Summary: | www/apache24: Update to 2.4.37 (Security and Bugfix Release) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Markus Kohlmeyer <rootservice> | ||||
Component: | Individual Port(s) | Assignee: | freebsd-apache (Nobody) <apache> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | brnrd, pascal.christen, pi | ||||
Priority: | --- | Keywords: | security | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(apache) |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://reviews.freebsd.org/D17668 | ||||||
Attachments: |
|
Description
Markus Kohlmeyer
2018-10-25 19:18:55 UTC
Created attachment 198645 [details]
Apache 2.4.37 patch
Not seeing any security fixes, am I missing something? A commit references this bug: Author: brnrd Date: Sat Oct 27 14:36:42 UTC 2018 New revision: 483139 URL: https://svnweb.freebsd.org/changeset/ports/483139 Log: www/apache24: Update to 2.4.37 - Adds TLSv1.3 support with security/openssl111 PR: 232687 Submitted by: Pascal Christen <pascal christen hostpoint.ch> Reported by: Markus Kohlmeyer <rootservice gmail com> Reviewed by: ohauer Approved by: joneum Differential Revision: https://reviews.freebsd.org/D17668 Changes: head/www/apache24/Makefile head/www/apache24/distinfo head/www/apache24/files/patch-modules_ssl_mod__ssl.c head/www/apache24/files/patch-modules_ssl_ssl__engine__init.c Thanks Markus, Pascal. Patched including fix-ups for LibreSSL. On a 11.2p4 amd64, if I try to use mod_ssl.so, this happens: httpd: Syntax error on line 138 of /usr/local/etc/apache24/httpd.conf: Cannot load /usr/local/libexec/apache24/mod_ssl.so into server: /usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "RAND_egd" (In reply to Kurt Jaeger from comment #5) Best make that a separate PR. Please specify the DEFAULT_VERSIONS configuration too, OpenSSL version used. Share poudriere logs if possible. |