update to 2.4.55, fixes CVE-2022-37436, CVE-2022-36760 and

CVE-2006-20001. ok sthen@
2023-01-23 14:13:40 +00:00 · 2023-01-23 14:13:40 +00:00 · 0ecb7a2cff
parent ce69f688de
commit 0ecb7a2cff
5 changed files with 23 additions and 8 deletions
--- a/www/apache-httpd/Makefile
+++ b/www/apache-httpd/Makefile
@ -1,9 +1,8 @@
 COMMENT=		apache HTTP server

-V=			2.4.54
+V=			2.4.55
 DISTNAME=		httpd-${V}
 PKGNAME=		apache-httpd-${V}
-REVISION=		0

 CATEGORIES=		www net

--- a/www/apache-httpd/distinfo
+++ b/www/apache-httpd/distinfo
@ -1,2 +1,2 @@
-SHA256 (httpd-2.4.54.tar.gz) = xoe5nERsDvNF59hsIajhX8B0t9UVLE/iKwRj4r40b/s=
-SIZE (httpd-2.4.54.tar.gz) = 9743277
+SHA256 (httpd-2.4.55.tar.gz) = Unbqi8b/8x7tXIITKuUaCy7gX55rYaAPqHf2ytqztjg=
+SIZE (httpd-2.4.55.tar.gz) = 9758888
--- a/www/apache-httpd/patches/patch-configure
+++ b/www/apache-httpd/patches/patch-configure
@ -1,7 +1,7 @@
 Index: configure
 --- configure.orig
 +++ configure
-@@ -3472,7 +3472,7 @@ do
+@@ -3832,7 +3832,7 @@ do
   ap_last="${ap_cur}"
   ap_cur=`eval "echo ${ap_cur}"`
 done
@ -10,12 +10,12 @@ Index: configure
 
 
   APACHE_VAR_SUBST="$APACHE_VAR_SUBST exp_sysconfdir"
-@@ -4678,7 +4678,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
+@@ -5059,7 +5059,7 @@ APR_INCLUDEDIR=`$apr_config --includedir`
 APR_INCLUDES=`$apr_config --includes`
 APR_VERSION=`$apr_config --version`
 apr_major_version=`echo ${APR_VERSION} | sed 's,\..*,,'`
 -APR_CONFIG="$APR_BINDIR/apr-${apr_major_version}-config"
 +APR_CONFIG="$apr_config"
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: " >&5
- $as_echo "$as_me: " >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: " >&5
+ printf "%s\n" "$as_me: " >&6;}
--- a/www/apache-httpd/patches/patch-modules_http2_h2_c2_filter_c
+++ b/www/apache-httpd/patches/patch-modules_http2_h2_c2_filter_c
@ -0,0 +1,15 @@
+mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
+reported in access logs and error documents. The processing of the
+reset was correct, only unneccesary reporting was caused.
+Index: modules/http2/h2_c2_filter.c
+--- modules/http2/h2_c2_filter.c.orig
+++ modules/http2/h2_c2_filter.c
+@@ -615,7 +615,7 @@ apr_status_t h2_c2_filter_catch_h1_out(ap_filter_t* f,
+     ap_assert(conn_ctx);
+     H2_FILTER_LOG("c2_catch_h1_out", f->c, APLOG_TRACE2, 0, "check", bb);
+ 
+-    if (!conn_ctx->has_final_response) {
+    if (!f->c->aborted && !conn_ctx->has_final_response) {
+         if (!parser) {
+             parser = apr_pcalloc(f->c->pool, sizeof(*parser));
+             parser->id = apr_psprintf(f->c->pool, "%s-%d", conn_ctx->id, conn_ctx->stream_id);
--- a/www/apache-httpd/pkg/PLIST
+++ b/www/apache-httpd/pkg/PLIST
@ -47,6 +47,7 @@ include/apache2/mod_cgi.h
 include/apache2/mod_core.h
 include/apache2/mod_dav.h
 include/apache2/mod_dbd.h
+include/apache2/mod_http2.h
 include/apache2/mod_include.h
 include/apache2/mod_log_config.h
 include/apache2/mod_proxy.h