Bug 160743 - [patch] www/apache22: update to 2.2.21
[patch] www/apache22: update to 2.2.21
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: apache
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-14 22:20 UTC by jhelfman
Modified: 2011-09-15 06:10 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.12 KB, patch)
2011-09-14 22:20 UTC, jhelfman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description jhelfman 2011-09-14 22:20:07 UTC
Update to 2.2.21
Builds cleanly in Tinderbox

Addresses:
     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.
Comment 1 Edwin Groothuis freebsd_committer 2011-09-14 22:20:18 UTC
Responsible Changed
From-To: freebsd-ports-bugs->apache

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 jhelfman 2011-09-14 23:14:43 UTC
Tinderbox log => http://jgh.devio.us/files/logs/apache-2.2.21.log

-jgh

-- 
Jason Helfman
System Administrator
experts-exchange.com
http://www.experts-exchange.com/M_4830110.html
E4AD 7CF1 1396 27F6 79DD  4342 5E92 AD66 8C8C FBA5
Comment 3 dfilter freebsd_committer 2011-09-15 06:00:38 UTC
ohauer      2011-09-15 05:00:28 UTC

  FreeBSD ports repository

  Modified files:
    www/apache22         Makefile distinfo 
  Log:
  - update to version 2.2.21
  
  Addresses:
  * SECURITY: CVE-2011-3348 (cve.mitre.org)
   mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
   unrecognized HTTP methods from marking ajp: balancer members
   in an error state, avoiding denial of service.
  
  * SECURITY: CVE-2011-3192 (cve.mitre.org)
   core: Further fixes to the handling of byte-range requests to use
   less memory, to avoid denial of service. This patch includes fixes
   to the patch introduced in release 2.2.20 for protocol compliance,
   as well as the MaxRanges directive.
  
  PR:             ports/160743
  Submitted by:   Jason Helfman <jhelfman@experts-exchange.com>
  
  Revision  Changes    Path
  1.293     +2 -2      ports/www/apache22/Makefile
  1.86      +2 -2      ports/www/apache22/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Olli Hauer freebsd_committer 2011-09-15 06:02:01 UTC
State Changed
From-To: open->closed

Committed, 
Thanks!