Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Sep 2011 14:13:34 -0700
From:      Jason Helfman <jhelfman@experts-exchange.com>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        apache@freebsd.org
Subject:   [patch] www/apache22: update to 2.2.21
Message-ID:  <1316034814.985520.29104.nullmailer@experts-exchange.com>
next in thread | raw e-mail | index | archive | help 

>Submitter-Id:	current-users
>Originator:	Jason Helfman
>Organization:	Experts Exchange, LLC.
>Confidential:	no 
>Synopsis:	[patch] www/apache22: update to 2.2.21
>Severity:	serious
>Priority:	high
>Category:	ports
>Class:		change-request
>Release:	FreeBSD 8.2-RELEASE i386
>Environment:
System: FreeBSD eggman.experts-exchange.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
Update to 2.2.21
Builds cleanly in Tinderbox

Addresses:
     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.

>How-To-Repeat:
	
>Fix:

Index: www/apache22/Makefile
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/apache22/Makefile,v
retrieving revision 1.292
diff -u -r1.292 Makefile
--- www/apache22/Makefile	12 Sep 2011 23:17:32 -0000	1.292
+++ www/apache22/Makefile	14 Sep 2011 20:55:17 -0000
@@ -8,8 +8,7 @@
 #
 
 PORTNAME=	apache
-PORTVERSION=	2.2.20
-PORTREVISION=	1
+PORTVERSION=	2.2.21
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
Index: www/apache22/distinfo
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/apache22/distinfo,v
retrieving revision 1.85
diff -u -r1.85 distinfo
--- www/apache22/distinfo	2 Sep 2011 06:18:02 -0000	1.85
+++ www/apache22/distinfo	14 Sep 2011 20:55:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (apache22/httpd-2.2.20.tar.bz2) = 1ee914855249b09d9cd2e20e98a0ab02f15c270fe277d4a5c9b62975479fc81e
-SIZE (apache22/httpd-2.2.20.tar.bz2) = 5174611
+SHA256 (apache22/httpd-2.2.21.tar.bz2) = 18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
+SIZE (apache22/httpd-2.2.21.tar.bz2) = 5324905

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1316034814.985520.29104.nullmailer>