Date: Sat, 20 Jul 2013 17:11:54 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323351 - in head: security/vuxml www/apache24 www/apache24/files Message-ID: <201307201711.r6KHBsHG063074@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Sat Jul 20 17:11:54 2013 New Revision: 323351 URL: http://svnweb.freebsd.org/changeset/ports/323351 Log: - update to apache24-2.4.6 - new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel - add enty to vuxml SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed. Changelog: http://www.apache.org/dist/httpd/CHANGES_2.4.6 with hat apache@ Security: ca4d63fb-f15c-11e2-b183-20cf30e32f6d Deleted: head/www/apache24/files/patch-server__core.c Modified: head/security/vuxml/vuln.xml head/www/apache24/Makefile head/www/apache24/Makefile.options head/www/apache24/Makefile.options.desc head/www/apache24/distinfo head/www/apache24/pkg-plist Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Jul 20 16:20:27 2013 (r323350) +++ head/security/vuxml/vuln.xml Sat Jul 20 17:11:54 2013 (r323351) @@ -51,6 +51,38 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="ca4d63fb-f15c-11e2-b183-20cf30e32f6d"> + <topic>apache24 -- several vulnerabilities</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Apache HTTP SERVER PROJECT reports:</p> + <blockquote cite="http://www.apache.org/dist/httpd/Announcement2.4.html">; + <p>mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn + with the source href (sent as part of the request body as XML) pointing + to a URI that is not configured for DAV will trigger a segfault.</p> + <p>mod_session_dbd: Make sure that dirty flag is respected when saving + sessions, and ensure the session ID is changed each time the session + changes. This changes the format of the updatesession SQL statement. + Existing configurations must be changed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1896</cvename> + <cvename>CVE-2013-2249</cvename> + </references> + <dates> + <discovery>2013-07-11</discovery> + <entry>2013-07-20</entry> + </dates> + </vuln> + <vuln vid="9b037a0d-ef2c-11e2-b4a0-8c705af55518"> <topic>gallery -- multiple vulnerabilities</topic> <affects> Modified: head/www/apache24/Makefile ============================================================================== --- head/www/apache24/Makefile Sat Jul 20 16:20:27 2013 (r323350) +++ head/www/apache24/Makefile Sat Jul 20 17:11:54 2013 (r323351) @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= apache24 -PORTVERSION= 2.4.4 -PORTREVISION= 2 +PORTVERSION= 2.4.6 CATEGORIES= www ipv6 MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} Modified: head/www/apache24/Makefile.options ============================================================================== --- head/www/apache24/Makefile.options Sat Jul 20 16:20:27 2013 (r323350) +++ head/www/apache24/Makefile.options Sat Jul 20 17:11:54 2013 (r323351) @@ -11,7 +11,7 @@ PROXY_ENABLED_MODULES= \ PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI \ - PROXY_FTP PROXY_HTTP PROXY_SCGI + PROXY_FTP PROXY_HTTP PROXY_SCGI PROXY_WSTUNNEL PROXY_DISABLED_MODULES= \ PROXY_FDPASS PROXY_HTML @@ -34,16 +34,26 @@ EXAMPLE_MODULES= \ DEV_MODULES= BUCKETEER MOST_ENABLED_MODULES= \ - ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS AUTHN_ANON AUTHN_CORE \ - AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE AUTHZ_CORE AUTHZ_DBD \ - AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER \ - AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX BUFFER CACHE CACHE_DISK \ - CERN_META CGI CGID DAV DAV_FS DBD DEFLATE DIR DUMPIO ENV EXPIRES \ - EXT_FILTER FILE_CACHE FILTER HEADERS IMAGEMAP INCLUDE INFO \ + ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS \ + AUTHN_ANON AUTHN_CORE AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE \ + AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST \ + AUTHZ_OWNER AUTHZ_USER \ + AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX \ + BUFFER \ + CACHE CACHE_DISK CACHE_SOCACHE CERN_META CGI CGID \ + DAV DAV_FS DBD DEFLATE DIR DUMPIO \ + ENV EXPIRES EXT_FILTER \ + FILE_CACHE