.ysv.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Tue, 20 Dec 2016 08:07:18 +0000 From: portscout@FreeBSD.org To: apache@freebsd.org Subject: FreeBSD ports you maintain which are out of date X-Mailer: portscout/0.8.1 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2016 08:07:19 -0000 Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/apache@freebsd.org.html Port | Current version | New version ------------------------------------------------+-----------------+------------ www/apache24 | 2.4.23 | 2.4.25 ------------------------------------------------+-----------------+------------ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. From owner-freebsd-apache@freebsd.org Tue Dec 20 18:01:04 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58CE3C89D53 for ; Tue, 20 Dec 2016 18:01:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4284A6AD for ; Tue, 20 Dec 2016 18:01:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 41CCAC89D52; Tue, 20 Dec 2016 18:01:04 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 416FBC89D51 for ; Tue, 20 Dec 2016 18:01:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 315FE6AA for ; Tue, 20 Dec 2016 18:01:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBKI14va011218 for ; Tue, 20 Dec 2016 18:01:04 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 214392] www/mod_webkit: Update to 1.2 Date: Tue, 20 Dec 2016 18:01:04 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: joneum@bsdproject.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2016 18:01:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214392 --- Comment #2 from Jochen Neumeister --- Committer TimeOut --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-apache@freebsd.org Tue Dec 20 18:01:18 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B42D9C89D72 for ; Tue, 20 Dec 2016 18:01:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 9DC47854 for ; Tue, 20 Dec 2016 18:01:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9D27AC89D71; Tue, 20 Dec 2016 18:01:18 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CDD5C89D70 for ; Tue, 20 Dec 2016 18:01:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8CC02852 for ; Tue, 20 Dec 2016 18:01:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBKI1HNd021391 for ; Tue, 20 Dec 2016 18:01:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 214392] www/mod_webkit: Update to 1.2 Date: Tue, 20 Dec 2016 18:01:18 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: joneum@bsdproject.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2016 18:01:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214392 Jochen Neumeister changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #176861|maintainer-approval?(apache |maintainer-approval+ Flags|@FreeBSD.org) | --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-apache@freebsd.org Wed Dec 21 00:42:43 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C476CC8808F for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id AE089102F for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id AD6C3C8808D; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD0C4C8808A for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 83CDA102B for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBL0ghTg098998 for ; Wed, 21 Dec 2016 00:42:43 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 215457] www/apache24 2.4.23 requires security update per listed CVEs Date: Wed, 21 Dec 2016 00:42:42 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: dewayne@heuristicsystems.com.au X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 00:42:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215457 Bug ID: 215457 Summary: www/apache24 2.4.23 requires security update per listed CVEs Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: apache@FreeBSD.org Reporter: dewayne@heuristicsystems.com.au Flags: maintainer-feedback?(apache@FreeBSD.org) Assignee: apache@FreeBSD.org Apache announced the following CVE's that are addressed in apache 2.4.25.=20 Might be time for an update to the port.=20=20 CVE-2016-0736 (cve.mitre.org) mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) to prevent deciphering or tampering with a padding oracle attack. CVE-2016-2161 (cve.mitre.org) mod_auth_digest: Prevent segfaults during client entry allocation when the shared memory space is exhausted. CVE-2016-5387 (cve.mitre.org) core: Mitigate [f]cgi "httpoxy" issues. CVE-2016-8740 (cve.mitre.org) mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames. CVE-2016-8743 (cve.mitre.org) Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. After changing the PORTVERSION, makesum and removing the patch "files/patch-CVE-2016-8740" I came across other issues that may pertain to = my env?? This was on 11.0Stable amd64, as a hint that it may not be straight-forward. Thanks to doctor@doctor.nl2k.ab.ca for circulating the announcement. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-apache@freebsd.org Wed Dec 21 00:42:43 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 846F8C8807C for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6E0DE1028 for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 6D7B2C8807A; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D2A1C88077 for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5D4F91027 for ; Wed, 21 Dec 2016 00:42:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBL0ghTe098998 for ; Wed, 21 Dec 2016 00:42:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: maintainer-feedback requested: [Bug 215457] www/apache24 2.4.23 requires security update per listed CVEs Date: Wed, 21 Dec 2016 00:42:42 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 00:42:43 -0000 dewayne@heuristicsystems.com.au has reassigned Bugzilla Automation 's request for maintainer-feedback to apache@FreeBSD.