From owner-freebsd-apache@FreeBSD.ORG Wed Sep 14 21:30:59 2011 Return-Path: Delivered-To: apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE1DF1065675 for ; Wed, 14 Sep 2011 21:30:59 +0000 (UTC) (envelope-from jhelfman@experts-exchange.com) Received: from mail.experts-exchange.com (mail.experts-exchange.com [72.29.183.251]) by mx1.freebsd.org (Postfix) with ESMTP id A0C898FC12 for ; Wed, 14 Sep 2011 21:30:59 +0000 (UTC) Received: from mail.experts-exchange.com (localhost [127.0.0.1]) by mail.experts-exchange.com (Postfix) with ESMTP id A1DE86F0A64; Wed, 14 Sep 2011 14:14:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= experts-exchange.com; h=message-id:date:date:reply-to:from:from :subject:subject:received:received:received; s=ee; t=1316034875; x=1317849275; bh=P+CQBMczAw3a4/N1GaPbn3VSW3fkC3Qvg4aimCAMNVk=; b= WT4Rdl0a4U9+lu4ZctCYvksFI1uh6Mi3mLqqI1zdZXvho1DXYppEJMbhyt4IHntA uQTp5+jFyzu67CxdvlXFpbOUkpyfzmor8TPVm8/XrXuhFfBSB0hxE9YPTSENgrLQ aS2VmFr1aXfTG3U9Br0K4p1PIhMkALx+3GuH9VwF29Q= X-Virus-Scanned: amavisd-new at experts-exchange.com Received: from mail.experts-exchange.com ([127.0.0.1]) by mail.experts-exchange.com (mail.experts-exchange.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJryo86r1AgZ; Wed, 14 Sep 2011 14:14:35 -0700 (PDT) Received: from experts-exchange.com (unknown [192.168.103.122]) by mail.experts-exchange.com (Postfix) with SMTP id 7DE4D6F0B18; Wed, 14 Sep 2011 14:14:35 -0700 (PDT) Received: (nullmailer pid 29105 invoked by uid 1001); Wed, 14 Sep 2011 21:13:34 -0000 To: FreeBSD-gnats-submit@freebsd.org From: Jason Helfman X-send-pr-version: 3.113 X-GNATS-Notify: Date: Wed, 14 Sep 2011 14:13:34 -0700 Message-Id: <1316034814.985520.29104.nullmailer@experts-exchange.com> Cc: apache@freebsd.org Subject: [patch] www/apache22: update to 2.2.21 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jason Helfman List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2011 21:30:59 -0000 >Submitter-Id: current-users >Originator: Jason Helfman >Organization: Experts Exchange, LLC. >Confidential: no >Synopsis: [patch] www/apache22: update to 2.2.21 >Severity: serious >Priority: high >Category: ports >Class: change-request >Release: FreeBSD 8.2-RELEASE i386 >Environment: System: FreeBSD eggman.experts-exchange.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Update to 2.2.21 Builds cleanly in Tinderbox Addresses: * SECURITY: CVE-2011-3348 (cve.mitre.org) mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service. * SECURITY: CVE-2011-3192 (cve.mitre.org) core: Further fixes to the handling of byte-range requests to use less memory, to avoid denial of service. This patch includes fixes to the patch introduced in release 2.2.20 for protocol compliance, as well as the MaxRanges directive. >How-To-Repeat: >Fix: Index: www/apache22/Makefile =================================================================== RCS file: /home/jhelfman/ncvs/ports/www/apache22/Makefile,v retrieving revision 1.292 diff -u -r1.292 Makefile --- www/apache22/Makefile 12 Sep 2011 23:17:32 -0000 1.292 +++ www/apache22/Makefile 14 Sep 2011 20:55:17 -0000 @@ -8,8 +8,7 @@ # PORTNAME= apache -PORTVERSION= 2.2.20 -PORTREVISION= 1 +PORTVERSION= 2.2.21 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} Index: www/apache22/distinfo =================================================================== RCS file: /home/jhelfman/ncvs/ports/www/apache22/distinfo,v retrieving revision 1.85 diff -u -r1.85 distinfo --- www/apache22/distinfo 2 Sep 2011 06:18:02 -0000 1.85 +++ www/apache22/distinfo 14 Sep 2011 20:55:26 -0000 @@ -1,2 +1,2 @@ -SHA256 (apache22/httpd-2.2.20.tar.bz2) = 1ee914855249b09d9cd2e20e98a0ab02f15c270fe277d4a5c9b62975479fc81e -SIZE (apache22/httpd-2.2.20.tar.bz2) = 5174611 +SHA256 (apache22/httpd-2.2.21.tar.bz2) = 18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f +SIZE (apache22/httpd-2.2.21.tar.bz2) = 5324905