Bug 160743 - [patch] www/apache22: update to 2.2.21
Summary: [patch] www/apache22: update to 2.2.21
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-apache (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-14 22:20 UTC by Jason Helfman
Modified: 2011-09-15 06:10 UTC (History)
1 user (show)

See Also:

Attachments
file.diff (1.12 KB, patch)
2011-09-14 22:20 UTC, Jason Helfman 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Helfman 2011-09-14 22:20:07 UTC 
Update to 2.2.21
Builds cleanly in Tinderbox

Addresses:
     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-09-14 22:20:18 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->apache

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Jason 2011-09-14 23:14:43 UTC 
Tinderbox log => http://jgh.devio.us/files/logs/apache-2.2.21.log

-jgh

-- 
Jason Helfman
System Administrator
experts-exchange.com
http://www.experts-exchange.com/M_4830110.html
E4AD 7CF1 1396 27F6 79DD  4342 5E92 AD66 8C8C FBA5
Comment 3 dfilter service freebsd_committer freebsd_triage 2011-09-15 06:00:38 UTC 
ohauer      2011-09-15 05:00:28 UTC

  FreeBSD ports repository

  Modified files:
    www/apache22         Makefile distinfo 
  Log:
  - update to version 2.2.21
  
  Addresses:
  * SECURITY: CVE-2011-3348 (cve.mitre.org)
   mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
   unrecognized HTTP methods from marking ajp: balancer members
   in an error state, avoiding denial of service.
  
  * SECURITY: CVE-2011-3192 (cve.mitre.org)
   core: Further fixes to the handling of byte-range requests to use
   less memory, to avoid denial of service. This patch includes fixes
   to the patch introduced in release 2.2.20 for protocol compliance,
   as well as the MaxRanges directive.
  
  PR:             ports/160743
  Submitted by:   Jason Helfman <jhelfman@experts-exchange.com>
  
  Revision  Changes    Path
  1.293     +2 -2      ports/www/apache22/Makefile
  1.86      +2 -2      ports/www/apache22/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Olli Hauer freebsd_committer freebsd_triage 2011-09-15 06:02:01 UTC 
State Changed
From-To: open->closed

Committed, 
Thanks!