= org: Bug 215457: www/apache24 2.4.23 requires security update per listed CVEs https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215457 --- Description --- Apache announced the following CVE's that are addressed in apache 2.4.25.=20 Might be time for an update to the port.=20=20 CVE-2016-0736 (cve.mitre.org) mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) to prevent deciphering or tampering with a padding oracle attack. CVE-2016-2161 (cve.mitre.org) mod_auth_digest: Prevent segfaults during client entry allocation when the shared memory space is exhausted. CVE-2016-5387 (cve.mitre.org) core: Mitigate [f]cgi "httpoxy" issues. CVE-2016-8740 (cve.mitre.org) mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames. CVE-2016-8743 (cve.mitre.org) Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. After changing the PORTVERSION, makesum and removing the patch "files/patch-CVE-2016-8740" I came across other issues that may pertain to = my env?? This was on 11.0Stable amd64, as a hint that it may not be straight-forward. Thanks to doctor@doctor.nl2k.ab.ca for circulating the announcement. From owner-freebsd-apache@freebsd.org Wed Dec 21 10:42:11 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CEF0C8A33E for ; Wed, 21 Dec 2016 10:42:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id EA641186D for ; Wed, 21 Dec 2016 10:42:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id E9B9DC8A33D; Wed, 21 Dec 2016 10:42:10 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E95D1C8A33C for ; Wed, 21 Dec 2016 10:42:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D8DF21864 for ; Wed, 21 Dec 2016 10:42:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBLAgAY0047620 for ; Wed, 21 Dec 2016 10:42:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 215457] www/apache24 2.4.23 requires security update per listed CVEs Date: Wed, 21 Dec 2016 10:42:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 10:42:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215457 --- Comment #1 from commit-hook@freebsd.org --- A commit references this bug: Author: ohauer Date: Wed Dec 21 10:41:10 UTC 2016 New revision: 429063 URL: https://svnweb.freebsd.org/changeset/ports/429063 Log: - update to 2.4.25 PR: 215457 Reported by: Apache Software Foundation MFH: 2016Q4 Security: vid 862d6ab3-c75e-11e6-9f98-20cf30e32f6d CVE-2016-8743 CVE-2016-2161 CVE-2016-0736 CVE-2016-8740 CVE-2016-5387 Changes: head/www/apache24/Makefile head/www/apache24/distinfo head/www/apache24/files/patch-CVE-2016-8740 head/www/apache24/files/patch-httpoxy --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-apache@freebsd.org Wed Dec 21 11:01:21 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6726FC8A833 for ; Wed, 21 Dec 2016 11:01:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4A1511009 for ; Wed, 21 Dec 2016 11:01:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 495F0C8A832; Wed, 21 Dec 2016 11:01:21 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48FD8C8A831 for ; Wed, 21 Dec 2016 11:01:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 37CF21F2E for ; Wed, 21 Dec 2016 11:01:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBLB1KI5009878 for ; Wed, 21 Dec 2016 11:01:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 215457] www/apache24 2.4.23 requires security update per listed CVEs Date: Wed, 21 Dec 2016 11:01:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ohauer@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ohauer@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: bug_status flagtypes.name resolution assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 11:01:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215457 Olli Hauer changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Flags| |merge-quarterly? Resolution|--- |FIXED Assignee|apache@FreeBSD.org |ohauer@FreeBSD.org CC| |ohauer@FreeBSD.org --- Comment #2 from Olli Hauer --- An update to 2.4.25 was committed, (I don't know doctor@, but there are several sec. lists subscribed to the Apache Foundation announcements) --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-apache@freebsd.org Wed Dec 21 12:09:24 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDE91C8A7C3 for ; Wed, 21 Dec 2016 12:09:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D79601EE6 for ; Wed, 21 Dec 2016 12:09:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D6F93C8A7C1; Wed, 21 Dec 2016 12:09:24 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6A08C8A7C0 for ; Wed, 21 Dec 2016 12:09:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C68611EE4 for ; Wed, 21 Dec 2016 12:09:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBLC9OTO003417 for ; Wed, 21 Dec 2016 12:09:24 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 214392] www/mod_webkit: Update to 1.2 Date: Wed, 21 Dec 2016 12:09:24 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 12:09:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214392 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: ohauer Date: Wed Dec 21 12:08:46 UTC 2016 New revision: 429073 URL: https://svnweb.freebsd.org/changeset/ports/429073 