Site Navigation

Date:      Mon, 08 Jun 2026 21:21:45 +0000
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: d905532d79b5 - main - www/apache24: Security update to 2.4.68
Message-ID:  <6a273269.19356.750a77b6@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d905532d79b533bddefd3ccebc63e5f3abf69296

commit d905532d79b533bddefd3ccebc63e5f3abf69296
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2026-06-08 21:19:58 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2026-06-08 21:21:41 +0000

    www/apache24: Security update to 2.4.68
    
    With hat:       apache
    Security:       7655baae-637d-11f1-8607-8447094a420f
    MFH:            2026Q2
---
 www/apache24/Makefile                   |  3 +-
 www/apache24/distinfo                   |  6 +--
 www/apache24/files/patch-CVE-2026-49975 | 67 ---------------------------------
 www/apache24/pkg-plist                  |  1 +
 4 files changed, 5 insertions(+), 72 deletions(-)

diff --git a/www/apache24/Makefile b/www/apache24/Makefile
index e63914dd9358..43138a98fe72 100644
--- a/www/apache24/Makefile
+++ b/www/apache24/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	apache24
-PORTVERSION=	2.4.67
-PORTREVISION=	2
+PORTVERSION=	2.4.68
 CATEGORIES=	www
 MASTER_SITES=	APACHE_HTTPD
 DISTNAME=	httpd-${PORTVERSION}
diff --git a/www/apache24/distinfo b/www/apache24/distinfo
index 9d445609108e..9f63444da7a4 100644
--- a/www/apache24/distinfo
+++ b/www/apache24/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1777974771
-SHA256 (apache24/httpd-2.4.67.tar.bz2) = 66cd206637b0d5c446fa7dabe75fe03525da8fb55855876c46288cd88b136aa4
-SIZE (apache24/httpd-2.4.67.tar.bz2) = 7493067
+TIMESTAMP = 1780952454
+SHA256 (apache24/httpd-2.4.68.tar.bz2) = 68c74d4df38c26bed4dfbdb8f3baf1eb532f3872357becc1bba5d136f6b63c06
+SIZE (apache24/httpd-2.4.68.tar.bz2) = 7738512
diff --git a/www/apache24/files/patch-CVE-2026-49975 b/www/apache24/files/patch-CVE-2026-49975
deleted file mode 100644
index 321ce8b7bd13..000000000000
--- a/www/apache24/files/patch-CVE-2026-49975
+++ /dev/null
@@ -1,67 +0,0 @@
-From 47d3100b252dc6668a9e46ae885242be9eeca9cd Mon Sep 17 00:00:00 2001
-From: Stefan Eissing <icing@apache.org>
-Date: Wed, 27 May 2026 09:37:31 +0000
-Subject: [PATCH]   *) mod_http2: update to version 2.0.41      Fix cookie
- header accounting against LimitRequestFields.
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1934678 13f79535-47bb-0310-9956-ffa450edef68
----
- changes-entries/h2_v2.0.41.txt | 3 +++
- modules/http2/h2_util.c        | 4 ++++
- modules/http2/h2_version.h     | 4 ++--
- 3 files changed, 9 insertions(+), 2 deletions(-)
- create mode 100644 changes-entries/h2_v2.0.41.txt
-
-diff --git a/changes-entries/h2_v2.0.41.txt b/changes-entries/h2_v2.0.41.txt
-new file mode 100644
-index 00000000000..4d7df59fed0
---- /dev/null
-+++ changes-entries/h2_v2.0.41.txt
-@@ -0,0 +1,3 @@
-+  *) mod_http2: update to version 2.0.41
-+     Fix cookie header accounting against LimitRequestFields.
-+     [Stefan Eissing]
-diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c
-index b377ff77f1b..b3039451f39 100644
---- modules/http2/h2_util.c.orig
-+++ modules/http2/h2_util.c
-@@ -1708,6 +1708,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool,
-              && !ap_cstr_casecmpn("cookie", (const char *)nv->name, nv->namelen)) {
-         existing = apr_table_get(headers, "cookie");
-         if (existing) {
-+            if (!nv->valuelen)
-+                return APR_SUCCESS;
-             /* Cookie header come separately in HTTP/2, but need
-              * to be merged by "; " (instead of default ", ")
-              */
-@@ -1719,6 +1721,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool,
-             apr_table_setn(headers, "Cookie",
-                            apr_psprintf(pool, "%s; %.*s", existing,
-                                         (int)nv->valuelen, nv->value));
-+            /* Treat the merge as an "add" to not escape LimitRequestFields */
-+            *pwas_added = 1;
-             return APR_SUCCESS;
-         }
-     }
-diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h
-index 1d7113f58bd..cc0164e080d 100644
---- modules/http2/h2_version.h.orig
-+++ modules/http2/h2_version.h
-@@ -27,7 +27,7 @@
-  * @macro
-  * Version number of the http2 module as c string
-  */
--#define MOD_HTTP2_VERSION "2.0.39"
-+#define MOD_HTTP2_VERSION "2.0.41"
- 
- /**
-  * @macro
-@@ -35,7 +35,7 @@
-  * release. This is a 24 bit number with 8 bits for major number, 8 bits
-  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
-  */
--#define MOD_HTTP2_VERSION_NUM 0x020027
-+#define MOD_HTTP2_VERSION_NUM 0x020029
- 
- 
- #endif /* mod_h2_h2_version_h */
diff --git a/www/apache24/pkg-plist b/www/apache24/pkg-plist
index 43774e51f601..e132596327c3 100644
--- a/www/apache24/pkg-plist
+++ b/www/apache24/pkg-plist
@@ -262,6 +262,7 @@ sbin/split-logfile
 %%WWWDIR%%/error/HTTP_BAD_GATEWAY.html.var
 %%WWWDIR%%/error/HTTP_BAD_REQUEST.html.var
 %%WWWDIR%%/error/HTTP_FORBIDDEN.html.var
+%%WWWDIR%%/error/HTTP_GATEWAY_TIME_OUT.html.var
 %%WWWDIR%%/error/HTTP_GONE.html.var
 %%WWWDIR%%/error/HTTP_INTERNAL_SERVER_ERROR.html.var
 %%WWWDIR%%/error/HTTP_LENGTH_REQUIRED.html.var

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a273269.19356.750a77b6>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact