232687 – www/apache24: Update to 2.4.37 (Security and Bugfix Release)

Bug 232687 - www/apache24: Update to 2.4.37 (Security and Bugfix Release)

Summary: www/apache24: Update to 2.4.37 (Security and Bugfix Release)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-apache (Nobody)

URL:	https://reviews.freebsd.org/D17668
Keywords:	security

Depends on:
Blocks:

Reported:	2018-10-25 19:18 UTC by Markus Kohlmeyer
Modified:	2018-10-28 17:32 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (apache)

Attachments
Apache 2.4.37 patch (1.18 KB, patch) 2018-10-26 07:48 UTC, Pascal Christen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markus Kohlmeyer 2018-10-25 19:18:55 UTC

See Changelog: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup

Comment 1 Pascal Christen 2018-10-26 07:48:17 UTC

Created attachment 198645 [details]
Apache 2.4.37 patch

Comment 2 Bernard Spil freebsd_committer

2018-10-27 14:37:08 UTC

Not seeing any security fixes, am I missing something?

Comment 3 commit-hook freebsd_committer

2018-10-27 14:37:11 UTC

A commit references this bug:

Author: brnrd
Date: Sat Oct 27 14:36:42 UTC 2018
New revision: 483139
URL: https://svnweb.freebsd.org/changeset/ports/483139

Log:
  www/apache24: Update to 2.4.37

   - Adds TLSv1.3 support with security/openssl111

  PR:		232687
  Submitted by:	Pascal Christen <pascal christen hostpoint.ch>
  Reported by:	Markus Kohlmeyer <rootservice gmail com>
  Reviewed by:	ohauer
  Approved by:	joneum
  Differential Revision:	https://reviews.freebsd.org/D17668

Changes:
  head/www/apache24/Makefile
  head/www/apache24/distinfo
  head/www/apache24/files/patch-modules_ssl_mod__ssl.c
  head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c

Comment 4 Bernard Spil freebsd_committer

2018-10-27 14:38:57 UTC

Thanks Markus, Pascal.

Patched including fix-ups for LibreSSL.

Comment 5 Kurt Jaeger freebsd_committer

2018-10-28 16:28:55 UTC

On a 11.2p4 amd64, if I try to use mod_ssl.so, this happens:                    
                                                                                
httpd: Syntax error on line 138 of /usr/local/etc/apache24/httpd.conf:          
Cannot load /usr/local/libexec/apache24/mod_ssl.so into server:                 
/usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "RAND_egd"

Comment 6 Bernard Spil freebsd_committer

2018-10-28 17:32:11 UTC

(In reply to Kurt Jaeger from comment #5)
Best make that a separate PR.
Please specify the DEFAULT_VERSIONS configuration too, OpenSSL version used.
Share poudriere logs if possible.