Log: - update to 1.2.1 - change mastersite to github PR: 214392 Submitted by: Jochen Neumeister Changes: head/www/mod_webkit/Makefile head/www/mod_webkit/distinfo head/www/mod_webkit/pkg-descr --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-apache@freebsd.org Wed Dec 21 12:10:31 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A001C8A837 for ; Wed, 21 Dec 2016 12:10:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 238F51F49 for ; Wed, 21 Dec 2016 12:10:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 229AAC8A836; Wed, 21 Dec 2016 12:10:31 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22358C8A835 for ; Wed, 21 Dec 2016 12:10:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 11E9E1F48 for ; Wed, 21 Dec 2016 12:10:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBLCAU8R023770 for ; Wed, 21 Dec 2016 12:10:30 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 214392] www/mod_webkit: Update to 1.2 Date: Wed, 21 Dec 2016 12:10:31 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ohauer@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_status cc resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Dec 2016 12:10:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214392 Olli Hauer changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed CC| |ohauer@FreeBSD.org Resolution|--- |FIXED --- Comment #4 from Olli Hauer --- Hi Jochen, would you mind to take maintainer-ship of the port? --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-apache@freebsd.org Fri Dec 23 01:05:15 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5908DC8C100 for ; Fri, 23 Dec 2016 01:05:15 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 3E55F1C52 for ; Fri, 23 Dec 2016 01:05:15 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) Received: by mailman.ysv.freebsd.org (Postfix) id 3AEECC8C0FF; Fri, 23 Dec 2016 01:05:15 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38C2EC8C0FE for ; Fri, 23 Dec 2016 01:05:15 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 061F51C51 for ; Fri, 23 Dec 2016 01:05:14 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) X_CMAE_Category: , , X-CNFS-Analysis: v=2.2 cv=e6tEcuh/ c=1 sm=1 tr=0 a=lGUdY1O6J9NpztYPi32J9g==:117 a=lGUdY1O6J9NpztYPi32J9g==:17 a=r77TgQKjGQsHNAKrUKIA:9 a=JY8ruMIFAAAA:8 a=epTmVMiNAAAA:8 a=5NdKZkmhAAAA:8 a=PwxYaueOpOzzy2903ioA:9 a=QEXdDO2ut3YA:10 a=sfB67gWufkcA:10 a=O5d7vEF1IJddsu6iANwA:9 a=_W_S_7VecoQA:10 a=1LBG2d8BbpvN5NciiYMJ:22 a=ndEWmUVY6Yapc0oHF_P4:22 a=BxWCuMCfCUdRHwWzpfxa:22 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine X-Authed-Username: YW5hdEByY24uY29t Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.mail=mi+thun@aldan.algebra.com; spf=neutral; sender-id=neutral Authentication-Results: smtp02.rcn.cmh.synacor.com header.from=mi+thun@aldan.algebra.com; sender-id=neutral Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=anat; auth=pass (PLAIN) Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 108.53.87.28 is neither permitted nor denied by domain of aldan.algebra.com) Received: from [108.53.87.28] ([108.53.87.28:11408] helo=aldan.narawntapu) by smtp.rcn.com (envelope-from ) (ecelerity 3.6.23.54417 r(Core:3.6.23.0)) with ESMTPSA (cipher=DHE-RSA-AES128-SHA) id 8C/11-40517-1937C585; Thu, 22 Dec 2016 19:45:06 -0500 To: apache@FreeBSD.org From: "Mikhail T." Subject: www/mod_auth_pgsql2 only works with Apache-2.2 Message-ID: Date: Thu, 22 Dec 2016 19:45:00 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2016 01:05:15 -0000 Hello! Because the module uses the ap_requires() call, it is not working with Apache-2.4. Indeed, it needs to be ported to Apache's "new" (introduced in 2.4 years ago) authz-structure. There is patch for mod_auth_pgsql-2.0.3 out there: http://www.sky-air.net/dat/mod_auth_pgsql/mod_auth_pgsql-2.0.3-sk.patch Ubuntu seems to be using that already. Alternatively, there is somebody else's continuation of this abandonware -- the author briefly describes the situation here: https://www.postgresql.org/message-id/16B97530-F77E-4722-8311-C48E54E00518@godzone.net.nz and offers his own mod_auth_pgsql-3.0 here: http://sw.godzone.net.nz/mod_auth_pgsql/ How would you like to fix the port? Thanks, -mi From owner-freebsd-apache@freebsd.org Sat Dec 24 16:13:03 2016 Return-Path: Delivered-To: freebsd-apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E985CC8F7D1 for ; Sat, 24 Dec 2016 16:13:03 +0000 (UTC) (envelope-from kymco@kymco.gr) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D9EF1FD5 for ; Sat, 24 Dec 2016 16:13:03 +0000 (UTC) (envelope-from kymco@kymco.gr) Received: by mailman.ysv.freebsd.org (Postfix) id D3D45C8F7CF; Sat, 24 Dec 2016 16:13:03 +0000 (UTC) Delivered-To: apache@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D38C9C8F7CE for ; Sat, 24 Dec 2016 16:13:03 +0000 (UTC) (envelope-from kymco@kymco.gr) Received: from ns1.velicron-services.net (ns1.velicron-services.net [178.21.175.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 65998FD2 for ; Sat, 24 Dec 2016 16:13:03 +0000 (UTC) (envelope-from kymco@kymco.gr) Received: by ns1.velicron-services.net (Postfix, from userid 10009) id 10AAC4BDF754; Sat, 24 Dec 2016 18:11:28 +0200 (EET) Date: Sat, 24 Dec 2016 18:11:28 +0200 To: apache@freebsd.org From: =?utf-8?Q?Service?= Subject: =?utf-8?Q?Warning=3a=20You=20Must=20Confirm=20Your=20Informations=21?= Message-ID: <58dcdb920c7b04433e91191ffd534df3@gemini-motors.gr> X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Dec 2016 16:13:04 -0000