Tuesday, March 07, 2023

7.2 update: www/apache-httpd

Hi,
update to Apache httpd 2.4.56 for OpenBSD 7.2 follows.
Fixes CVE-2023-27522 and CVE-2023-25690.

ok ?
Cheers
Giovanni

Index: Makefile
===================================================================
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.118.2.1
diff -u -p -r1.118.2.1 Makefile
--- Makefile 23 Jan 2023 14:37:17 -0000 1.118.2.1
+++ Makefile 7 Mar 2023 15:07:14 -0000
@@ -1,6 +1,6 @@
COMMENT= apache HTTP server

-V= 2.4.55
+V= 2.4.56
DISTNAME= httpd-${V}
PKGNAME= apache-httpd-${V}

Index: distinfo
===================================================================
RCS file: /cvs/ports/www/apache-httpd/distinfo,v
retrieving revision 1.42.2.1
diff -u -p -r1.42.2.1 distinfo
--- distinfo 23 Jan 2023 14:37:17 -0000 1.42.2.1
+++ distinfo 7 Mar 2023 15:07:14 -0000
@@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.55.tar.gz) = Unbqi8b/8x7tXIITKuUaCy7gX55rYaAPqHf2ytqztjg=
-SIZE (httpd-2.4.55.tar.gz) = 9758888
+SHA256 (httpd-2.4.56.tar.gz) = 2w1MdgB7Ix/Tq0G1gFSNx5iuOES7fD1c4eQXTKI2Rpg=
+SIZE (httpd-2.4.56.tar.gz) = 9769650
Index: patches/patch-modules_http2_h2_c2_filter_c
===================================================================
RCS file: patches/patch-modules_http2_h2_c2_filter_c
diff -N patches/patch-modules_http2_h2_c2_filter_c
--- patches/patch-modules_http2_h2_c2_filter_c 23 Jan 2023 14:37:17 -0000 1.1.2.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
-reported in access logs and error documents. The processing of the
-reset was correct, only unneccesary reporting was caused.
-Index: modules/http2/h2_c2_filter.c
---- modules/http2/h2_c2_filter.c.orig
-+++ modules/http2/h2_c2_filter.c
-@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f,
- ap_assert(conn_ctx);
- H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
-
-- if (!conn_ctx->has_final_response) {
-+ if (!f->c->aborted && !conn_ctx->has_final_response) {
- if (!parser) {
- parser = apr_pcalloc(f->c->pool, sizeof(*parser));
- parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, conn_ctx->stream_id);

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)