FILTER \ + HEADERS \ + IMAGEMAP INCLUDE INFO \ LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC \ - LOGIO LOG_DEBUG MIME MIME_MAGIC NEGOTIATION RATELIMIT REMOTEIP \ - REQTIMEOUT REQUEST REWRITE SED SETENVIF SOCACHE_DBM SOCACHE_MEMCACHE \ - SOCACHE_SHMCB SPELING SSL STATUS SUBSTITUTE UNIQUE_ID USERDIR \ + LOGIO LOG_DEBUG \ + MACRO MIME MIME_MAGIC \ + NEGOTIATION \ + RATELIMIT REMOTEIP REQTIMEOUT REQUEST REWRITE \ + SED SETENVIF SOCACHE_DBM SOCACHE_MEMCACHE SOCACHE_SHMCB SPELING \ + SSL STATUS SUBSTITUTE \ + UNIQUE_ID USERDIR \ VERSION VHOST_ALIAS MOST_DISABLED_MODULES:= \ Modified: head/www/apache24/Makefile.options.desc ============================================================================== --- head/www/apache24/Makefile.options.desc Sat Jul 20 16:20:27 2013 (r323350) +++ head/www/apache24/Makefile.options.desc Sat Jul 20 17:11:54 2013 (r323351) @@ -66,6 +66,7 @@ BUFFER_DESC= Filter Buffering CACHE_DESC= Dynamic file caching CACHE_DISK_DESC= Disk caching module +CACHE_SOCACHE_DESC= Shared object cache (socache) based storage module for the HTTP caching filter CASE_FILTER_DESC= (dev) example uppercase conversion filter CASE_FILTER_IN_DESC= (dev) example uppercase conversion input filter CERN_META_DESC= CERN-type meta files @@ -113,6 +114,7 @@ LOG_DEBUG_DESC= Configurable debug log LOG_FORENSIC_DESC= Forensic logging LUA_DESC= Apache Lua Framework +MACRO_DESC= Provides usage of macros within apache runtime configuration files MIME_DESC= Mapp file-ext. to MIME (recommended) MIME_MAGIC_DESC= Automagically determining MIME type @@ -134,6 +136,7 @@ PROXY_FTP_DESC= FTP support module for PROXY_HTML_DESC= Fix HTML Links in a Reverse Proxy PROXY_HTTP_DESC= HTTP support module for mod_proxy PROXY_SCGI_DESC= SCGI gateway module for mod_proxy +PROXY_WSTUNNEL_DESC= Websockets support module for mod_proxy RATELIMIT_DESC= Output Bandwidth Limiting REFLECTOR_DESC= Reflect request through the output filter stack Modified: head/www/apache24/distinfo ============================================================================== --- head/www/apache24/distinfo Sat Jul 20 16:20:27 2013 (r323350) +++ head/www/apache24/distinfo Sat Jul 20 17:11:54 2013 (r323351) @@ -1,2 +1,2 @@ -SHA256 (apache24/httpd-2.4.4.tar.gz) = aec9f0b92021b7f67d1f0a2221afcb26ee6469d861b6d0168d8d8c51d710ef79 -SIZE (apache24/httpd-2.4.4.tar.gz) = 6451189 +SHA256 (apache24/httpd-2.4.6.tar.gz) = b704d6ae3d17f7c56dd49d617f7fde0ade34fa913e78dd14ebaab0992efbc9cf +SIZE (apache24/httpd-2.4.6.tar.gz) = 6700153 Modified: head/www/apache24/pkg-plist ============================================================================== --- head/www/apache24/pkg-plist Sat Jul 20 16:20:27 2013 (r323350) +++ head/www/apache24/pkg-plist Sat Jul 20 17:11:54 2013 (r323351) @@ -93,6 +93,7 @@ libexec/apache24/httpd.exp %%MOD_BUFFER%%libexec/apache24/mod_buffer.so %%MOD_CACHE%%libexec/apache24/mod_cache.so %%MOD_CACHE_DISK%%libexec/apache24/mod_cache_disk.so +%%MOD_CACHE_SOCACHE%%libexec/apache24/mod_cache_socache.so %%MOD_CASE_FILTER%%libexec/apache24/mod_case_filter.so %%MOD_CASE_FILTER_IN%%libexec/apache24/mod_case_filter_in.so %%MOD_CERN_META%%libexec/apache24/mod_cern_meta.so @@ -133,6 +134,7 @@ libexec/apache24/mod_log_config.so %%MOD_LOG_DEBUG%%libexec/apache24/mod_log_debug.so %%MOD_LOG_FORENSIC%%libexec/apache24/mod_log_forensic.so %%MOD_LUA%%libexec/apache24/mod_lua.so +%%MOD_MACRO%%libexec/apache24/mod_macro.so %%MOD_MIME%%libexec/apache24/mod_mime.so %%MOD_MIME_MAGIC%%libexec/apache24/mod_mime_magic.so %%MPM_SHARED%%libexec/apache24/mod_mpm_event.so @@ -154,6 +156,7 @@ libexec/apache24/mod_log_config.so %%MOD_PROXY_HTML%%libexec/apache24/mod_proxy_html.so %%MOD_PROXY_HTTP%%libexec/apache24/mod_proxy_http.so %%MOD_PROXY_SCGI%%libexec/apache24/mod_proxy_scgi.so +%%MOD_PROXY_WSTUNNEL%%libexec/apache24/mod_proxy_wstunnel.so %%MOD_RATELIMIT%%libexec/apache24/mod_ratelimit.so %%MOD_REFLECTOR%%libexec/apache24/mod_reflector.so %%MOD_REMOTEIP%%libexec/apache24/mod_remoteip.so
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307201711.r6KHBsHG063074>