Bug 232687 - www/apache24: Update to 2.4.37 (Security and Bugfix Release)
Summary: www/apache24: Update to 2.4.37 (Security and Bugfix Release)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-apache (Nobody)
URL: https://reviews.freebsd.org/D17668
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-10-25 19:18 UTC by Markus Kohlmeyer
Modified: 2018-10-28 17:32 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (apache)


Attachments
Apache 2.4.37 patch (1.18 KB, patch)
2018-10-26 07:48 UTC, Pascal Christen
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Kohlmeyer 2018-10-25 19:18:55 UTC
See Changelog: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup
Comment 1 Pascal Christen 2018-10-26 07:48:17 UTC
Created attachment 198645 [details]
Apache 2.4.37 patch
Comment 2 Bernard Spil freebsd_committer freebsd_triage 2018-10-27 14:37:08 UTC
Not seeing any security fixes, am I missing something?
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-10-27 14:37:11 UTC
A commit references this bug:

Author: brnrd
Date: Sat Oct 27 14:36:42 UTC 2018
New revision: 483139
URL: https://svnweb.freebsd.org/changeset/ports/483139

Log:
  www/apache24: Update to 2.4.37

   - Adds TLSv1.3 support with security/openssl111

  PR:		232687
  Submitted by:	Pascal Christen <pascal christen hostpoint.ch>
  Reported by:	Markus Kohlmeyer <rootservice gmail com>
  Reviewed by:	ohauer
  Approved by:	joneum
  Differential Revision:	https://reviews.freebsd.org/D17668

Changes:
  head/www/apache24/Makefile
  head/www/apache24/distinfo
  head/www/apache24/files/patch-modules_ssl_mod__ssl.c
  head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c
Comment 4 Bernard Spil freebsd_committer freebsd_triage 2018-10-27 14:38:57 UTC
Thanks Markus, Pascal.

Patched including fix-ups for LibreSSL.
Comment 5 Kurt Jaeger freebsd_committer freebsd_triage 2018-10-28 16:28:55 UTC
On a 11.2p4 amd64, if I try to use mod_ssl.so, this happens:                    
                                                                                
httpd: Syntax error on line 138 of /usr/local/etc/apache24/httpd.conf:          
Cannot load /usr/local/libexec/apache24/mod_ssl.so into server:                 
/usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "RAND_egd"
Comment 6 Bernard Spil freebsd_committer freebsd_triage 2018-10-28 17:32:11 UTC
(In reply to Kurt Jaeger from comment #5)
Best make that a separate PR.
Please specify the DEFAULT_VERSIONS configuration too, OpenSSL version used.
Share poudriere logs if possible.